The President aimed to address concerns over Privacy by noting, "This strategy makes it clear that the individual privacy, civil rights and civil liberties of United States persons must be — and will be — protected."
The top US court declined to review a December 2011 appeals court decision that rejected a lawsuit against AT&T for helping the NSA monitor its customers' phone calls and Internet traffic. Plaintiffs argue that the law allows the executive branch to conduct "warrantless and suspicionless domestic surveillance" without fear of review by the courts and at the sole discretion of the attorney general. The Obama administration has argued to keep the immunity law in place, saying it would imperil national security to end such cooperation between the intelligence agencies and telecom companies.
The Supreme Court is set to hear a separate case later this month in which civil liberties' group are suing NSA officials for authorizing unconstitutional wiretapping.
In many countries, routers are so commonplace that they could be used by police and fire departments if cell towers and networks are down or overwhelmed by people caught up in an emergency, they say. This rich density means that an emergency network could piggyback on nearby routers, giving first responders access to the Internet and contact with their headquarters.
The malware takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments to premium service providers, and can also remotely control the infected device.
It has been spread via wallpaper apps that sport provocative titles and nude photos, and can only be removed using a lengthy process beyond the skills of a typical android user.
"For several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google's DoubleClick advertising network," the FTC said in a statement. "Google had previously told these users they would automatically be opted out of such tracking."
While Google agreed to the fine, it did NOT admit it had violated the earlier agreement.
FinFisher secretly monitors computers by turning on webcams, recording everything the user types with a keylogger, and intercepting Skype calls. It can also remotely take control of a computer. Gamma International Gmbh, a British company, sells the tool to law enforcement agencies and governments. As Slashdot reported, the first known analysis of FinFisher came from CitizenLabs.org in July.
Rapid7 researchers analyzed samples and then looked for those attributes in a global scan of computers on the Internet, and found matches in Australia, Czech Republic, United Arab Emirates, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar, and the United States.
The matches simply indicate that these computers exhibit the "unique behavior associated with what is believed to be the FinFisher infrastructure," Claudio Guarnieri wrote in a blog post.
wiredmikey writes: Despite a recent push by legislators, it remains unclear whether the Senate will manage to vote on the proposed comprehensive cybersecurity legislation (Cybersecurity Act of 2012) before Congress adjourns at the end of the week for its summer recess. Once all the amendments (over 70) have been dealt with, the Senate could decide to vote on the bill immediately, or wait till after the summer recess.
For example, Sen. Frank Lautenberg (D-N.J.) has filed a measure to ban high-capacity ammunition clips as part of a gun-reform proposal. And Sen. Mike Lee (R-Utah) filed a bill that would ban abortion in Washington, D.C. after 20 weeks of pregnancy. Sen. Michael Bennet (D-Colo) and Tom Coburn (R-Okla) filed an amendment to expand the Office for Personnel Management's federal government's data center consolidation initiative. Senate Minority Leader Mitch McConnell (R-Ky.) suggested an amendment to repeal the Affordable Care Act.
Even if the Senate manages to pass some form of the bill, it would still have to conference with the House to introduce a joint version of the bill. This one would then have to pass both the Senate and the House, and then be signed by the President in order to become law.
wiredmikey writes: Back in May of this year, Internet security firm Bitdefender launched "Clueful", an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user.
So why would Apple pull such an App from the App store? It’s unclear, and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.
It’s unclear why Apple would remove such an app from the App store. Perhaps Apple was able to call-out the company on a technicality that violates its terms of service. We don't know. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them.
The troubling aspect of the malicious version is that it does install the proxy as expected, however it adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia.
Once a user is infected with the malware, a Web form appears in the victim’s browser when they log into Facebook. The pop-up requests the user’s name, billing address, credit or debit card number, card expiration data and card identification number. Facebook however does not request credit card information from users. If the user enters the data and clicks “continue,” the information will be sent on to the attacker’s instant messenger application, Trusteer found. The researchers even found a “marketing” video used by the cybercriminals to demonstrate how the web injection works.
The report, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” also lays out best practices for businesses for protecting the privacy of American consumers. Building upon a report from December 2010, the updated report calls on corporations to enact the following recommendations: Privacy by Design, Simplified Choice for Businesses and Consumers, and Greater Transparency.
“In general, we’re pleased by the new privacy framework set forth by the Commission,” blogged Rainey Reitman, activism director at the Electronic Frontier Foundation (EFF). “We hope Congress, the Commerce Department, and industry figures will turn to it as they continue crafting policy around user data in coming years.”
In particular, Reitman expressed the EFF’s support on the FTC’s stance regarding a Do-Not-Track mechanism as well as the agency’s support of the HTTPS Everywhere Firefox Add-on and its articulation of the problems with data brokers.
The Center for Democracy & Technology (CDT) also largely praised the FTC report for providing a baseline for best practices for protecting consumer privacy.
From the article: The first scheme starts with a drive-by download infecting victims with the Gozi Trojan. Once the Trojan is on the victim’s PC, it uses a Web page injection that prompts the victim to enter the International Mobile Equipment Identity (IMEI) number on their mobile device before they can enter their online bank account. Once the attackers have the IMEI number, they contact the victim’s wireless service provider and report the mobile device lost or stolen. Then they ask for a new SIM card. With the new SIM card, all one-time passwords (OTPs) sent to the victim’s phone to verify their identity are sent to the attacker.
The second attack brings together the worlds of cyber and physical fraud, starting with a man-in-the-browser or phishing attack aimed at stealing the victim’s bank account credentials, phone number and other relevant information. From there, the scammers impersonate the victim and go to the local police department to report the victim’s mobile phone has been lost or stolen. This allows the scammer to get their hands on a police report for the device, Trusteer explained. With the police report in tow, the criminals show up to one of the wireless service provider’s retail outlets and tricks the provider into deactivating what is thought to be a stolen SIM card and providing a new one.
Tracking showed that 96-percent of the devices were accessed once found, and 70-percent of them were accessed for personal and business related applications and information. Less than half of the people who located the intentionally lost devices attempted to locate the owner. Interestingly enough, only two phones were left unaccounted for, the others were all found.
Going further, of the devices located, 45-percent of them reported that there was an attempt to read corporate email, and the remote admin application was accessed 49-percent of the time. A file named “saved passwords” was also one of the top selections, with a 57-percent access rate. Access to social networking accounts and personal email were each attempted on over 60 percent of the devices.
The numbers shouldn't be surprising. While not everyone has malicious intent, people are curious by nature — so remember to password protect your smartphone.