DataSecurity
Latest
Microsoft tests feature to give people control over their personal data
Microsoft appears to be working on a project called Bali that would give users the ability to control data collected about them. The feature, spotted by Twitter user Longhorn, is being developed by the Microsoft Research team and appears to be in the stages of private testing for the time being.
Engadget giveaway: Stay protected and connected courtesy of Kaspersky Lab!
Kaspersky Lab, has been a familiar name in infosec for quite some time, uncovering malware and espionage tools all along the way. These finely honed skills are also available to help everyday people protect their data and manage their digital lives. The Kaspersky Security Cloud for both individuals and families can cover multiple devices with real-time security alerts, password assistance, parental controls and more. This week, the company has put together a package of devices to keep you charged up, backed up and secure wherever you go. This includes a portable generator, power bank, 3TB portable hard drive, a Kaspersky Lab backpack and a one year subscription to Kaspersky Security Cloud Family (covering 20 devices). All you need to do is head to the Rafflecopter widget below for up to five chances at winning this protected and connected package. Winners: Congratulations to Mike S. of Metairie, LA and James B. of Shiprock, NM!
Facebook’s two-factor ad practices give middle finger to infosec
We've all encountered security questions asking where we went to school, our favorite color or food, our first concert, and the ubiquitous "mother's maiden name." Imagine a world where on one screen you carefully chose Stanford, red, spaghetti and so on, and on the next you were shown ads for Italian restaurants, red shoes, and jobs for Stanford grads. Seems like an insane violation, right? I mean, it stands to reason that we expect that the information we type to secure our online accounts and apps is private and safely guarded.
UK's NHS will anonymize data to enable AI doctors
If you were miffed about Britain's National Health Service (NHS) giving your sensitive data away to Google's DeepMind, how you respond to today's news is probably a crapshoot. The NHS has announced that it will begin anonymizing said data that's been used to analyze blood test results and to detect risk of acute kidney injuries and other ailments. To be clear, these are separate events (the data use and today's announcement), but one led to the other. In 2016, the NHS and DeepMind caught their fair share of criticism over how data was shared with implied -- not explicit -- consent from 1.6 million patients.
Facebook reportedly tweaks data storage on upcoming video chat device
Facebook has been working on a smart home device called Portal -- a video chat gadget powered by facial recognition that could reportedly suggest a call when two users are both near their respective devices. In January, reports surfaced that Portal might launch this year, but yesterday, Bloomberg reported that Facebook won't be unveiling its home products at its F8 developer conference in May as was initially planned. The pullback is attributed to the ongoing Cambridge Analytica controversy and growing concerns over how Facebook handles its users' data. Now, The Information reports that the company is also considering alternative privacy safeguards among its smart home devices.
FTC confirms Facebook data security investigation
Last week, reports surfaced that the FTC was opening an investigation into Facebook regarding Cambridge Analytica's use of its data. The agency has now confirmed that it is indeed investigating the social media giant. "The FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook," the FTC said in a statement. "Today, the FTC is confirming that it has an open non-public investigation into these practices."
Let’s stop pretending Facebook cares
The really great thing to come out of the Cambridge Analytica scandal is that Facebook will now start doing that thing we were previously assured at every turn they were doing all along. And all it took was everyone finding out about the harvesting and sale of everyone's data to right-wing zealots like Steve Bannon for political power. Not Facebook finding out because they already knew. For years. In fact, Facebook knew it so well, the company legally threatened Observer and NYT to prevent their reporting on it, to keep everyone else from finding out.
Uber, but for toxic techbro culture
Some companies are just born with an infinite number of chances to keep doing everything wrong and yet somehow seem immune to the consequences. Uber is one of those companies. Uber's latest scandal -- a fat hack and its dirty coverup -- is just one in a long line of Uber-riffic examples on just how far a certain kind of privilege gets you.
Poor privacy and data security policies are hurting innovation, says Intel
Look at the technology space objectively, and you might realize it's kind of in a weird place: Smartphones, fitness trackers and social networks have ushered us into an era of data -- the location of our friends and family in real time, the ability to monitor our homes remotely, health tracking and everything that goes with the quantifiable self. But consumer concerns about data security and privacy are at an all-time high. Intel's Malcolm Harkins, chief privacy and security officer, describes the landscape as a sort-of "third industrial revolution:" the evolution of the internet and the potential big data has to completely change the way our world works. Like any new technology, however, people are being cautious. "There's an inherent distrust brewing," he says of data collection. "If we don't rethink our practices, it will hinder the opportunities that are in front of us." We need to rethink data privacy, Intel says.
Lessons from Sandy: CrashPlan and the importance of off-site backup
When disaster happens, you want to make sure your data is safe. The reality of Hurricane Sandy demonstrated how important it is to store copies of your most precious records, pictures and correspondences off-site. If you are a CrashPlan backup customer, the company is making it easier for you to get back up to speed on your replacement computer. CrashPlan is offering a half-off special to any customer affected by Hurricane Sandy. Their "Restore to your Door" service delivers an encrypted physical hard drive from your cloud-based backups. Restoring a 200 or 300 GB backup might normally take a week or two. With a hard drive, you can get up and running again in just hours. "Restore to your Door" normally retails for $125, but is being offered right now for $62.50. As the CrashPlan site explains, "The most important thing after a disaster is to return to normal life as quickly as possible." Today, I had the opportunity to sit down with Mike Evangelist, Chief Marketing Officer of Code 42 Software to talk about the service, the software and off-site backup in general. "A lot of people use Time Machine," he told me, "and it's a great thing. But for disaster situations like a hurricane or flood, I'd be willing to bet that 90 percent of the time, the Time Machine drives are sitting right next to the computers they're backing up. That's what cloud backup is all about." CrashPlan offers an off-site solution that provides hourly or daily backups -- you choose how often to back up and what data to back up. For $50/year for one computer (or $120 for up to 10 computers for a single family), you get infinite capacity stored in a secure location. Evangelist said, "Backup is a hassle, it's painful like doing your taxes or going to the dentist. We want to make it painless but we also want to make it dependable. And dependability has many aspects." He points out that most data centers tend to be well-protected with backup power. "That's the beauty of the cloud," he said, adding with some humor, "If our data center were on the Jersey Shore, we might have been in a bind." CrashPlan is engineered for redundancy. "I think the most important thing is the idea that you always want to have more than one backup," Evangelist said. "CrashPlan tries to make that simple. One of the big features of CrashPlan is that you can select which data you want to back up, and then specify where that data is backed up to." Its application lets you manage additional destinations like thumb drives and external USB drives as well as a feature that lets you save your backups to a friend's computer -- encrypted of course. It's an easy way to add another level of security by backing up to another trusted destination that's outside your home. "We're huge advocates of backing up to multiple destinations," Evangelist explained. "Not everyone has gigabyte Ethernet. Restoring from CrashPlan is going to take a long time if you've got a huge backup but if you made a local backup, you can restore much more quickly from that." CrashPlan offers a wide range of end-user customization, so you can schedule your backups with fine granularity. If you want the app to only back up when your computer is not being used, it can handle that for you. In the end, backups aren't just about obvious storage issues but what Evangelist calls the "emotional and correct" answers. "People make stuff on their computer all the time -- spreadsheets, documents and accounting. They collect bookmarks. All this stuff is not too valuable, but it's a big drag if you lost it. You need to protect that big collection of stuff. "These days, when I talk to customers, what I find is that people value the most is their photos. Sure, people have video and music collections, in fact all sorts of things that they collect, and it all has value but universally and broadly, the most valuable data people own is photos. "In the old days, of photos and negatives, if there were a disaster, there would be a shoebox to grab. Digital photos seem safer, because you can create copies from the computer, and they seem not as vulnerable, but they also tend to be collected in one giant digital pile in one place." That's a vulnerability many people don't consider. CrashPlan offers a system of "self-healing" archives on their servers. There's a regular process that tests data checksums to ensure information integrity. When the system encounters any problem, the server contacts the client's computer to re-requests those blocks. "We try to be a good neighbor to your computer," Evangelist said. "Our backup system is incremental in a very clever way. It looks for which bytes of a file have changed and only sends those changes. And because they send the changed bytes, the amount of data to be stored is very, very small, allowing us to save many old versions. Of course, if you want to be a bandwidth hog, crank it up! You can save as many old versions of the file as you want. Time Machine does incremental backups as well, but Time Machine makes entire copies of the file." Code 42, the people behind CrashPlan, will be donating 10 percent of all sales through the end of November to the American Red Cross. Now is not just a good time to be re-evaluating your offsite data strategy, but Code 42 is offering an opportunity for you to give a little back to the community as well. You can also help Sandy relief by donating blood.
Daily Update for March 22, 2012
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Vlingo co-founder explains data-collection issues
With Carrier IQ and O2's most recent data-snooping, people's vigilance about what information cellphones transmit is increasing. Using a Galaxy Note, AndroidPit found that every four minutes, Vlingo's voice-recognition app was sending a packet of data to an unencrypted server. The packet contained your GPS co-ordinates, IMEI (unique device identifier), contact list and the title of every song stored on your device -- without proper warning in the privacy policy you agree to when starting up the app. We spoke with co-founder John Wynn, product marketing head TJ Leonard and communications manager Erin Keleher, who gave us a full and frank discussion about what's going on and the steps it's taking to remedy the situation, which we've got for you after the break.
Toshiba's Wipe HDDs render data useless when you get online in a strange place
Self-encrypting drives are hardly new, but that doesn't mean researchers aren't still looking for ways to give those IT folks behind the curtain more ways to lock down sensitive intel. Toshiba just launched a line of self-encrypting HDDs that will "invalidate" the data -- essentially, rendering it useless -- when the laptop connects to an unknown host. IT departments can also use Toshiba's so-called Wipe Technology to scrub a machine before tossing it, or encrypt the drives every time someone powers down. The company won't be peddling these directly to consumers, of course, and in fact, Tosh is planning on shopping them around not just for laptops, but multifunction printers and point-of-sale systems, too. They'll come in five sizes, ranging from 160GB to 640GB, and will all run at 7,200RPM. And Tosh says it'll work with OEMs to help them customize the conditions that will trigger a data lockup. It's too soon to say what laptops will pack this technology, though the company is clearly moving quickly -- it'll start showing off samples this month and will ramp up mass production by late June.
Sprint's Total Equipment Protection app searches out lost Androids and BlackBerrys
Joining AT&T and Verizon in offering some software-based data security for owners of its handsets, Sprint is today introducing its Total Equipment Protection app. Funnily enough, it uses the same Asurion software as the aforementioned other carriers, which would be why its functionality mirrors them so closely. With the TEP app, you'll be able to track your phone via a web interface, force it to sound an alarm even if muted, lock it, and finally wipe your contacts (which can later be restored once you get your handset back). The app itself, compatible with Android and BlackBerry devices, is free, however you'll need to be signed up to Sprint's Total Equipment Protection program, which costs $7 a month. You'll find more details in the press release after the break.
Two arrested for iPad security breach
Two arrests have been made connected to the security breach that exposed thousands of iPad users' email addresses and other info last year. Daniel Spitler and Andrew Auernheimer (yeah, that guy again) have been taken into custody and charged with conspiracy to access a computer without authorization and fraud, for allegedly using a custom script (built by Spitler) called iPad 3G Account Slurper to access AT&T's servers, mimic an iPad 3G, and try out random ICC identifiers. Once a valid ICC was found, one could harvest the user's name and email address. Of course, the hackers maintain that this was all done to force AT&T to close a major security flaw, and we'll be interested to see what exactly the company does to make things right.
UAE says BlackBerry is now compliant with regulations, free to rock on
The latest thrilling installment in BlackBerry's Middle East saga has turned out not to be so thrilling after all. Having set an October 11 deadline for RIM to comply with its "telecommunications regulatory framework," the United Arab Emirates is today reporting that the BlackBerry maker has managed to make the necessary changes with plenty of time to spare. Consequently, there'll be no state-ordained curtailing of email, web, or BBM services within the UAE, which mirrors similar agreements that BlackBerry has managed to finagle with India and Saudi Arabia. Of course, the grand purpose of the UAE's ultimatum was for RIM to allow the state access to encrypted messaging communications, and while the current announcement is pointedly missing details on what's been done to appease the Abu Dhabi decision makers, we can't imagine them giving up the fight without RIM making some type of concession. And the shady, undisclosed concessions happen to be our least favorite kind.
RIM averts Saudi Arabia's BlackBerry messaging ban, negotiates surrender (update: 48-hour ultimatum)
It took two long years for India to (allegedly) tap BlackBerry traffic, but Saudi Arabia may not have to wait nearly as long; the Wall Street Journal reports that RIM has all but agreed to set up a local server in the country. While we've no details yet on what the deal entails, an unnamed Saudi telecom official said negotiations are already in the final stages. Sorry, RIM, but it looks like Saudi Arabia called your bluff. We imagine the company will deny any potential for government snooping in short order... and both Indonesia and the United Arab Emirates will start planning their own attempts to wrest away control. We'll let you know where this house of cards falls. Update: Saudi Arabia has reportedly given its three national cellular carriers 48 hours to try out proposed solutions that "meet the regulatory demands" of the country, else the BlackBerry messaging ban will take effect as originally planned.
BlackBerry email, web and messaging to be banned in UAE due to 'security concerns'
Looks like those regulators over in the Middle East don't mess about. Following this week's revelation that the United Arab Emirates' telco overseers weren't happy with being unable to monitor how people were using their BlackBerrys, today we're hearing what their solution to the problem will be: an outright ban. Internet access, email and instant messaging on RIM devices will be blocked in the UAE starting this October -- provided, of course, that the Canadian phone maker doesn't do something in the meantime to appease the authorities. Saudi Arabia is similarly peeved with the BBM service, which it intends to shut down later this month. And just in case you were wondering why all this drama is taking place, the BBC cites a Saudi Telecom board member as admitting it's designed to pressure RIM into releasing users' communication data "when needed." Charming.
Why Apple's "walled garden" is a good idea
Many developers and users of Apple's iOS devices bemoan the "walled garden" of the App Store approval process, but it appears that the company's measures have prevented mass data theft from iPhones, and iPads. At the Black Hat security conference being held in Las Vegas this week, mobile security firm Lookout announced that an app distributed in Google's Android Market had collected private information from millions of users, then forwarded it to servers in China. Worse than that, the exact number of affected users isn't known, since the Android Market doesn't provide precise data. Estimates are that the app was downloaded anywhere from 1.1 million to 4.6 million times. The app appeared to simply load free custom background wallpapers, but in fact collected a user's browsing history, text messages, the SIM card number, and even voice mail passwords, and then sent the data to a web site in Shenzen, China. This is different from the recent AT&T website leak that could have let a hacker access 144,000 iPad 3G user email addresses, since in this case the data theft actually did happen, was being perpetrated by malicious hackers, involves much more personal information, and affected many more people. So what's the difference between the security methodologies used by Google and Apple? Apple approves iOS apps only after they've gone through a strict (and frustrating to developers) process, while Google's Android Market simply warns the user that an app needs permission to perform certain functions during the installation. iOS apps must be signed by an Apple-created certificate, which means that malicious developers have a harder time distributing malware anonymously. Lookout also noted that iOS remains virus-free, since third-party apps can only be distributed through Apple's heavily-moderated App Store, and the apps run in a sandbox environment where they can't affect the system. Lookout chief executive John Hering said that "he believes both Google and Apple are on top of policing their app stores." It's just those odd cases where apps don't do what they're advertised to do that can cause problems for users. [via AppleInsider]
Aegis Bio grows to 640GB of fingerprint-protected storage
Apricorn specializes in the fine art of making people believe their data is worth stealing and charging them for the privilege of protecting it. Its Aegis Bio range has now been expanded, both in number and in capacity, as the former ceiling of 250GB has been lifted with the introduction of 320GB, 500GB and 640GB variants. The 2.5-inch external disk validates user identity with that handy fingerprint scanner on top before allowing access to the otherwise 128-bit encrypted precious stuff within it. Prices of the new models top out at $160 for the most voluminous one, making them thrifty enough to buy even if you don't need secret agent-level security -- which, let's face it, you don't. Full PR after the break.
