The Federal Trade Commission (FTC) has fined game developer RockYou.com $250,000 for, among other things, failing to adequately secure their customers’ user data. While the FTC slammed Rock You for COPPA (the Children’s Online Privacy Protection Act rule) violations, in part because RockYou collected information from children under the age of 13 without parental consent, the Feds made a point of noting that “the company’s security failures put users’ including children’s personal information at risk” while at the same time claiming that they had adequate security measures in place. Adequate security measures our foot! They stored their user data in plain – i.e. unencrypted – text! The FTC settlement and fine follows a 2 year investigation into the hacking of RockYou servers in 2009 which exposed the date of 32 million users.
Aaron Swartz, a co-creator of RSS , open access advocate, and author of the Guerrilla Open Access Manifesto, and now a researcher at Harvard, has been arrested for hacking into the JSTOR system. JSTOR, which stands for “Journal Storage”, is a system that archives academic journals, and makes them available to institutions and, in a more limited version, to the public.
Twitter is aflame with calls for boycotts of Rupert Murdoch, his ‘News of the World’, ‘News of the World’s’ parent company, ‘News International’, and other Murdoch holdings, as the investigation of News of the World’s using a private detective, Glenn Mulcaire, to hack into the telephone voicemail of several young girls who had been murdered in the U.K. in 2002, and that of their families, moves into Parliament. The families of Milly Dowler, Holly Wells, and Jessica Chapman have all been informed by police that each of their telephone voicemail accounts may have been hacked, each within days of each girl’s disappearance, and each by Mulcaire, trying to get a scoop for News of the World. Among other things, Mulcaire is alleged to have hacked into Milly Dowler’s voicemail on her mobile phone, and deleted some messages, which caused Milly’s family to continue to hope that she might be found alive when she had already been murdered, and which interfered with the police investigation. Calls for Rebekah Brooks, head of News International, and a personal friend of British Prime Minister David Cameron, to step down are escalating, putting the Prime Minister in an awkward position, particularly as his Communications Director, Andy Coulson, also formerly of News of the World, has already been forced to resign his position with the Prime Minister.
Earlier this month, the NATO Rapporteur (and we explain what that is) released a draft report addressing, among other things, the scope and impact of the leaking of the Wikileaks documents by Private Bradley Manning, the threats and actions by “hacktivists” (activist hackers engaging in “hacktivism”), including the hacker collective known as “Anonymous”, and what counter-measures NATO and other such bodies might take.
Lots of you are asking lots of questions about the Sony PlayStation Network (“How was the Sony Play Station Network taken down?”, “Who hacked the the Sony PlayStation Network?”, “Is it true that it was done with rooted Sony PSP handhelds?”, and, perhaps most importantly, “Is the Sony PSN secure now?” To bring you up-to-date, if you are scratching your head right now, first, the Sony PlayStation Network (referred to in shorthand as the “PSN”) was taken down last month in a concerted cyber attack which, at first Sony claimed was down due to “maintenance” but, eventually, they admitted that a hacking attack had taken them down. The hacker or hackers also caused Sony’s Qriocity services to go down. Oh, and wait – it also extended to the Sony Online Entertainment network. In short, if you have ever completed any transaction online with Sony, you need to treat your identity and credit card information as compromised.
A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week. The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on, and when you type in your username and password, BAM! Your login credentials have been stolen.
If you use Gmail, and also use Facebook, it can be very easy for someone to password crack and access your Gmail account using Gmail’s recover password retrieval feature. This is because Gmail’s access password recovery feature allows anybody to guess the answer to your “forgot password” reset security question. And if the answer to your forgotten password reset security question happens to be information easily gleaned from your Facebook account (or some other social network information), then password hacking your Gmail account is as easy as typing in that password protection answer. (And we use the term “password protection” loosely.)
A new hotel network security study by Cornell University entitled “Hotel Network Security: A Study of Computer Networks in U.S. Hotels” has proven that using the wireless Internet – and even cabled Internet – at your hotel is almost always inherently insecure and unsafe.
A new hack has Wordpress hackers disabling all of your Wordpress plugins (including, you see, Akismet or any other anti-spam comment spam stopper plugin), which then allows them to inject comment spam into your blog at will. So if you suddenly find yourself getting an enormous amount of comment spam all at once, or if you suddenly find your blog pages coming up blank (because with your plugins disabled, that often can be the case) you may be the victim of this latest plugin-disabling comment spam hack.