Facebook's newly installed app violates user privacy
August 28, 2012
We're starting to get some reports that a recent release of an app from Facebook may violate user's rights. Facebook is accused by a consumer lobby group of breaching Germany's privacy laws with the launch of its App Center last week.
To be sure, Facebook has been threatened with possible legal action if it fails to respond to the Federation of German Consumer Organizations within the next seven days.
The lobby group says that Facebook was farming out customer information without informing its users that their data was being used, according to the Associated Press.
Facebook has until September 4th, 2012, to resolve this matter, the group said, or else it could face potential litigation.
Data protection officials in Germany have been strong-arming Facebook for quite some time now. Most recently, Hamburg's data protection commissioner Dr Johannes Caspar confirmed earlier this month that his office had reopened its probe of Facebook's facial recognition technology, complaining that the network was building a massive biometric database of its users without obtaining permission.
The investigation had been suspended to allow time for the Irish data protection authority to conclude its talks with Facebook, whose European office is headquartered in Ireland.
Nevertheless, that probe had included an audit of the company's data policy. Come early autumn, the Irish district prosecutor will rule on whether Facebook should face legal action under existing EU privacy laws.
We spoke to a Facebook spokeswoman in Germany, who declined to comment, saying only that the company is "currently looking into the letter." We will update you when and if we hear more from Facebook.
On top of these privacy issues, Facebook has some serious security issues with its site. Cim Stordal, a fifteen years old teenager has discovered some critical security flaws in Facebook's programming code. When he's not in school, Cim spends part of his time playing the Team Fortress video game, shooting his Airsoft pellet gun, and working in a fish store in Bergen, Norway.
Stordal started looking for security vulnerabilities in software when he was just 14 years old last year. "I have always loved being on the PC and I already was programming some C++," he said. "So I wanted to do something new and constructive, so I searched around and learned Basic programming."
In other internet security news
Adobe Systems said late yesterday that is has released six additional security patches for new vulnerabilities discovered in its software affecting its Flash multimedia application and AIR runtime, five of which could allow for remote code execution on a computer system.
Those new patches are on top of last Tuesday's security fixes that were issued as part of Microsoft's Windows regular Patch Tuesday program.
The updates affect Windows, Macintosh, Linux, Google Chrome and all users of Android version 2.x, 3.x and 4.x mobile devices, Adobe said in its security advisory.
The bug fixes address four memory corruption vulnerabilities-- CVE-2012-4163, CVE-2012-4164, CVE-2012-4165 and CVE-2012-4166 and an integer overflow vulnerability, bulletin number CVE-2012-4167.
Also repaired is a cross-domain information leak vulnerability, bulletin CVE-2012-4168. "These security updates directly address various vulnerabilities that could cause a system crash and potentially allow an attacker to take control of the affected system," Adobe said in its advisory.
Windows and Apple users should use Flash version 11.4.402.265, and the up-to-date Linux version is 126.96.36.199. For Adobe's Air runtime, which allows internet applications to perform various functions outside of a Web browser, Windows and Apple users should move to version 188.8.131.520.
Last week, Adobe pushed out a fix for Flash for CVE-2012-1535, which the company said had been used in limited attacks. The issue can cause Flash to crash, or worse, allow an attacker to take over the complete control of a computer.
The attack is initiated by sending targets a malicious Word document, which contains an exploit targeting the ActiveX version of Flash for the Internet Explorer browser, Adobe said.
Security vendor Symantec wrote on Tuesday that it had detected and blocked more than 1,300 attacks since August 10 using the security vulnerability.
In other internet security news
Controversial WikiLeaks founder Julian Assange now has a bit of help, but not much. He’s actually surrounded by a very hostile British government threatening to storm the embassy in Ecuador where he’s currently being held.
Until it's revoked, Ecuador’s government has granted Assange political asylum for now and is calling the Brits’ bluff, pointedly reminding them they’re not a colony and haven’t been for quite a long time.
If he does manage to escape and get his feet safely planted on Ecuadoran soil, Assange has a fair chance of being able to eventually return to his home in Australia, where he has a rather strong support base there.
For now, the British government is unlikely to follow through on its threatened raid. That would set a dangerous precedent. Ernest Canning, writing as a guest on The Brad Blog, explained the danger the threat exposes: “How ironic! Only last year, both the U.S. and the U.N. Security Council formally condemned an Iranian attack on the British embassy in Tehran, drawing a comparison to the widely condemned 1979 Iranian assault on the U.S. embassy in Tehran and the ensuing hostage crisis."
“Yet, now we see the British government threatening to engage in the very same lawless behavior in order to seize an individual who has never been formally charged with a crime. To the contrary, as Guardian writer Mark Weisbrot correctly notes, Sweden has sought extradition solely to question Assange–an extradition which former Stockholm prosecutor Sve-Erik Alhem described as ‘unreasonable and unprofessional, as well as unfair and disproportionate’ because Assange has always been available to answer questions in the U.K.,” writes Canning.
The Brits seem to have Assange locked down, but they still don’t dare make a move to get him out. Escaping through their net, however, would seem to be next to impossible. It’s a good old fashioned Ecuadoran stand-off.
As grim a picture as this may be, this is actually an improvement of circumstances for Assange. Although he has many supporters, especially among free speech proponents, until now he’s had no sovereign entity behind him. Yes, he’s still in turmoil, but at least now he has the Ecuadorans watching his back.
The granting of asylum was a bold move on Ecuador’s part. The U.S. State Department might want to take note of the fact that Ecuador is an American nation not led by Castro, Chavez or any of the other leaders of the western hemisphere the U.S. likes to demonize for not buying the American plan.
Outside of Europe and Israel, there hasn’t been a groundswell of support for the U.S. position against Assange and WikiLeaks, least of all from Ecuador’s South American neighbors who understand from experience that the U.S.’s anger is primarily born out of embarrassment.
Our intelligence spooks are embarrassed because Assange demonstrated how often sensitive security issues are discussed using email, which isn’t very secure even when encrypted. Secretary of State Clinton is embarrassed because she’s been caught speaking out of both sides, which is something Latin American nations have learned to expect from U.S. officials-- especially Venezuelan president Hugo Chavez.
If the embassy manages to spirit Assange to Ecuador, the Ecuadorans stand to gain much international prestige, especially in Latin America. Also, Assange will be stuck there until he can be assured he’ll be safe from prosecution back in Australia.
It’s a certainty the Australian government isn’t going to grant him a free return until they’ve come up with a solution that will pacify the U.S.-- and Britain, of course.
While in Ecuador, Assange will have to be well protected and kept in hiding, unless he is kidnapped or murdered, which is definitely a strong possibility.
Remember, not only the U.S., but Israel and most governments in Europe want to see Assange permanently taken out of action. International law is only seen by this group as an obstacle to be overcome.
Assange will definitely be in danger during his stay in Equador, no question about that. As usual, the Europeans are relieved to be able to let the United States take the lead in this very complicated and highly controversial affair.
It lets them have the appearance of having clean hands, even when their culpability is clearly visible. The British government won’t extradite him directly to the U.S., that wouldn’t be cricket, but they will extradite him to be questioned in Sweden on an unrelated matter, knowing that as soon as he lands in Stockholm he’ll be turned over to the U.S., probably right at the airport.
None of this has escaped the Ecuadorans, which they made clear when announcing their decision to grant asylum to Assange. Dylan Stableford, writing on the Yahoo blog The Lookout, reported on the announcement made by Ecuador’s foreign minister: “'We have decided to grant political asylum to him,' Ricardo Patino said at the end of a long televised statement from the Ecuadorean capital of Quito, where he criticized the U.S. and U.K. governments for failing to protect Assange from political persecution.
“‘The two countries that have a right to protect Assange have failed him,’ Patino said. ‘Assange is a victim of political persecution. If he is extradited to the U.S., he will not receive a fair trial.’”
If Assange makes it back to Australia he might never be able to travel safely outside his home country again. In that manner, he’ll be in much the same situation as Roman Polanski. But that’s a big if. Right now he’s surrounded by Brits determined not to let him give them the slip.
In other internet security news
Prosecutors in the U.K. today said they will charge eight journalists with illegally eavesdropping on voice mail, a decision that could have strong implications for media mogul Rupert Murdoch.
British Prime Minister David Cameron's former director of communications Andy Coulson is among eight journalists facing charges, as is Rebekah Brooks, the former chief executive of Murdoch's News International.
The names of the hacking victims announced by the Crown Prosecution Service include some of the world's biggest celebrities, including Angelina Jolie, Brad Pitt, Paul McCartney, soccer star Wayne Rooney, and actor Jude Law.
Coulson and Brooks are former editors of the defunct Murdoch tabloid the News of the World, which was shut down in late 2011 in the face of public outrage at the hacking scandal.
Six other journalists were also charged, Alison Levitt of the Crown Prosecution Service announced, while three will not be prosecuted. The CPS is still waiting to decide about two other cases, she said.
Coulson resigned as editor after an earlier round of the phone-hacking scandal involving the paper's royal correspondent Clive Goodman and private investigator Glenn Mulcaire.
They were sent to prison for hacking into the voice mails of staffers working for Prince William and Prince Harry. Coulson said he knew nothing about the hacking but resigned because he was editor of the paper at the time.
He was later hired to be communications director for David Cameron, a move which Cameron's critics say was bad judgment on his part.
Coulson quit the post in Cameron's office last year when police opened a new investigation into phone hacking after accusations that it went far beyond Goodman and Mulcaire.
Source: The Federation of German Consumer Organizations.
You can link to the Internet Security web site as much as you like.