Privacy & data protection

Updated at 7:55 a.m. PT on Wednesday to specify that the FBI cleared Mitnick of any wrongdoing in this event.

Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate--that is, until he returned from a trip to Colombia two weeks ago.

After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.

The simultaneous incidents gave Mitnick deja vu of his days as a fugitive pursued by the FBI for breaking into computer networks, only this time, he hadn't broken any laws.

"There was uncertainty, fear, and panic because I didn't know what was going on, and I didn't do anything wrong," he said in a recent telephone interview with CNET News. "In my mind, I thought I was being set up for something."

Here's a rundown of what happened:

Mitnick's Delta Airlines plane landed in Atlanta on September 16 at around 3 p.m. He had flown in from Bogota, where he had gone to give a speech to the newspaper El Tiempo and to visit his girlfriend.

The first sign of trouble was when a U.S. customs agent swiped his passport through the computer system and started staring intently at the screen and typing. "Kevin," the agent said with a big smile on his face. "Guess what? There are some people downstairs who want to have a word with you, but don't worry. Everything will be OK." … Read more

New security features planned for Zimbra will resolve an issue responsible for passwords being transmitted as clear when accessing Yahoo Mail, a Yahoo spokeswoman said on Tuesday.

"Plain text authentication is an industry-wide challenge that major e-mail clients and providers face when providing the right balance of backward compatibility and security," a Yahoo spokeswoman said in an e-mail statement.

"Zimbra has plans as part of the next beta release to implement additional new security features to provide more secure authentication options. This approach will be in place in the next few weeks well before we launch the … Read more

Passwords used to access Yahoo mail through the Zimbra client are sent over the Internet in clear text, a Canadian programmer says.

Holden Karau stumbled upon this problem while participating in the Yahoo University Hack Day at the University of Waterloo last week.

"The Yahoo imap server's used by the Yahoo Desktop don't support SSL and the password was being transmitted in plain text," Karau wrote in a blog post on Friday.

"What does this mean for you? If you use Zimbra to access your Yahoo mail, you almost certainly need to change your password … Read more

I sat down on Thursday with someone who watches the underground criminals who are trying to break into people's bank accounts and steal their money. And the picture isn't pretty.

Online fraudsters are coming up with more types of dangerous attacks and more sophisticated methods, says Uri Rivner, head of new technologies for RSA Consumer Solutions, which is owned by EMC.

I've already written about how the cybercriminals are borrowing organizational structures from the mafia and even legitimate businesses, and have further explored the threats from identity fraud. Rivner filled in some details with his assessment of how the fraudsters are operating. He talked about the "Fraud Supply Chain" in which harvesters steal the data and then sell it to people who are expert at turning the data into cash by emptying out the bank accounts.

The two sides of this e-commerce underground communicate via informal marketplaces on IRC Chat channels. They also share information on sites like "Carder's Market," where you can read industry blogs and even reviews of Trojans and other malware.

Fraudsters aren't just targeting bank customers. They are also luring victims off social networks, where they harvest sensitive private information, and online gaming sites, where they steal accomplished avatars and accounts and sell them for money, Rivner says.

Another recent trend is the blending of phishing and malware on spoof Web sites that look legitimate but prompt visitors to run an executable in order to see a video, for instance. Instead, the executable is a Trojan that can grab the sensitive data on the computer. The recent "Obama sex video" spam is an example of this. … Read more

Large organizations are deploying more and more encryption technologies these days on laptops, tape backup systems, mobile devices--everywhere.

Yes, they are concerned about regulatory compliance, data breaches, and embarrassing front-page headlines, but there is something else going on as well. Technology suppliers are now baking encryption into technology components and systems. As encryption becomes cheap and ubiquitous, risk-averse users will likely deploy it everywhere.

Ironically, multilayer encryption may actually compromise data security. Why? If data is encrypted multiple times, someone better know about the chain of encryption events that took place. Each encryption activity relies on an encryption key to … Read more

A new hole in Facebook allows members to see the fan pages of people on the networking site who they aren't friends with, an outside researcher revealed on Friday.

In verifying the hole, CNET News--signing onto the site as someone who is not a designated "friend" of Facebook founder Mark Zuckerberg--was still able to see that he is a fan of Barack Obama, the Dalai Lama, Green Day, Nirvana, Central Park, the Monterey Bay Aquarium, and Apple Students.

All a would-be spy has to do is go to anyone's profile page, click on the "Info&… Read more

Facebook has filled a hole that allowed strangers to view members' photos through the mobile version of the site, a spokesman said Tuesday after being alerted to the problem by CNET News Monday night.

"Today, we learned that certain photos could be viewed by unauthorized users who employed a complicated hack," a spokesman wrote in an e-mail. "Once we were notified of the issue, it was resolved within hours. These photos are no longer available to unauthorized users. We encourage security researchers examining Facebook to practice responsible disclosure."

Basically, someone who knew the serial number of … Read more

After booting applications from Facebook this summer for violating user privacy, the social-networking company is gearing up to vet apps for trustworthiness as part of a voluntary validation program.

The validation badge will give Facebook members a gauge to use in deciding whether to add a particular app or not. Experts praise Facebook's effort, but say apps posing security risks will still be around despite that, partly because of the popularity of the network.

Facebook gives a tremendous level of access to its APIs, which has enabled developers to create more than 24,000 apps for the platform since … Read more

The iPhone is recording everything users see and do on their devices for caching purposes, an iPhone hacker says.

The device records screenshots of a user's most recent action so that it can achieve that cool effect of applications fading away when the home button is clicked, according to Jonathan Zdziarski, who wrote the forthcoming book iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets.

The screenshots are presumably deleted after the application is closed, but they can be recovered with forensics techniques just like data deleted from most any storage device can be reconstructed for purposes of law … Read more