Information Security News
Facebook engineers have fixed a privacy bug that disclosed e-mail addresses and phone numbers of about 6 million account holders to other users, company officials said Friday.
The inadvertent disclosure was included in archives generated when people used the Facebook Download Your Information tool. The service allows users to acquire the entire contents of their accounts. In some cases, the archives contained private e-mail addresses and phone numbers belonging to people the account holder had searched for on Facebook. In a blog post published Friday, company representatives wrote:
We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing. Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again. Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure.
Company officials have already notified regulators in the US and Canada of the disclosure and are in the process of notifying affected users through e-mail.
Device-disabling malware that masquerades as legitimate antivirus protection is migrating to smartphones running Google's Android operating system, according to researchers who got their hands on what appears to be an early test version of one such malicious program.
So-called Fake AV software, which is often bundled with screensavers or other innocuous-appearing apps, has long been a nuisance in the malware landscape for both the Microsoft Windows and Mac OS X platforms. Some operators have managed to rake in millions of dollars by reporting non-existent infections on machines and then tricking owners into paying for fraudulent disinfection services.
Enter Android Fakedefender, which researchers from antivirus provider Symantec recently discovered in several third-party Android app markets. The malicious app is still buggy and crude to say the least, but it nonetheless has the ability to create major headaches for smartphone users who install it. On many handsets, for instance, Fakedefender cannot be uninstalled at all and will prevent users from performing factory resets. Borrowing a page from so-called ransomware malware, the app also prevents many users from opening other apps or accessing data stored on the device until users buy a premium version of the Fake AV program.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Posted by InfoSec News on Jun 21http://gcn.com/articles/2013/06/17/nist-dhs-push-security-automation.aspx
Posted by InfoSec News on Jun 21http://www.informationweek.com/security/privacy/nsa-tests-it-access-control-restrictions/240156948
Posted by InfoSec News on Jun 21http://georgiaweidman.com/wordpress/guess-you-thought-i-was-someone-to-mess-with/
Posted by InfoSec News on Jun 21http://www.eweek.com/security/microsoft-liberates-more-than-1.2-million-pcs-from-citadel-botnet/
Posted by InfoSec News on Jun 21http://www.ibtimes.com/usis-vetted-snowden-under-investigation-booz-allen-hamilton-overlooked-snowden-resume-discrepancies
Bon Plan - 20% de remise sur les onduleurs et multiprises Infosec chez GrosBill
Pour en bénéficier, il vous suffit de vous rendre sur cette page chez GrosBill puis d'ajouter le ou les produits Infosec éligibles de votre choix au panier. Ensuite, dans le champ prévu à cet effet lors du passage de commande, saisissez le code 20SEC ...