Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Yet Another Data Broker? AOL Lifestream.

Published: 2011-01-12
Last Updated: 2011-01-12 18:16:13 UTC
by Richard Porter (Version: 1)
3 comment(s)

Lifestream? Yet another Aggregated Personal Data Feed?

We have a report from a reader that AOL Lifestream service seems to have data from .Mac and or Mobile Me accounts. After some checking, my .Mac feed has some stream information in it as well.

You have an account created for you if you have a .Mac or MobileMe account. This seems to be an automated process. For me, it only had my twitter feed but it is a service that I did not ask for.

You can either log into your account with your .Mac credentials or you can find your feed with http : // lifestream dot aol dot com / stream / username@mac.com

If you enter into account -> Settings you can restrict this feed however I did not find a place to delete the account.

Then click on the AOL Lifestream pull down menu and select which setting you desire. In my case I selected No one - Private.

And in the interest of being thorough, you can adjust your "Who can comment" settings. In this case I selected "Only you"..

Thanks Thomas for the report on this. There is a feedback button that you can submit if you want to comment to AOL Lifestream.

 

Richard Porter

--- ISC Handler on Duty

3 comment(s)

Has Big Brother gone Global?

Published: 2011-01-12
Last Updated: 2011-01-12 13:45:46 UTC
by Richard Porter (Version: 1)
4 comment(s)

According to a blog post by Neal Ungerleider from Monday Jan 10, 2011 the Tunsinian Government may be harvesting or hacking information from Gmail accounts and or Facebook accounts.

This goes to show the moment it is in the “cloud” it is no longer private. If you want something private, encrypt it. Most of us at the ISC follow the “front page” rule. If you write it, treat it like the information is on the front page of your national newspaper.

http://www.fastcompany.com/1715575/tunisian-government-hacking-facebook-gmail-anonymous

Going back to last year, the US National Security Agency considers their network untrustworthy.

http://www.net-security.org/secworld.php?id=10333
 

Richard Porter

--- ISC Handler on Duty

4 comment(s)

How Many Loyalty Cards do you Carry?

Published: 2011-01-12
Last Updated: 2011-01-12 13:33:00 UTC
by Richard Porter (Version: 1)
12 comment(s)

How Many Loyalty Cards do you carry?

“Join our loyalty program and we will give you discounts” is the way most vendors convince you to give away your contact information. Now this grant of information is supposed to be in return for loyalty discounts. What most vendors seem to be doing (assumption here with no hard facts) is raising the base median price of high volume products and then in turn “discount” said item.

This topic, one of frustration, was brought about from a trip to my local supermarket for soap and paying through the self-checkout line. All four automated check out machines were echoing over and over “Have you scanned your club card yet?”

According to my vendor’s loyalty card agreement “<vendor xyz> does not sell, lease or provide personal information (i.e., your name, address, telephone number, and bank and credit card account numbers) to non-related companies or entities.”

Non-Related companies or entities, what does that mean? Depends on your local country law regarding privacy but….

http://www.privacyrights.org/online-information-brokers-list

Looking at that list of Information Brokers leads me to think that non-related could mean? “We don’t partner with them.” Or could mean they don’t share.

In this Facebook world we live in data protection and leakage becomes far more relevant to the individual along with corporate entities. 

PCI Compliance places a standard around protecting credit card data and most countries have relevant privacy laws regarding health care data but what about personal data that is given or granted freely?

https://www.pcisecuritystandards.org/security_standards/documents.php

With regards to personal data, it can no longer be said “It’s not that important” or “there is nothing critical on my computer.” Profile data on you is important. 
 

 

Richard Porter

--- ISC Handler on Duty

12 comment(s)
Diary Archives