Google’s public-only, profile policy: An opportunity, not a punishment
Let me first get this out into the open first. I don’t see Google’s removal of the option to have private profiles as an issue. That’s right. I’m saying that I don’t care. For that matter, you shouldn’t care either.
Users have never been required to provide government-issued documents to validate the date of birth, gender or uploaded avatar. No, people have always been free to omit biographical information, make things up and use an alias. Isn’t that what Dateline NBC’s ‘To Catch a Predator’ series taught us? From an Infosec standpoint, full disclosure of your information on any site, to include those with supposed ‘private’ profiles, is never recommended. Whether publicly available on the web or hidden from general view, the data you input and files you upload still reside on someone else’s server and can be exfiltrated by authorized admins or unauthorized third parties, via exploitation of unmitigated vulnerabilities, brute force attacks, and similarly scary methods employed by recreational and professional hackers.
Facebook Places – What would Jason Bourne do?
Last night, Facebook unveiled its newest tool for Facebook users. Known as Facebook Places, it’s designed to let people ‘check in’ and share their current location, along with what they’re doing there. For users of previously established services like Gowalla and Foursquare the idea is nothing new. They’ve been reporting and recording their travels for some time now. Users of the social media platform Twitter are more likely to be aware of what location-based check in services are, since they’re accustomed to reporting their own whereabouts or, in some cases, seeing others do it.
For the average Facebook users, though, the idea may be totally new. Basically, users of the iPhone Facebook app, as well as other smartphone users whose devices support Facebook’s mobile interface and geotagging (or geolocation, as it’s also known), will be able to check in at their current location, say what they’re doing, and who they’re with. While it may sound benign enough, Facebook’s past privacy gaffs lead many to wonder if this is just another marketing opportunity for Facebook, at the expense of the unwitting user. Of course, this is definitely the ‘Jason Bourne’ way of looking at it. Is Facebook Places as evil as privacy groups would lead us to believe or is it a useful tool that, if properly configured, can be used to our benefit?
Google, Verizon plans cause many to ask what net neutrality actually means
Since posting a pieced entitled A joint policy proposal for an open Internet on its Public Policy Blog on Monday, Google has once again put on the villain hat, in the minds of many. If you read it, the implications aren’t really that nefarious. When coupled with the potential deal with Verizon last week, Google doesn’t come across quite so heroic. Essentially, Google is doing its part to reshape what net neutrality is and evolves into, as well as how the rules therein will apply to service providers like Verizon.
We won’t pretend that it’s a simple issue. In truth, it is complex and its implications far-reaching. Ultimately, it will affect how each and every person uses the internet each and every day. Last week we posted news of the potential Google, Verizon deal. Is it a net neutrality killer as some have painted it? Alternatively, is Google simply telling the truth about collaborating and contributing to an FCC-approvable definition of net neutrality, when they posted, “We stand ready to work with the Congress, the FCC and all interested parties to do just that.”
Security flaw inadvertently exposes iPad 3G user data
Yesterday, AT&T admitted that the personal data of Apple iPad 3G customers had been exposed due to a security flaw. The news was first reported by Gawker and was later confirmed by AT&T.
According to the company, the exposure of personal information was limited to the email addresses of iPad 3G customers, who will be notified formally of the data exposure. In an electronic statement, AT&T spokesman Mark Siegel said, “This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the email addresses.”
U.S. Senators introduce far-reaching legislation to protect against cyber attack
According to a Wired report published yesterday, U.S. Senators Joe Lieberman and Susan Collins have co-sponsored a bill that would empower Department of Homeland Security to assume control over the United States’ “critical infrastructure” in the event of an “imminent cyber threat.”
Over the last decade, U.S. dependence upon its cyber-infrastructure has continued to increase. Critical services and operations are increasingly structured around government networks, which are often interconnected via the magic of Al Gore’s internet. This means that any internet outage, local or nationwide in scope, has the potential to decrease the ability of the government to operate. The question is, though, just how much control Homeland Security officials would wield and when and how they would be authorized to use it.
Facebook announces plan to rescue your privacy, avert the Facepocalypse
In an event held at the company’s New York headquarters today, Facebook CEO Mark Zuckerberg announced plans to fix what the now infamous Facebook Social Graph broke. Responding to weeks of internet-based complaints and, even worse, congressional discussion, Zuckerberg explained that simplified options to configure privacy settings are in the works and should be rolled out within the next several weeks.
Following the obligatory remarks on the company’s evolution and growth, Zuckerberg got straight to the point and told people what they wanted to hear. In the official Facebook blog, Zuckerberg writes, “Today we’re starting to roll out some changes that will make all of these controls a lot simpler. We’ve focused on three things: a single control for your content, more powerful controls for your basic information and an easy control to turn off all applications.” Basically, this means that Facebook’s privacy settings will be fixed and the Facepocalypse can be averted. This of course means you won’t have to worry about securing your profile or, even worse, deleting it altogether.
Google Maps reminds us that Wi-Fi may be unsecured but it’s never really free
This past Friday, May 14, 2010, Google Inc (GOOG) admitted that, since 2006, the company has inadvertently been collecting private network traffic from unsecured wireless connections. How did they do it? Did they strategically position satellites around the globe? Did they deploy sophisticated keystroke logging software to unwitting Gmail users? No, in a move straight from a Scooby Doo villain’s playbook, they strapped a camera to a car and drove around neighborhoods disguised as harmless cartographers.
That’s right. It seems Google’s fleet of cars responsible for driving around cities in more than 30 countries has been taking more than photographs for Google Maps. The tricked out vehicles also picked up and recorded private information, such as user names, passwords, and other unencrypted traffic. So, who is affected? Should we be worried?
Facebook Privacy: How to Secure Your Profile from the Social Graph
One of yesterday’s big tech stories was Facebook’s unveiling of the its Social Graph concept. While CEO Mark Zuckerberg may have gone to great lengths to emphasize the benefits of connecting all of the dots on the internet, privacy and security experts almost immediately began cautioning that the changes could be detrimental in terms of user privacy.
As has been the custom in past updates, the social media giant illogically turns on new options by default and advises the user, via an attractive graphic, that they have the choice to “Understand your privacy” and read the details of the change. Even then, the wording is ambiguous, at best. How good or bad are the changes? In the interest of objectivity, it’s still too early to form an educated opinion. In light of the significant changes, though, it is a good time to review some simple steps that every Facebook user should consider, when determining what and how much information they share.
Internet Privacy: Why Library of Congress Twitter Archives Could be a Bad Thing
Today the Library of Congress announced, via a tweet, that they are set to obtain the entire archive of tweets. That’s right….every tweet. Specific details have yet to be published, but, reportedly, archives dating back to March 2006 will be kept for their historical value. At first glance, it does make sense, and they’re doesn’t seem to be anything heinous about it. Some tweets are historic in nature.
Take for example the first tweet from President Barack Obama, shortly after winning the 2008 Presidential elections, where he said…or tweeted: “We just made history. All of this happened because you gave your time, talent and passion. All of this happened because of you. Thanks” Just like a letter written by President Roosevelt to Winston Churchill discussing the Allied Alliance or an apology note from President George H. Bush to the Japanese Prime Minister regarding his unfortunate regurgitation, a simple, 140-character tweet can carry significant historical weight.
What about all those other tweets, though? You know…the ones that you may not have given much thought to before hitting the tweet button?
Patch Tuesday: A Review of the Must-Have Fixes from Microsoft, Adobe and Oracle
For most System Administrators, Patch Tuesday is a regular event that signals that there is work to be done. For home computer users, it’s when their computer (if properly configured) either automatically installs new Microsoft patches or prompts them to do so. Inevitably, a reboot or two will be required. While it may seem like a bit of a pain, it’s a crucial task that affords effective protection against the most obvious and popular avenues of exploit often used by hackers.
This Tuesday was no different, in the sense of Microsoft patches. This time around, though, Adobe and Oracle joined in the update fun by making available some critical patches that system administrators and home users alike should install as soon as possible. What’s included on this list that you should know about? Let’s go through the list to make sure you’re in-the-know.
