The security firm that disclosed a security hole in a Facebook feature that allows users to download their own data file says the social network giant still has questions to answer about the extent of the data breach. Writing on their blog, researchers at Packet Storm Security said that Facebook has underestimated the extent of the breach, which affected around six million users of the social networking site and an unknown number of non-Facebook users. Packet Storm says that Facebook’s analysis of the breach failed to account for ways in which it could be exploited, in an iterative fashion, to glean information on Facebook users beyond the individual pieces of data that may have been viewed by users who used the Download Your Information (DYI) feature. The firm also called Facebook to task for failing to notify non-users whose information was exposed in the incident. On Monday, Security Ledger wrote […]
Search Results for "Privacy"
Facebook Mum On Future Of Ghost User Accounts
Facebook acknowledged on Friday that a flaw in a feature that lets users download their own profile information exposed personal information on approximately six million users, including phone numbers and e-mail addresses that were not shared with the site, but is staying mum on the future of wide ranging information harvesting practices revealed by the bug. In a blog post, the social networking giant said the security hole was disclosed by an independent security researcher and forced the company to disable the Download Your Information (DYI) feature until it could be fixed. Despite the large number of people affected, Facebook said individual pieces of private data like an e-mail address or telephone number were only exposed to one or two other Facebook users. However, Facebook has not said whether it will cease using non-public data from users’ contacts to fill out dossiers on other Facebook users, a practice that has […]
HBR: Internet Of Things Has ‘Profound’ Impact On Risk
The advent of a global network of Internet connected devices – sometimes referred to as the “Internet of Things” will bring about a “data democratization” that will upend traditional IT security models and pose considerable risks for organizations. That’s the conclusion of two leading authorities on the so-called “Internet of Things” (IoT), Christopher J. Rezendes and W. David Stephenson, who write that its impact on businesses will be “profound,” and that cyber security will be one of the biggest challenges that organizations must address. In a guest post on the Harvard Business Review blog on Friday, Rezendes, the president of INEX Advisors, and Stephenson, an author and consultant specializing in the Internet of Things argue that “the very principle that makes the IoT so powerful — the potential to share data instantly with everyone and everything (every authorized entity, that is) — creates a huge cybersecurity threat.” The authors predict […]
Wardriving Goes Corporate: Comcast Turning Residential WiFi Into ‘Millions of Hotspots’
One of the big challenges to the growth of the “Internet of Things” is access. It goes without saying that, without access to the Internet, almost all of the benefits of connected devices disappear. Your smart phone becomes a dumb phone. Your ‘net connected watch or running shoes or car scream into the void – trying desperately to connect to a network that isn’t there. Here in the U.S., that problem has typically been addressed by routing traffic through 3G or – depending on where you live – 4G wireless networks. However, access to those networks is spotty, especially in the sparsely populated Western U.S. According to a survey by the U.S. Federal Communications Commission (FCC), much of the Western U.S. is a 3G wasteland, with little or no access to broadband wireless networks. One solution is to tap the loose network of residential broadband subscribers, allowing them to peel […]
Podcast: Project Prism – Has Uncle Sam Gone Rogue?
It was hard to escape the big news this week: revelations from The Guardian and The Washington Post about a program of widespread surveillance of online social networks and mobile phone use. The news, both the result of high-level leaks of classified information, has embroiled the Obama Administration in the most serious questions about domestic spying since the Nixon administration. To discuss the week’s events, Paul sat down with Ron Gula, the CEO of Tenable Network Security (and a former NSA security ninja) and Rick Forno, director of the University of Maryland Baltimore County’s Graduate Cybersecurity Program and a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS). While neither guest was surprised to read about the government’s monitoring of cell phone activity or data from social networks, the latest reports lay bare the dimensions of the U.S. government’s domestic spying post 9/11, and raise serious […]