02. August 2010 · Comments Off on Details of 100 million Facebook users published – lazy consumer marketers love it · Categories: Privacy, Security-Compliance · Tags:

ITPRO reported that Ron Bowes, a hacker/security consultant from Skull Security, gathered the personal details of 100 million Facebook users from Facebook’s user directory using Facebook’s standard APIs, and published them in a downloadable file on Pirate Bay.

I suppose that Ron only got 20% of the Facebook population is a reflection of how most people have set their privacy settings. This jives (via ars technica) with a study conducted by researchers at Northeastern and Harvard and published in First Monday showing that college students do in fact care about their privacy on Facebook.

Or maybe Facebook does not really have 500 million users.

What’s even more interesting, are the lazy consumer oriented companies that downloaded the file! I say lazy because they could have done the same thing themselves. Gizmodo, published the list of companies!

01. August 2010 · Comments Off on Google Malware double that of Bing, Yahoo, and Twitter combined · Categories: Malware, Security-Compliance

Via Help Net Security, Barracuda’s recently released its Barracuda Labs 2010 Midyear Security Report which includes the results of a study it did on search engine and Twitter malware. It focused on 25,000 trending topics over a two month period. The somewhat surprising finding was that percentage of malware laden links on Google (69%) exceeded Yahoo! (18%), Bing (12%), and Twitter (1%) combined. The “Searching for Malware, A Comparative Study,” starts on page 56 of the report.

It would have been interesting if the study broke down the results by page. In other words, the percentage of malware found on the first page of the search results, etc. Most people only review the first few pages of a search result.

This provides additional proof of the need of a web-based anti-malware solution. You surely cannot depend on the search engines themselves to do the job.

Full disclosure. Cymbel does partner with Barracuda, but for Web Application Firewalls. For web-based anti-malware, we recommend Zscaler.

01. August 2010 · Comments Off on The attack of the Cookie monsters · Categories: Privacy, Security-Compliance · Tags: , ,

This past Friday, the Wall Street Journal wrote an extensive article on the “nefarious” techniques web content sites use to help monetize their mostly free content. WSJ calls it “spying.” It implies that users are unaware that its happening and are helpless to do anything about.

First, if you read the WSJ or this blog, you are no longer unaware. Second, most browsers provide tools to protect your privacy while you are browsing and to delete the “cookies.” Third, since most people are unwilling to pay anything for content, the content providers have little choice but to monetize via advertising. In order achieve reasonable rates, advertisers want to be able to target their ads. Fourth, I believe that most people are OK with the trade-off – free content in exchange for giving up their privacy. If you are not OK with the exchange, see the second point above.

For the most part, I agree with Jeff Jarvis, who takes the Wall St. Journal to task in his post, Cookie Madness.

On the other hand, Wired reported earlier in the week that a lawsuit was filed against Quantcast, a subsidiary of MTV, which allegedly “violated federal computer intrusion law by secretly using storage in Adobe‚Äôs Flash player to re-create cookies deleted by users.”

The Wired article goes on to say,

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

Quantcast claims it stopped using this technique last August 2009 after Wired had first brought this technique to light.