Privacy and data protection

Microsoft recently issued a takedown notice to Google, citing several sites that allegedly infringe its intellectual property. But there's just one problem: many of the URLs it cited have nothing to do with its business.

According to a document obtained by TorrentFreak, Microsoft pointed to several legitimate Web sites in its request for URL removals related to Windows 8 infringement. In addition to seemingly legitimate links featuring Windows 8 downloads, Microsoft lists a BBC URL linking to the 45th day of the Olympic torch relay. The company also asked Google to remove a Wikipedia entry on the 45th Fighter … Read more

Here we go again.

Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified.

The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East.

Starting on Tuesday, the company began inserting a message at the top of affected users' Gmail inboxes: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.

The attacks affect … Read more

A Web security protocol designed to protect Internet users from Internet hijackings due to unencrypted Web sites has won approval as a proposed standard.

A steering group for the Internet Engineering Task Force (IETF) gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers to always interact over a secure connection.

Web browsers complying with the policy will automatically switch insecure links to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.

HSTS … Read more

Twitter users -- especially those with desirable handles -- risk having their accounts stolen, according to one recently hacked user who says there's a fundamental vulnerability in the service's security system.

According to Daniel Dennis Jones, whose account, @blanket, was recently hijacked, Twitter's password reset process allows hackers to attempt a more wide-ranging brute force approach to breaking into accounts than other services with more restrictive systems.

In a lengthy write-up of his recent experience, Jones says he discovered that the security system Twitter employs limits log-in attempts by IP address, rather than by account, meaning that … Read more

If you've ever struggled with remembering your Facebook password, or felt uncomfortable using your Google ID to log in to a non-Google Web site, Mozilla has a solution for you -- one it calls Persona.

This first beta of Persona, which used to be called Mozilla's BrowserID project, is designed to compete with Web site login systems like the ones offered by Twitter, Facebook, and Google. Whether this open source alternative can hold its own against those other login heavy-hitters, though, is another story.

Persona essentially aims to give you a cross-platform, cross-browser way to log into a … Read more

The American Civil Liberties Union today sued the U.S. government to get access to information about how authorities are using automated license plate readers to track people's movements and location.

The ACLU filed Freedom of Information Act requests on July 30 with the departments of Justice, Homeland Security, and Transportation to try to find out how much officials use the technology and how much it is paying to expand the program. Agencies are required by law to respond to FOIA requests within 20 working days, but more than a month later, only one DOJ office and a few … Read more

Eight companies accused of spying on consumers via rented computers have agreed to settle charges that they broke the law and engaged in unfair business practices, the Federal Trade Commission announced.

The rent-to-own companies are accused of using a program called "Detective Mode" that pinpointed the whereabouts of computers via geolocation tracking software if consumers were late on payments.

The software also was used to log key strokes, capture screen shots and take photos with the webcam, and it displayed a fake software registration screen ostensibly from Microsoft or Yahoo that tricked customers into providing their personal contact … Read more

A computer scientist says he discovered that a server of the IEEE (Institute of Electrical and Electronics Engineers) had about 100,000 usernames and passwords stored in plaintext and publicly accessible.

Radu Dragusin, a computer scientist who works at FindZebra and is a teaching assistant at the University of Copenhagen, writes in a blog post that he discovered the problem last week and notified the IEEE about his findings, enabling them to "at least partially" fix the problem.

The data was publicly available on the IEEE FTP (File Transfer Protocol) server for at least a month, potentially exposing … Read more

Senate Homeland Security Committee Chairman Joe Lieberman sent a letter to President Obama today urging him to use his executive power and publish "advisory" guidelines on a cybersecurity order.

"Countless national security leaders from your Administration and the previous Administration have made clear that the threat from cyber attack is similar to the threat we faced from terrorism on September 10, 2001 -- the danger is real and imminent, yet we have not acted to defend against it," Lieberman wrote. "We know our adversaries are already stealing valuable intellectual property and exploiting our critical infrastructure … Read more