Facebook introduced a feature three years ago that used facial recognition technology to suggest people to tag in photos. The backlash was swift and immediate, and under scrutiny from American and European governments, Facebook pulled the feature. After facing questions from Sen. Al Franken (D-MN) and the Subcommittee on Privacy, Technology, and the Law last year, Facebook quietly reintroduced the feature in February; users are now opted in to being facially recognized by default. Not many of us could have imagined while building our first Facebook profiles back in 2005 or 2006 that our profile picture might eventually be used to identify us years later in every new picture of us that gets uploaded, whether we want to be spotted or not. iOS app Path showed another stunning example of mishandling of data. The app culled users' entire address books in the name of helping them find their friends. More recently, the company turned out to be attaching location data to photos posted within … [Read more...] about Snapchat’s bad security shows how data use policies fail
Information security operations
Protecting a world in which critical infrastructure runs Linux—not to mention protecting journalists and political dissidents—begins with protecting the kernel. The way to do that is to focus on squashing entire classes of bugs, so that a single undiscovered bug would not be exploitable, even on a future device running an ancient kernel. … [Read more...] about Unsafe at any clock speed: Linux kernel security needs a rethink
In all, attackers intercepted the login credentials of nine individual users, 10 unique files, one mobile phone number, and several names and email addresses of client portal users. The stolen passwords didn't allow the attackers to log in to customers' accounts because they were protected with two-factor authentication. Fox-IT notified users of the September 19 breach within 24 hours but only disclosed it publicly in last week's blog post. … [Read more...] about Hackers take control of security firm’s domain, steal secret data
MORE ON CYBERSECURITYDisk-wiping malware, phishing and espionage: How Iran's cyberattack capabilities stackUS cyberattack damaged Iran's ability to target oil tankers, report says CNETThese hacking groups are eyeing power grids, says security companyWhy your business needs to work with the government to fight cyber warfare TechRepublicRansomware, snooping and attempted shutdowns: See what hackers did to these systems left unprotected online … [Read more...] about Suspected Iranian hacking campaign targets European energy companies
Part of the problem is that there's very little incentive for most OEMs and carriers to keep their handsets up to date after they leave store shelves. In both the iPhone and iPad lineups, Apple typically keeps a version of an older product around to sell as lower-priced models, rather than coming out with two or three new models targeted to specific market segments. This means that continued software updates for those products don't just benefit existing users, but they also ensure that those lower-priced phones that are still on store shelves continue to look appealing to new buyers. The market for Android devices is considerably more competitive than that for iOS, and new phones aren't always intended to replace the top-end model, which ensures that no one phone or tablet is on store shelves making money for its manufacturer for very long. … [Read more...] about What happened to the Android Update Alliance?