privacy

Setting the iPhone to emergency call mode allows someone to see incoming text messages even if the passcode lock is turned on. A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.

The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.

Those settings block the display of incoming text messages and show an alert saying "New Text Message" if an SMS comes … Read more

A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.

The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.

Those settings block the display of incoming text messages and show an alert saying "New Text Message" if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.… Read more

Security researchers recently found that IM conversations on the Chinese Skype program were not only filtered, but also recorded on a massive, nonsecure, server. The possibility of surveillance flies in the face of Skype's supposed strong encryption, and has provoked outcry among privacy advocates.

Users of the TOM-Skype platform, marketed in cooperation with a Chinese company, were "regularly scanned for sensitive keywords, and if present, the resulting data [were] uploaded and stored on servers in China," according to the report by Nart Villeneuve. Voice communications may have been catalogged, but researchers reported they did not find recorded … Read more

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

In one example that targets people affected by the Chase acquisition of Washington Mutual, the e-mail asks recipients to click on a link and confirm their … Read more

Updated at 1:30 p.m. PDT with the New York Times saying they fixed the hole.

A new report from researchers at Princeton University reveals serious Web site security holes that could have been exploited to steal ING customers' money and compromise user privacy on YouTube, The New York Times' Web site, and MetaFilter.

The sites have all fixed the holes after being notified by the report's (PDF) researchers, William Zeller and renowned security and privacy researcher and Princeton computer science professor Edward Felten.

The vulnerability arises from a coding flaw that could allow someone to do a … Read more

A bunch of us were debating over Twitter yesterday whether it's desirable to have separate personal and professional identities on the service. The consensus seemed to be: "it depends." It depends on your professional situation. It depends on how personal and workplace-safe you want your posts. And so forth.

I find this whole question of what I call "identity 2.0" fascinating. Increasingly, there's a blurring line between personal and professional identities--and even between multiple compartments within those buckets.

As Wendell comments in a post: "It's kinda like living in a small … Read more

Even before someone hacked Sarah Palin's Yahoo Mail account I had been wondering whatever happened to encryption.

Encryption -- the science of rendering plain text unreadable by anyone but the intended reader -- made a splash in the mid-1990s. At the time the U.S. government was investigating human rights activist Phil Zimmermann for allegedly violating the Arms Export Control Act by distributing his PGP (Pretty Good Privacy) e-mail encryption software. The government eventually relaxed the restrictions and PGP was no longer programa non grata.

Nearly a decade has passed and it struck me recently that encryption still hasn'… Read more

New security features planned for Zimbra will resolve an issue responsible for passwords being transmitted as clear when accessing Yahoo Mail, a Yahoo spokeswoman said on Tuesday.

"Plain text authentication is an industry-wide challenge that major e-mail clients and providers face when providing the right balance of backward compatibility and security," a Yahoo spokeswoman said in an e-mail statement.

"Zimbra has plans as part of the next beta release to implement additional new security features to provide more secure authentication options. This approach will be in place in the next few weeks well before we launch the … Read more

Passwords used to access Yahoo mail through the Zimbra client are sent over the Internet in clear text, a Canadian programmer says.

Holden Karau stumbled upon this problem while participating in the Yahoo University Hack Day at the University of Waterloo last week.

"The Yahoo imap server's used by the Yahoo Desktop don't support SSL and the password was being transmitted in plain text," Karau wrote in a blog post on Friday.

"What does this mean for you? If you use Zimbra to access your Yahoo mail, you almost certainly need to change your password … Read more