Search


  • Categories


  • Archives

    « Home

    Archive for the ‘Security’ Category

    Update: AT&T stops using tracking ‘supercookies’ on cellphones — for now

    Monday, November 17th, 2014

    Recently, there were news reports that Verizon and AT&T were using tracking “supercookies” to keep tabs on their customers’ online activities. These supercookies were virtually impossible to get rid of. Now, ProPublica reports that AT&T has stopped using the supercookie tracking technology on mobile phones, but it may restart the use of the technology:

    AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers’ Internet activity. [...]

    The tracking numbers can be used by sites to build a dossier about a person’s behavior on mobile devices – including which apps they use, what sites they visit and for how long. Read more »

    Wall Street Journal: Americans’ Cellphones Targeted in Secret U.S. Spy Program

    Friday, November 14th, 2014

    The Wall Street Journal reports on a surveillance program gathering the data of thousands of mobile phones:

    WASHINGTON—The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. [...]

    Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.

    The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location, these people said. [...] Read more »

    SC Magazine: Automakers pen ‘privacy principles’ for in-car technology

    Friday, November 14th, 2014

    SC Magazine reports on a letter (pdf) that 19 automakers (part of the Alliance of Automobile Manufacturers and the Association of Global Automakers) sent to the Federal Trade Commission concerning in-car technology and principle of privacy for protecting drivers and passengers. The companies signing on to the principles are Aston Martin, BMW, Chrysler, Ferrari, Ford, General Motors, Honda, Hyundai, Kia, Maserati, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen and Volvo. SC reports:

    Two automaker groups, with representation from major manufacturers, like Ford Motor Company, BMW, Mercedes-Benz and Toyota, have penned a benchmark privacy document for protecting data collected through in-car technologies.  [...]

    In a letter to FTC Chairwoman Edith Ramirez, the groups’ CEOs Mitch Bainwol and John Bozzella said that the principles coincide with the associations’ existing commitments to the National Highway Traffic Safety Administration (NHTSA). In July, the groups agreed to establish an information sharing and analysis center (ISAC) for the auto industry, where information on “cyber-related threats and vulnerabilities in motor vehicle electronics or associated in-vehicle networks” could be communicated, the letter said. Read more »

    New York Times: Oops! Health Insurer Exposes Member Data

    Thursday, November 13th, 2014

    The New York Times reports that health insurance company Anthem Blue Cross sent e-mails to some customers that contained sensitive information in the subject lines:

    On Monday, in a similar error, some California residents received emails from their health insurer, Anthem Blue Cross, with personal details about them contained in the subject line.

    The text of the emails encouraged members to visit their doctors for checkups and to discuss certain medical screening tests. [...]

    But the emails’ subject lines included member-specific demographic details like age range and language. They also listed possible medical screening tests — marked “Y” for recommended tests and “N” for tests not listed in the email. [...] Read more »

    Electronic Frontier Foundation: ISPs Removing Their Customers’ Email Encryption

    Wednesday, November 12th, 2014

    The Electronic Frontier Foundation reports on disturbing research concerning Internet Service Providers and the privacy of their customers’ e-mail:

    Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

    By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception. [...]

    It is important that ISPs immediately stop this unauthorized removal of their customers’ security measures. ISPs act as trusted gateways to the global Internet and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves.

    City of Seattle launches digital privacy initiative

    Monday, November 10th, 2014

    The City of Seattle has announced “a citywide privacy initiative, aimed at providing greater transparency into the City’s data collection and use practices.”

    “In the course of doing business with the public, the City is collecting and exchanging increasing amounts of data,” said [Mayor Ed Murray (D)]. “As we continue to make innovative technology investments, we need to implement practices that support public trust in the security and privacy of personal information.” [...] Read more »