Log in

Posts Tagged ‘Facebook’

Facebook in trouble over privacy breach

November 3rd, 2011

Image representing Facebook as depicted in Cru...

Hamburg's Data Protection Authority (DPA) awaits explanation regarding privacy breach

In short

Facebook is in soup because of a new breach of German privacy laws. Apparently it has been using “cookies” to track account holders even after they’ve cancelled their accounts.

The news in detail

According to Johannes Caspar, head of Hamburg’s Data Protection Authority (DPA) has given a detailed report showing how Facebook uses cookies to record browsing behavior. The agency further added that Facebook had no need to leave those cookies some of which have been there for about two years. “Our investigation gave no reason for the setting of cookies,” he said. He further added that Facebook is yet to come up with a good reason for doing this.

This ‘cookies’ issue is not new really. Facebook has been interrogated regarding this before. The Electronic Privacy Information Center and nine more public interest groups sent a letter in late September to the Federal Trade Commission asking them to investigate Facebook’s alleged tracking activity.

The company’s stand has been that even though cookies remain on the computer, they do not store any personal identification. Facebook further adds that these cookies are maintained for security purposes like spamming. This practise also discourages minors from creating an account.

The Data Protection Authority wants to tackle one more problem

Facebook is yet to explain to the DPA about its facial-recognition feature. The feature automatically identifies a person’s friends and suggests their name. As per the users should be made aware and their permission taken before the systems store and study their faces to enable the feature. FB has a Monday deadline to respond to DPA’s query. European Union regulators will be looking into privacy violations in this facial-recognition feature.

Statement made by Facebook

“Facebook does not track users across the web,” it said in a statement. “Instead, we use cookies on social plugins to personalize content (e.g. Show you what your friends liked), to help maintain and improve what we do (e.g. Measure click-through rate), or for safety and security (e.g. Keeping underage kids from trying to signup with a different age).

“No information we receive when you see a social plugins is used to target ads, we delete or anonymise this information within 90 days, and we never sell your information.”

What does FB plan to do next?

Facebook has agreed to give the DPA a technical explanation about the cookies use. Facebook is of the opinion that unless and until the DPA hears out the explanation, conclusions should not be drawn.

Data Security is very important in today’s data vulnerable world. Use Alertsec encryption service

Every organization has to have a data security policy in place. This news emphasizes the need for protecting private data. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing mode.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Cookie Data Protection Authority DPA Electronic Privacy Information Center EuropeanUnion Facebook Federal Trade Commission Hamburg HTTP cookie Information privacy Johannes Caspar privacy

NHS breaches Data Protection Act by posting patient info online

October 31st, 2011

We talked in one of our last posts about how often patient data is getting compromised these days. Just when we thought there won’t be another breach related to patient data, we are proved wrong! The following news item talks again about patient data loss and that too due to negligence of the staff at National Health Service (NHS) Trust.

It appears that NHS staff has been breaching the Data Protection Act (DPA) by posting private patient data and photographs on Facebook. Data breaches took place across the country between July 2008 and July 2011. Civil liberties group Big Brother Watch submitted Freedom Of Information requests which showed that there were 806 separate data breaches at 152 NHS trusts during the above mentioned period. The report states that more than 20 incidents of patient information was posted on social networking sites and 91 cases where NHS staff was caught viewing details of colleagues.

Consequence of the data breach

Around 100 staff members were dismissed due to breach of Data Protection policy.

What does the Director of Big Brother Watch have to say?

‘This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.’

The above shows that data breaches in the NHS are proving to be a ‘major problem’. ”The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost represents serious infringements on patient privacy.”

He further added: “It is essential the NHS is transparent about these incidents and failing or refusing to disclose that a data breach has taken place is unacceptable.”

Big Brother Watch feels that the NHS does not have a robust data security policy in place to ensure patients’ privacy is protected. It is of the opinion that such cases are going to keep increasing as more and more NHS staff members are going to get access to the new computer database having patient information. This new database called ‘The Summary Care Record’ will provide GPs, hospital doctors and paramedics immediate data about patients, such as allergies or medications.

NHS guilty of data breaches. Patient data compromised

Incident at the Nottingham University Hospital NHS Trust

A member of medical staff took a photograph of a patient in bed and showed it to friends on the social networking site. Needless to say, the member was dismissed.

What is being said about tightening of data security?

Information Commissioner’s Office said: “We continue to work with organizations from across the NHS to improve the security of patients’ information and will consider taking action where it is clear that an organization has failed to meet its legal obligations.”

Health Minister Simon Burns added: “We have issued clear standards and guidance to the NHS about what needs to be done to keep patient records secure and confidential. Individual NHS organizations are responsible for ensuring their staff understand and follow that guidance.”

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

No comments »

Posted in Computer security, Data Protection, Encryption, Uncategorized, data breach, data encryption

Tags: Big Brother Watch Christopher Graham Data loss Facebook NHS NHS Trust Patient

Tracking software helps track laptop thief

August 22nd, 2011

Macbook Pro stolen from an ex- FBI

Of all the people, this laptop thief had to rob a an IT security specialist and former FBI and NASA employee!

Interesting story ahead

When Greg Martin, an IT security specialist and former FBI and NASA employee, returned home late night he was shocked to see his house burgled. His laptop, a Macbook Pro, and other valuables were stolen. The thief had used a scaffold pole to open the security bars on his basement window! But Martin did not react the way most of us would. Had we been in his place, we would have panicked, right? Well, this guy is a former FBI and had installed a tracker on his laptop. So he knew that sooner or later the thief is going to get caught.

More about Greg

Greg Martin runs a blog called InfoSecurity 2.0. Is it not ironic to be stealing a laptop from a security guy? — Apparently Martin had installed an open source tracking software called Prey on his computer. According to the product’s website the software “lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen,”.

What happened later?

Martin registered a case of stolen laptop and waited for the thief to surface on the Internet. Two days later he received an email – that meant the thief had logged on to his machine. With the help of the tracking software Martin was able to get a clear picture of the user, as well as details of the IP address and wireless network that he was using and his location. As if Martin needed more, he was able to capture a screenshot of the user when he was logged into his Facebook thus giving away his name and the school that he had been to.

The thief is caught

Martin passed on this valuable piece of information (Facebook screenshot) to the London police who tracked down the thief in no time. Martin lived in an affluent neighbourhood where robbery is a rare phenomenon. The thief was hoping to take advantage of the fact that there were riots in the city and that the Police would be too occupied to look into a laptop theft.

Details about the thief

The thief was an 18-year-old young man by the name of Soheil Khalilfar. The police raided his apartment and recovered the laptop. It was later returned to Martin.

Martin’s wish

“My hope was I was going to watch him being arrested from my laptop camera — that would have been the perfect ending. But they arrested him when I was on the plane back to London,” Mr Martin said

Tracking software from Alertsec

The above case is a classic example of why security software needs to be a part of any laptop/computer. Your laptop is practically your life. It contains valuable data like financial documents, passwords to important files, business deals etc.

Alertsec Xpress offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution.

No comments »

Posted in Uncategorized

Tags: Computer security Enter your zip code here Facebook Federal Bureau of Investigation IP address laptop MacBook Pro NASA Theft

Celebrities Suffer in Hell Pizza attack in New Zealand

July 25th, 2010

: Image via Wikipedia

The customer’s database of Hell Pizza – a popular pizza company in New Zealand has been attacked resulting in data theft of several celebrities.
Most of the customers whose details have been stolen are celebrities including DJ Mike Puru, Target presenter Brooke Howard-Smith, comedian Dai Henwood, entrepreneur Seeby Woodhouse and former Green Party MP Nandor Tanczos. To provide the proof that the details have been cracked, the hackers have released the personal details of several celebrities in the New Zealand.

Some of the details that have been taken are email and home addresses, phone numbers, pizza orders and passwords. To confirm the incident, Hell has also called the cops and provided an email warning to its 230,000 customers for change in the internet passwords.

Green Party MP Nandor Tanczos said that he is not too worried by people knowing his taste in vegan pizzas but is off-course concerned by other information going out in open.

DJ Mike Puru said, “It does scare me to think how easy it is to get that information. I can confirm I do like chicken tenders.”

The only person is not affected by the hack attack is comedian Dai Henwood.

He said, “My Twitter has been hacked, my Facebook has been hacked and I’m pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell.”

The director of Hell Pizza Warren Powell mentioned that data attack is a major concern for the company and is a matter of serious issue. He said anything that causes problems for the customers is not acceptable and the company is trying its best to location the source of security breach.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Hell Pizza security breach: I’ll have extra passwords with that (sophos.com)
Hell – The Right Approach to a Data Breach (exponere.com)

No comments »

Posted in Hackers, data breach

Tags: Brooke Howard-Smith Dai Henwood Facebook Green Party Hell Pizza New Zealand Oceania security Telephone number

Computer Systems at 2500 Companies Hacked

February 18th, 2010

: Image by joshuadelaughter via Flickr

In a high security breach malicious hackers have penetrated into more than 75,000 machines in 2500 companies across the US & rest of the world.. Not only have the breached the security, but also they have obtained access to confidential data from commercial and government entitites across the globe.

According to the security firm, NetWitness, the attacks have compromised the login credentials of over 68,000 accounts revealing the new banking site information. Raising serious eye brows about the type of computer security software, the report mentioned a “dangerous new ZeuS botnet (a malicious programme)”.

Apparently, the Zeus botnet tool kit, allows criminals to infect and remotel control of users’ PCs. The Zeus tool kit can be purchased on the payment of some dollars. Swiss anti-spam activist Roman Hüssy operates the ZeusTracker website, which keeps watch on several Zeus control servers that are used by various gangs of criminals.

Alex Cox, who works at NetWitness & uncovered Kneber said, “When we detected the correlation between the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on threats such as Zeus”.

Kneber is described as a command-and-control system botnet based on the ZeuS Trojan and is based on the older version of 1.2 Zeus. First discovered in January, the malicious programme collects login credentials of online financial systems, social networking sites like Facebook & corporate email systems from infested computers and reports the information to miscreants.

NetWitness CEO and former Director of the National Cyber Security Division Amit Yoran said that cyber criminals like the Kneber crew target and compromise thousands of government and commercial organisations globally.

The unaware employees were caught on the backfoot when they downloaded the hacked software from the sites which were administered by the hackers. They were baited into opening emails which contained these infected attachments.

According to Yoran, “Because they’re using multiple bots and very sophisticated command and control methods, once they’re in the system, even if you whack the command and control servers, it’s difficult to rid them of the ability to control the users’ computers” .

According to WSJ, there were many companies hit by this attack including Cardinal Health, located in Dublin, Ohio, and Merck. Once the infected computers were identified they were immediately removed from the network. Also caught were the educational institutions, energy firms, financial companies, internet service providers are even government agencies were penetrated.

In a statement issued by the security firm, the scope of these attacks scaled across the United States, Saudi Arabia, Egypt, Turkey and Mexico.

To help keep your business data protected in an effective way, explore our secure encryption software solutions. Unlike competitors, our software won’t be hacked and it provides an independent layer of encryption. Try a free 30-day trial now!