Tag: privacy

CNN App Leaks Passwords Of Citizen Reporters

As camera-equipped mobile phones have proliferated in recent years, CNN pioneered the crowd sourcing of news with its highly successful and much-imitated iReport program. But aspiring iReporters would do well to hold off submitting their stories using CNN’s mobile application for the iPhone – at least for a few days.   According to a report from the security firm zScaler, the CNN App for iPhone fails a basic security test: failing to encrypt traffic sent to and from the application, including a user’s login and password. The flaw, which was only found in the CNN App for iPhone, could allow an iReporter’s account to be compromised, giving strangers access to any stories they have submitted to the news network. CNN senior director of public relations Matt Dornic acknowledged the flaws and said that CNN has updated the application and will be submitting it to Apple as soon as possible. According to a […]

Continue Reading

Yet Another IoT Standards Group: This One For Privacy

Data privacy firm TRUSTe announced that it is forming a group to identify technical standards to ensure consumer privacy in the Internet of Things. Speaking at the Internet of Things Privacy Summit in San Francisco last week, Chris Babel, the CEO of TRUSTe said that the multi-party group will draw up “technical standards to help companies develop the privacy solutions that are needed to protect consumer privacy in the Internet of Things.” [Read Security Ledger’s coverage of privacy issues related to the Internet of Things here.] The group, dubbed the IoT Privacy Tech Working Group will include representatives from TRUSTe as well as online privacy groups The Center for Democracy & Technology, The Future of Privacy Forum and the Online Trust Alliance, according to a statement from TRUSTe.   IoT privacy tech working group announced. “This working group will work to address the mounting security and privacy concerns, while promoting transparency and user […]

Continue Reading

Hacker Takes on the World’s Spy Agencies | WIRED

Andy Greenberg over at Wired has a fine profile of former Google hacker and human rights champion Morgan Marquis-Boire (aka “Morgan Mayhem”), who is now working for the start-up publication First Look Media Marquis-Boire is an expert in malware analysis, with particular expertise in analyzing the software that oppressive regimes use to spy on journalists, human rights activists and political dissidents. At First Look, he will be devoting his talents to defending what Greenberg calls “an endangered species: American national security journalists.” First Look is a nascent, independent online media startup founded by eBay billionaire Pierre Omidyar. The site is best known as the (new) home of Glenn Greenwald and Laura Poitras, and the launch pad for whatever secrets are still hidden in the trove of information Edward Snowden leaked to Greenwald. According to Greenberg, Marquis-Boire was hired away from Google and given the task of safeguarding those documents as well as the […]

Continue Reading

Google Warns Of Dodgy Digital Certificates Issued By India

Beware of Google domains bearing gifts – especially gifts from India. On Tuesday, Google’s Adam Langley took to the company’s security blog to warn about unauthorized digital certificates that have been issued by India’s National Informatics Centre (NIC) and used to vouch for “several Google domains.” Google notified the NIC, as well as India’s Controller of Certifying Authorities (or CCA) and Microsoft about the discovery and the certificates have been revoked, Langley said. As Cory Doctorow noted over at BoingBoing.net, most operating system vendors and browser makers don’t trust NIC-issued certificates as a matter of course. However, NIC holds intermediate CA (certificate authority) certificates that are trusted by India’s CCA, and CCA-trusted certificates are included in Microsoft’s Root Store, meaning applications running on Windows as well as Microsoft’s Internet Explorer web browser would have trusted the bogus NIC certificates. Google said that Chrome users on Windows would not have been victims of the […]

Continue Reading

FDA: Regulators Can’t Scale To Police Mobile Health Apps

A senior advisor to the U.S. Food and Drug Administration (FDA) tossed cold water on speculation that the Agency might try to police mobile health and wellness applications, saying the FDA couldn’t possibly scale up to meet the challenge of policing the hundreds of new apps appearing every month. Correction: The article was changed to clarify Mr. Patel’s comments. He was not responding to a direct question about the FDA setting up an office to regulate mobile health applications. He was commenting on the possibility of creating a platform to evaluate and rate mobile health applications.  Also, he said “It’s not do-able,” not “it’s not possible.” We apologize for any confusion created by the article. – PFR July 10, 2014. The sheer pace of innovation in the mobile health application space and the numbers of such applications already available on mobile marketplaces like the iTunes App Store and Google Play mean that many mobile health applications will escape scrutiny by federal […]

Continue Reading
1 30 31 32 33 34 50