We all know those web pages where the only alternative to a site-specific login is a social networking account. That’s not very reassuring for anyone skittish about linking their commentary to a Facebook account relatives might see, if they’re even willing to join a social network in the first place. Mozilla has been aware of that hesitation long enough to have just released its long-in-development Persona sign-in service as a beta. Although it has the same kind of simple approach to a login as a Facebook or Twitter pop-up window, Persona’s emphasis is on privacy: it stops paying attention the moment credentials go through, keeping any diatribes or subscription details from landing in social streams or central databases. Users don’t have to play a rousing game of guess-the-username, either, as they just need to sign in with one or more familiar e-mail addresses and a single password. Persona faces an uphill battle in getting web developer adoption when the establishment sign-in services are open to hundreds of millions of internet citizens, but it does have The Times’ online crossword section, OpenPhoto and Voost as early poster children — and anything that lets the privacy-minded join the party has our vote.
It’s not the backdoor access that the FBI has been pushing for, but US District Judge William Pauley III has now ruled that it and other law enforcement agencies are entitled to view your Facebook profile if one of your “friends” gives them permission to do so. As GigaOm reports, that ruling comes as part of a New York City racketeering trial, in which one of the accused, Melvin Colon, had tried to suppress evidence turned up on Facebook that led to his indictment. That information was obtained through an informant who gave investigators access to the profile, something that Colon had argued violated his rights against unreasonable searches and seizures under the Fourth Amendment. In the ruling, Judge Pauley dismissed that claim, likening the Facebook access instead to a phone wiretap in which one person on the call allows the government to monitor it — a practice that has been ruled constitutional. GigaOm also has the ruling in its entirety at the source link below for those interested.
In the event you got lulled into a groovy seat dance by that most excellent muzak above, let us repeat – this app does not protect your lockscreen. That said, Visidon’s Applock will prevent the privacy-adverse from messing with your personally curated app collection. Have a nosy significant lover? No sweat — snap a pick with your front-facing cam, enable the face-lock in your settings, and those sexts are as good as blocked. It’s far from foolproof, however, as some comments indicate an extended bit of facial-wriggling tricks the app into unlock mode. Oh well, you’re so vain, you’ll probably think this Android market link is for you — don’t you?
Let’s bid a bitter welcome to Sega, the latest entrant to the newly founded club of hacked online communities. Sega Pass, the company’s web portal, suffered a breach of its defenses on Thursday, which has now been identified to have affected a whopping 1.29 million users. Usernames, real names, birth dates, passwords, email addresses, pretty much everything has been snatched up by the malicious data thieves, with the important exception of credit / debit card numbers. We’d still advise anyone affected to keep a watchful eye on his or her banking transactions — immediately after changing that compromised password, of course. In the meantime, Sega’s keeping the Pass service offline while it rectifies the vulnerability; it’ll be able to call on an unexpected ally in its search for the perpetrators in the form of LulzSec, a hacker group that boasted proudlyabout infiltrating Sony’s network, but which has much more benevolent intentions with respect to Sega. What a topsy-turvy world we live in!
This must be the season of the hacking witch as we’ve now seen yet another company’s online security walls breached. Independent UK games developer Codemasters, responsible for titles like Dirt 3 and Overlord, has reported that its website was hacked on the third of June, exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn’t compromised, but when you consider that almost everything else was, that feels like hollow consolation. For its part, Codemasters says it took the website offline as soon as the breach was detected and a subsequent investigation has revealed the number of affected users to be in the tens of thousands.
The hackers just won’t give poor Sony a break, will they? Following the infamous PSN breach last month and an attack on the company’s Greek online music service earlier this week, Sony Ericsson has now seen another intrusion that extracted personal data of more than 2,000 Canadian Eshop customers. Fortunately, the company claims that passwords taken were encrypted and no credit card details were lost, but this is still worrisome nevertheless. Right now, the Eshop service has been taken off line — for the sake of Sir Howard and his Japanese chums, let’s just hope that this will be the last Sony breach we hear about.
We’ve recently seen Google crack down on rogue apps and patch some server-side security issues, but let’s not forget Android does have a small measure of built-in security: app permissions. But as with those pesky EULAs, many users tend to breeze through the permissions screen. And Android forces even the most attentive readers to accept or deny all permissions requested by an app. But the newest nightly builds of the CyanogenMod custom ROM include a clever patch allowing users to grant and revoke permissions individually — something like the TISSA security manager we’re still awaiting. Obviously playing God with permissions can crash your applications: with great power comes great responsibility. But we figure if you’re running aftermarket firmware on a rooted phone, you’re comfortable experimenting. See how it works in the video after the break, then hit the source link to download.
Verizon Android users have had 3G Skype calling since this time last year, but the latest app release — v22.214.171.1243 for those of you keeping tabs — brings 3G calling to the masses, without the need for a VZW-sanctioned app. The update also patches a rather significant security hole discovered last week, which could let third-party apps get hold of your personal information. We’re glad to see that’s no longer the case, and who’s going to object to free calling as part of the deal as well? Make sure your phone’s running Android 2.1 (2.2 for Galaxy S devices) and head on over to the Android Market to get updated.
The results were certainly tough to deny, and now Skype has come forward and acknowledged that there is indeed a rather serious vulnerability in Skype for Android that could let malicious third-party applications access your personal information. Unfortunately, it’s not offering much else in the way of help just yet, with it saying only that it is “working quickly” to protect folks from the vulnerability, and that they should simply be cautious of third-party apps in the meantime.
If you didn’t already have enough potential app privacy leaks to worry about, here’s one more — Android Police discovered that that Skype’s Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door.
Basically, that means a rogue app could grab all your data and phone home — an app much like Skypwned. That’s a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work — despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we’re sure it couldn’t hurt.
What’s more, a newly-published patent application from the crew in Mountain View may hint at the software behind such things. The application describes a service that sets up Google as a third-party broker who receives the shopping cart info of customers placing orders via a device (including those of the mobile variety), allows them to select shipping and other options, and provides the total order cost. It then collects payment, coordinates shipment, and forwards order information to the seller to complete the transaction. So companies can have Google handle all their payment-taking needs in return for getting a sneak peek at what folks are buying — something that the WSJ’s sources say might be a component of the setup Google’s testing right now — as opposed to other third-party services, like Paypal, that only obtain and exchange payment info with merchants. Looks like Alma Whitten (Google’s Director of Privacy) has her work cut out assuaging the concerns such a system will inevitably create in an increasingly privacy-minded populace.