Monday, June 23, 2014

The NSA, Facial Recognition Technology and You


The month of June saw many concerns being raised over the National Security Agency, data collection, and privacy. From a report published by The New York Times on May 31, the NSA’s use of facial recognition technology has increased in recent years. This report by was based off of 2011 documents from Edward Snowden, the ex-agency contractor who made similar security revelations around this time last year.

Now, according to these documents, the NSA has broadened their focus on other identifiers during their data collections. More than just tracking written communications and oral communications like email and phone conversations, the NSA has been gathering fingerprints and facial images as well. Recognizing the “tremendous untapped potential” of private images included in online communications, the NSA appears to be turning towards facial recognition technology to “revolutionize the way that the N.S.A. finds intelligence targets around the world” as part of their efforts to monitor individuals such as suspected terrorists.

The NSA intercepts a staggering amount of images. According to the report, millions of images are collected from private communications such as email, text messages, social media, and video conferences each day. Of these, about 55,000 are “facial recognition quality images”. In addition, this secret image-gathering program by the NSA appears to have become more advanced and sophisticated from when it first began in 2010, with the ability to identify faces despite facial hair and hairstyle changes.

Detailed in the report, a NSA presentation of their image surveillance program showed an unidentified man in different settings and varied appearances (such as bearded and clean shaven), as well as more than two dozen data points about his known associates, passport or visa status, and other intelligence information. The documents were unclear about how many images or individuals have been involved in the NSA’s broad data collection efforts in this manner.

As a result, many Americans have expressed concerns about privacy, especially as facial recognition programs gain increased invasiveness as their algorithms continue to improve. When asked on June 3 at a Bloomberg government cybersecurity conference about whether this program collects images of U.S. citizens, NSA director Admiral Michael S. Rogers replied, “If we have to do anything involving a U.S. person, we have specific legal constraints we must comply with. We do not do this in some unilateral basis against U.S. citizens.”

Since images are categorized as communications, the NSA must get court approval in order to collect images on Americans, just like they would in order to wire-tap phone conversations or read emails. From this, it would appear that only images of individuals overseas or involved in on-going NSA investigations are being collected. In addition, Vanee M. Vines, the NSA spokeswoman, said that the agency “did not have access to photographs in state databases of driver’s licenses or to passport photos”. However, she declined to comment whether the NSA had access to the photos of foreign visa applicants found in the State Department database or if the NSA had collected facial images of Americans from social media sites like Facebook.

Monday, June 16, 2014

Alternative Lock Screen Security Options



With identity theft becoming more prevalent, people are beginning to realize the need to guard their personal data whether it’s on their computers, tablets, or phones. To prevent snoopers and protect the information in your smartphone, having a lock screen is definitely a good idea. For some however, the standard lock screen options (Face/Voice Unlock, Pattern, PIN, and Password) are just not enough.

Whether you enjoy customizing every aspect of your phone, want different security choices, or simply desire to add some functionality, consider these lock screen options.


Picture Password

Many smartphone users like the idea of swiping a pattern to unlock their device. However, two frequently mentioned drawbacks of the standard Pattern lock screen is the limited number of swiping options and how tell-tale smudges on the screen can give away your pattern.

With the Picture Password app, users set a chosen background image and unique gestures as their unlock pattern. By allowing you to draw a combination of points, circles, or lines on a specific part of the image, there is a substantially greater (and thus more secure) amount of unlock patterns. Since the swiping pattern is unique, shoulder-surfers also have a harder time picking out your pattern from ordinary smudges made by other smartphone actions.


Hidden Lock

This app features a lock screen that doesn’t look like a lock screen. Hidden Lock displays a snapshot of what your phone looked like before being turned off. Your smartphone will appear unlocked but can’t be used without pressing the invisible unlock button (the location of which you set somewhere secret on the screen). If someone picks up your smartphone and attempts to use it, Hidden Lock’s setup can fool them into thinking the phone isn’t working and deter them from prying further.


NiLS Notifications

While this is technically a widget and not a lock screen app, it’s great for those who want to see all their notifications without having to unlock their phone. NiLS Notifications supports all apps that create standard notifications, including emails, text messages, missed calls, and Facebook alerts. It is also quite customizable in terms of background, text color, opacity, and notification size.

Samsung devices are unable to use Pin or Pattern lock security with lock screen widgets; however, the app explains workarounds like the NiLS floating panel in its FAQ.


WidgetLocker

For those who love customization, WidgetLocker is a lock screen replacement app that really lets you individualize your lock screen. There are several built in styles as well as user themes to choose from. WidgetLocker also lets you customize the type of unlock feature you want to use, as well as block or allow certain widgets.

One of WidgetLocker’s most characteristic smartphone features includes allowing you to personalize the actions of sliders on the lock screen. This allows users to have useful slider functionality like Slide-to-Camera or Slide-to-Call a Contact. While currently $2.99 in the Google play store, WidgetLocker might be worth the price to those who want a wide range of lock screen customization.

What is your favorite Lock Screen that you use? Let me know in the comments!

Thursday, June 5, 2014

What You Need to Know About the eBay Data Breach

With Target’s security breach and the Heartbleed bug still fresh in many consumers’ minds, eBay, the online marketplace giant, revealed recently that its entire user database was compromised in a hacking attack. While some eBay users have received emails urging them to change their passwords, others only heard of the database breach from third party sources and not officially from eBay itself.

In comparison to Target’s breach, which involved up to 110 million customers’ personal details and 40 million credit card records, this attack on eBay is much larger. It is estimated that 233 million people’s personal data was stolen. Furthermore, it is clear that the cybercriminals intend to profit from the info they stole. On Sunday, May 23, the personal information of 715 individuals was advertised online for sale, all apparently from the eBay breach.

With this perspective, many are upset by eBay’s overall slow response, and with good reason. According to the official statement on eBay’s website, the database was hacked in late February and early March, nearly three months ago. This is made even more concerning by the fact that eBay only detected this security breach around the week of May 4
th, and finally broke the news to the public on May 21st.
As explained by eBay’s statement, this security and data breach was the result of cyberhackers gaining unauthorized access to eBay’s network by figuring out employee log-in credentials. The data that was compromised includes: eBay customers’ names, email addresses, physical addresses, phone numbers and birthdates. Hackers were also able to steal away encrypted passwords.

These passwords were only encrypted however, and not hashed and salted, which would have been more secure. While encryption might slow the hackers down, eBay’s lack of using a more protected format for storing passwords offers little comfort. After all, as the 2012 LinkedIn data breach already illustrated, 60% of stolen LinkedIn passwords (which were hashed) were cracked within 2 days of the theft. Thankfully, while eBay also owns PayPal, the online giant reported that the personal and financial information of PayPal users was not compromised in the attack, as that data is apparently stored on a separate secure network.

All eBay customers are encouraged to change their password immediately if they have not already. Any sites that share the same password, especially if they are sensitive like your online banking account, should also be updated. This is important as cybercriminals often attempt to break into other sites using your stolen info, such as email and eBay password. When updating your information, also be wary of phishing emails that attempt to look legitimate in order to steal more data. If you are unsure, go to the website directly to make changes.

For internet security in general, try to use unique passwords for each site. Avoid commonly guessed passwords that involve your name or birthdate, as those personal details are easily discovered (or in eBay’s case, have already been stolen). If you struggle remembering more than a few passwords, this may be a good time to begin using a password manager.