Cyberlockers and Copyright

Cyberlockers are 3rd party file sharing services. Examples of cyberlockers are Dropbox, RapidShare, and Megaupload, which provide users with password-protected spaces online where files can be shared with and downloaded by business colleagues or friends.

Much more convenient than sending file attachments, cyberlockers are very useful for transferring documents or photos between two or more people. Perhaps you’re collaborating on a presentation, or are putting together an online photo album for your family. Simply drop the files in the cyberlocker window through your browser.

The concern by copyright holders is that cyberlockers can hold large files as well, such as movies or music. It is common practice for people to share .avi movies and .mp3 songs through a cyberlocker. They are more difficult to monitor, and are invisible to surveillance tools used by anti-piracy groups and copyright holders.

Cyberlocker service providers are well aware of these risks. For example, the Dropbox terms of use state that compliance with DMCA is required, and that users will only upload, post or otherwise transmit data and/or files that they have the lawful right to use, copy, distribute, transmit or display.

Learn more at


What is the iPhone Tracking?

3G iPhones have been in the news recently regarding the phone’s ability to track user location and store that information on the device. What exactly is the concern regarding this feature?

The concern is that the data is unencrypted and gives anyone with access to your phone or your computer a way to grab the data and extrapolate a person’s whereabouts and routines.

Two members of the University of Exeter discovered the log file and created a tool that lets users see a visualization of the data. They say there’s no evidence of that information being sent to Apple or anyone else.

CNET has put together a FAQ to help users understand more about the data being collected, what the risks are, and what users can do about it.

The researchers acknowledge that there’s no way to turn the tracking feature off. The suggestions offered in the FAQ include making use of the free “Find My iPhone” service by Apple to do a remote wipe if it’s lost or stolen. Users can also encrypt the phone’s backup files stored by iTunes on their computer.

Lost Data Rarely Encrypted

The Identity Theft Resource Center (ITRC) has been analyzing data breaches from the start of January 2011 to April 2011. During that time, the ITRC counted 130 breaches, exposing a total of 9.5 million records. Their study relied on statements released by breached companies or reliable news reports.

A disturbing find is that lost data of a sensitive nature rarely seems to be protected. According to the ITRC, just 1% of lost data in 2011 was secured using encryption, and only 5% was password protected.

MIT is committed to protecting sensitive data using administrative, technical and physical safeguards, including encryption. MIT asks that all members of the community pay special attention any time this type of data crosses their desks. Learn what employees at MIT can do to mitigate risk.

Read the story at

Adobe Flash Player, Reader and Acrobat Vulnerabilities

Flash Player 10.2
A critical vulnerability exists in Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris; Flash Player and earlier for Android; and Adobe Flash Player and earlier for Chrome users.

Adobe recommends users of Flash Player to update to version (or Flash Player for Chrome users), now available. Android users will have to wait until the week of April 25th for the update to version Users of Adobe AIR should update to Adobe AIR 2.6.19140.

Read the security bulletin on Flash Player.

Download the latest Flash Player.

Reader 9 and 10
A critical vulnerability exists in the Authplay.dll component of Adobe Reader for Windows and Macintosh operating systems.

An update will be made available to Reader 9.4.3 and earlier for Windows and Macintosh and Reader X (10.0.1) for Macintosh the week of April 25th. Because Protected Mode would prevent an exploit in Adobe Reader X for Windows, Adobe will address this issue in the next quarterly security update scheduled for June 14, 2011.

Acrobat X
A critical vulnerability exists in the Authplay.dll component of Acrobat X (10.0.2) and earlier for Windows and Macintosh operating systems.

An update will be made available to Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh the week of April 25th.

Read the full bulletin from Adobe on all vulnerabilities.

Facebook, AOL, Email Communications Intercepted by Law Enforcement

Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University, recently published a paper on the reporting gap of electronic surveillance by law enforcement agencies.

While US law requires reporting of requests to intercept communications data in real-time, no such requirement exists for requests for stored communication data. As a result, most modern surveillance now takes place entirely off the books and the true scale of such activities, which vastly outnumber traditional wiretaps and pen registers, remains unknown. Law enforcement agencies have already made tens of thousands of requests for stored data from companies like Facebook and AOL, and you may never know about it.

This is another good reason to keep your communications via the Internet legal and “clean,” as you never know who might be watching or reading!

Read the story at

Qualys BrowserCheck

Wondering if the browser you use, Firefox, Safari, Internet Explorer etc, is safe to use? Now you can use a free online browser checking tool by Qualys, a security software company.

The Qualys BrowserCheck tool checks your browser as well as your browser plugins and add-ons (such as Adobe Flash Player, Apple Quicktime, Real Player, and Java Runtime) to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft (which is important if you are to continue to receive security updates).

Learn more about the scanner here, including supported browsers.

April 2011 Microsoft Security Updates

Microsoft plans to issue 17 security bulletins for Patch Tuesday, today, April 12th to address 64 vulnerabilities. Nine of these bulletins are rated critical, the remaining are rated important.

The bulletins will address flaws in Windows, Office, Internet Explorer, Office Web Apps and Microsoft Visual Studio and Visual C+ +.