Tag Archive for Data

| July 7, 2018
Comments Off on RIP Yahoo Messenger

RIP Yahoo Messenger

Do yRIP Yahoo Messengerou remember Yahoo Messenger? It was popular in the late ’90s and early 2000s when there were only two messengers to communicate with your friends and family. Well … the remnants of Yahoo nee Verizon recently announced the end of Yahoo Messenger. Verizon (VZ)/Yahoo announced that they will disable the Yahoo Messenger service after July 17th, 2018. (rb- yes Yahoo Messenger was still a thing – in the face of Apple‘s (AAPL) FaceTime, Telegram, Snapchat, and Facebook‘s (FB) WhatsApp).

According to the Oath website, YIM had 122.6 million users at its peak. In the FAQ announcing the shutdown, Yahoo said, “We know we have many loyal fans who have used Yahoo Messenger since its beginning  … As the communications landscape continues to change over, we’re focusing on building and introducing new, exciting communications tools that better fit consumer needs.” If you’re looking for a Messenger replacement from Yahoo, they recommend Squirrel, which is in closed beta and by invite only. But why?

YIM leaves a dubious security legacy, as all “free” web products do. In 2007 there were reports that up to 75%  of the users in Yahoo Messenger were SPAMBots. In 2010 all Yahoo systems and customer email accounts were hacked by the Chinese military in “Operation Aurora.” In Operation Aurora the Chinese also attacked Adobe (ADBE)Dow Chemical, Google (GOOG) Juniper Networks (JNPR)Morgan Stanley, Northrop Grumman (NOC)Rackspace (RAX), and Symantec (SYMC).

In 2014 The Guardian reported that The British intelligence agency Government Communications Headquarters (GCHQ)’s secret mass surveillance program Optic Nerve and National Security Agency (NSA) were indiscriminately collecting still images from Yahoo webcam streams from millions of mostly innocent Yahoo webcam users, among other things creating a database for facial recognition for future use. Optic Nerve takes a still image from the webcam stream every 5 minutes. Also in 2014 Yahoo was also hit by a hack that affected around 500 million people.

mass surveillanceIn September 2016, The New York Times reported that Yahoo’s security team, had pressed for Yahoo to adopt end-to-end encryption sometime between 2014 and 2015, but senior leadership resisted, “…because it would have hurt Yahoo’s ability to index and search message data.”

In 2017 Yahoo announced that all of its customer’s accounts were compromised. Allegedly Yahoo did not detect the full extent of the 2013 hack until  4 years later. In 2017, Yahoo announced that all 3 billion accounts were compromised.

YouYahoo can download your chat history for the next 6 months at this download request site. Yahoo will email your chats to you. If you have anything you want to save from Yahoo Messenger, it’s a good idea to get a copy, because users will be unable to sign in to the service after July 17th.

rb-

YIM is not the first long-standing chat app to shut down – AOL Instant Messenger shut down December 15, 2017. But Yahoo Messenger was one of the few old-school messaging services left.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| December 30, 2015
Comments Off on Target Wish List Leaking Your Data

Target Wish List Leaking Your Data

Target Wish List Leaking Your DataThe holiday shopping season has not been merry for mega-mart Target. You would think the mega-retailer that leaked info on 110 million customers would learn how to keep their customers’ info secure but NOOOO. The anti-virus firm AVAST has discovered the Target (TGT) Wish List app is leaking your data, your personally identifiable information (PII).

Data leakThe Avast Blog says that if you created a Christmas wish list using the Target app it is leaking your data.  it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and email addresses.

Alarmingly, for a firm that has privacy issues, the Target app’s backend interface is not secured. This allowed the database to be accessed over the Internet. The author reports that the Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer. Also, the Target API does not require any authentication. The only thing you need to parse all the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file.

Leaking your data

while developers investigate

The JSON file that the AVAST researchers requested from Target’s API leaked lots of interesting data. The leaked data included: users’ names, email addresses, shipping addresses, phone numbers, the type of registries, and the items on the registries. The AVAST researchers did not store any PII, but they did aggregate data from 5,000 inputs for statistical analysis.

The AVAST researchers took the sample and looked at which some of the data they got. It included; brands, states the Target app users are from, and the most common names of people using Target’s app.

Leasked info

This appears to be a classic case of security by obfuscation. The app developers created the online API for data that is uploaded by Target. They also set up a separate API in tandem so that the retail chain could download and process the uploaded data – but without any security measures in place.

Target has reached a $39.4 million settlementIn a post on Ars Technica, a Target spokesperson said that it has suspended elements of the app while developers investigate. Hopefully, this should mean that the data-leaking has stopped while the backend has been disabled.

In other Target data breach news FierceITSecurity reports that Target has reached a $39.4 million settlement with banks and credit unions over claims they lost millions of dollars as a result of the massive 2013 data breach at the retailer. The massive data breach at Target exposed the credit and debit card numbers of 40 million customers to hackers and personal information on another 70 million.

The settlement, if accepted, will resolve class-action lawsuits by the banks and credit unions seeking reimbursement for fraudulent charges and issuing new cards. Of the $39.4 million, $20.25 million will be paid to banks and credit unions, and $19.11 million will be paid to reimburse MasterCard card issuers.

cautionary taleThis follows settlements that Target reached with Visa card issuers for $67 million and with customers for $10 million. Target estimated that the breach so far has cost it $290 million, with insurers picking up $90 million, according to a filing with the Securities and Exchange Commission last week. Target is not out of the woods yet. It still has to deal with shareholder lawsuits and a probe by the Federal Trade Commission and state attorneys general related to the data breach.

Fred Donovan at FierceITSecurity says Target is a cautionary tale for any enterprise. Despite handling billions of dollars in credit card transactions, the retailer did not have one person responsible for IT security at the time of the breach. While it had a network security system in place, it did not have IT security personnel skilled enough to recognize an alarm the system set off months before Target discovered the breach.

rb-

Cash is king, especially at Target.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| November 24, 2015
Comments Off on Television Sells Your Viewing Habits

Television Sells Your Viewing Habits

– Updated 03-26-2017 –  Vizio will pay $2.2 million to the FTC and the state of New Jersey to settle a lawsuit alleging it collected customers’ television-watching habits without their permission.

In addition to the $2.2 million in payments, Vizio will now have to get clear consent from viewers before collecting and sharing data on their viewing habits. It’ll also have to delete all data gathered by these methods before March 1st, 2016 according to the Verge.

Television Sells Your Viewing HabitsJust in time for the Black Friday consumerism orgy of spending, Help Net Security reports that you are giving away more than cash when you buy a Smart Television from Best Buy or whoever. It turns out that owners of Smart TVs manufactured by California-based consumer electronics company Vizio (VZIO) viewing habits are being tracked and sold to third parties. The Vizio privacy policy says;

Vizio logo… VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements … delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV.

Vizio’s competitors Samsung (005930) and LG Electronics (LGLD) can also track users’ viewing habits via their smart TV offerings, ProPublica‘s Julia Angwin pointed out, but the feature has to be explicitly turned on by the users. The collection of viewing data by Vizio’s Smart TVs is turned on by default, as is the Smart Interactivity feature that manages it.

Data miningAccording to the IEEE, Vizio smart TVs can track data related to whatever TV programming and related commercials you’re watching and link such data with the time, date, channel, and TV service provider. On most of the over 15 million Smart TVs sold, Vizio will also track whether you view TV programs live or later on. Vizio knows what you’re watching even if it’s a DVD being played on a gaming console or a show being watched via cable TV. The identification tracking technology can differentiate between 100 billion data points.

While, in theory, IP addresses are not personal information, they actually can be linked to individuals if there is enough information (specific attributes like age, profession, etc.) tied to it.

Data collectionProPublica‘s Angwin’s sources, tell her that Vizio has been working with data broker Neustar to combine viewing data with this type of information about the user.

Even though users can turn off the spy technology, which will not won’t affect the device’s performance, the problem is that many, many users won’t bother reading the privacy policy or change the default settings once they set up the TV and start using them.

TechHive reports that backlash against intrusive spying has started. Two lawsuits (Reed v. Cognitive Media Network, Inc. (PDF) and David Watts et. al. v Vizio Holdings Inc et. al. (PDF)) have been filed in California against Vizio and their partners about their data collection habits.

The suits accuse Vizio and Cognitive of secretly installing tracking software on the former’s smart TVs in a way that violates various federal and state laws.

Legal systemThe suits allege that Vizio violated the Video Privacy Protection Act. The Video Privacy Protection Act prohibits any company engaged in rental, sale, or delivery of audio-visual content and not necessarily just videotapes from divulging any personally identifiable information about its customer to a third party, except where the customer has clearly consented to such data sharing.

Of course, Vizio has previously argued it’s not a videotape service provider at all, and so this particular law doesn’t apply to it.

rb-

I pointed out as far back as 2011 that Smart TVs are a dumb idea for privacy.

Consumer Reports offers tips on how to stop your Smart TV from spying on you here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| August 6, 2015
Comments Off on Facebook Friends Without Benefits

Facebook Friends Without Benefits

Facebook Friends Without BenefitsThe USPTO has granted Facebook (FB) a patent that could be used to help lenders determine your creditworthiness. The Social Networker plans to allow creditors to look at who is in your social network to judge your creditworthiness.

bank check the credit rating of the members of you Facebook network to decide if you are worthy of a loanBusiness Insider says the patent would make it possible for banks to check the credit rating of the members of your Facebook network to decide if you are worthy of a loan. It seems that your shiftless uncle Louie is going to determine if you get a mortgage. According to BI, the patent states:

… When an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.

TFacebook logohe patent was first discovered by Atlanta legal tech start-up SmartUp was part of a bundle of patents Facebook acquired in 2010 when it purchased the patents from failed social network Friendster for $40 million.

BI reports that the patent may walk a legal tight rope. The U.S. Equal Credit Opportunity Act requires creditors to tell applicants why they have been denied credit, so using social data to determine someone’s credit risk could walk a fine line. Despite federal law, the author points out that financial institutions are already using applicant’s social data to help verify their identity. For example, Lending Club, and Affirm use online data for decision-making.

Rb-
Back in 2010, I wrote about this day coming.

Many banks are now outsourcing their social network data mining operations to firms such as Rapleaf. (now TowerData).

Maybe it is time to un-friend your kid in college with no job and crazy aunt Patti in Paducah and instead friend Warren Buffet, Bill Gates, and Mark Zuckerberg.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| December 4, 2014
Comments Off on Privacy for Drivers

Privacy for Drivers

Privacy for DriversFord Motor Company (F) Global Marketing Director Jim Farley touched off a privacy storm when he told an audience at the Consumer Electronics Show that the automaker is tracking their travels thanks to their in-car navigation systems. He told the crowd in Las Vegas that the automaker tracks driver behavior, “We know everyone who breaks the law, we know when you’re doing it.

automaker are tracking travelsThe auto manufacturers have installed “black boxes” on most modern cars. The black boxes are capable of tracking, gathering, and storing vehicle information. In fact, the Fed has proposed that such tracking technology become standard equipment on all cars.

Privacy firestorm

Even though Ford quickly backed down from Mr. Farley’s claims, the comments created a privacy firestorm. As a result, TheDetroitBureau.com reports that privacy advocates accelerated increased pressure on manufacturers to reveal what info that collects on “black box’s” they’re doing with the personal data they do collect – and put limits on how it can be used.

black-boxes are capable of tracking, gathering and storing vehicle information.

In response, a group of 19 automakers has gotten together to lay down some ground rules, which they hope will assuage fears about the accessibility and use of the material. According to the article, the makers say the information won’t be given to government officials or law enforcement agencies without a court order, sold to insurance companies or other companies without their permission.

The automakers agreeing to the “rules,” which they submitted to the Federal Trade Commission, include Aston Martin, BMW, Chrysler (STLA),  Ferrari, Ford, General Motors (GM), Honda (HMC) Hyundai, Kia, Maserati, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen, and Volvo.

Self-imposed data collection “rules”

Future carThe author speculates that the automakers are willing to abide by the self-imposed “rules” because they believe actual laws could become onerous. Sen. Edward Markey, D-MA is skeptical of the impact of the “rules.” He called them “an important first step,” but said it remains unclear “how auto companies will make their data collection practices transparent beyond including the information in vehicle manuals.”

Senator Markey noted that the automakers did not offer consumers an opt-out option for whether sensitive information is collected in the first place. He plans to legislate an answer. He said in a statement, “I will call for clear rules — not voluntary commitments — to ensure the privacy and safety of American drivers is protected,” Markey said in a statement.

The automakers also committed to “implement reasonable measures” to protect personal information from unauthorized access. Privacy experts are concerned that in recent years many vehicles have had a variety of GPS and mobile communications technology built into them.

Cloud securityThe TheDetroitBureau explains these devices record and sends all types of information which privacy advocates are afraid the data could be used by the government against the owners of vehicles. Some worry that many three-letter agencies and law enforcement will use data from the device to track citizens. Marc Rotenberg, executive director of the Electronic Privacy Information Center said that legislation is needed to ensure automakers don’t back off their self-imposed “rules” when they become inconvenient. He said,

You just don’t want your car spying on you. That’s the practical consequence of a lot of the new technologies that are being built into cars.

Pop-up ads on in-car touch screens

The black boxes now installed in new vehicles could also be a safety issue for drivers. The article speculates that the rising level of interactivity of cars could open the door for pop-up ads in cars. These automakers’ “rules” do not end the possibility that Pop-up ads could appear on the touch screens of cars, trucks, and SUVs as folks are motoring down the road.

One loophole in the guidelines identified in the blog, if customers agree at the time they buy the car, they could receive messages from advertisers who want to target motorists based on their location and other personal data according to the author. Some safety advocates are concerned about pop-up ads possibly popping up on in-car touch screens while drivers are behind the wheel. Henry Jasny of Advocates for Highway and Auto Safety warned the Associated Press.

There is going to be a huge amount of metadata that companies would like to mine to send advertisements to you in your vehicle … We don’t want pop-up ads to become a distraction.

rb-

Who is listeningThe road to hell is paved with good intentions and full of pot-holes. I covered Cisco’s try at monetizing driver data here. Industry officials say they want to assure their customers that the information that their cars stream from the vehicle’s computers to automakers (or Feds) via OnStar. Sync, Automatic, In-Drive, or Car-Net won’t be handed over to authorities without a court order, sold to insurance companies, or used to bombard them with ads for pizza, gas stations, or other businesses they drive past, without their permission.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , , , , , , , , ,
« Older Entries