New York Times: No, Facebook Places Is Not Tracking You -
‘A widely circulated message on Facebook, which members are spreading through status updates, claims: “Anyone can find out where you are when you are logged in. It gives the actual address & map location of where you are as you use Facebook. Make sure your kids know.”
This isn’t true at all.’
Skeptikal.org: Cross-subdomain Session Fixation -
‘You may be familiar with Hack Is Wack- a stupid marketing campaign from Norton/Symantec. The premise is simple: users submit videos, which are voted on, and the winner gets to roll with Snoop Dogg…’s manager. You may not know it, but most of Snoop’s music is information security-related. “What’s My Name” is about AuthN, “Drop it like it’s Hot” is about SQL injection, not to mention constant references to cron, gzip, and other unix commands in his lyrics. It’s really a pretty natural match.
At any rate, the Hack is Wack site is chock full of [security] holes….’
Computerworld UK: Defcon: Women excel in social engineering test -
“Of the 135 people Fortune 500 employees targeted by social engineering hackers in a recent contest only five of them refused to give up any corporate information whatsoever. And guess what? All five were women.”
Erika Napoletano: The Bitch Slap: It's Me or the Phone -
“If you’ve arranged your life so that you simply cannot function without checking your email every five minutes, my friend – you’re a walking example of a serious fail.”
China Tech News: Internet Retailers Publish Honesty Declaration In China -
“The declaration calls for the authenticity of goods, honest advertising, complete after-sales services, and no leakages of registration information of users.”
Buzzfeed: The Truth About Infographics
“So, all those infographics? Turns out that it’s all part of an incredibly sophisticated keyword-spamming operation! Which is convenient, because, honestly, we were all kind of getting a little tired of them. Here’s an infographic to explain how the infographic-spam industry works.”
Brian Krebs in CSO: FCC must make ISPs crack down on spammers and malware -
“The FCC now collects reams of data every month about how well the major phone companies serve their customers, measuring the quality of the services they provide by keeping track of and publishing a myriad of data points, such as the frequency of dropped calls and customer complaints. Yet, the commission largely has no reliable data with which to measure whether ISPs (many of them phone companies as well) are taking any concrete steps to make their high-speed pipes less hospitable to online threats.”
Mac Rumors: Spammers Already Taking Aim at Apple's Ping -
‘It’s been less than 24 hours since Apple released iTunes 10 and its integrated social networking functionality, Ping, but spammers and scammers are already starting to spread their messages via the service. The first major instance appears to be a “free iPhone” scam that has seen multiple accounts posting replies to entries from a number of the most popular music artists currently using Ping.’
“China began requiring identification on Wednesday from anyone purchasing a new mobile phone number in what it says is a bid to stamp out rampant junk messages but that some say gives the government a new tool for monitoring its citizens.
The rules apply to everyone, including foreigners visiting China for a short stay….”
MediaPost: The Inconvenient Truth... About Consumer Privacy -
‘If consumers are up in arms regarding the usage of your general Internet data, why aren’t they up in arms regarding the use of your PII by traditional companies? What about your credit card company? What about the grocery store loyalty card you swipe to get a percentage off your purchases? What about those “anonymous” companies that buy and sell everything about you to the highest bidder, under supposed regulation of the government? Has anyone asked what their policies are?’
John R. Levine: ARF is now an IETF standard -
“Until now, the only documentation for ARF was a draft spec originally written Yakov Shafranovich in 2005, and occasionally updated originally by him and later by other people including myself. Earlier this year, the IETF chartered a working group called MARF which took that draft, brought the references up to date, stripped out a lot of options that seemed useful five years ago but in practice nobody ever used, and this week it was finally published as RFC 5965.”
“Two federal district courts, one in Maryland and the other in Texas, dismissed what each court considered to be valid civil claims under the Computer Fraud and Abuse Act…. In both cases the plaintiffs made the fatal error of simply alleging lost profits as their basis for the $5,000 jurisdictional loss.”
“I used to use a Buddhist email forwarding service, but realized I was missing my attachments…” — Bryan O’Sullivan, on Twitter
Seth's Blog: The corporate conscience -
‘Corporations don’t have a conscience, people do.
That means that every time you say, “It’s just my job,” or “My department has a policy,” or “All I do is work here,” what you’ve done is abdicated responsibility—to no one.’
DarkReading: Major Disruption of Pushdo Botnet Wasn't The Original Goal -
“The researchers who successfully shut down much of the Pushdo botnet’s infrastructure last week didn’t go in planning to take down a large chunk of the botnet — that was a secondary but major byproduct of some related botnet research they were conducting.”