Google Chromes cache makes data easy to steal – Is you credit or business at risk?

Google Chromes cache makes data easy to steal.

For those using the Google Chrome web browser, it is important to know that a critical privacy bug has been found in the browser software which has not yet been fixed by Google.

 

Specifically, Chrome routinely stores sensitive information, such as names, e-mails, contact information, and/or even credit card information which are typed by users into web forms at trusted websites. It appears that Chrome stores this information within the program in plain text which can be easily accessed by anyone with access to the user’s computer.

 

As such, until Google addresses this vulnerability, users should be extremely cautious in entering private data into websites using the Chrome browser if there is any chance that the user’s computers can be accessed by others. Furthermore, because the information is cached in the program without any encryption or any other security measures, any trojan horse or similar malware on a user’s computer could potentially access this information and forward it on to identity thieves.

While this clearly has serious potential repercussions for individuals using Chrome, the situation is even more serious for businesses, who could, as a result, be out of compliance with PCI-DSS security rules which are usually mandated by credit card processing companies, if the business wants to be able to accept payments by credit card.

As such, individuals and businesses alike need to take this vulnerability very seriously.

The Lavabit Shutdown and IT Security

How Lavabit Melted Down : The New Yorker.

The New Yorker has an excellent piece online which discusses in detail the events leading up to the shutdown of Lavabit, a secure e-mail provider which was used by Edward Snowden.

 

The article details the pressure placed upon Lavabit and its owner not just to turn over information that would shed light on Edward Snowden’s activities, but rather, information which would give the government wholesale access to all email passing through the services.

 

This article raises serious issues for IT companies who have committed to safeguard the privacy and/or security of its customers. It also raises serious concerns regarding the extent to which the U.S. Government is willing to (and in fact does) compromise the privacy of innocent U.S. citizens as a routine matter.

 

Fair use? US stamp featuring photo of monument nets sculptor $650,000: Digital Photography Review

Fair use? US stamp featuring photo of monument nets sculptor $650,000: Digital Photography Review.

In an interesting case involving a postage stamp depicting a photograph of the Korean War Veterans Memorial, the U.S. Postal Service has been found to have infringed upon the copyrights of the sculptor who created the Memorial. It appears that at the time the memorial was commissioned, that the government did not secure copyrights to the statute, which by default remained with the sculptor.

Subsequently the U.S.P.S. made use of a photograph of the memorial on a postage stamp. When sued by the sculptor for copyright infringement, the U.S.P.S. unsuccessfully argued that their use was “fair use”, and accepted defense to copyright infringement. Ultimately the federal court determined that the Postal Service’s use of the intellectual property did not fall within the definitions of fair use, and after much pushing and pulling byt he respective sides, the U.S. Court of Federal Claims as found that the U.S.P.S. owes the sculptor $684,844.94 in damages for its infringement of his copyrights.

This case highlights the complexity of the application of intellectual property law and the high stakes involved in failing to secure the appropriate rights to use intellectual property in a particular way.

Adobe says hackers accessed data for 2.9 million customers – Oct. 3, 2013

Adobe says hackers accessed data for 2.9 million customers – Oct. 3, 2013.

If you have purchased products directly from Adobe, you need to be aware of this and (i) be on the lookout for notification for Adobe about whether this affects you, and (ii) monitor your identity (particularly with respect to any card used to purchase the Adobe product), to ensure you are not a victim of identity theft.

The dark side of Apple’s iBeacons

Interesting. I can see the interesting things that can be accomplished with this technology, but the specter of getting barraged with adds on my phone when I walk into a mall is not attractive. I, for one, can say: if a place starts spaming based on proximity, that is one of the fastest ways to keep me from going to that location. Ever.

1-800-Hackers: Why cyber crime is no longer a dark art | Marketplace.org

1-800-Hackers: Why cyber crime is no longer a dark art | Marketplace.org.

Marketplace has aired an interesting piece on the growing trend of using “white hat” hackers as a part of corporate IT strategy as a means of testing and improving IT security.

It is well worth a listen, and is an excellent starting point for consideration of your businesses security and privacy measures. If some form of auditing of your security and privacy measures (not just hardware and software, but policies, procedures, and practices, as well) then your company may needlessly be laying itself open to significant liability, expenses, and damage to business reputation.

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm – NYTimes.com

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm – NYTimes.com.

This is an interesting piece on the IT company Lavabit, which, before its shutdown, provided secure e-mail services to its customers. The story details the steps taken by the FBI to force Lavabit to turn over encryption keys and take other steps which would not only provide the FBI with access to Edward Snowden’s e-mail account on the service, but would render vulnerable the accounts of any individual or company making use of the service, without warrant and without court oversight.

In pressuring Lavabit to capitulate to its requests for “technical assistance” including divulging the private encryption keys used by the service, the owner of the company was pursued for contempt of court, fined $10,000.00, and then threatened with arrest when he publicly announced his intention to shutter the company.

The tale of Lavabit is something of a cautionary tail for companies that provide IT services. But even more, it should be a wake-up call to both users and providers of IT services regarding the boundaries of privacy and the lengths to which the government is willing to steamroll even legitimate businesses which seek to guard their customer’s privacy.

How a Purse Snatching Led to the Legal Justification for NSA Domestic Spying | Threat Level | Wired.com

How a Purse Snatching Led to the Legal Justification for NSA Domestic Spying | Threat Level | Wired.com.

This is an absolutely fascinating look at how the law behind the NSA Domestic spying program originated and it clearly demonstrates the frightening power of the so-called “law of unintended consequences”.

Certainly the origin of the legal concepts at play here make it clear how ridiculous the extremes to which they are now being carried by the likes of the NSA truly are. I would call it “insanity” but sadly it is, arguably, the law.

Patent troll Lodsys demands $5,000 from Martha Stewart. That was a bad idea — Tech News and Analysis

Patent troll Lodsys demands $5,000 from Martha Stewart. That was a bad idea — Tech News and Analysis.

It appears that Martha is ready to throw down with notorious patent troll Lodsys. Martha Stewart Living Omnimedia has filed for declaratory judgment against the troll, seeking a ruling which not only finds MSLO’s electronic magazines to not infringe upon Lodsys’ patents, but that the patents themselves are invalid.

On hearing about this, I immediately thought of the line from the cult classic film “The Princess Bride”, in which the villain declares: “You just made the second classic blunder! This first, of course, is never become involved in a land war in Asia. But only slightly less well know: ‘Never go head to head with [Martha Stewart]…’ “

Apple Releases iOS 7.0.2 With Fixes For Lock Screen Bypass, Greek Passcode Keyboard

If you haven’t yet… update ASAP!