Showing posts with label Privacy. Show all posts
Showing posts with label Privacy. Show all posts

Thursday, July 7, 2011

Morgan Stanley Data Breach Hits Investors

Mcken's Comment: Morgan Stanley has lost 2 CDs with 34,000 personal information on it.  The information includes clients' names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and for some clients Social Security numbers. Morgan Stanley's letter said: "The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted".   
No encryption, but protected by password!  What does it mean?  Password protection on a CD without encryption?  I can only translate it as: no encryption and the data is on the CD in clean and waiting for someone to look at.
This news seems suggest to us that they do not even understand if there is anything that protecting the CD. Protected by password mean nothing without it associated to a system that protecting the content.  If they use a password protected ZIP, then we can say it is encrypted.  But in the text, there is not context of how that password is for!  I expecting Morgan Stanley should do better to explain what was happening and what kind of protect if any exist on those CDs.
There are two sources:

[07/05/2011] Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney has been lost, and possibly stolen, in a data breach. According to two letters sent to clients, and obtained by Credit.com, the information includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers.
The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted.

http://www.credit.com/blog/2011/07/morgan-stanley-data-breach-hits-investors/
Posted by Mcken Mak at 3:31 PM 0 comments
Labels: , ,

Tuesday, June 28, 2011

Most Popular passwords

Has been working in data security field for so long I always remember one password lesson that I have learn when we were back to those day we only able to using only 4 digit pin, the most common PIN beside birthdays and telephone number related then the next popular pin numbers are same digits 0000 to 9999 and continue digits 1234, 2345, 9876 etc. World haven't changes that much, even up to now, a lot of banks still allow only 4 digit pins. I always wonder why they still restricting that length of the pin, while the ANSI X9.8 PIN block standard is allowing up to 12 digits. Unless they are using some really old standards, that were over 20 years old! But then the popular pin or password still have not change much, its all blame on human nature!

So here is the list, I gathered from the book Perfect Passwords, Mark Burnett 2005.  Caution that hackers will using these popular passwords to attack your account!  Make your password hard to hack by combining upper and lower character, numbers and use words that are not in dictionaries.



NOTop 1-100Top 101–200Top 201–300Top 301–400Top 401–500
1123456porschefirebirdprincerosebud
2passwordguitarbutterbeachjaguar
312345678chelseaunitedamateurgreat
41234blackturtle7777777cool
5pussydiamondsteelersmuffincooper
612345nascartiffanyredsox1313
7dragonjacksonzxcvbnstarscorpio
8qwertycamerontomcattestingmountain
9696969654321golfshannonmadison
10mustangcomputerbond007murphy987654
11letmeinamandabearfrankbrazil
12baseballwizardtigerhannahlauren
13masterxxxxxxxxdoctordavejapan
14michaelmoneygatewayeagle1naked
15footballphoenixgators11111squirt
16shadowmickeyangelmotherstars
17monkeybaileyjuniornathanapple
18abc123knightthx1138raidersalexis
19passicemanpornosteveaaaa
20fuckmetigersbadboyforeverbonnie
216969purpledebbieangelapeaches
22jordanandreaspiderviperjasmine
23harleyhornymelissaou812kevin
24rangerdakotaboogerjakematt
25iwantuaaaaaa1212loversqwertyui
26jenniferplayerflyerssuckitdanielle
27huntersunshinefishgregorybeaver
28fuckmorganpornbuddy4321
292000starwarsmatrixwhatever4128
30testboomerteensyoungrunner
31batmancowboysscoobynicholasswimming
32trustno1edwardjasonluckydolphin
33thomascharleswalterhelpmegordon
34tiggergirlscumshotjackiecasper
35robertbooboobostonmonicastupid
36accesscoffeebravesmidnightshit
37lovexxxxxxyankeecollegesaturn
38busterbulldogloverbabygemini
391234567ncc1701barneycuntapples
40soccerrabbitvictorbrianaugust
41hockeypeanuttuckermark3333
42killerjohnprincessstartrekcanada
43georgejohnnymercedessierrablazer
44sexygandalf5150leathercumming
45andrewspankydoggie232323hunting
46charliewinterzzzzzz4444kitty
47supermanbrandygunnerbeavisrainbow
48assholecompaqhorneybigcock112233
49fuckyoucarlosbubbahappyarthur
50dallastennis2112sophiecream
51jessicajamesfredladiescalvin
52pantiesmikejohnsonnaughtyshaved
53pepperbrandonxxxxxgiantssurfer
541111fendertitsbootysamson
55austinanthonymemberblondekelly
56williamblowmeboobsfuckedpaul
57danielferraridonaldgoldenmine
58golfercookiebigdaddy0king
59summerchickenbroncofireracing
60heathermaverickpenissandra5555
61hammerchicagovoyagerpookieeagle
62yankeesjosephrangerspackershentai
63joshuadiablobirdieeinsteinnewyork
64maggiesexsextroubledolphinslittle
65bitemehardcorewhite0redwings
66enter666666topgunchevysmith
67ashleywilliebigtitswinstonsticky
68thunderwelcomebitcheswarriorcocacola
69cowboychrisgreensammyanimal
70silverpanthersuperslutbroncos
71richardyamahaqazwsx8675309private
72fuckerjustinmagiczxcvbnmskippy
73orangebananalakersnipplesmarvin
74merlindriverrachelpowerblondes
75michellemarineslayervictoriaenjoy
76corvetteangelsscottasdfghgirl
77bigdogfishing2222vaginaapollo
78cheesedavidasdftoyotaparker
79matthewmaddogvideotravisqwert
80121212hooterslondonhotdogtime
81patrickwilson7777parissydney
82martinbuttheadmarlbororockwomen
83freedomdennissrinivasxxxxvoodoo
84gingerfuckinginternetextrememagnum
85blowjobcaptainactionredskinsjuice
86nicolebigdickcartereroticabgrtyu
87sparkychesterjasperdirty777777
88yellowsmokeymonsterforddreams
89camaroxavierteresafreddymaxwell
90secretstevenjeremyarsenalmusic
91dickviking11111111access14rush2112
92falconsnoopybillwolfrussia
93taylorbluecrystalnipplescorpion
94111111eaglespeteriloveyourebecca
95131313winnerpussiesalextester
96123123samanthacockfloridamistress
97bitchhousebeerericphantom
98hellomillerrocketlegendbilly
99scooterflowerthemanmovie6666
100pleasejackoliversuccessalbert
Source: Perfect Passwords, Mark Burnett 2005
Posted by Mcken Mak at 9:40 AM 0 comments
Labels: ,

Monday, June 20, 2011

How to OPT-OUT from Facebook's Facial Recognition feature that may put your privacy at risk

I have previously posted the Facebook's new facial recognition privacy problem, a lot of my friends are asking me how to OPT-OUT of this service with their own privacy concerts.  I then dig around and finally found good options for it.

I have personally tried the method 1, and method 2 seems hard to verify if its from auto tag or your friend tag you manually.  Beside method 1, rest of those methods are preventive and are only trying to confusion their system.  They are not guaranteeing to work.  I will only recommend you to use method 1.

Source: June 18, 2011- http://www.ibtimes.com/articles/165199/20110618/facebook-facial-recognition.htm
1. Disable the Facebook facial recognition auto-suggest function for photo tagging.
Go to Account (upper right corner of homepage) - Privacy Settings - Custom settings (bottom middle) - Suggest photos of me to friends - Enabled/Disabled (check Disabled)

Things others Share -> Suggest Phones of me to friends


2. Vigilantly monitor your notifications about being tagged in photos so you can be in control of this data.

3. Upload pictures of celebrities or other people and tag them as yourself. The point is to pollute Facebook’s facial recognition database of you so that its ability to identify you is weakened.

4. Request Facebook to remove your "summary information" from its facial recognition database (hat tip to PCWorld).
Login to Facebook - Click on this link - Click the "contact us" hyperlink (In the sentence "You can contact us to request that we remove all of your photo summary information") - send Facebook the automated message that pops up in the box


Posted by Mcken Mak at 11:56 AM 0 comments
Labels:

Tuesday, June 14, 2011

Facebook's Facial Recognition - a lot of privacy issues

I was just became aware that Facebook is going to use facial recognition technology on its large collection of members' photo database. Facebook claims that it will help identify people for their members through use of this new service.  Facial recognition biometric technology has been available for a while and it works well.  The technology has been used by passport offices all over the world, DoD, DMV, varies of law enforcement agents and private sectors.

Facebook has an estimated 60 billion photos from individuals in its database, and it is already has knowledge of every individual member's relationship with each other.  If Facebook is going to perform facial mining through facial recognition technology to all of its members photos, it will further expand Facebook's knowledge onto its members and non-members.

What are the problems, you may ask?
Firstly, Facebook can extend its knowledge of its members.  With the biometric technology it's able to identify all of your friends in your photos including those who are not members of Facebook.  It can then link those non-members with other members that may have relationships.  If this happen Facebook will suddenly expands its knowledge of its members through this discovery process.  I am sure this will be a good tool for law enforcement agents and criminals to connect the dots and will have some good use of this information on a massive scale.  We just hope that this data will never be able to be hacked by anyone.  The same applies to the geocode (you GPS location tag) that is embedded in your photo that your may have upload to Facebook.  Good privacy means: Collect no data, do no evil.

Can it then prove the six degrees of separation is really statistically sound?  May be I don't want to know the answer through this way....

Secondly, those individuals that have been uniquely identified may further be exploited by Facebook or others (if they sell the data, since those individuals may not have agreements with Facebook).   What Facebook can do to those identified non-members?   Does the member agreement include those identities?  May be one day police officer will knock on your door and ask you to help release your friend's information, because a few of your photos have included that individual!  Facebook can also scan the web and try to co-relate those individuals' identities with blogs, personal home pages, Linkedin etc.  Those are public data anyway, so they can "face mining" you and everyone!  The privacy issue here is their huge collection of photos, relationships knowledge and its ability to expand it knowledge.  Even though those non-members' identities may be anonymous as a label, but it can be easily to discover its real identity at a later time with external sources - such as LexisNexis? Or FBI?  That makes me wonder what else can we do with it?

Quote form CNN Tech:

"Facebook's more than 500 million users have been automatically included in the database, but the company is allowing each person to choose whether to be identified by toggling a pane in the account's privacy settings.
The tool would still scan that person's face and figure out who it is, but it won't display that information. People can still manually tag friends."
The above shows that Facebook has no option for the member to stop Facebook from using this data, it just gives the member an option not to show the suggestions.  It does not seem they allows their members to remove what has been collected from the members.  What happens to this information that Facebook collected?  I found no trace of how Facebook is going to use those gathered information and who has the ownership of the data.

Thirdly Facebook plans to give its members an opt-out option for this service!  It should be an opt-in option, so that Facebook does not have the ability to abuse their members' rights.  Because most users are not aware of the privacy and risk issues associated with this service.  An Opt-out option, means that Facebook can force most if not all of their members to use this new technology without asking.  Good privacy practices are always asking the user to opt-in before providing service, why not Facebook?  They should send out a message to each member to announce this new facial recognition service and  how it  will use the data, then ask their member to enable (opt-in) this feature.

Fourthly, the data belong to whom?  The photo is mine, the content belongs to me, now what about the relationship information?  What about this newly discovered individuals' relationship between non-connected members?  I think it should belong to their members.  But then I cannot find any statement from Facebook to address this issue.  If you find it, please correct me by sending me a comment here.


The problem of this facial recognition technology with Facebook is its privacy practices.  It seems that enabling this technology quietly to members' private collection (photo albums) has violated everyone's rights and trust.  Since there is no membership/end-user agreement that initially included this type of technology to process member's photos.  I have not found any privacy statement on how Facebook is going to use the technology on members' photos either.

Don't get me wrong,  I do like the facial technology and I have been working in biometrics industry for years and I embrace the technology.  But then their use of this technology has brought out a lot of privacy issues when they are not carefully utilizing it.   Technology itself has no privacy issue.  It's how they using the technology.  I like Goolge's free photo management tool Picasa 3 that includes facial recognition technology, but it only works under my control and does not share my friends' identity with anyone.

Reference News:
http://www.washingtonpost.com/blogs/post-tech/post/privacy-group-urges-investigation-of-facebook-facial-recognition-tool/2011/06/13/AGSUQCTH_blog.html

http://blogs.forbes.com/kashmirhill/2011/06/13/lets-face-facts-about-facial-recognition-technology-inside-and-outside-of-facebook/

http://www.pcworld.com/article/229742/why_facebooks_facial_recognition_is_creepy.html

http://articles.cnn.com/2011-06-07/tech/facebook.facial.recognition_1_facebook-ceo-mark-zuckerberg-facial-recognition-face-recognition?_s=PM:TECH
Posted by Mcken Mak at 12:24 PM 0 comments
Labels: , ,
Subscribe to: Posts (Atom)