 |
So-called "anonymized" customer data really isn't anonymous at all, MIT researchers have discovered. It takes very little credit card information to correctly trace transactions with specific customers. "As this becomes a bigger problem, smarter companies will enter the market that use consumer data privacy as a main part of their value proposition," said David Giannetto, author of Big Social Mobile.
|
Credit card users may be dismayed by findings MIT Researchers reported last week in the journal Science: Just a few pieces of vague non-identifying information, namely the dates and locations of four purchases, were enough to identify 90 percent of people in a data set of 1.1 million credit card users over a three-month transaction period read more
Canada Levitates Data from File-Sharing Sites
 |
Canadian spies apparently have been on a gigantic fishing expedition, scouring file-sharing sites -- for the most part unsuccessfully -- for information that might reveal terrorist plots. The activity has outraged privacy advocates. "We built our societies on the idea that law enforcement can't just fish in people's private affairs for clues about their behavior," said the EFF's Danny O'Brien.
|
Canada's spy agency, the Communications Security Establishment, has been eavesdropping on 102 free file upload sites, including Sendspace, Rapidshare and Megaupload, which has been shut down.read more
There's a GHOST in Linux's Library
 |
As security flaws go, the recently discovered GHOST hole is pretty scary. Patching it could be more trying than fixing other recently discovered Linux vulnerabilities, according to Coverity's Jon Passki. "Patching a bug like Shellshock and rolling out a new version could be much easier than patching GHOST, as libc is a core library for many packages and the host operating system in Linux."
|
Patches for GHOST, a critical vulnerability in the Linux GNU C Library (glibc), now are available through vendor communities for a variety of Linux server and desktop distributions.read more
POS Terminals Rich Vein for Gold-Digging Hackers
 |
Since the Target breach, hackers have been busy developing POS malware and expanding its target environment. "We're seeing targeting of parking and airport kiosks," said Trend Micro's Christopher Budd. "The bad guys have figured out that within the U.S., the swipe-and-sign credit card technology is incredibly weak from a security point of view, and ... they're swarming everywhere they can."
|
Hackers are like gold miners. Once they find a rich vein for their malware, they mine it until it's dry. Point-of-sale terminals are such a vein, and it doesn't appear that it's one that's about to run dry any time soon
Following the success of the Target breach in 2013, the hacker underground was quick to rush more POS malware to market read more
Wikileaks Steamed Over Google's Lengthy Silence on FBI Snooping
 |
Prosecutors often seek a gag order when they believe disclosure of a warrant would jeopardize an investigation. However, an order lasting two and a half years is "very surprising to me," said Joel R. Reidenberg of the Center on Law and Information Policy. "The length of time that has elapsed between the subpoena and the disclosure to WikiLeaks of [its] existence seems quite striking."
|
Google may have contributed to violating the First Amendment rights of three journalists working for WikiLeaks two and a half years ago, when it turned over to the FBI all their email, subscriber information and metadata.read more
10 million stolen passwords were just released – here’s how to see if yours is one of them
Earlier this week, noted security researcher and consultant Mark Burnett made waves when he posted 10 million stolen usernames and passwords on his blog. Of course, the security expert didn’t post the passwords with malicious intent. Instead, his goal was to “release a clean set of data” that gives the world insights into user behavior, and also to draw attention once again to the arrest and prosecution of Barrett Brown.read more
