Author Archives: Will

Remove Your Search History Before Google’s New Privacy Policy

Posted on by
Reply

The EFF say:

On March 1st, Google will implement its new, unified privacy policy, which will affect data Google has collected on you prior to March 1st as well as data it collects on you in the future. Until now, your Google Web History (your Google searches and sites visited) was cordoned off from Google’s other products. This protection was especially important because search data can reveal particularly sensitive information about you, including facts about your location, interests, age, sexual orientation, religion, health concerns, and more. If you want to keep Google from combining your Web History with the data they have gathered about you in their other products, such as YouTube or Google Plus, you may want to remove all items from your Web History and stop your Web History from being recorded in the future.

https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect

Spectrum Interactive send your password in plain text

Posted on by
Reply

Earlier this year I found myself using the wireless internet at a Moto service station – the access is operated by Spectrum Interactive. Once you register, they send you a helpful welcome email with your password in plain text:

spectrum password plain text
Sending your password in human-readable form is bad enough if emails are lost or intercepted, but it also indicates that they’re probably not encrypting the passwords in their database.

This way, if they ever get hacked an attacker will be able to read the passwords of all the users and try them against other accounts they may own.

Spectrum Interactive, please read this: http://en.wikipedia.org/wiki/Salt_(cryptography)

 

Ticketweb hacked, email compromised

Posted on by
Reply

Online ticket sales site Ticketweb, a subsidiary of Ticketmaster in the UK, sent this email to all users over the weekend:

We have discovered that our TicketWeb UK direct email marketing system was exposed to unauthorised access. As a result, you may have received up to four emails on Saturday, February the 11th, from an unauthorised party.

The email in question posed as an Adobe newsletter, but linked to a phishing scam. The email goes on:

We have taken immediate action to close the vulnerability. You can rest assured that none of your credit card information was vulnerable during this attack.

It’s not clear if the database was extracted and then used, or if access to their legitimate email systems was gained illegitimately and a scam sent.

ticketweb-hacked-email