It is time for another security link round-up from your friends at Wharton Security. This week we’ve been reading about Facebook privacy, printer vulnerabilities, 9 reasons you should be paranoid, and a neat new USB thumb-drive.
Facebook settles with the FTC over privacy concerns
Everybody, including my mother, has a Facebook account these days. In addition to being a great website on which to play Farmville, Facebook is also the primary way that many people stay in contact with their friends (or their “social graphs” as the nerds call it).
Facebook has a reputation for over-sharing information people have marked as private when rolling out new functions. This sparked an investigation from the FTC for some actions the company did a couple years ago. Facebook has settled with the FTC and agreed to a 20 year privacy audit from the FTC. Furthermore, Facebook has created two new executive positions relating to privacy.
Mark Zuckerberg, Facebook’s Founder and CEO, has a lengthy blog post up reassuring everyone that Facebook takes your privacy very seriously.
Fun with printer hacking
Chances are the only time you think about your printer is when you need to load paper or run out of toner. However, printers are pretty impressive pieces of technology. They’re basically highly specialized computers sitting on your network.
Researchers at Columbia University have managed to hack certain LaserJet models of HP printers to do a variety of things: overheat the fuser until it smokes, and send copies of all printed documents to a third party.
How did they do this? Well, printers need firmware to function. This firmware is the operating system of the printer. Certain LaserJet printers (the list of models impacted hasn’t been released) allow for remote upgrades of the firmware. Sadly, the printer doesn’t check to see if the firmware update it is receiving is legit (using something called digital signatures). The printer just assumes any requests to upgrade its firmware are on the level and happily updates itself. The researcher were able to take advantage of this and remotely update printers with their own version of firmware which gives them full control of the printer.
The really scary part? Short of pulling apart your printer and examining the chips that make it work there is no way to know if your printer has been hacked. Scary, huh?
Luckily, HP says there is very little chance that this exploit can be leveraged in the real world, however, they are aware of the situation and working on a way to plug up this potential security threat.
If those two articles aren’t enough to make you reach for a roll of aluminum foil this list of 9 things to be paranoid about might. Things they cover include warrentless GPS Tracking and wiretapping by the government, fake celltowers, and the woefully out of date Electronic Communications Privacy Act (the online world has changed a bit since the bill was adopted in 1986).
What could be better than a USB thumbdrive with 256 AES hardware encryption? One that comes with a mechanical lock that looks like it was ripped from the pages of The Da Vinci Code. The Crypteks USB drive (patent pending) is just that.
At the moment the Crypteks USB isn’t available but you can pre-order one via their Kickstarter page (I ordered myself the 8 gig version).