Twitter has been breached, 250,000 accounts stolen

by
Comments are off for this post

The site’s security team identified multiple access attempts by unauthorized individuals to access user data this week, the Bob Lord, director of information security, wrote on the Twitter blog on Friday afternoon. The company also uncovered “one live attack” and shut it down while it was still in progress moments later, Lord said.

Further investigation revealed that attackers were able to access a subset of user data, including usernames, email addresses, session tokens, and encrypted/salted passwords, belonging to approximately 250,000 users, Twitter admitted in the post. Lord did not provide any additional information about the security breach, nor did he say whether any of the exposed accounts had been illegally accessed.

“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts,” Lord wrote.

http://securitywatch.pcmag.com/none/307708-twitter-breached-attackers-stole-250-000-user-data

Privacy Suggestions for Mobile Developers

by
Comments are off for this post

With the rush of new devices, apps, networks and a myriad of constantly changing privacy policies, it’s important that consumers and businesses understand the implications of failure to protect personal privacy.

Attorney General Kamala Harris has taken a keen interest to the added challenges of protecting individuals in a connected society. As part of that effort, her office has compiled a list of tips.

privacyapps

South Carolina’s server hacked, Social Security Numbers stolen

by
Comments are off for this post

This just in from CNN.com. At least 3.6 million people have had their social security numbers hacked. Residents of South Carolina should monitor their credit carefully. Here is the article:

(CNN) South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised

The Social Security numbers of millions of South Carolinians, as well as credit and debit card information for hundreds of thousands, have been hacked in what the state’s governor described Friday as an international cyberattack.

“This is not a good day for South Carolina,” Gov. Nikki Haley told reporters.

The governor explained that a “server that warehouses all our taxpayer information was breached and taxpayer information was stolen.”

The state’s Department of Revenue explained in a press release that it first learned of a possible breach on October 10, after which the state contracted information security firm Mandiant to conduct an investigation.

The “hole” in the system was closed October 20. Over the next several days, state authorities determined that more than 3.6 million Social Security numbers may have been affected. So, too, were 387,000 credit card numbers – though only 16,000 of those were unencrypted.

On Friday, state officials laid out efforts to determine what happened and protect the personal information of taxpayers. While noting that not everyone had their information breached, Haley urged everyone who filed a tax return in South Carolina from 1998 through now to take advantage of credit protection services being offered by the state.

FTC offers $50,000 and National Hero status to anyone who can stop Robo Calls

by
Comments are off for this post

The FTC (Federal Trade Commission) is now offering a $50,000 prize to whomever can come up with the best solution to stop illegal political Robo Calls. Applications start on October 25 and the agency is also saying whoever wins will become a “National Hero”.

You can learn more or tune in to Twitter on October 5 to learn more about the challenge.

http://www.ftc.gov/opa/2012/10/robocalls3.shtm

What is the National Do Not Call Registry and how does it work

by
Comments are off for this post

The National Do Not Call Registry, or the Registro Nacional No Llame, as it is called in Spanish, is the official centralized list service that was created by the Federal Trade Commission after review of telemarketing practice. It was developed as a service for consumers to add their business or household phone number to a list that is shared by major telemarketing calls. The purpose is to help limit the calls you receive. There is no cost and once added, your phone number remains on the DO NOT CALL list. Here is some information directly from the FTC’s website.

Tell Me More About the National Do Not Call Registry

    1. Why would I register my phone number with the National Do Not Call Registry?

The National Do Not Call Registry gives you an opportunity to limit the telemarketing calls you receive. Once you register your phone number, telemarketers covered by the National Do Not Call Registry have up to 31 days from the date you register to stop calling you.

    1. Who manages the National Do Not Call Registry?

The National Do Not Call Registry is managed by the Federal Trade Commission (FTC), the nation’s consumer protection agency. It is enforced by the FTC, the Federal Communications Commission (FCC), and state law enforcement officials.

    1. Why was the National Do Not Call Registry created?

The registry was created to offer consumers a choice regarding telemarketing calls. The FTC’s decision to create the National Do Not Call Registry was the culmination of a comprehensive, three-year review of the Telemarketing Sales Rule (TSR), as well as the Commission’s extensive experience enforcing the TSR over seven years. The FTC held numerous workshops, meetings, and briefings to solicit feedback from interested parties and considered over 64,000 public comments, most of which favored creating the registry. You can review the entire record of the Rule review at
www.ftc.gov/bcp/rulemaking/tsr/tsrrulemaking/index.htm.

How Does Registration Work?

    1. How soon after I register will I notice a reduction in calls?

Telemarketers covered by the National Do Not Call Registry have up to 31 days from the date you register to stop calling you.

    1. When I register my phone number, how long until it shows up on the National Do Not Call Registry?

After you register, your phone number will show up on the registry by the next day. Telemarketers have up to 31 days to get your phone number and remove it from their call lists.

    1. What if I change my mind? Can I take my number off the National Do Not Call Registry?

You can delete your phone number only by calling toll-free 1-888-382-1222 from the telephone number you want to delete. After you contact the registry to delete it, it will be removed from the National Do Not Call Registry by the next day. But telemarketers have up to 31 days to access information about your deletion and add your number back to their call lists, if they choose to.

    1. If I registered by phone, will I receive a confirmation?

No, but you can verify that your number is on the registry online at www.donotcall.gov or by calling the registry’s toll-free number (1-888-382-1222) and following the prompts for verifying that your number is on the registry.

    1. I received a phone call from someone offering to put my name on the National Do Not Call Registry. Should I let them?

No. The FTC does not allow private companies or other such third parties to register consumers for the National Do Not Call Registry. Websites or phone solicitations that claim they can or will register a consumer’s name or phone number on the National Do Not Call Registry — especially those that charge a fee — are almost certainly a scam. Consumers may register directly, or through some state governments, but never through private companies. For consumers, the National Do Not Call Registry is a free service of the federal government.

What About the Privacy of My Information?

    1. If I choose to register my phone number, how will my information be used and disclosed?

We collect your phone number and store it in the National Do Not Call Registry so that telemarketers and sellers covered by the FTC’s rules can remove your phone number from their call lists. Telemarketers are required to search the registry every 31 days and delete from their call lists phone numbers that are in the registry. Phone numbers in the registry also may be shared with law enforcement to assure compliance with federal and state law.

If you contact us via the Internet, we also collect your email address to confirm your registration request. We will store your email address in a secure manner, separate from your telephone number. We will not share your email address with telemarketers.

For more information about the privacy of your information, please see our privacy policy at www.ftc.gov/ftc/privacy.shtm

 

What Phone Numbers Can I Register?

    1. Can I register my cell phone on the National Do Not Call Registry?

Yes, you may place your personal cell phone number on the National Do Not Call Registry. The registry has accepted cell phone numbers since it opened for registrations in June 2003. There is no deadline to register a home or cell phone number on the Registry.

You may have received an email telling you that your cell phone is about to be assaulted by telemarketing calls as a result of a new cell phone number database; however, that is not the case. FCC regulations prohibit telemarketers from using automated dialers to call cell phone numbers. Automated dialers are standard in the industry, so most telemarketers don’t call consumers on their cell phones without their consent.

    1. Can I register all my family and friends?

You should register only your own telephone numbers.

    1. I have more than three personal telephone numbers. How can I register all of those numbers?

You may register up to three telephone numbers at one time on the National Do Not Call Registry website. You will receive a separate confirmation email for each number you wish to register online. You must open each email and click on the link in each one to complete the registration process. If you have more than three personal telephone numbers, you will have to go through the registration process more than once to register all of your numbers. There is a limit on the number of phone numbers you can register in this manner.

You can register only one phone number each time you call the National Do Not Call Registry, and you must call from the phone number you wish to register.

    1. What happens if I register more than one number at a time online?

You will get an email for each number you register online. You need to open each email and click on the link in each email within 72 hours to register those numbers.

    1. Can I register my business phone number or a fax number?

The National Do Not Call Registry is only for personal phone numbers. Business-to-business calls and faxes are not covered by the National Do Not Call Registry.

 

Will My Registration Expire?

    1. How long does my phone number stay registered?

Telephone numbers on the registry will only be removed when they are disconnected and reassigned, or when the consumer chooses to remove a number from the registry.

What If I Move or My Phone Is Disconnected?

    1. I moved and got a new phone number. Do I need to register the new number?

Yes.

    1. Do I need to take my old phone number off the list when I get a new number?

No. You can if you would like to, but the system will automatically remove most numbers that are disconnected and reassigned.

    1. What happens if my phone number is disconnected and then reconnected?

If your number is disconnected and then reconnected, you may need to re-register. In addition, there are actions that you or your telephone company might take that could cause your registered phone number to become unregistered — even if your service has not been interrupted (such as changing calling plans or other services, or changing the billing name on the account.) To verify that your number is in the Registry, go to www.donotcall.gov or call 1-888-382-1222 (TTY: 1-866-290-4236). Each time you re-register, telemarketers will have 31 days to take your number off their call lists.

What If My Area Code “Splits”?

    1. If my area code changes, do I need to re-register?

If the phone companies change the three-digit area code for your home or mobile phone number, you do not have to re-register it with the National Do Not Call Registry. The number with the new area code will be registered for you during the 90-day period when both the old and new area codes work. This is known as the Permissive Dialing Period.

    1. Do I need to delete registration of my number with the old area code?

No. You do not need to delete the registration of your phone number with the old area code. An automated process will remove it after 90-day Permissive Dialing Period.

Registration and My Email Address

    1. Why do you need my email address?

When you use the registry’s website to put a phone number on the National Do Not Call Registry, we collect your email address to confirm your request. We will send you an email and you will need to click on the link in the email within 72 hours to finalize your registration. We also collect your email address when you request to verify your registration online so that we can email you a response to your verification request. We will store your email address in a secure manner, separate from your telephone number. We will not share your email address with telemarketers.

    1. Can I register online if I do not have an active email address?

No. The online registration process requires an active email address. If you register online, we will send you an email message with a link in it. You need to click on the link in the email within 72 hours to finalize your registration. If you do not have an email address, you can register by phone
(1-888-382-1222).

    1. Can I reply to the email I got when I was registering?

No. The email address is a one-way mail service. It cannot accept incoming emails. You must click on the link within the email within 72 hours to finalize your registration.

    1. What if my email address changes after I register? Will I still be able to verify my registration on the national registry?

Yes, you will be able to use your new email address to verify your phone number online.

I’m Having Problems With Registration

    1. I called to register my phone number, but the message said my phone number could not be verified. Why not?

When you call to register a phone number, you are asked to enter the number you are calling from. The system tries to match the number you enter to “Automatic Number Identification” or ANI, which is like Caller ID for the telephone network. A small percentage of U.S. phones do not have ANI. If your phone doesn’t, the system will have trouble locating your phone number. You can register your phone number on the National Do Not Call Registry website at www.donotcall.gov.

    1. I called to register my phone number, but the message said that the phone number I was calling from did not match the phone number I entered. What happened?

To register, you must call from the phone you want to register. For example, you cannot register your home phone number by calling from work.

Also, people in certain communities — such as senior living centers or university residences — have phone numbers that are hidden by a PBX (private branch exchange) telephone system and cannot be matched by the National Do Not Call system. If you live in such a community, you can register your phone number on the National Do Not Call Registry website atwww.donotcall.gov.

    1. I received an email from Register@donotcall.gov, but I don’t get a “Registration Complete” message when I try to click on the link. What should I do?

You may not be able to click on the link in your email from Register@donotcall.gov, or it may take you to a page that says “Registration Incomplete.” You can complete your registration by using the “cut” and “paste” functions to insert the link in the email into the “address” line on your Web browser. You must cut and paste the entire link. It is very long — possibly more than one line of text. You cannot re-type the link.

Will All Telemarketing Calls Stop If I Register?

    1. If I register my number on the National Do Not Call Registry, will it stop all telemarketing calls?

No. Placing your number on the National Do Not Call Registry will stop most telemarketing calls, but not all. Because of limitations in the jurisdiction of the FTC and FCC, calls from or on behalf of political organizations, charities, and telephone surveyors would still be permitted, as would calls from companies with which you have an existing business relationship, or those to whom you’ve provided express agreement in writing to receive their calls. However, if you ask a company with which you have an existing business relationship to place your number on its own do-not-call list, it must honor your request.  You should keep a record of the date you make the request.

    1. Are calls from political organizations or calls soliciting for charities covered?

Political solicitations are not covered by the TSR at all, since they are not included in its definition of “telemarketing.” Charities are not covered by the requirements of the national registry. However, if a third-party telemarketer is calling on behalf of a charity, a consumer may ask not to receive any more calls from, or on behalf of, that specific charity. If a third-party telemarketer calls again on behalf of that charity, the telemarketer may be subject to a fine of up to $16,000 .

    1. What about telephone surveys?

If the call is really for the sole purpose of conducting a survey, it is not covered. Only telemarketing calls are covered — that is, calls that solicit sales of goods or services. Callers purporting to take a survey, but also offering to sell goods or services, must comply with the National Do Not Call Registry.

    1. My number is on the National Do Not Call Registry. After I bought something from a company, a telemarketer representing that organization called me. Is this a violation?

No. By purchasing something from the company, you established a business relationship with the company. As a result, even if you put your number on the National Do Not Call Registry, that company may call you for up to 18 months after your last purchase or delivery from it, or your last payment to it, unless you ask the company not to call again. In that case, the company must honor your request not to call. If they subsequently call you again, they may be subject to a fine of up to $16,000 .

An established business relationship with a company also will be created if you make an inquiry to the company, or submit an application to it. This kind of established business relationship exists for three months after the inquiry or application. During this time, the company can call you.

If you make a specific request to that company not to call you, however, then the company may not call you, even if you have an established business relationship with that company. You should keep a record of the date you make the request.

    1. Are telemarketing calls from overseas covered?

Yes. Any telemarketers calling U.S. consumers are covered, regardless of where they are calling from. If a company within the U.S. solicits sales through an overseas professional telemarketer, that U.S. company may be liable for any violations by the telemarketer. The FTC can initiate enforcement actions against such companies.

Other Ways To Limit Telemarketing Calls

    1. I’m happy to have the choice to limit telemarketing contacts, but there are some telemarketing calls I don’t mind receiving. Is there a way to allow only certain companies to call?

Yes. If you give a company your written permission to call you, they may do so even if you have placed your number on the National Do Not Call Registry.

    1. If I don’t want to put my number on the National Do Not Call Registry, can I still stop telemarketers from calling?

Yes. Even if you do not register with the National Do Not Call Registry, you can still prohibit individual telemarketers from calling by asking them to put you on their company’s do not call list.

    1. What is the relationship between the state do not call lists and the National Do Not Call Registry in terms of coverage?

The National Do Not Call Registry requirements are at least as stringent as most state laws. Most unwanted telemarketing calls will be covered by the National Do Not Call Registry. States also can continue to enforce their laws, which will not be limited by the FTC. However, the FCC’s requirements impact some state laws. For information on the FCC’s rule, visit www.fcc.gov.

Filing a Do Not Call Complaint

    1. When can I file a do not call complaint?

If your number has been on the National Do Not Call Registry for at least 31 days and you receive a call from a telemarketer that you believe is covered by the National Do Not Call Registry, you can file a complaint at the registry’s website atwww.donotcall.gov or by calling the registry’s toll-free number at 1-888-382-1222 (TTY: 1-866-290-4236). You may also file a complaint if you received a call that used a recorded message instead of a live person (whether or not your number was on the Registry).

    1. How do I file a do not call complaint? What do I need to file a complaint?

You can file your complaint on the registry’s website, www.donotcall.gov, using the File a Complaint page. You must provide the date that the company called you and the number that was called and respond to a question asking if the call was a prerecorded message. You may provide your name and address, but this information is not required for you to submit a complaint. You also may call the registry’s toll-free number 1-888-382-1222 (TTY: 1-866-290-4236).

    1. What happens to my complaint?

Do not call complaints will be entered into the FTC’s Consumer Sentinel system, a secure online database available to more than 1,000 civil and criminal law enforcement agencies. While the FTC does not resolve individual consumer problems, your complaint will help us investigate the company and could lead to law enforcement action.

    1. Where can I get more information?

If you have questions or complaints regarding the Do Not Call Registry, please contact the FTC by email atdncconsumerinquiry2@ftc.gov, or by mail at:

National Do Not Call Registry
Attn: DNC Program Manager
Federal Trade Commission
600 Pennsylvania Avenue, N.W.
Washington, DC 20580

Did PSN get hacked? Playstation Network says no but we are not sure

by
Comments are off for this post

We have been hearing mixed rumors about whether or not Anonymous hacked Sony’s Playstation network and stole 50 million people’s information.

It is our belief that there is a file circulating containing people’s logins and passwords, however at this time it is unclear if their was a breach.

Sony says no on the matter. Regardless, it’s a great time to go reset those passwords.

Online Privacy And Homeland Security

by
Comments are off for this post

The introduction, in the US Senate, of the Cybersecurity Act of 2012 (S 3414), takes the place of Lieberman-Collins Cybersecurity Act (S 2150). It calls for a National Cybersecurity Council, which would be chaired by the Secretary of Homeland Security.

If enacted, crucial privacy concerns would be addressed, with the council working with the operators and owners of critical infrastructures, to minimize cybersecurity risks.

Cybersecurity practices have been under fire, while the ACLU and private individuals have been questioning the role the Federal government would play, as presented in the previous bill, which included mandatory following of agency-enforced standards. In the new bill, these would be optional.

The “toned-down” language of the new bill may help it pass, as support for the initial bill had been fading, especially among Republicans. It’s still not a done deal.

Within the language of the bill, government agency programs for certification remains an area of concern, with how much power the council ultimately has being in question. Questions arise, with the possible regulating of a critical infrastructure sector by a federal agency.

With regard to self-certification, will enforcement be “loose,” as has been suggested by a PDF summary of the bill? Just how much power federal officials will have, remains to be seen.

blog sponsored by The Privacy Council

The Transporting And Security Of Personal Identifiable Information

by
Comments are off for this post

As stories of Apple’s in-app security issues continue, due to the hacking and resulting YouTube videos from Russian developer Alexey V. Borodin, questions regarding the adequacy of current transport layering and their cryptographic protocols seem in order. If high-tech entities are unable to stop supposedly secure information from being compromised, how can individuals assume their personally identifiable information (PII) is secure? Of course, it appears not to be.

The Secure Sockets Layer (SSL), originated by Netscape, affords users a cryptographic protocol when communicating on the web. Additionally, there’s Transport Layer Security (TLS) and Transport Layer Protection (TLP). Borodin appears to have infiltrated in-place layers of security and manipulated digital certificates, in order to avoid paying for in-app purchases. He then produced criminally instructional videos, which he offered on YouTube, showing others how he did it. Even after the blocking of his IP address, by Apple, and the successful removal of his initial video on YouTube, Borodin has continued his operation, utilizing an international server, somewhere outside of Russia.

An immediate need for an upgrading of website security seems obvious.

What implications are there for individuals?

Note: Beyond your password, hackers seeking to steal an identity, look for date of birth, available addresses and phone numbers, all of which are readily accessible on the web. It is recommended that passwords be changed on a regular basis. Protect other personally identifiable information, by not openly sharing it on the global expressway of information.

 

image: sefiani.com.au

blog sponsored by The Privacy Council