This afternoon, Facebook has made one of those announcements a company never really wants to have to make: they’ve had a rather unfortunate bug problem. The big problem here was, as Facebook notes, that their most recent method for recommending friends to new users also contained contact information of users – this including information added
Today, Facebook announced a security bug that compromised the personal account information of six million users. In a post on the Facebook Security page, the site’s White Hat team explained that some of the information the site uses to deliver friend recommendations was “inadvertently stored with people’s contact information as part of their account on Facebook.” When users downloaded an archive of their account via the DYI (download your information) tool, some were apparently given access to additional contact info for friends and even friends of friends. The post continues:
We’ve concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.
Facebook says it’s temporarily disabled the DYI tool to fix the breach. We’ve reached out to the site for further comment; for now, read the official statement via the source link below.
Update: Facebook has responded to our inquiries and stated that while the bug was discovered earlier this month, “it had been live since last year.” They immediately disabled the tool, fixed the bug and reenabled it within 24 hours of the bug’s discovery. The bug was reported to them through a White Hat program for external security researchers.
Filed under: Internet, Facebook
Via: TechCrunch
Source: Facebook
NSA’s information gathering practices have been further detailed in court papers revealed by The Guardian. While the agency has continued to reiterate that it doesn’t collect its data indiscriminately, the leaked papers detail several loopholes that allow it to gather data from both American and foreign origins without the need for a warrant. If you use data encryption or other privacy tools, your communications are likely to receive extra attention, and the agency can indefinitely keep any information assembled for “crypto-analytic, traffic analysis or signal exploitation purposes” — in short, if the NSA believes may be relevant in the future.
One reason to hold onto said files could simply be the fact that the data is encrypted and NSA wants to be able to analyze its protection. The security agency can also give the FBI and other government organizations any data if it contains a significant amount of foreign intelligence, or information about a crime that has (or will be) committed. Any data that’s “inadvertently acquired” through the NSA’s methods — and could potentially contain details of US citizens — can be held for up to five years before it has to be deleted. The Guardian‘s uploaded the leaked papers in full — hit the source links for more.
Filed under: Internet
Via: The Guardian, Forbes
Source: The Guardian (1), (2)
The Guardian has obtained a series of documents which reveal that, while the NSA is expected to "minimize" collection of data suspected to belong to US citizens, any "inadvertently acquired" domestic communications can still be kept and used without a warrant.
     |
Amidst the myriad of PRISM and FISA-related data collection leaks, rumors, denouncements, and sources, it was mentioned that the security agency takes steps to avoid collecting any more information on US citizens than necessary, something that has been expounded on today with two leaked top-secret documents. The documents were sent to The Guardian, which published
Today we walk through metal detectors to get into courthouses, airports, and even concert venues. But back in the 1920s the first walk-through metal detectors weren’t invented for finding weapons (or nail clippers), they were invented for searching would-be thieves.
| |
Skype allegedly developed a clandestine program dubbed Project Chass that investigated potential ways to increase government and law enforcement access to its VoIP calling service, years in advance of Microsoft’s acquisition in 2011. Project Chess was formed while Skype had “sometimes contentious talks with the government over legal issues,” insiders tell the NYTimes, with knowledge
Yahoo has responded to claims that recycled email accounts could pose a security problem, claiming it’s "going to extraordinary lengths" to protect users. Obviously.
| |
Glasses that prevent the wearer from being recognized by face detection software have been demonstrated in Japan, using LED light invisible to the human eye but confusing to monitoring cameras to mask identity. The privacy visor, under development by Isao Echizen‘s team at the Japanese National Institute of Informatics, works by packing a pair of
Yahoo has dismissed fears of hacking and impersonation after it deactivates dormant user accounts, arguing that the risk of identity theft is incredibly low. The company announced last week that it would be culling those accounts not used for twelve months, prompting concerns that new sign-ups with recycled names could go on to “borrow” the
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
