Cyberlockers and Copyright

Cyberlockers are 3rd party file sharing services. Examples of cyberlockers are Dropbox, RapidShare, and Megaupload, which provide users with password-protected spaces online where files can be shared with and downloaded by business colleagues or friends.

Much more convenient than sending file attachments, cyberlockers are very useful for transferring documents or photos between two or more people. Perhaps you’re collaborating on a presentation, or are putting together an online photo album for your family. Simply drop the files in the cyberlocker window through your browser.

The concern by copyright holders is that cyberlockers can hold large files as well, such as movies or music. It is common practice for people to share .avi movies and .mp3 songs through a cyberlocker. They are more difficult to monitor, and are invisible to surveillance tools used by anti-piracy groups and copyright holders.

Cyberlocker service providers are well aware of these risks. For example, the Dropbox terms of use state that compliance with DMCA is required, and that users will only upload, post or otherwise transmit data and/or files that they have the lawful right to use, copy, distribute, transmit or display.

Learn more at PaidContent.org.

What is the iPhone Tracking?

3G iPhones have been in the news recently regarding the phone’s ability to track user location and store that information on the device. What exactly is the concern regarding this feature?

The concern is that the data is unencrypted and gives anyone with access to your phone or your computer a way to grab the data and extrapolate a person’s whereabouts and routines.

Two members of the University of Exeter discovered the log file and created a tool that lets users see a visualization of the data. They say there’s no evidence of that information being sent to Apple or anyone else.

CNET has put together a FAQ to help users understand more about the data being collected, what the risks are, and what users can do about it.

The researchers acknowledge that there’s no way to turn the tracking feature off. The suggestions offered in the FAQ include making use of the free “Find My iPhone” service by Apple to do a remote wipe if it’s lost or stolen. Users can also encrypt the phone’s backup files stored by iTunes on their computer.

Lost Data Rarely Encrypted

The Identity Theft Resource Center (ITRC) has been analyzing data breaches from the start of January 2011 to April 2011. During that time, the ITRC counted 130 breaches, exposing a total of 9.5 million records. Their study relied on statements released by breached companies or reliable news reports.

A disturbing find is that lost data of a sensitive nature rarely seems to be protected. According to the ITRC, just 1% of lost data in 2011 was secured using encryption, and only 5% was password protected.

MIT is committed to protecting sensitive data using administrative, technical and physical safeguards, including encryption. MIT asks that all members of the community pay special attention any time this type of data crosses their desks. Learn what employees at MIT can do to mitigate risk.

Read the story at Informationweek.com.

Adobe Flash Player, Reader and Acrobat Vulnerabilities

Flash Player 10.2
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris; Flash Player 10.2.156.12 and earlier for Android; and Adobe Flash Player 10.2.154.25 and earlier for Chrome users.

Adobe recommends users of Flash Player to update to version 10.2.159.1 (or Flash Player 10.2.154.27 for Chrome users), now available. Android users will have to wait until the week of April 25th for the update to version 10.2.156.12. Users of Adobe AIR should update to Adobe AIR 2.6.19140.

Read the security bulletin on Flash Player.

Download the latest Flash Player.

Reader 9 and 10
A critical vulnerability exists in the Authplay.dll component of Adobe Reader for Windows and Macintosh operating systems.

An update will be made available to Reader 9.4.3 and earlier for Windows and Macintosh and Reader X (10.0.1) for Macintosh the week of April 25th. Because Protected Mode would prevent an exploit in Adobe Reader X for Windows, Adobe will address this issue in the next quarterly security update scheduled for June 14, 2011.

Acrobat X
A critical vulnerability exists in the Authplay.dll component of Acrobat X (10.0.2) and earlier for Windows and Macintosh operating systems.

An update will be made available to Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh the week of April 25th.

Read the full bulletin from Adobe on all vulnerabilities.

Facebook, AOL, Email Communications Intercepted by Law Enforcement

Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University, recently published a paper on the reporting gap of electronic surveillance by law enforcement agencies.

While US law requires reporting of requests to intercept communications data in real-time, no such requirement exists for requests for stored communication data. As a result, most modern surveillance now takes place entirely off the books and the true scale of such activities, which vastly outnumber traditional wiretaps and pen registers, remains unknown. Law enforcement agencies have already made tens of thousands of requests for stored data from companies like Facebook and AOL, and you may never know about it.

This is another good reason to keep your communications via the Internet legal and “clean,” as you never know who might be watching or reading!

Read the story at Techworld.com.

Qualys BrowserCheck

Wondering if the browser you use, Firefox, Safari, Internet Explorer etc, is safe to use? Now you can use a free online browser checking tool by Qualys, a security software company.

The Qualys BrowserCheck tool checks your browser as well as your browser plugins and add-ons (such as Adobe Flash Player, Apple Quicktime, Real Player, and Java Runtime) to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft (which is important if you are to continue to receive security updates).

Learn more about the scanner here, including supported browsers.

April 2011 Microsoft Security Updates

Microsoft plans to issue 17 security bulletins for Patch Tuesday, today, April 12th to address 64 vulnerabilities. Nine of these bulletins are rated critical, the remaining are rated important.

The bulletins will address flaws in Windows, Office, Internet Explorer, Office Web Apps and Microsoft Visual Studio and Visual C+ +.

Calling on College Students with Cyber Security Skills!

Do you know any college kids who have hands-on cyber security skills or computer skills and a strong interest in security? If so, tell them to register this week for the online CyberQuests competition.

The 260 who do best will get enormous career boosts by being invited to summer Cyber Camps where the top teachers will challenge them and help them. Congressmen, Governors, and other political leaders will recognize those who do well and job opportunities are highly likely to follow.  Deadline April 18.

Tell them to get more information and register at http://uscc.cyberquests.org/.

Epsilon Security Breach Already Affecting Consumers

In case you have not been following this story in the news, as a consumer you should be aware that you may be receiving some spear-phishing emails attempting to access your financial accounts.

A data breach at Epsilon exposed thousands of email addresses to the attackers who accessed Epsilon’s servers via a spear-phishing attack that likely happened last November.

The Better Business Bureau is reporting that some of the stolen information from Epsilon is already being used in spear-phishing attacks on consumers, targeting customers of Chase Online Banking. If you receive such emails, even ones that claim that they are helping you to secure your Chase account, do not respond to the emails. A legitimate business will never reach out to their customers in this way through email.

If you have a question or concern about your Chase account or any of your online banking accounts, contact your bank by phone or visit one of their branches.

Consumers Warned of Fake Business Emails

An article in the Boston Globe this morning discusses a data breach that occurred at Epsilon recently, exposing possibly millions of consumer emails and names. While no sensitive information was exposed, the data thieves could use the information to send consumers targeted phishing emails aimed at getting hold of their credit card or account information.

Epsilon, a marketing company, has such big name clients as L.L. Bean, Best Buy, and Walgreen, and sends out more than 40 billion emails annually for more than 2,500 clients. See their press release notice, which notes as of yesterday that only 2% of total clients are affected.

Consumers should be on the alert that unusual emails from these clients may be fake. If you receive an email asking for personal information, delete it. No reputable company will ever ask for this information. You can check the client company’s legitimate website for information on what data might have been exposed and what they’re doing about it, by typing in their URL in your browser’s address bar.

Update: A list of clients impacted is included here.

Follow

Get every new post delivered to your Inbox.

Join 54 other followers