Skip to main content

Privacy Monday - February 2, 2015

Happy Groundhog Day!   While we were recovering from last night's heart-attack Super Bowl 2015,  Punxsutawney Phil saw his shadow this morning .... predicting 6 more weeks of winter, for an already winter-weary US. #sixmoreweeksofwinter

Three things you should know on this Privacy Monday:

Over 110,000 Facebook Uses Hit With Malware
Cybercriminals are targeting Facebook users with malware embedded in videos that are pushed to their timeline and in which their friends are tagged. Security researchers from Bitdefender say victims are taken to a video, which redirects them to a site that analyzes their operating system for weaknesses and eventually installs malicious software that give hackers access to their machines.   The malware is described in a post via the Full Disclosure mailing list.    Read more about the malware at CSO Online.

NIST Issues Recommendations for Vetting of Mobile App Security

The National Institute of Standards and Technology (NIST) has released a new report titled "Vetting the Security of Mobile Applications." The report urges enterprises to put apps through a "vetting" process that includes security testing before allowing employees to use them.

Because mobile devices contain many physical sensors that continuously gather and share information, many apps access more data than many users realize. Here are examples NIST cites: A mobile photo-sharing app could grant access to the employee's contact list that holds personally identifiable information, potentially exposing information that should remain private. Similarly, a calendar app, social media app, Wi-Fi sensor or other utility that accesses a global positioning system might track individuals without their knowledge.

The report points out that the mobile development industry hasn't always done a good job with security, and says that enterprises shouldn't rely on app stores or other third parties to verify security.  It details the types of vulnerabilities enterprise testers should look for as well as the kind of tests that can find them.  The guidance also offers recommendations on mobile app security and privacy training for employees.

Sometimes, Email Campaigns are Just "Creepy"

During last week's Blizzard of 2015, the editor of this blog received a marketing email from Intelius, the self-described "public records business" (read: data broker).  The header of the email is below:

From: Intelius <[email protected]>
Date: January 27, 2015 at 6:59:00 PM EST
To: [email]
Subject: Snowed in?  Look up an old friend!
Reply-To: [email protected]

The tag line was "It's cold outside!  Cozy up and reconnect with an old friend!"  The company provides a variety of "search" functions, including "PeopleSearch," background checks and criminal records lookup. Just because you can, does not always mean you should.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.