During the holidays, there were several stories about attacks on the private data of individuals and how some are trying to protect against such data collection.
Researchers at Mocana, a security technology company in San Francisco, recently discovered they could hack into a best-selling Internet-ready HDTV model with unsettling ease.
They found a hole in the software that helps display Web sites on the TV and leveraged that flaw to control information being sent to the television. They could put up a fake screen for a site like Amazon.com and then request credit card billing details for a purchase. They could also monitor data being sent from the TV to sites. […]
Mocana and firms like it sell technology for protecting devices and often try to publicize potential threats. But the Mocana test also illustrates what security experts have long warned: that the arrival of Internet TVs, smartphones and other popular Web-ready gadgets will usher in a new era of threats by presenting easy targets for hackers.
As these devices become more popular, experts say, consumers can expect to run into familiar scams like credit card number thefts as well as new ones that play off features in the products. And because the devices are relatively new, they do not yet have as much protection as more traditional products, like desktop computers, do.
The Wall Street Journal reported on how telecommunications companies, including cellphone service providers, are attempting to protect customer data from attacks. Wall Street Journal: Fortifying Phones From Attackers
Carriers are deploying new services and cutting deals with start-ups to help protect people from malicious attacks and misuse of their personal data stored on a smartphone. Meanwhile, handset makers and chip firms are taking steps to fortify their hardware as the number of attacks on mobile devices grows larger and more sophisticated. […]
As consumers and companies start doing business on their devices, the industry also believes it is critical to be proactive before a major attack so that the public feels comfortable conducting commerce on their mobile devices. […]
AT&T has hired 13 Ph.Ds in the last six months to open a new lab in New York City focused on mobile security. The researchers are working on technology that detects and blocks worms, viruses and other malicious software from reaching mobile devices. Carriers are also working with start-ups to fill in some gaps. In October, Verizon Wireless signed a marketing and distribution partnership with Lookout Inc., a mobile-security provider based in San Francisco. Lookout makes a free application for Google Inc.’s Android software as well as BlackBerrys and Windows-based devices. […]
Hardware makers are also taking new steps. Research In Motion Ltd., whose BlackBerry smartphones are known for their business security, is preparing to roll out a free product called BlackBerry Protect that will let consumers to back up their data such as contacts and text messages, and remotely locate or lock the device or wipe the data.
The New York Times Magazine takes a look at the Tor Project, which aims to keep secret the identity and data of Internet users who use its technology. New York Times: Granting Anonymity
A deliberately byzantine system of virtual tunnels that conceal the origins and destinations of data, and thus the identity of clients, Tor has been around since 2001, when programmers from M.I.T. and the U.S. Naval Research Laboratory introduced it at a California security conference. In the past year, supported by grants from the U.S. government and other funders, the Tor Project has prolifically expanded its networks. The software has been downloaded more than 36 million times this year, and thousands of nameless volunteers — many of them Tor clients — now help to relay mind-bogglingly diverse Tor data in nearly every country on earth.
Peaceniks and human rights groups use Tor, as do journalists, private citizens and the military, and the heterogeneity and farflungness of its users — together with its elegant source code — keep it unbreachable. […]
A Tor transmission these days might start in Addis Ababa, hop to Dallas, then to Stockholm and finally Johannesburg. (There are some 2,000 Tor relay nodes at any one time across the globe.) The only thing the Johannesburg recipient can discover is that the data came from Tor, and Tor has successfully identified itself with no person or group, only with ideological incoherence. For the person trying to get a message out through Tor, this means he communicates exactly as much as he chooses and no more. With Tor, you “only reveal the information that you type,” [Jacob Appelbaum, a developer for Tor,] says. “As opposed to all the other information that comes along when you use your computer.” […]
Instead he spoke volubly, on a temporary Web-based phone line, about Tor and privacy. Appelbaum, whose work as a Tor evangelist requires him to persuade large numbers of people to trust Tor, calls traditional journalism a system of “privacy by policy” — where the policy is set ad hoc by the journalist and the source. (“This is off the record; the story should run on Monday; you must let me use this if you expect the Monday story to run,” etc.) Tor, by contrast, offers what Appelbaum calls “privacy by design” — a kind of privacy that is built into the code, which is available, like Tor software, free, so users can inspect it. You couldn’t violate Tor’s privacy if you wanted to.