Tech Talk

The most popular applications on Facebook have been transmitting identifying information to advertising and tracking companies, the Wall Street Journal reports. Tens of millions of users are affected — even those who have the strictest privacy settings, the newspaper reports.

The breach is hardly the first on the network.

It is a good time to remember that users should assume that all information posted online will be ultimately made public to everyone. Assuming anything else would be foolish.

A Facebook spokesperson told the Journal:

“A Facebook user ID may be inadvertently shared by a user’s Internet browser or by an application,” the spokesman said. Knowledge of an ID “does not permit access to anyone’s private information on Facebook,” he said, adding that the company would introduce new technology to contain the problem identified by the Journal.

It is important to note that the majority of applications are not made by Facebook, something many users do not realize.

Click here to read the full Wall Street Journal report.

Hackers have discovered a new way to rock the Twitterverse Tuesday.

A rogue bug directed thousands of users to third-party websites Tuesday morning after they moved their mouse over malicious tweets, Mashable reported. Some users were directed to hard-core pornography sites in the security breach, FOXNews.com reported. 

Users were advised to use third-party applications, like TweetDeck and Hootsuite, which did not seem to be affected by the Javascript.

However, the nature of the assault is particularly alarming as users’ personal and financial information is once again put at the greatest risk yet.

Tuesday’s incident begs the question: How many breaches and outages are Twitter users willing to deal with before they permanently sign off?

As the social network faces mounting issues, it is becoming increasingly difficult for even its most loyal users to pretend like everything is hunky-dory.

Yes, Twitter is seeing a large increase in users, but so are other social networks like Facebook and FourSquare — only they are not suffering the same infuriating growing pains. But when you add malicious bugs that threaten one’s financial and public well-being, that’s another story.

While your Tech Talk editor remains a loyal tweeter, even he is becoming increasingly wary of the network’s growing risks and headaches. While he is not planning to jump ship anytime soon and is still very commited to the unrivaled information that flows across the network at any given moment, he is much more likely to actively seek an alternative source sooner than later. Let’s hope it doesn’t come to that.

Ever since Facebook introduced its feature that allows users to “like” something posted on a friend’s profile, users of the social network have  asked for the ability to “dislike” content. Facebook has yet to introduce such a feature — but a new scam is making its rounds and taking advantage of many users.

According to Mashable, the scam entails a status message that says:

I just got the Dislike button, so now I can dislike all of your dumb posts lol!!

or

Get the official DISLIKE button now

Both scams include a link that appears to ultimately capture personal information after navigating through an “install” page.

If Facebook were to introduce such a feature, history demonstrates it would install it directly on its users’ accounts — and not require an installation of anything. It would be wise to avoid any offers, like this, that appear too good to be true and require a download or installation of anything to work.

Google has a problem — well, many problems.

Since news broke that the search engine giant “mistakenly” collected and stored data broadcast from wireless networks in Connecticut and countries around the world, probes have been initiated to determine the extent of the data collection. On Monday, it was reported that Google may have collected “data that are normally covered by… banking and medical privacy rules.”

Throughout the entire ordeal, the technology giant has vowed to cooperate — and has insisted that it did not break any laws, an assertion it repeated in a letter to Congress.

Google has insisted that it considered the information broadcast from the personal and business networks to be public information.  Too bad its spokespeople did not read its own WiFi privacy policy.

According to its own policy, first reported by Tech Eye: “Wireless Internet access presents challenges for protecting your information from illegal data interception by third parties.”  Oops.

Collecting information from unsecured wireless networks should be illegal — regardless of intent. This episode should remind our representatives of such threats to Americans.

“Unauthorized surveillance of wireless network data is the dark side of the new Internet era — and I will fight it,” Connecticut Attorney General Blumenthal said in a statement earlier this month — and he is absolutely right.

This news should remind Web surfers that they should only use secure wireless connections, including when “just” checking e-mail, or else they face becoming a victim. Learn more about wireless security here.

As Google’s own privacy policy states: “Security threats are constantly evolving, so you should regularly check to be sure that your security protection is up to date.”

Well said.

Tech Talk thanks Simon Owens, a journalist and online media strategist, for sharing the privacy policy angle. See something? Tweet us.

Google collected sensitive data, including passwords, a French data protection agency examination has found.

The information was collected from unsecured wireless networks by the search engine’s Street View vehicles as the company logged WiFi hotspots, the BBC reported Monday.

CNIL, the French data protection agency, told reporters that an early look indicated the presence of “data that are normally covered by… banking and medical privacy rules,” the BBC reported.

Passwords for e-mail and “chunks of text from messages” were reportedly found, according to the British media.

The search engine giant said it was working with authorities and would delete the information it had gathered, if requested, the BBC reported.

Google acknowledged that its vehicles had “mistakenly” collected and stored data broadcast from wireless networks in Connecticut, Tech Talk reported earlier this month.

The search engine called the collection a software mistake, Tech Talk cited a release by Connecticut’s Attorney General, Richard Blumenthal, as saying. Google has stressed that the data has been secured and was not used “in any Google service or product.”

Google said it has grounded its entire Street View fleet and has stopped collecting wireless data, Tech Talk has previously reported. The search engine “believes” it started collecting the data in Connecticut two years ago, Blumenthal said in a statement.

“Our ultimate objective is to delete the data consistent with our legal obligations and in consultation with the appropriate authorities,” a Google spokesperson said.

Investigations have been launched in Australia, Canada, Germany, Italy, New Zealand and Spain. Several U.S. states are considering filing civil suits, the BBC reported.

The company stated earlier this month in a release sent through Blumenthal’s office that it considered the information broadcast from the personal and business networks to be public information. It said it needs the information to “improve our location-based services.”

This is a serious issue. Any information collected could lead to people becoming victimized – not just by Google but by someone who hacks into the technology giant’s servers, which have been compromised before.  This news should remind Web surfers that they should only use secure wireless connections – or else they face becoming a victim. Learn more about wireless security here.

Even before Monday’s news, Connecticut’s attorney general indicated that a probe in the state was underway.

“Google’s actions raise troubling and profound questions about privacy and whether laws need to be clarified or changed,” Blumenthal said in a statement distributed earlier this month. “I urge consumers to consider encrypting their wireless computer networks. An unencrypted network is an invitation to snooping, like broadcasting all communications on loudspeakers. Anyone with the right software and equipment can listen in.”

Some of the most prominent people on earth may be vulnerable to spam and malicious hacking, according to a published report.

The security breach threatens the identities of Apple’s iPad owners, including CEOs, military and finance officials, members of the media and the Washington elite, Gawker reports. The information exposed include subscribers’ e-mail addresses and the numbers used to identify the SIM cards that associate a mobile device with a specific user.

The information was obtained by a group calling itself Goatse Security, according to Gawker.

Goatse Security reportedly obtained the information through a script on AT&T’s website. The security hole was repaired after Gaotse Security notified AT&T of the breach, Gawker reports.

According to Gawker:

According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment.

Although AT&T closed the security hole recently, the victims were not immediately notified, according to Gawker.

The problem, according to Gawker, appears to be AT&T fault, and will likely complicate an already strained relationship with Apple.

Among others, affected accounts, according to Gawker, belonged to folks from:

• Department of Defense
• New York Times
• Time Warner
• News Corporation
• Hearst
• Amazon
• Google
• Microsoft
• Goldman Sachs
• Morgan Stanley
• JP Morgan
• Citigroup
• GMail user who appears to be Rahm Emanuel
• Senate and House of Representatvies
• NASA
• Department of Justice
• Department of Homeland Security
• FAA
• FCC

This incident should remind users that it’s a good idea to use a separate e-mail address for the registrations of products — like the iPad. Such e-mail addresses could then be automatically forwarded to one’s primary inbox. By doing such, one’s primary personal e-mail will not be as likely to be compromised.

To read much more, including analysis, details about how the breach was perpetrated and a statement from AT&T, please click here.

Google has acknowledged that its Street View vehicles have collected and stored data broadcast from wireless networks in Connecticut, the state’s attorney general’s office has announced. The information could include e-mails, Web browsing and passwords.

The search engine called the collection a software mistake, a press release issued by Richard Blumenthal indicated.  However, Google noted that the data has been secured and was not used “in any Google service or product,” the press release continued.

The data was collected with the vehicles used to take photos of streets and surrounding buildings around the world to create its Street View maps.

Google said it has recently grounded its entire Street View fleet and has stopped collecting wireless data, according to the release. The search engine “believes” it started collecting the data in Connecticut two years ago, the state’s top lawyer announced.

The company said it considered the information broadcast from the personal and business networks to be public information. It said it needs the information to “improve our location-based services,” the statement continued.

“Google’s acknowledgement that it vacuumed up data from unencrypted wireless computer networks in Connecticut is disturbing and demands additional inquiry,” Blumenthal said in the statement. “Google grabbed information – which could include e-mails, passwords and Web browsing — that consumers rightly expect to be private. Google needs to better explain how this practice happened, exactly when, where and why. My office is carefully considering Google’s answers and will seek additional information. Key questions include how Google learned that its software was gathering unencrypted data and why the company kept the information.”

The statement indicated that the attorney general would consider the legality of the collection practices.

“Google’s actions raise troubling and profound questions about privacy and whether laws need to be clarified or changed,” Blumenthal said in the statement. “I urge consumers to consider encrypting their wireless computer networks. An unencrypted network is an invitation to snooping, like broadcasting all communications on loudspeakers. Anyone with the right software and equipment can listen in.”

Google will provide additional information identifying the municipalities the information was collected from and the number of networks from which data was harvested, the release indicated.

Google has admitted to intercepting packets of data from unsecured networks in Europe, an earlier statement from Blumenthal’s office stated.

The attorney general is on the correct side of this critical issue. Blumenthal ought to be praised for standing up to Google on this important issue.

Residents in the state could be victimized – not just by Google but by someone who hacks into the technology giant’s servers, which have been compromised before.  This news should remind Web surfers that they should only use secure wireless connections – or else they face becoming a victim. Learn more about wireless security here.

“Unauthorized surveillance of wireless network data is the dark side of the new Internet era — and I will fight it,” Blumenthal said in a statement.

Other investigations are also on-going into Google. You could read about those here.

Another Connecticut bank appears to have been targeted by folks who tried to steal personal banking information.

Suspects allegedly used a skimming device to capture card and PIN information at a People’s United Bank early Thursday, the Darien Patch reports.

Three women were led away by police in handcuffs, the Patch reported, and police are reportedly seeking a fourth individual.

In July, Tech Talk reported the arrest of a man who allegedly attached skimming devices to ATMs in two Wallingford banks.

“As technology evolves, there are more and more ways for criminals to circumvent the process,” Connecticut State Police spokesman Sgt. Chris Johnson told the New Haven Register at the time.

Thieves can capture ATM, debit and credit card information through a process called skimming anywhere such cards are used by capturing the information contained on the cards’ magnetic strip.  In many cases, cameras are also attached nearby to capture PIN information.

However, by following but a few simple tips, you could avoid becoming a victim.

Consumer Reports recommends:

• Don’t type in your pin at the gas pump for your debit card because they are produced by only a couple manufacturers making it easier for someone to gain the ability to insert a skimming device inside the pump where it cannot be seen.  If a credit card is unavailable, the publication suggests choosing the screen prompt that identifies the card as a credit card so a PIN is not required; greater protection from liability is gained if fraud occurs this way.
• Closely monitor your bank accounts — preferably online — because federal law limits consumers’ liability for fraudulent debit-card charges to $50, but only if the  theft or loss is reported within two business days. Failing to report unauthorized charges within 60 days of the date of the statement could make you liable for any unauthorized withdrawals afterward.  Visa and MasterCard have zero liability policies that go beyond federal law by exempting debit users from liability in most circumstances when a bank investigation confirms a transaction is fraudulent.  However, dealing with debit-card fraud has the potential of having a greater impact on your finances than credit-card fraud as you won’t be out any money while the disputed charges are being investigated.
• Use ATMs at banks because there’s generally more traffic and surveillance cameras to prevent someone from attaching a skimming device.  Granted, as noted in the ABCNews.com report, bank ATMs could also be targeted.  And, in fact, ABCNews.com reports that criminals are beginning to target ATMs in banks because the increased traffic gives thieves the potential for more activity and subsequent money.

ABCNews.com offers six recommendations of how to spot ATM skimmers:

• Be aware of your surroundings. Be extra careful of machines in dark areas or in places that don’t look well guarded and monitored.
• Pay attention to the front of machines. If it looks different from others in the area (for example, it has an extra mirror on the face), has sticky residue on it (potentially from a device attached to it) or extra signage, use a different machine and notify bank management with your concerns.
• Notice how it feels to type in your PIN code. If it’s difficult to punch the keys or you feel resistance, it could mean that a keypad overlay is present.
• Cover your hand as you type in your PIN. If a camera is present or someone is trying to look over your shoulder, this will obstruct their view.
• If you think the area around the card entry slot looks peculiar, pull on it. If it comes off or loosens, alert bank management but try to leave the machine as you found it. Leaving the evidence in place could help authorities track down the criminals.
• If you find a skimming device, in addition to notifying bank management, the ATMIA says to notify local law enforcement.

If things get completely out of hand, American banks might resort to a South African technique of loading pepper spray into automatic teller machines to deter crooks, as Tech Talk reported here.  Granted, a few modifications would have to be made first.