Privacy and data protection

White House Director of National Intelligence Dennis Blair says the U.S. is severely under the threat of greater cyberattacks but believes we can rise to the challenge.

Blair appeared before a Senate panel on Tuesday to deliver the Annual Threat Assessment of the U.S. Intelligence Community (PDF). A statement of Blair's remarks to the Senate Select Committee on Intelligence was released for the record. While he focused mostly on non-cyberterrorism and similar threats, he led off with a stark report on the growing dangers and challenges of cyberwarfare.

Seeing the recent attacks against Google as a "… Read more

Twitter has revealed the back story on why it reset passwords this week for many of its users.

The phishing attacks that forced Twitter to change account passwords stemmed from discovery of a scam being run by a torrent Web site creator, explained Del Harvey, Twitter's director of trust and safety, in a blog post Tuesday evening.

Twitter had found that someone for the past few years had been building torrent sites and forums requiring a log-in and password. This person then sold these Web sites and forums to people interested in starting their own torrent download sites.

Unknown … Read more

Lax security screening at Apple's App Store and a design flaw are putting iPhone users at risk of downloading malicious applications that could steal data and spy on them, a Swiss researcher warns.

Apple's iPhone app review process is inadequate to stop malicious apps from getting distributed to millions of users, according to Nicolas Seriot, a software engineer and scientific collaborator at the Swiss University of Applied Sciences (HEIG-VD). Once they are downloaded, iPhone apps have unfettered access to a wide range of privacy-invasive information about the user's device, location, activities, interests, and friends, he said in … Read more

Apple's new iPad device looks like it will have some of the same security issues that affect the iPhone, such as weak encryption, a mobile security expert said on Thursday.

For one, if the iPad employs encryption the same way the iPhone does, sensitive personal data, including phone numbers and e-mail addresses, could be retrieved and viewed, says Daniel Hoffman, chief technology officer at SMobile Systems, which sells mobile security software.

"The problem with the iPhone security encryption is it is fundamentally worthless," he said. "It can be easily bypassed."

Hoffman is not alone in … Read more

An Internet start-up wants to sell you the ability to protect your privacy, allowing you to create different online identities for different purposes and cloak your true self from prying eyes.

Early press coverage has been uniformly positive. CNN.com's review says "Total digital privacy may be on the horizon." The San Francisco Chronicle's article is titled "Online disguises from prying eyes." To BusinessWeek, it's a "A big boost for Net privacy."

"Think about how much business is predicated on the flow of personal information!" one of the founders … Read more

The "Verified by Visa" credit-card authentication system has come under criticism from Cambridge University researchers, who say it is training online shoppers to adopt risky security habits.

The feature, which is used to authenticate online financial transactions, confuses people by not displaying security cues, security engineering researchers Ross Anderson and Steven Murdoch said in a paper (PDF) published Tuesday.

The protocol underlying Verified by Visa, as well competitor MasterCard's SecureCode service, is 3-D Secure (3DS). The protocol is implemented as an iframe pop-up box, said Anderson. The pop-up does not display any commonly used markers, such as … Read more

London police are setting up two specialist teams to deal with aspects of e-crime and ticketing fraud surrounding the 2012 Olympic Games.

One of the teams will be dedicated to tackling e-crime related to the Olympics, such as attempted hacks on computer systems and fraud aimed at sponsors and prospective visitors. The other will focus on the prevention of ticketing fraud and other physical crime and will investigate ticketing Web sites. Recruitment is under way for the Olympics e-crime team, which is already investigating Web sites suspected of being set up to launch phishing attacks.

The computer systems at the … Read more

Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday.

The incidence of malicious attacks rose from 12 percent in 2008 to 24 percent last year, according to the 2009 Annual Study: U.S. Cost of a Data Breach survey conducted by the Ponemon Institute and sponsored by PGP Corp.

The cost per compromised record involving a criminal act averaged $215, about 40 percent higher than breaches from negligence … Read more

Facebook has fixed a hole that allowed strangers to see your friends list by accessing the site using a mobile device, the company said on Thursday.

"There was an inconsistency between the Web and mobile versions of the site for the friend list visibility option," Facebook spokesman Simon Axten said in an e-mail.

"Remember that with the privacy changes we made back in December, your friend list is now publicly available information," he said. "You can't shut off access to it completely, but you can hide it from your profile for non-friends. This visibility … Read more