Hackers have launched another attack on a transport agency that cut off mobile phone services at San Francisco stations last week to prevent protests. BBC News reports that hacking group Anonymous announced on Twitter that the private data of 102 Bay Area Rapid Transit (BART) police officers had been leaked.
The protests began after two fatal police shootings, one in 2009 and one on July 3rd this year. Anonymous asked that the police force disband and threatened the release of the information it had gathered in retaliation if it didn’t.
The Federal Communications Commission will be starting an investigation as to whether BART violated freedom of speech rights protected by the US Constitution when it stopped mobile phone services for BART passengers.
See the full story on the BBC
McAfee has cited the explosion of hacktivism, the evolution of mobile attacks and the continuing growth in unique malware samples as the top security trends of the past three months, according to a v3 report. The security space saw ‘chaos and change’, after groups such as Anonymous and LulzSec drew attention to hacktivism and raised important questions for enterprises and government organisations around the world.
See the full story on v3.com
It’s no secret that privacy law hasn’t quite caught up with the times. But according to paidContent.org, there’s one area where privacy law is perfectly clear – when it involves kids. In a recent ruling in the US, developer Broken Thumbs Apps has been ordered to pay $50k for violating the Children’s Online Privacy Protection Act (COPPA).
Emily’s Girl World, Emily’s Dress Up, Emily’s Dress Up & Shop and Emily’s Runway High Fashion were the apps that violated COPPA by encouraging kids to email questions and comments to “Emily.” These email addresses were then stored as part of that process, with more than 30,000 email addresses recorded.
According to Broken Thumbs Apps, the users’ ages were not collected with the email addresses as there was no need for it nor were the addresses used for marketing or sold to any other companies for use. They were simply collected because it was the most straight-forward way for users to participate in the interactive community. The company has since removed any possibility of collecting or retaining email addresses for users under 13.
This was the first COPPA enforcement action involving mobile apps. However, as apps grow in numbers and popularity, especially amongst kids, we can expect to see more of this type of case with many developers unaware that they are violating any laws. And with general privacy law playing catch up, developers will be under close watch even if their apps aren’t for children.
See the full story on paidContent.org
More that 27,000 Korean iPhone owners are suing Apple over the location tracking function in the phone which they describe as a violation of privacy. Each member of the group is suing for one million won (£568) in damages. If forced to pay out, the lawsuit will cost Apple £15.8 million.
The dispute began when Apple revealed that its iPhones store the locations of nearby wi-fi hot spots and mobile phone towers for up to a year, which can be used to roughly map users’ movements. There was also a software bug which meant that iPhones continued to send location data to the company’s servers, even if location services on the iPhone itself were disabled.
Apple has taken steps to fix the problem. Users can download a free software update which will fix the bug and location data will now be stored on the phone for no longer than a week. Regardless of the ultimate ruling, Apple can absorb the costs whereas a little bug can mean the end for a smaller software developer.
See the full story on The Daily Mail
To many, BlackBerry is just doing its part in helping to capture some of the hundreds of vandals and looters who attacked shops across Britain last week by handing over information recorded on BlackBerry Messenger. To hacker group TeaMp0isoN, however, it’s a different story. The group recently defaced Blackberry’s blog in protest and threatened the release of sensitive information belonging to RIM (Blackberry’s developer), if the company made true on its government promise.
There seems to be little proof that TeaMp0isoN actually holds any of the sensitive data which it claims to. But the attack does serve as one more example that hackers aren’t necessarily in it for the money anymore, but are increasingly causing disruptions based on ideological grounds.
See the full story on The Register
China has been accused of mounting a five-year hacking operation that stole industrial and national secrets on an unprecedented scale, after an investigation by a leading Internet group uncovered a huge international security breach, says a report in The Daily Telegraph. More than 70 organisations, including the UN, the International Olympic Committee (IOC) and defence contractors for both the UK and US were said to have been victims of the attack.
McAfee, the Internet security group, stopped short of naming China as responsible, but the report quotes independent security experts as saying the choice of targets, such as the Olympic Committee before the 2008 Olympic Games, suggested Beijing was the most likely culprit.
See the full story in The Telegraph
Read more on InsuranceJournal.com
More details have emerged of an e-commerce software flaw linked to the theft of credit card information from numerous websites. The Register reports that a security flaw in osCommerce, an open source e-commerce package, created a means for criminals to compromise 90k web pages with redirection scripts that ultimately directed surfers towards a site serving up an exploit toolkit designed to compromise visitors’ PCs.
According to The Register, attacks of this kind have become fairly commonplace, with attackers now focussing efforts on e-commerce sites where users expect better security. Companies running osCommerce have been targetted by hackers before, so not only will the software developers need to look into these vulnerabilities, but companies using it will need to ensure they take extra security precautions.
See the full story on The Register
Companies can be sued for security breaches caused by the software they use. Learn more about how to insure against these risks by checking out our products.