The Legal Aid Society has sued the Manhattan district attorney for refusing to divulge whether he buys information from social-media companies as a way to track civil rights protesters and conduct other “social monitoring.”
Though the district attorney’s office is the only defendant in the Article 78 Petition, the nonprofit Legal Aid Society specifically asks for information on “the extent to which the state of New York and New York City employ the services of Geofedia, Inc., Media Sonar Technologies Inc., and X1 Discover, Inc.”
A team of three researchers from the University of California, San Diego (UCSD) has created a tool that can detect when user-registration-based websites suffer a data breach.
The tool, named Tripwire, works on a simple concept. Researchers say that Tripwire registers one or more accounts on websites by using a unique email address that they do not use for anything else.
Each email account and the website profile used the same password. Tripwire would check at regular intervals if someone used this password to access the email account, which would indicate the website suffered a breach and an attacker used the stolen account data to log into the associated email account.
Tripwire finds 19 data breaches during test run
In a live test, researchers said they registered accounts at over 2,300 sites. At the end of the study’s period, scientists said that attackers accessed email accounts for 19 of these sites, including one with a userbase of over 45 million.
UCSD researchers reached out to each website, but to their astonishment, none notified users of the breach.