10,000 motorists’ names and addresses published online by parking fine company

By Lee Munson

An investigation by Sky News has revealed how a UK parking fine collection company inadvertently published its database online.

PaymyPCN.net, which says it has been a “key player in the collection of parking charge notices (PCNs)” for 20 years, took its website offline for a short while after being contacted by Sky News, but not before personal data of around 10,000 motorists had been made public.

Full article at: https://nakedsecurity.sophos.com/2015/02/24/10000-motorists-names-and-addresses-published-online-by-parking-fine-company

Evil WiFi Hotspots Hacking Apple Pay to Steal Credit Card Information

By Brandon Stosh

Apple has been altered by mobile security researchers that a potential security flaw in iOS could lead to hackers stealing the personal credit card information of millions through Apple Pay. Due to iOS devices default setting to auto connect to Wi-Fi networks, a vulnerability in Apple pay could allow a hacker to display a fake image on the device appearing to be Apple Pay asking for your credit card information.

Today, wherever you go there are open wifi hotpots, it makes traveling easier, even when we’re are stuck without a data connection. But with the alarming amount of open hotspots, hackers are beginning to take advantage and abuse public hotspots.

Full article at: https://freedomhacker.net/evil-wifi-hacking-apple-pay-steal-credit-cards-4255/

iOS 9: Apple Introduces 6 Digit Passcodes, Stronger Encryption and Brute Force Prevention

By Brandon Stosh on June

Apple is taking their security to the next level, making it significantly harder for hackers to break into iPhones with the bundle of new features jam packed in iOS 9.

Following Apple’s announcement on iOS 9, the company has said they’ve clipped their four digit passcode for a more secure option, a new and improved six digit passcode lock.

Full article at: https://freedomhacker.net/ios-9-apple-6-digit-passcodes-stronger-encryption-brute-force-prevention-4275/


The Big Data picture – just how anonymous are “anonymous” records?

By Paul Ducklin

There are things that obviously aren’t big data, like the modest collection of pictures you took of your cat until you snapped one that made a decent computer wallpaper image.

And there are things that obviously are big data, like the giant database of Wi-Fi access points from Google’s StreetView cars that it uses to aid and abet its geolocation services.

Of course, even your cat pictures – the ones that were captured with a single short press of the BURST option on your new iPhone – probably take up several times more storage than your first computer had in total.

But they fail to make the cut as “big data” not only because they’re small by modern standards, but also because you can’t dissect, compare and contrast them to look for patterns in the whole cat world, and from that to draw inferences about one particular cat in the database.

Now, if you had pictures of 1,000,000 different cats, organised by location, that would be big data.

Full article at: https://nakedsecurity.sophos.com/2015/02/12/the-big-data-picture-just-how-anonymous-are-anonymous-records

Facebook’s DeepFace facial recognition technology has human-like accuracy

By Lee Munson

Facial recognition technology has been around for many years…

DeepFace is so accurate that there is barely a difference between its ability to identify a person and that of a real human being. The software’s algorithms are able to determine whether two different photographs feature the same person with an accuracy rate of 97.25%, regardless of the angle of the shot or the background lighting conditions.

So Facebook’s going to turn this technology on its 1.3 billion users and root out and quantify even more of the social connections implied by your photos, right? They say not.

The social network plans to use the system to identify its users in new photos as they are uploaded. If your visage appears in one of the 400 million pictures added to the network each day you’ll receive an email from Facebook alerting you.

Full article at: https://nakedsecurity.sophos.com/2015/02/06/facebooks-deepface-facial-recognition-technology-has-human-like-accuracy

Facebook’s got a new privacy policy, and it plans to share your data with partners

By Lee Munson

Late last year you may recall receiving a message from Facebook saying that its privacy policy was set to change again.

But can you remember when the new policy was due to come into effect?

Well, it’s already arrived and, if you have logged into your account at any point since its implementation on Friday, you’ve already agreed to its terms and conditions.

The new policy, which applies to European users of the social network, contains some interesting changes which have already drawn criticism.

Full article at: https://nakedsecurity.sophos.com/2015/02/02/facebooks-got-a-new-privacy-policy-and-it-plans-to-share-your-data-with-partners

Google to change privacy policy after settling case with ICO

By Lisa Vaas

Google and the ICO have settled a case over the company’s privacy policy being too vague, with the upshot being that policy changes are now in the works.

The case concerned Google’s 2012 privacy policy revision, which consolidated 70 individual privacy policies into one, with the exception of a few services (Wallet, Chrome/Chrome OS and Books).

That change sparked an investigation by the Article 29 Working Party: the group of EU data protection authorities which includes the UK’s Information Commissioner’s Office (ICO).

Full article at: https://nakedsecurity.sophos.com/2015/02/02/google-to-change-privacy-policy-after-settling-case-with-ico

People happily give away their (bad) passwords to TV reporter

By Lisa Vaas

Yes, it’s a time warp in password land, according to the yearly list of the 25 worst passwords collected by password management app company SplashData.

It’s a fresh list, but this bakery’s full of stale bread.

Welcome back, 123456 and password! You’ve been glued to the top two spots since the company first put out a list in 2011!

But wait, we have two newcomers to welcome to the top 25 worst passwords: 696969 and batman.

Full article at: https://nakedsecurity.sophos.com/2015/01/21/people-happily-give-away-their-bad-passwords-to-tv-reporter