Simply Security – EU proposes data protection overhaul; criticism ensues

The European Commission this week revealed a proposed overhaul to decades-old data protection rules in an effort to improve online privacy and Internet security across the European Union (EU) and beyond. However, even before the effects of the proposed rules could settle, backlash was felt from companies and governments around the world.

But here’s the real kicker…

The U.S. government was also quick to respond to the commission’s proposal. According to news provider the AFP, U.S. Coordinator for International Communications and Information Philip Verveer told reporters that the United States would examine the legislation closely in order to determine whether the proposal would be too costly for American businesses.

Sooo…as usual, the government would rather protect business interests rather than the public’s interest.  It should be mandatory, that any business that retains any consumer’s Personally Identifiable Information, should have that info encrypted.

Read more…EU proposes data protection overhaul; criticism ensues | Simply Security.

Can Authorities Force You to Give Up Laptop Password?

Epsilon e-mail Marketing Breach

By now, you may have heard of the security breach at mass email marketing company Epsilon, where the names and email addresses of thousands, if not millions, of people have been stolen. The current list of companies include:

  • 1-800-Flowers
  • AbeBooks
  • Ameriprise Financial
  • Barclays Bank
  • Best Buy
  • Brookstone
  • Citibank
  • Disney Destinations
  • Hilton Worldwide
  • JP Morgan Chase
  • Kroger
  • Lacoste
  • Marriott International
  • McKinsey Quarterly
  • New York & Company
  • Robert Half
  • Target
  • Tivo
  • US Bank
  • Verizon
  • Walgreens

The warning emails are starting to role in. This one from Target:

When will it become Standard Operating Procedure, and an industry standard, if you are storing customer info, to store it in an encrypted database! It can’t be that difficult!! The money you are spending on the resulting PR, could probably have been used to secure the database.

I blame, not only Epsilon, but also the companies that dealt with Epsilon for not making it a requirement that the customer info be encrypted.

SecureID firm, RSA, has it’s servers hacked

Man, security is getting tougher. When the servers at a well known security firm get hacked, we need to rethink our security protocols and business practices. From Sophos/Naked Security:

Hackers have broken into the servers of RSA, the security division of EMC, and stolen information related to the company’s SecurID two-factor authentication products.

Read the full story @ Sophos.com…Security firm RSA warns that its servers have been hacked | Naked Security.

Rogue Facebook apps can now access your home address and mobile phone number | Naked Security

Time to revisit your facebook privacy settings again:

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Read more…Rogue Facebook apps can now access your home address and mobile phone number | Naked Security.

Spam Taking Advantage of Gawker Hack

We know that Gawker Media had it’s databases hacked, releasing millions of usernames and passwords.

Now spammers/hackers are taking advantage of that story to send out spam emails like this:

Beware…

Facebook – How To Opt Out Of Instant Personalization

Facebook is getting bigger and sharing more info. It’s time to revisit your privacy settings and make sure you’re not opting into anything automatically.

First stop is “Instant Personalization“, which basically allows FB partner sites to gather your info. Opt out by going to your Account –> Privacy Settings, then click on the Edit Settings under Instant Personalization:

Instant Personalization

Once there, you need to uncheck the setting that allows partners to personalize their site based on your public info:

Uncheck Instant Personalization

Secondly, you’ll need to block each application (partner website) individually. This was harder to find.  Currently, there are only three partner sites. I was able to block them by doing the following:

Click on the following FB FAQ:

http://www.facebook.com/help/?page=1068#!/help/?faq=17105

This will open up the How Do I Opt-Out of Instant Personalization faq. From there, click on the partner links individually, and select “Block Application” from the left column. Remember, you have to do this for each partner:

Block Applications

Once done, you can confirm these sites are blocked by visiting the Blocked Applications section of the Privacy Settings –> Applications and Websites:

Blocked Applications

Finally, block what info your friends can share about you to partner websites by editing the settings in the What your friends can share about you page under Privacy Settings –> Applications and Websites:

Here you can edit what can be shared and what cannot. I unchecked everything so that nothing can be shared about me.

Call me paranoid, but in an age when identity theft is rampant, you shouldn’t be automatically opted into sharing your personal info.

Facebook’s New Features and Your Privacy: Everything You Need To Know – PCWorld

This is getting SCARY. So basically, unless you opt out, when you’re logged into FB, and visit a partner site (Currently Yelp, Docs.com, Pandora – but I’m sure the list will grow), the partner site will know you’re a FB user and will ask you if you want to “personalize” the site. By that they mean, they will custom tailor the site based on your “Likes” and “Recommendations” listed in FB. So they will have access to your FB “Public” data. If that’s not creepy enough, how about knowing that they will not have to delete the info they gather about you, from their servers, ever! Also, they will have access to your friend’s data, unless you’re friends specifically block the partner site.

Read more…Facebook’s New Features and Your Privacy: Everything You Need To Know – PCWorld.

Google Sees Fake AV Threat — InformationWeek

Something I’ve been seeing alot of lately, Fake AVs

Fake anti-virus software is on the rise and currently accounts for about 15% of all malware detected, according to a forthcoming report from Google.Fake anti-virus software purports to be software than can find and remove malware. But in fact it’s malware, the very thing it’s supposed to eliminate.

Fake AV software typically pretends to scan the victim’s computer and to find some form of malware, at which point it seeks payment from the victim to remove the non-existent malware.

Whether or not there’s a payment, the fake AV software may install more malware.

Google Sees Fake AV Threat — InformationWeek.

Google Douses Privacy Fire — InformationWeek

Google Douses Privacy Fire — InformationWeek.

Recent remarks by Google CEO Eric Schmidt in a CNBC interview have set off a firestorm among privacy advocates:

Passing on the opportunity to explain to Bartiromo the difference between trusted friends and multi-billion dollar search advertising companies, Schmidt responded, “I think judgment matters. …If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines–including Google–do retain this information for some time. And it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”

And the pretty much sums it up about any online company you deal with. For you Facebookers and Tweeters, and anywhere else you post or upload or download from, you’re putting it out there on a server that get’s mirrored and backed up, and probably indexed by search engines. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”