InSecurity Complex

The San Francisco Bay Area Transit District adopted a policy today that bars officials from interrupting cell service in subway stations except in "extraordinary circumstances."

The policy, which is believed to be the first policy governing intentional cell service disruption in subways, comes in response to a public backlash over BART for shutting off cell service to head off a protest this summer.

Under the new policy, BART may temporarily interrupt cell service only when it determines that there is "strong evidence of imminent unlawful activity that threatens the safety" of passengers, employees and the public, … Read more

Just what is Carrier IQ's software doing on your phone? And do you really need to worry about it?

A 25-year-old systems administrator in Connecticut set off a media firestorm after discovering mysterious software on his Android that appeared to be recording his activities. Software maker Carrier IQ says the software is designed to give carriers usage and other stats so they can improve the network and service. But the researcher argues that the software represents a serious privacy threat because sensitive data is being logged without user permission.

Mobile security researchers CNET has spoken with say that they … Read more

It's funny how Siri works. She will tell you where you can find an escort, drugs, or guns but can't seem to help if you are seeking birth control or abortion clinics.

Today, the ACLU launched a petition that asks Apple to fix the "glitch" in the voice-activated service on the iPhone 4S so it provides useful information to people seeking information on reproductive resources.

Apple told CNET that the company is still working out the kinks in the beta service and the problem should be fixed soon.

"Our customers want to use Siri to … Read more

The major Web-based e-mail providers are joining forces with an anti-fraud startup, which is launching tomorrow, to help keep phishing messages out of peoples' inboxes.

Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services … Read more

Facebook settled a federal complaint about its privacy practices, making major changes to the way it handles user information in order to clear away an issue that could have overshadowed its expected--and long awaited--IPO.

As part of the settlement, Facebook agreed to let users "opt into" changes that alter how their personal information is shared with advertisers and other users, to disclose the information it shares with third parties and to submit to two decades of annual "privacy audits" to ensure its compliance.

The settlement ends a Federal Trade Commission investigation into Facebook's handling of … Read more

In addition to the usual online scams designed to defraud shoppers during the holiday season, several malls will be tracking people via their cell phones.

Beginning on Black Friday, Promenade Temecula, south of Los Angeles, and Short Pump Town Center in Richmond, Va., will be monitoring signals from shoppers' cell phones, CNN reports.

Mall officials say they want to be able to see traffic patterns in the various stores. No personal data will be collected and the information will remain anonymous, they said. Shoppers are given notice by small signs around the malls.

"We won't be looking at … Read more

Google is strengthening the encryption on Gmail and other services so that messages stored today can't easily be decrypted later by faster computers using brute force methods.

The company is enabling what is called "forward secrecy" by default, Adam Langley from Google's security team, wrote in a blog post yesterday.

"Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today," he wrote. "In ten years time, when computers … Read more

The Department of Homeland Security and FBI today dismissed the conclusions of a report that a cyber intrusion caused a pump at an Illinois water utility to burn out. But the statement doesn't explain why an Illinois state terrorism intelligence center would say it was a hacker when it wasn't.

In the meantime, the DHS is investigating a claim by a hacker who goes by "pr0f" who claimed to have compromised a Texas water utility last week.

"After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA … Read more

AT&T said today that it successfully thwarted what appeared to be an attempt by someone to steal mobile customer data.

"We recently detected what could have been an organized attempt to obtain information on a number of customer accounts," AT&T spokesman Mark Siegel said in a statement. "The people in question appear to have used autoscript technology to determine whether AT&T telephone numbers were linked to online AT&T accounts."

No accounts were breached, he said, adding that less than 1 percent of AT&T's 100 million … Read more