Tuesday, 27 August 2013

UK authorities request data on more than 2,300 Facebook users in 2013

UK authorities requested data on 2,337 Facebook users from the firm in the first six months of 2013, as the social network reveals data on the government data requests it receives for the first time.
In total, 1,975 requests were made, meaning some submissions concerned more than one user at a time. In total 68 percent of these requests for data were granted by Facebook.
Only the US, with between 10,000 and 11,000 requests for data on between 20,000 and 21,000 users, and India, with 3,245 requests for data on 4,144 members of the site, filed more submissions to Facebook than the UK.
Facebook was required by law to produce data for 79 percent of the requests from the US and 50 percent from India. Hong Kong and Iceland had 100 percent of requests granted, but this was from just one submission each.
Colin Stretch, Facebook’s general counsel, said the firm was releasing the information in order to prove that while it complied with the laws when required, it did not hand over data to the government whenever asked. This comes after the PRISM revelations leaked by Edward Snowden, which suggested the UK and US authorities had unchecked access to the data held by tech giants such as Facebook.
“As we have made clear in recent weeks, we have stringent processes in place to handle all government data requests. We scrutinise each request for legal sufficiency under our terms and the strict letter of the law, and require a detailed description of the legal and factual bases for each request," he said.
"We fight many of these requests, pushing back when we find legal deficiencies and narrowing the scope of overly broad or vague requests. When we are required to comply with a particular request, we frequently share only basic user information, such as name."
Stretch added that the government should not be entitled to data on web users without accountability and that by publishing such data it would allow others to keep track of its data demands.
“As we have said many times, we believe that while governments have an important responsibility to keep people safe, it is possible to do so while also being transparent. Government transparency and public safety are not mutually exclusive ideals,” he said.
“Each can exist simultaneously in free and open societies, and they help make us stronger. We strongly encourage all governments to provide greater transparency about their efforts aimed at keeping the public safe, and we will continue to be aggressive advocates for greater disclosure.”
Facebook joins others sites such as Google and Twitter in releasing information on the data it is asked for by governments, which show the importance governments around the world place on data posted on social sites.

Mobile banking services pose major security risks, warns financial watchdog

Barclays Pingit App
The rise of mobile banking technologies poses major risks to consumers around issues of fraud, theft and input errors caused by small keypads, according to a government financial watchdog.
The Financial Conduct Authority (FCA) has published a report on the issues around mobile banking in which it noted that while the technology has clear benefits for consumers, banks and telecoms companies have a responsibility to ensure consumers are protected.
For example, it cited malware and viruses hidden with applications offered by banks as a serious threat that must be tackled.
"Malware is an important risk for firms to consider, as it can result in financial loss and undermine consumer confidence in mobile banking," the report said.
The IT running mobile systems must be robust enough to meet customer needs, or firms risk serious issues, the report noted.
"There is a risk that an IT failure could interrupt services, preventing access to mobile banking, limiting customers’ access to their money and undermining consumer confidence in these services," it said.
"The potential impact of this may grow as consumers increasingly rely on mobile banking. We recognise that firms may be under strong commercial pressure to develop and launch products quickly, which could risk services being released without sufficient testing and protection."
Even the keypads offered on smartphones were cited as a potential cause for issues, as customers could enter the wrong information.
"Mobile phones, with their smaller screens and limited keypad, may make errors more likely, therefore it is important for us to understand how firms are mitigating this risk," it said.
Clive Adamson, director of supervision at the FCA, said the preliminary report from the organisation, which is the precursor to a longer, more detailed report to be launched in 2014, was a vital piece of work to ensure this burgeoning technology was properly supervised.
"Mobile banking is an exciting development in financial services. With the market growing, now is the right time for us to take stock and, as part of the FCA's forward-looking approach, to ensure that consumers are appropriately protected,” he said.
"By publishing these initial thoughts we want to make sure that the industry knows exactly what we’re looking into, and consumers have a clearer idea of some of the potential risks."
The report comes as mobile financial transactions rocket in use, with major payment firms such as Visa, MasterCard and Barclays all innovating in this space.
Visa has predicted that 52 million contactless payments will be made every month across Europe by the end of 2013 as it declares ‘war on cash’. Meanwhile Barclays has said that £10bn has been sent via its mobile services, such as Pingit, since their introduction.
IT glitches are already a cause of serious headaches for banks, with RBS facing a £125m charge for issues in June 2012, which halted overnight payments between accounts.

Facebook : 74 countries demanded information on about 38K Facebook users

Government agents in 74 countries demanded information on about 38,000 Facebook users in the first half of this year, with about half the orders coming from authorities in the United States, the company said Tuesday.
The social-networking giant is the latest technology company to release figures on how often governments seek information about its customers. Microsoft and Google have done the same.
As with the other companies, it's hard to discern much from Facebook's data, besides the fact that, as users around the globe flocked to the world's largest social network, police and intelligence agencies followed.
Facebook and Twitter have become organizing platforms for activists and, as such, have become targets for governments. During anti-government protests in Turkey in May and June, Turkish Prime Minister Recep Tayyip Erdogan called social media "the worst menace to society."
At the time, Facebook denied it provided information about protest organizers to the Turkish government.
Data released Tuesday show authorities in Turkey submitted 96 requests covering 173 users. Facebook said it provided some information in about 45 of those cases, but there's no information on what was turned over and why.
"We fight many of these requests, pushing back when we find legal deficiencies and narrowing the scope of overly broad or vague requests," Colin Stretch, Facebook's general counsel company said in a blog post. "When we are required to comply with a particular request, we frequently share only basic user information, such as name."
Facebook spokeswoman Sarah Feinberg said the company stands by its assertions that it gave no information regarding the Turkey protests.
"The data included in the report related to Turkey is about child endangerment and emergency law enforcement requests," she said.
Facebook and other technology companies have been criticized for helping the National Security Agency secretly collect data on customers. Federal law gives government the authority to demand data without specific warrants, and while companies can fight requests in secret court hearings, it's an uphill battle.
Facebook turned over some data in response to about 60 percent of those requests.
It's not clear from the Facebook data how many of the roughly 26,000 government requests on 38,000 users were for law-enforcement purposes and how many were for intelligence gathering.
Technology and government officials have said criminal investigations are far more common than national security matters as a justification for demanding information from companies.
The numbers are imprecise because the federal government forbids companies from revealing how many times they've been ordered to turn over information about their customers. Facebook released only a range of figures for the United States.
The company said it planned to start releasing these figures regularly.

Amazon Wish list Gateway for Hackers

A comedian named Erik Stolhanske let Brandan Geise, a cybersecurity expert at a security firm called SecureState, go after him and try to hack his online identity, reports CBS News.
Going through a site that aggregates people's personal information, Spokeo, Geise found the comedian's Amazon account, his email address, and his house address. Using the email address, Geise found his Amazon Wish List.
Here's where the weaknesses start to show, of course – at the human level. The security expert calls up Amazon customer service (on the phone!) and adds a credit card to Stolhanske's account, which only requires his name, email address, and billing address, thanks to some loopholes and social engineering based on all the data he'd collected, is able to fully take over Stolhanske's Amazon account.
As the dominos begin to fall, Geise manages to take over Stolhanske's AOL account, Apple ID, and main email accounts. He started by calling Amazon back 30 minutes later saying he had lost his backup email address. He "confirmed" his identity with the last four digits of the credit card he just added to Stolhanske's account.
The final step was to guess an item Stolhanske had bought from Amazon recently. Geise already knew that he was a fan of Game of Thrones, so he said his wife had "recently bought a Game of Thrones book or DVD." He was allowed to change the reset the account, changing the password and email address it was associated with.
With access to more credit card info stored in the Amazon account, Geise used one card's last four digits to illegitimately verify his identity again and take over Stolhanske's AOL account, which he also found on Spokeo. The newly-compromised AOL email address was the backup email for his Apple ID, so it was a piece of cake to reset that as well. (This was also Stolhanske's main email address, so Geise now had access to his everyday email.)

Certification Training (Networking, Ethical Hacking)