RIM opens door for Indian officials, promises to keep Enterprise Server locked up tight

RIM opens back door for Indian officials, promises to keep Enterprise Server locked up tight

Things weren’t looking good for BlackBerry in India, with threats of bans that were avoided at the last minute. We knew at the time that RIM had made “certain proposals” that would enable its messaging services to stay alive in India and now, about four months later, we’re learning what those proposals amount to. Basically, RIM has created a backdoor into the company’s messaging services, a “lawful access capability” that “meets the standard required by the government of India for all consumer messaging services offered in the Indian marketplace.” That’s a little disconcerting, but if you’re pinging your connects exclusively through BlackBerry Enterprise Server you can take it easy, as RIM is keeping that service locked up tight — or, at least, that’s what it wants you to believe.

RIM opens door for Indian officials, promises to keep Enterprise Server locked up tight originally appeared on Engadget on Fri, 14 Jan 2011 12:10:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceThe Inquirer  | Email this | Comments

Researchers eavesdrop on encrypted GSM call: all you need is a $15 phone and 180 seconds

It’s hardly a fresh idea — researchers have claimed that GSM calls could be cracked and listened in on for years. But there’s a difference between being able to do something with a $50,000 machine and a warrant, and being able to do the same thing with a few $15 Motorola phones, a laptop, open source software and 180 seconds of spare time. Security Research Labs researcher Karsten Nohl and OsmocomBB project programmer Sylvain Munaut recently spoke about a new GSM hack at the Chaos Communication Conference in Berlin, and they were able to walk the audience through the eavesdropping process in a matter of minutes. According to them, it’s not terribly difficult to use a $15 handset to “sniff out” location data used to correctly route calls and texts, and once you’ve nailed that down, you could use modified firmware to feed raw data into a laptop for decryption. Using a 2TB table of precomputed encryption keys, a cracking program was able to break in within 20 seconds — after that, you’re just moments away from recording a live GSM call between two phones. Of course, speeches like these are made to encourage security officials to beef up the layers between you and ill-willed individuals, but it’s hard to say what (if anything) will change. For now, we’d recommend just flying to each and every person you’d like to speak with. Unless you live in the Greater New York area — you’re probably better off risking a hacked conversation than heading out to LGA / JFK / EWR.

Researchers eavesdrop on encrypted GSM call: all you need is a $15 phone and 180 seconds originally appeared on Engadget on Wed, 29 Dec 2010 09:17:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceWired  | Email this | Comments

Wall Street Journal says apps may violate privacy, fingers MySpace and Pandora

You might have heard how careless some third-party apps can be with your personal data, but it may not yet have hit home — offenders can include must-have programs like MySpace and Pandora, too. The Wall Street Journal tested 101 popular apps for iPhone and Android and discovered that over half transmitted unique device identifiers (UDID) to a flock of advertisers without so much as a prompt, and that some (including Pandora) even transmitted a user’s age, gender and location to better target their marks. Now, before you boycott your favorite music apps, you might want to hear the other side of the story, which is that all this data is typically processed in batches and anonymized so that advertisers can’t necessarily separate you from the crowd. However, the worry is that there may be little stopping nefarious individuals from creating a database that links your UDID to all this other data you send out. It’s a juicy proposition for targeted advertising, sure, but also potentially real-world crime, so we doubt this will be the last we hear of UDID privacy scares.

Wall Street Journal says apps may violate privacy, fingers MySpace and Pandora originally appeared on Engadget on Sat, 18 Dec 2010 18:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceWall Street Journal  | Email this | Comments

Google Voice Search update helps you personalize your results, helps Google build another database to take over the world

Google Voice Actions was the first step towards our Star Trek dreams of lassoing the world with naught but vocal cords, and today Google’s taken a second hop towards that inevitable future by letting Android devices record our every utterance. Yes, if you’ve got a handset running Froyo or better, you can download an update for Google Voice Search right now, which will let your phone dynamically personalize its speech-to-text engine to better recognize your voice most every time you use it. Of course, by so doing you’re giving Google permission to record your sentences — anonymously, of course — to use in future products, but whether that’s a problem or just a happy coincidence depends on whether you take Google at its word. We hit the “yes” button, in case you’re curious. Find it on Android Market, or just use the handy-dandy QR code below.

Continue reading Google Voice Search update helps you personalize your results, helps Google build another database to take over the world

Google Voice Search update helps you personalize your results, helps Google build another database to take over the world originally appeared on Engadget on Tue, 14 Dec 2010 23:01:00 EDT. Please see our terms for use of feeds.

Permalink GigaOM  |  sourceGoogle Mobile Blog  | Email this | Comments

Internet Explorer 9 privacy measures to include Tracking Protection

In a nod to future FTC mandates regarding web privacy, Microsoft has announced that among its many charms, Internet Explorer 9 will introduce something called a Tracking Protective List. In essence, the TPL looks at third party elements of whichever page you may be viewing (for instance, when you’re at msnbc.com and it contains elements that are hosted by another domain) and allows you to block those which track your movements. This is done by domain, and there is both a whitelist and a blacklist — ensuring that while elements that are required for full functionality will be allowed, those which are a nuisance will be blocked. Of course, this isn’t the answer to all of your security needs, but between this and properly managing your cookies it is a decent first step. IE9 will come around sometime in early 2011 — in the meantime, check out the video after the break for more info.

Continue reading Internet Explorer 9 privacy measures to include Tracking Protection

Internet Explorer 9 privacy measures to include Tracking Protection originally appeared on Engadget on Wed, 08 Dec 2010 16:24:00 EDT. Please see our terms for use of feeds.

Permalink SlashGear  |  sourceMicrosoft Developer Network  | Email this | Comments

NASA’s shuttle PCs sold with sensitive data intact, insert WikiLeaks joke here

Let this be a warning for John and Jane Q. Public (always a cute couple, those two) to always wipe sensitive / secret data from your hard drives before selling a computer. Or better yet, take out the drive entirely and physically destroy it. That’s what we’d expect from our government entities, but an internal investigation found that a number of PCs and components from NASA‘s shuttles had been sold from four different centers — Kennedy and Johnson Space Centers, and Ames and Langley Research Centers — that “failed sanitization verification testing,” or weren’t even tested at all. In Langley’s case, while hard drives were being destroyed, “personnel did not properly account for or track the removed hard drives during the destruction process.” Meanwhile at Kennedy, computers were found being prepped for sale that still had “Internet Protocol information [that] was prominently displayed.” Helluva way to start a shuttle launch retirement, eh?

NASA’s shuttle PCs sold with sensitive data intact, insert WikiLeaks joke here originally appeared on Engadget on Wed, 08 Dec 2010 12:32:00 EDT. Please see our terms for use of feeds.

Permalink BBC  |  sourceNASA (PDF)  | Email this | Comments

The Reaction of Governments to Wikileaks Should Scare the Hell Out of You [Wikileaks]

Wikileaks is a flawed endeavor represented publicly by a smug egotist. But it deserves the respect and support of anyone who prioritizes the privacy of individuals over that of governments. More »

FTC says it’s talking to Adobe about the problem with ‘Flash cookies’

We’ve already heard that the Federal Trade Commission is pushing for a “do not track” button of sorts to stop cookies from watching your every move, but it looks like it isn’t stopping at the usual, non-edible definiton of a “cookie.” Speaking at a press conference on Friday, FTC Chairman Jon Leibowitz also dropped the rather interesting tidbit that it’s been talking with Adobe about what it describes as “the Flash problem.” As Paid Content reports, newly-appointed FTC Chief Technologist Ed Felten later clarified that the problem in question is actually so-called “Flash cookies,” or what Adobe describes as “local shared objects.” As Felten explained, those can also be used for tracking purposes, but they usually aren’t affected by the privacy controls in web browsers — Chrome is one notable exception. For it’s part, Adobe says that Flash’s local shared objects were never designed for tracking purposes, and that it has repeatedly condemned such practices — the company also added that it would support “any industry initiative to foster clear, meaningful and persistent choice regarding online tracking.”

[Image courtesy dopefly dot com]

FTC says it’s talking to Adobe about the problem with ‘Flash cookies’ originally appeared on Engadget on Sat, 04 Dec 2010 23:58:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourcePaid Content  | Email this | Comments

Street View Shocker! Google pays Boring couple $1 for trespassing

It’s hardly a surprise that there’s a cadre of individuals who aren’t too fond of Google’s seemingly omnipresent Street View fleet, but the ending of this dispute is downright absurd. Back in 2008, Aaron and Christine Boring were looking for a little excitement, and decided to find it in a courtroom; the duo sued Google for trespassing on their property while collecting photographs for Street View. According to them, Google’s Street View car ignored the “No Trespassing” sign planted out front, and while they noted that that would’ve accepted a simple apology letter, they had no qualms pushing for damages when that wish fell upon deaf ears. The payout? A single dollar. Let’s repeat that: 100 pennies. A buck. Barely enough to buy a Whopper Jr. in Portland, and definitely not enough to do so across the way in Vancouver. We suspect both parties are eager to put the whole mess behind ’em, but if you’ve been looking for a story to prove that America actually isn’t as aimlessly litigious as the world thinks they are… well, this one ain’t it.

Street View Shocker! Google pays Boring couple $1 for trespassing originally appeared on Engadget on Sat, 04 Dec 2010 20:43:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAFP  | Email this | Comments

FTC wants to fight tracking cookies with other cookies, create delicious sugary warfare

FTC wants a tracking cookie that disables other tracking cookies, to fight fire with fire

We’re not sure that fighting fire with fire actually works outside of the metaphorical realm, but don’t let us tell the FTC how to do its thing. The federal body, which recently told Google “it’s all good” after the company apologized for stealing people’s private infos, is now asking for social networking sites and browser developers to create a sort of “do not track” cookie system. If this cookie was present the sites would not capture a user’s browsing habits and not deliver customized ads, a cookie that would be created and enabled by a simple browser button. As of now the FTC is not mandating anything, but did deliver this passive-aggressive threat:

With respect to ‘do not track,’ we are giving companies a little time, but we’d like to see them work a lot faster in making consumer choice a lot easier.

So there you have it: start playing nice, companies, or the FTC might possibly do something. Meanwhile, we might possibly eat the cute looking gingerbread man in the middle up there. He sure looks tasty.

[Image courtesy of Fagles]

FTC wants to fight tracking cookies with other cookies, create delicious sugary warfare originally appeared on Engadget on Fri, 03 Dec 2010 08:47:00 EDT. Please see our terms for use of feeds.

Permalink ars technica  |  sourceFTC  | Email this | Comments