Tuesday, April 19, 2011

Apple Adds Do-Not-Track Tool to New Browser

Apple has added a Do-Not-Track tool to a test version of its latest Web browser that would potentially keep customers' online activities from being monitored by marketers. This tool is within Lion, a version of Apple's Mac OS X operating system that is currently only available to developers. The final version of this operating system is expected to be released to the public this summer. Mentions of this do-not-track feature in Apple's Safari browser began to appear in online discussion forums and on Twitter recently. Adding this feature leaves Google Inc. being the only major browser that has not yet committed to supporting a do-not-track capability in its browser, Chrome. A Google spokesperson said that the company will continue to be involved closely in industry discussions about do-not-track features. For now, they offer an add-on program for Chrome that users can download called, "Keep my Opt-Outs" that will let users request that their data not be used for targeted advertising.

Do-not-track tools in browsers automatically send out messages to websites and online advertising networks requesting that users' movements around the Web not be tracked. The system will only work if Web companies agree to respect people's tracking preferences. Apple's Safari browser currently accounts for approximately 6.6% of Web browser use on the Internet, while Microsoft's Internet Explorer accounts for 55.9% and Mozilla's FireFox accounts for 21.8%, according to estimates from NetApplications.com (a firm that tracks browser market share).  Of the four major browsers, Google's Chrome is growing the quickest. They have rose from 6.73% to 11.57% just this last April.

Representative Cliff Stearns introduced privacy legislation that would encourage these companies to offer more information about how their consumers are being track. They feel that they all have the right to know. The bill requires firms to create privacy policies that tell the consumers about the collection, sale, and use of their data. Currently, these types of Federal laws do not exist. The bill calls for the data-collection industry to develop a policing program that would be approved by the Federal Trade Commission.

Some people make it seem that this type of thing takes too much time and energy out of these companies to do, to simply be able to assure their consumers that they are safe and their information is not being collected. It really can't be that hard to come up with such tool. Especially when the benefits of doing so have to be so great, compared to what type of downfalls their might be. Everything has its pros and cons, but clearly adding the do-not-track tool would not only protect their consumers, but would almost guarantee the trust of their consumers, which should be most important.

Article Name: Apple Adds Do-Not-Track Tool to New Browser
by Nick Wingfield
http://online.wsj.com/article/SB10001424052748703551304576261272308358858.html


How to Kill Web Data About You

As we already know, anytime you do anything on the internet: shop online, date online, or conduct friendships through social networks, we leave behind a large, and growing, amount of our personal data. Employers, marketers and even thieves are piecing together general mosaics of who we are. Spokeo.com gives a little glimpse of what these mosaics do with our personal information. Here, you can see estimates of your age, home value, marital status, home address/phone number, and sometimes even a photo of your house. There are other services just like this, too. And these services sometimes ask you to pay a mere $15 a month to see other information such as your hobbies/interests, financial information, etc. People who have this information, sometimes simply can just snoop on Facebook or such sites for information about your political views, health challenges, office tribulations, party mishaps, which could affect your chances of getting into a school or landing a good job. Many privacy experts fear that companies will use this data against users to maybe deny insurance coverage or to assign a higher interest rate on loans. But how do we fix this problem?

If you want to try to manage privacy, the first thing you should do is check major search engines such as Yahoo!, Bing and Google. This is where most people would first go to check you out. Run keyword searches on your name, address, phone number, and other data and see what turns up. But don't stop here. Look for online accounts you once opened but don't use anymore, especially on social networking sites or dating sites, where you would have provided extensive personal information. Not only could dig up information about you on these sites, but the site itself could change its privacy settings or be acquired by a different company with different policies. If you have issues with doing all of this yourself, there are programs and companies that will do it for you, but sometimes costing up to $99 a year for quarterly reports detailing the information found about you online. To some, this would be extremely beneficial.

The hardest part is masking the information. Sometimes you are able to get into these accounts and just delete it yourself, but this could be very time consuming. So, begin by removing extreme personal information such as your full date of birth or home address, and then delete continue by deleting or deactivating social networking accounts that you no longer use. If someone else posted information about you, you would have to go to them. Getting a friend to delete a photo of you would be easy. But getting an online publisher or data broker (a company that buys data from other companies and sells it to companies that collect it) to remove content, can be tricky.  Many data brokers will let you opt out of their databases, but you would need to contact each one individually. This usually requires waiting a set amount of time, and it is not always guaranteed to be down forever. Usually, after doing this, your information should be out of search engines within a week, though.

All of this seems like one big headache, but it is a little price to pay, when so many people have had their identity stolen. Getting your identity stolen is even more frustrating, and for some people, it ruins their lives. It seems to be a small portion of the headache that that would end up causing. Most people aren't aware of the information that is out on the Web about you, so if you aren't sure of what is public currently, you should check it out. I had searched my parents information on Spokeo.com, and it is amazing how much of their information is now out on the Web on this one site. Some of it wasn't true, but it was weird how much of the little details that they had up there that was true. It becomes somewhat scary, too. So if you aren't aware of what is going on with your information that you are letting sit on the Web, get it removed as soon as you can.

Article Name: How to Fix (Or Kill) Web Data About You
by Riva Richmond
http://www.nytimes.com/2011/04/14/technology/personaltech/14basics.html?_r=1&src=me&ref=technology

Thursday, April 14, 2011

Former Teen Stock Swindler Sentenced to Three Years on New Hack

Van T. Dinh, now 27, once served time for an online stock-trading scheme when he was 19. During this time he hacked into another trader’s account and bought the options with his own account. This act made Dinh the first person charged by the Securities and Exchange Commission with a fraud that involved both computer hacking and identity theft.  This led him to serve 13 months in prison in 2004. After his previous attacks and after being released from prison, he was just recently sentenced to three years in prison in New York on new charges of cracking a New York-based currency exchange service and gifting himself with more than $100,000. Dinh was ordered to pay $125,000 in restitution for the scam and to serve three years of federal supervised release. In 2003, Dinh found himself to be the unhappy owner of Cisco “put” options that were very close to expiring without a payoff. Instead of absorbing the losses, he had used a Trojan horse program that was disguised as a stock charting tool to take control of an innocent person’s online stock account. After doing this, he then had the victim’s account buy $37,000 worth of his options, shaving his losses.
            After his first release, Dinh’s probation officer had concluded that he was not seriously applying himself to secure employment. Then in December of 2008, he had set up a real account with an online currency exchange serviced that was based in New York. Two weeks after this, he had logged into his account using an administrative password and added $55,000 to his account. He had soon done the same and added another $55,000 two days later. According to an FBI agent, Dinh then used his access to make currency trades on two different customer accounts, and then gave one of them $140,326.75. This hacking was traced by the FBI to an IP address that was assigned to a home in Phoenixville, Pennsylvania, where Dinh shared a home with his mother.  Dinh was arrested and was held in jail, without bail, at the Metropolitan Correctional Center in New York. He was labeled as being a danger to the community by hacking activities, along with other reasons. Dinh then pleaded guilty to computer fraud and identity theft.
            Dinh also thought that he had a sense of humor, and believed that what he had done was funny in many different expenses. At his sentencing hearing at his earlier case, prosecutors read from an electronic diary found on Dinh’s computer. It read, “I am so proud of myself for my ‘hacking business’ – I will never regret what I did. I am the best of the best trickster. I laugh often when Mom says she worries … Even if I go to jail, big deal; I will learn something there. Hahaha.”

Article Name: Former Teen Stock Swindler Sentenced to Three Years on New Hack 
by Kevin Poulsen

Wednesday, April 13, 2011

Facebook: Our Comments PlugIn Increases Publisher Traffic Up to 45%

About a month ago, Facebook released its commenting solution for third parties, which had been extremely feared. Between then and now, Facebook comments have made its way to more than 50,000 sites. Some of these sites included Vevo, Funny or Die, and the Los Angeles Times. Facebook, today, has announced a set of improved features for both users and publishers, as well as a bunch of statistics that say that the commenting system actually increases instead of decreasing discussion and Facebook referrals. The biggest change that this will cause for users is being able to login using Hotmail. Thoughts had come up about when users will see Google or Twitter as a login option, but there has been no mentioning of this by any Facebook spokes people. One spokesperson for Facebook did say, though, that they are always looking for new ways to improve their product, and they are hoping to add as many login options as possible.

Changes for publishers/bloggers include the ability to link directly to individual comments, generate larger News Feed objects, and access comments using the API. Generating larger News Feed objects shows that user interaction will dramatically increase. Facebook is saying that two sites have seen this increase after using Facebook Comments. Examiner.com says that they continue to see growth with the Facebook Comment plugin, and that they have noticed that comments have nearly doubled its weekly average since using the plugin starting on March 1.  They are also noticing more in-depth conversations and a dramatic increase in spam, as well. Examiner's referring instances have also doubled in the first month of using the plugin. The other site that has seen a difference is Townsquare Media, the local radio broadcaster. They have been using the Facebook plugin for six weeks now, and are noticing a 45% average increase in Facebook referrals. 

Although it has had its benefits, there are other sites that are saying it's having an opposite effect. Techcrunch is saying that they are noticing a dramatic decrease in the number of comments they are receiving, after implementing the Facebook Comments. It has decreased the number of trolls and amount of spam, but this is most likely due to the decrease in page views. People are complaining more about the fact that they now have to have a real identity to be able to even leave a comment or to voice their opinion on such sites. 

Clearly the one main benefit of using the Facebook Comments plugin is to decrease the amount of spam that is distributed throughout these sites. It seems to have allowed user to feel more safe putting their opinion out there, without being hit with spam or attacked. While this seems to be the positive end of the deal, others are just furious that now they have to identify themselves, while before...you didn't have to. Why does anyone need to know who you are? It only allows you to be labeled, especially if you're known. I agree with both ends of the deal, but I think that there has to be ways to satisfy both ends of the spectrum and allow users to both be satisfied and feel protected.

Article Name: Facebook: Our Comments PlugIn Increases Publisher Traffic Up to 45%
by Mike Melanson

Wednesday, April 6, 2011

Developer Yanks Unauthorized Windows Phone 7 Update Tool

Just hours after launching a tool that let Windows 7 owners grab smartphone updates directly from Microsoft, the developer pulled the utility from his Web site. This tool was called "ChevronWP7.Updater" was used to apply all available Windows Phone 7 updates, which included the "NoDo" update. The NoDo adds copy and paste functionalities and the February update that was designed to prepare the smartphones for the NoDo update. Windows Phone 7 updates have already had numerous issues, and customers have bashed Microsoft and its mobile carrier partners for the sluggish update roll-out. Experts have also bashed the company for not anticipating that these delays would make the users and fans upset and angry.

 Walsh's tool, which he had created over a span of 5 days, was released on Monday. It allows users to sidestep the carriers and to use the updates directly from Microsoft. But the tool's download link was removed from Walsh's blog later that day. His response to why he had done so was just that it was down for now, and that he would follow with more information. Nothing else, as to why he had taken the link down, has been said. Microsoft hasn't even responded to if they were the reason for why Walsh had removed the ChevronWP7.Updater...and if they were the reason, why? The only clues that have been retrieved are from a Facebook page of Microsoft's German team. They have basically warned that users who run Walsh's tool may not be able to retrieve future updates form their carriers.

The German team is also saying to use this tool at your own risk, if you are going to do so. Unofficial hacker tools can put the phone in an undefined state and not allow you to install future updates. They are saying that Microsoft nor the device manufacturer or the network operator is assuming liability for these types of consequences. As of now, there are mixed reviews from people who have used the tool. Some people are satisfied, while others are reporting problems and issues. Microsoft is saying that they are in contact with Mr. Walsh and intend on finding out his intent and any potential implications.

Again, another program/tool is released and no one wants to take responsibility for damage it may cause if users download it. Although it seems to be a mistake, someone needs to step up and take responsibility, and if not, do something about it. Walsh is obviously he reason for the issues though, so why is no one holding him directly responsible? It was clearly unauthorized, and he shouldn't have released the tool in the first place.

Article Name: Developer yanks unauthorized Windows Phone 7 update tool
by: Gregg Keizer
http://www.computerworld.com/s/article/9215547/Developer_yanks_unauthorized_Windows_Phone_7_update_tool?taxonomyId=15

Tuesday, April 5, 2011

After Security Breach, Companies Begin Protecting Customers of E-Mail Fraud

Epsilon has stated that a giant security breach occurred on its online marketing firm, leaving millions of people at risk for e-mail fraud. The breach had exposed peoples' names and e-mail addresses of customers of some of the nation's largest companies including JPMorgan Chase, Target, Citibank, and Walgreens. Although the number of people affected is unknown, security experts are saying that this giant security breach may be one of the largest, and could eventually lead to surge in phishing attacks. Epsilon is a marketing firm that handles e-mail marketing lists for hundreds of clients, and is also the marketing firm that suffered this breach. While e-mail addresses don't sound as though they are really that vulnerable, experts are saying that if criminals can associate these e-mail addresses with names, and then to companies/businesses like a bank, they could devise highly customized attacks to trick people into giving more important confidential information. This technique is known as "spear phishing." Some are saying that the road maps between the customers and the banks are now basically in the hands of criminals.

A spear phishing e-mail can be much more dangerous than regular phishing attacks because it can include a person's name and is sent only to people who are known to be customers of a certain business, increasing the chance that the targets will be victimized. With the information that was stolen from Epsilon, these criminals could send the customers of JPMorgan Chase emails that appear to be from the bank, complete with their names, and if criminals cross check their name with property records of mortgage holders, they could also include their address in the e-mail.

While these companies are trying to make their customers aware of what has happened, they are also assuring them that the hackers had only stolen names and e-mail addresses and not passwords, credit card information, or other important and confidential information. They are basically saying that they may just receive spam and other sorts of junk e-mails. Although it is limited in what they can share, those from Epsilon are saying that they are conducting a full investigation on this issue. Others are thinking that Epsilon was a random attack because the hackers basically scan the Internet looking for machines with a high vulnerability rate. Epsilon just so happened to be their choice.

With the issues going on today between credit card fraud, identity theft, and things along that nature, it is scary hearing from businesses in which you are a customer, especially your bank, that your information has been stolen or released to a third party without your consent. Most people would become aggravated and annoyed. And I'm sure these major companies are dealing with complaints as well as trying to fix this problem.

Article Name: After Breach, Companies Warn of E-Mail Fraud
by Miguel Helft
http://www.nytimes.com/2011/04/05/business/05hack.html?_r=1&ref=technology