Wednesday, April 27, 2011

Sony screws up again?

http://www.smh.com.au/world/gamers-details-stolen-in-sony-security-breach-20110427-1dwyr.html

Gamers' details stolen in Sony security breach

UP TO a million Australian members of an online game and movie network have become embroiled in one of the world's largest privacy breaches.

An ''illegal and unauthorised person'' stole personal details including addresses and potentially credit card details belonging to 77 million people who have accounts on Sony Electronics's PlayStation Network.

Sony made the announcement yesterday on an American website.

… The PlayStation Network, where users can play video games and buy movies to stream online, was disabled six days ago yet account holders were only made aware of the breach when Sony notified the media yesterday.

The ''scope of the breach'' only became apparent on Tuesday after four days of investigation by an external security firm. [So Sony didn't bother to look or didn't know how... Interesting. Bob] The spokesman said emails had been sent to users, however no account holders spoken to yesterday had been contacted by Sony.



Tools for ubiquitous security are becoming more common and much cheaper (free is good)

http://techcrunch.com/2011/04/27/viewdle-releases-socialcamera-for-android-instant-photo-tagging-sharing/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Viewdle Releases SocialCamera For Android: Instant Photo Tagging, Sharing

Visual analysis company Viewdle this morning launched an Android app called SocialCamera that allows users to instantly tag photos, add captions and share them on Flickr or Facebook, by email or MMS. The demo video below explains how the app works in more detail.

The Android application, which is still in beta and not to be confused with Justin.TV’s Socialcam app, is free of charge and should be available through Android Market today.

The first time you use the app, you’ll notice you’ll have to identify your Facebook friends. After that, however, the app will be able to detect and tag persons automatically, which is of course far more appealing an offer.

[From the website:

As you take photos, SocialCamera will create a faceprint of your friends, so you can automatically match their social contact info to their picture – your camera will know who to send your photos to.



For my Computer Security students. A talk by a Security Philosopher. Feeling Secure v. Being Secure

http://www.ted.com/talks/bruce_schneier.html#0067372279462596385868

Bruce Schneier: The security mirage

The feeling of security and the reality of security don't always match, says computer-security expert Bruce Schneier. At TEDxPSU, he explains why we spend billions addressing news story risks, like the "security theater" now playing at your local airport, while neglecting more probable risks -- and how we can break this pattern.



...and what I learned from this article: DHS isn't ready for this.

http://www.computerworld.com.au/article/384342/dhs_chief_what_we_learned_from_stuxnet/

DHS chief: What we learned from Stuxnet

… Although nobody knows who created Stuxnet, many believe that it opened a new chapter in the annals of cybersecurity: the first worm written to destroy factory control systems. On Monday, Iran said it had been hit with a second worm, called Stars,, but security experts aren't sure that it really falls into the same class as Stuxnet.

… Stuxnet was a watershed event, according to Napolitano.

When Stuxnet hit, the U.S. Deparment of Homeland security was sent scrambling to analyze the threat. Systems had to be flown in from Germany [What “systems?” Surely they could have sent software over the Internet securely – are they talking about Sieman's controllers? Might make us feel better to be a bit more specific. Bob] to the federal government's Idaho National Laboratory. In short order the worm was decoded, but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm.

… With Stuxnet, neither Siemens nor DHS itself were the ones to explain that the worm was actually built to target [Now that is scary... Bob] -- and then destroy -- a particular industrial facility. That work was done by security researchers at Symantec, Kaspersky Lab, and -- most notably -- by security expert, Ralph Langner



Push back... “We don't want to be held to the same standard imposed on Google!”

http://www.bespacific.com/mt/archives/027106.html

April 26, 2011

PC World: A trade group raises concerns about the FTC settlement with Google over Buzz

A trade group raises concerns about the FTC settlement with Google over Buzz, by Grant Gross

  • "The U.S. Federal Trade Commission's proposed settlement with Google over its bungled launch of the Buzz social-networking service could have disastrous effects on the rest of the e-commerce industry, the head of a trade group said. Privacy groups and some FTC officials are pressing to set the Buzz settlement as an online privacy standard. And one provision of the proposed settlement would be a "real killer" for the rest of the e-commerce industry, said Steve DelBianco, executive director of trade group NetChoice. The proposed settlement, with public comments due next Monday, requires Google to get "express affirmative consent" from its users for "any new or additional sharing" of personal information with third parties if the new sharing is a change in Google's practices. This provision, if it becomes an industry standard enforced by the FTC, would require all online businesses to get opt-in permission from customers for minor changes in the way they share information with partners or other businesses, DelBianco said. Opt-in requirements would make it difficult for social-networking and online content sites to roll out new innovations and pay for their free services, he said. The calls for the settlement to become a privacy standard "can't be allowed to produce side effects for the rest of the industry for something Google did inappropriately," DelBianco said. "If the FTC gets its way and imposes the Google settlement on the entire industry, Google's competitors have to obtain express, affirmative consent before releasing any new features that would just share non-sensitive user data with third-party apps and advertisers."



That's a firm “We don't know...”

http://www.pcmag.com/article2/0,2817,2384338,00.asp

Infographic: Does Facebook Make You a Better Student?


No comments: