Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Sunday, November 24, 2013

Bluebox reveals Android security hole, may affect 99 percent of devices

Bluebox reveals Android security hole, may affect 99 percent of devices data = {blogUrl: "www.engadget.com",v: 400};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20648952' !== '') ? 'bsd:20648952' : ''; var postID = '20648952'; var modalMNo = '93312529', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"software",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"zachary-lutz", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-13f",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93312529", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store Hands On More Betterer HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93312530", "215", "35",'AJAX','ajaxsponsor');}});Bluebox reveals Android security hole, may affect 99 percent of devices MobileBypostedJul 4th, 2013 at 12:08 AM 0

Bluebox reveals Android security vulnerability, supposedly affects up to 99 percent of devices

Researchers at Bluebox Security have revealed a disturbing flaw in Android's security model, which the group claims may affect up to 99 percent of Android devices in existence. According to Bluebox, this vulnerability has existed since Android 1.6 (Donut), which gives malicious app developers the ability to modify the code of a legitimate APK, all without breaking its cryptographic signature -- thereby allowing the installation to go unnoticed. To pull off the exploit, a rotten app developer would first need to trick an unknowing user into installing the malicious update, but hackers could theoretically gain full control of a user's phone if the "update" posed as a system file from the manufacturer.

Bluebox claims that it notified Google of the exploit in February. According to CIO, Bluebox CTO Jeff Forristal has named the Galaxy S 4 as the only device that's currently immune to the exploit -- which suggests that a security patch may already exist. Forristal further claims that Google is working on an update for its Nexus devices. In response to our inquiry, Google told us that it currently has no comment. We certainly hope that device manufacturers do the responsible thing and distribute timely security patches to resolve this issue. Absent that, you can protect yourself by installing updates through the Play Store and Android's built-in system update utility.

when.eng("eng.perm.init")
Posted by Chris Holman at 9:56 PM 0 comments
Labels: , , , , , ,

Monday, November 18, 2013

Ubisoft security breach exposes user data, account holders urged to update passwords

Ubisoft security breach exposes user data, account holders urged to update passwords data = {blogUrl: "www.engadget.com",v: 322};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20645238' !== '') ? 'bsd:20645238' : ''; var postID = '20645238'; var modalMNo = '93319229', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"gaming",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"joseph-volpe", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14d",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93319229", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store Hands On More Betterer HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93308280", "215", "35",'AJAX','ajaxsponsor');}});Ubisoft security breach exposes user data, account holders urged to update passwords HDBypostedJul 2nd, 2013 at 3:22 PM 0

Ubisoft security breach exposes user data, Uplay account holders urged to change passwordsUbisoft security breach exposes user data, Uplay account holders urged to change passwords

If you've ever signed up for a Uplay account, your information could now be in the hands of criminals. Ubisoft's confirmed that a security breach at one of its sites, now closed, has granted hackers access to sensitive user data (i.e., usernames, emails and passwords). Critically, no actual financial information was leaked, owing to the fact that Ubisoft doesn't retain personal credit or debit card account numbers on its servers. Regardless, the Assassin's Creed developer is taking proactive measures, contacting account holders directly and strongly advising them to update any related passwords. You can find the full email just after the break.


Dear Member,

We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems. We instantly took steps to close off this access, investigate the incident and begin restoring the integrity of any compromised systems.

During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords. Please note that no personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.


Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.

You can find more information here https://support.ubi.com/en-US/FAQ.aspx?platformid=60&brandid=2030&productid=3888&faqid=kA030000000eYZ2CAM.

For any additional support enquiries, please contact our customer service via our support web site at https://support.ubi.com

We sincerely apologize to all of you for the inconvenience. Please rest assured that your security remains our priority.

The Ubisoft team
when.eng("eng.perm.init")
Posted by Chris Holman at 4:33 AM 0 comments
Labels: , , , , , , , ,

Thursday, October 3, 2013

Facebook security bug exposed 6 million users' personal information (update)

Facebook security bug exposed 6 million users' personal information (update) data = {blogUrl: "www.engadget.com",v: 315};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20631323' !== '') ? 'bsd:20631323' : ''; var postID = '20631323'; var modalMNo = '93319229', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"internet",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"sarah-silbert", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14d",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93319229", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93308280", "215", "35",'AJAX','ajaxsponsor');}});Facebook security bug exposed 6 million users' personal information (update)BypostedJun 21st, 2013 at 5:13 PM 0

Facebook security bug exposed 6 million users' personal information

Today, Facebook announced a security bug that compromised the personal account information of six million users. In a post on the Facebook Security page, the site's White Hat team explained that some of the information the site uses to deliver friend recommendations was "inadvertently stored with people's contact information as part of their account on Facebook." When users downloaded an archive of their account via the DYI (download your information) tool, some were apparently given access to additional contact info for friends and even friends of friends. The post continues:

We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.

Facebook says it's temporarily disabled the DYI tool to fix the breach. We've reached out to the site for further comment; for now, read the official statement via the source link below.

Update: Facebook has responded to our inquiries and stated that while the bug was discovered earlier this month, "it had been live since last year." They immediately disabled the tool, fixed the bug and reenabled it within 24 hours of the bug's discovery. The bug was reported to them through a White Hat program for external security researchers.

when.eng("eng.perm.init")
Posted by Chris Holman at 8:44 AM 0 comments
Labels: , , , , , , ,

Saturday, September 28, 2013

Stanford's Cookie Clearinghouse adds another layer of security to web browsers

Stanford's Cookie Clearinghouse adds another layer of security to web browsers data = {blogUrl: "www.engadget.com",v: 315};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20630124' !== '') ? 'bsd:20630124' : ''; var postID = '20630124'; var modalMNo = '93319229', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"misc",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"mariella-moon", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14d",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93319229", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93308280", "215", "35",'AJAX','ajaxsponsor');}});Stanford's Cookie Clearinghouse adds another layer of security to web browsersBypostedJun 21st, 2013 at 4:56 AM 0

DNP Mozilla Cookie Clearinghouse

People are becoming more vigilant when it comes to online privacy, so Stanford University's new initiative couldn't have come at a better time. The project, called Cookie Clearinghouse, will curate catalogues of websites whose cookies browsers should or shouldn't allow. As designed, it works along with a Safari-like patch Mozilla is testing for Firefox that allows cookies from sites you've visited but blocks third-party cookies from sites you haven't. Theoretically, that'll prevent advertisers or other entities from tracking you around the web, but the method isn't foolproof -- having a centralized list will prevent your browser from saving the cookies of an ad or a spam website you've accidentally clicked on.

To establish which sites are kosher and which aren't, the folks at Stanford are slated to meet up with an advisory board. It will be comprised of privacy researchers, law pundits, small business experts, as well as reps from Mozilla and Opera. Unlike Do Not Track -- another Stanford initiative from which this one later evolved -- advertisers don't have to opt in for inclusion on either list. It's just up to developers (other than Mozilla) to integrate this more thorough solution into their browsers' privacy options.

[Image credit: Brian Richardson]

Show full PR text

Stanford Law School Center for Internet and Society Launches "Cookie Clearinghouse" to Enable User Choice for Online Tracking

STANFORD, Calif., June 19, 2013 /PRNewswire-USNewswire/ -- The Center for Internet and Society (CIS) at Stanford Law School launched a new online privacy initiative today called the "Cookie Clearinghouse," which will empower Internet users to make informed choices about online privacy. The Cookie Clearinghouse is being spearheaded by Aleecia M. McDonald, the Director of Privacy at CIS.

Websites may place small files called "cookies" on an Internet user's machine, and some types of cookies can be used to collect information about the user without his or her consent. The Cookie Clearinghouse will develop and maintain an "allow list" and "block list" to help Internet users make privacy choices as they move through the Internet. The Clearinghouse will identify instances where tracking is being conducted without the user's consent, such as by third parties that the user never visited. To establish the "allow list" and "block list," the Cookie Clearinghouse is consulting with an advisory board that will include individuals from browser companies including Mozilla and Opera Software, academic privacy researchers, as well as individuals with expertise in small businesses and in European law, and the advisory board will continue to grow over time. The Clearinghouse will also offer the public an opportunity to comment. With this input, the Clearinghouse will develop an objective set of criteria for when to include a website's cookies on the lists. The Clearinghouse will create and maintain the lists. Browser developers will then be able to choose whether to incorporate the lists into the privacy options they offer to consumers. Company websites with cookies that have been included on the "block list" will be able to respond to the Clearinghouse to correct any mistakes in classification.

"Internet users are starting to understand that their online activities are closely monitored, often by companies they have never heard of before," said McDonald, "But Internet users currently don't have the tools they need to make online privacy choices. The Cookie Clearinghouse will create, maintain, and publish objective information. Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users."

The need for the Clearinghouse evolved out of an effort by CIS fellows called Do Not Track. Initially, Stanford's Do Not Track work raised consumer awareness about the way in which "tracking cookies" are used by websites--and by unaffiliated third parties--to compile extensive individual browsing histories that provide those companies with data about individual consumer behavior. This effort has since progressed to a global standards effort led by the World Wide Web Consortium (W3C.) More recently, CIS researchers began a new effort to prevent companies from tracking without the user's consent. CIS student affiliate Jonathan Mayer wrote a software patch for use in Mozilla's Firefox browser that limits third-party tracking through cookies. Mayer's patch mimics existing functionality in the Safari browser, which already prevents tracking from websites users have not visited. While Do Not Track efforts continue into their third year, the Cookie Clearinghouse is a new opportunity to accelerate Internet users' ability to make effective online privacy choices.

For more details, please visit the Cookie Clearinghouse: http://cch.law.stanford.edu

when.eng("eng.pr.init")when.eng("eng.perm.init")
Posted by Chris Holman at 1:37 PM 0 comments
Labels: , , , , , ,

Friday, September 6, 2013

Facebook reveals government data request numbers, is first to include national security stats

Facebook reveals government data request numbers, is first to include national security stats data = {blogUrl: "www.engadget.com",v: 315};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20622903' !== '') ? 'bsd:20622903' : ''; var postID = '20622903'; var modalMNo = '93325862', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"microsoft",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"richard-lawler", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14c",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93325862", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93325870", "215", "35",'AJAX','ajaxsponsor');}});Facebook reveals government data request numbers, is first to include national security statsBypostedJun 14th, 2013 at 9:17 PM 0

Facebook reveals government data request numbers, is first to include national security stats

Facebook lawyer Ted Ullyot revealed in a post tonight precisely how many user-data requests it receives from government entities, and that it's negotiated the ability to include national security-related (FISA and National Security Letters) inquiries in the report. Until now, the companies that receive such requests, whether through the recently uncovered PRISM program or not, have not been able to say anything about them, or report how many there are. Still, the stats it's able to release aren't specific, and include all requests from the last six months in a range, said to be between 9,000 and 10,000, covering between 18,000 and 19,000 accounts. We still have no official reports on what those inquiries cover, how wide reaching a single one can be or what information has been passed along. Facebook however, is quick to point out that these cover "only a tiny fraction of one percent" of its 1.1 billion active user accounts.

Along with Microsoft and Google, Facebook has publicly petitioned the government to let it be more transparent about the size and scope of the requests it receives, and Reuters reports tonight that "several" internet companies have struck an agreement to do so. Expect more reports to arrive soon in similar formats, however Ullyot states Facebook will continue to push the government to be "as transparent as possible."

For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

when.eng("eng.perm.init")
Posted by Chris Holman at 2:44 AM 0 comments
Labels: , , , , , , , , ,

Thursday, September 5, 2013

Google, Twitter push to reveal number of national security related requests separately

Google, Twitter push to reveal number of national security related requests separately data = {blogUrl: "www.engadget.com",v: 315};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20622958' !== '') ? 'bsd:20622958' : ''; var postID = '20622958'; var modalMNo = '93319229', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"internet",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"richard-lawler", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14d",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93319229", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93308280", "215", "35",'AJAX','ajaxsponsor');}});Google, Twitter push to reveal number of national security related requests separatelyBypostedJun 15th, 2013 at 12:46 AM 0

While Microsoft and Facebook have both published information tonight about how many requests for customer info the government made over a six month period, Google and Twitter are apparently hoping to take a different route. As Google told AllThingsD and Twitter legal director Benjamin Lee tweeted, "it's important to be able to publish numbers of national security requests-including FISA disclosures-separately." Google went further, claiming that lumping the number of National Security Letters together with criminal requests would be a "step backwards." Clearly this post-PRISM revelations battle for more transparency on just what the government is doing behind the scenes isn't over, we'll let you know if any of the parties involved have more information to share.


when.eng("eng.perm.init")
Posted by Chris Holman at 10:55 PM 0 comments
Labels: , , , , , , , ,

Wednesday, May 15, 2013

Facebook 'Trusted Contacts' Needlessly Complicates Security

Trusted-contactsSamantha-murphy By Samantha Murphy2013-05-03 20:44:15 UTC

Mashable OP-ED

Facebook announced earlier this week a new feature called "trusted contacts" to help you get back into your account when locked out. Although it's intended to make life easier by leaning on a few friends when you're in need of re-entry (think lending out your spare house keys), the concept is a handful. In fact, you'll need a special code from each of your trust contacts (about three to five people) to get back into your account.

In theory, this sounds like a strong way to triple-lock your account and prevent anyone from entering, but how is this any better than remembering the answer to a few security questions or using Facebook's existing two-factor authentication feature?

First, here's a rundown of how "trusted contacts" works: If you're ever locked out of your account, Facebook will send a code to your chosen list of three to five friends. To gain access to the account again, you need to enter at least three of those codes into a prompt. Theoretically, this will prevent hackers from breaking in. With that in mind, Facebook actually recommends calling these friends to get the codes because you wouldn't want an impersonator sweeping in via email or chat to access your account.

But there are a few problems. To start, you're banking on the ever-accessibility of your friends. What if one of your trusted contacts is out of town for the weekend or is otherwise unreachable? The beauty of the Internet — and now storage in the cloud — is the fact that you can retrieve information without relying on anything or anyone else. Sure, giving a set of keys to a trusted neighbor is good practice if you're ever locked out, but in this increasingly connected and digital world, don't you just wish you could securely unlock the front door remotely and not have to involve the neighbors (or the whole neighborhood, for that matter) to get back in?

In this case, Facebook is blending old-school methods of relying on friends with digital security. But not only is this an inconvenience to your closest friends — at least three, in fact — there's also the problem of getting in touch with someone who might not be around when you need them.

"While you may trust your friend from pre-school who is on sabbatical in Borneo, it might be a better choice to select the people you know that you'll be able to reach," Facebook told me.

"While you may trust your friend from pre-school who is on sabbatical in Borneo, it might be a better choice to select the people you know that you'll be able to reach," Facebook told me.

Does this mean each time a trusted contact goes out of town, they need to let you know or you should just pick friends that just don't get out much? And what if you lose touch with a friend or they even die? Facebook says you'll need to report the issue with the site and select a new contact. Again, more legwork on your part.

Keep in mind this is just an option. You can still answer security questions and thankfully, use two-factor authentication. Facebook rolled out two-factor authentication — an increasingly popular security method, which adds an extra layer of security to an account besides a password. If you log onto an account from a device the service doesn't recognize, it will then send you a text or voice message with a code that needs to be entered before access is granted, just to make sure it's actually you.

What's surprising about this secure method, however, is that many people aren't aware Facebook even has two-factor authentication. You would think the company would spend time informing users about how to sign up rather than rolling out "trusted contacts," which seems like more of a hassle and involves way too many people. Instead, Facebook should focus its efforts more on its more reliable, proven two-factor method, rather than an entire new system which makes users jump through hoops.

Twitter users have long asked for two-factor authentication to come to the micro-blogging site, which has experienced a series of high-profile hacks in the past year. Facebook should make the most of the feature that many other services need.

What do you think about the feature? Should Facebook look for ways to ramp up two-factor authentication and focus less on trusted contacts? Let us know in the comments.

Mashable composite, image via iStockphoto, RUSSELLTATEdotCOM

Topics: Apps and Software, Facebook, security, Tech, two-step authentication if(window.pageChanged) window.omni({"channel":"tech","content_type":"article","top_channel":"tech","content_source_type":"Internal","content_source_name":"Internal","author_name":"Samantha Murphy","age":"0","pub_day":3,"pub_month":5,"pub_year":2013,"pub_date":"05/03/2013","isPostView":true,"post_lead_type":"Default"}); metaData = {"link":[["canonical","http://mashable.com/2013/05/03/facebook-trusted-contacts-security/"],["image_src","http://rack.0.mshcdn.com/media/ZgkyMDEzLzA1LzAzLzIyL1RydXN0ZWRDb250LjljMWM2LmpwZwpwCXRodW1iCTcyMHg3MjAjCmUJanBn/435e297c/728/Trusted-Contacts.jpg"]],"meta_property":[["og:url","http://mashable.com/2013/05/03/facebook-trusted-contacts-security/"],["og:title","Facebook 'Trusted Contacts' Needlessly Complicates Security"],["og:type","article"],["og:site_name","Mashable"],["og:image","http://rack.0.mshcdn.com/media/ZgkyMDEzLzA1LzAzLzIyL1RydXN0ZWRDb250LjljMWM2LmpwZwpwCXRodW1iCTcyMHg3MjAjCmUJanBn/435e297c/728/Trusted-Contacts.jpg"],["og:article:published_time","2013-05-03T20:44:15Z"],["og:article:modified_time","2013-05-03T20:51:52Z"]],"meta_name":[["description","Although Facebook's new \"trusted contacts\" feature is intended to make life easier when you're locked out of your account, the concept is a handful."],["keywords",["facebook","security","uncategorized","tech","apps-software","two-step-authentication"]],["twitter:title","Facebook 'Trusted Contacts' Needlessly Complicates Security"],["twitter:description","Although Facebook's new \"trusted contacts\" feature is intended to make life easier when you're locked out of your account, the concept is a handful."],["twitter:image","http://rack.2.mshcdn.com/media/ZgkyMDEzLzA1LzAzLzIyL1RydXN0ZWRDb250LjljMWM2LmpwZwpwCXRodW1iCTU2MHg3NTAKZQlqcGc/3c73b664/728/Trusted-Contacts.jpg"],["twitter:site","@mashable"],["twitter:url","http://mashable.com/2013/05/03/facebook-trusted-contacts-security/"],["twitter:creator","@mashable"],["twitter:card","photo"],["twitter:image:width","560"],["twitter:image:height","750"]],"short_url":[["short_url","http://on.mash.to/100yCT7"]]};

View the original article here

Posted by Chris Holman at 6:23 PM 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)