Day: June 18, 2011

Google Search by Image

Posted on


With Google’s new Search Image you can explore the web in an entirely new way by beginning your Google search with an image. With this feature you can learn more about images on the web and your own photos.

Most importantly for designers and photographers it’s now possible to find violations of copyright.

It’s especially easy to use with the Google Chrome plugin.

Search image complements Google’s other image related services such asGoogle Image Search and Similar Images Search and it competes withTineye that has been the best engine for this purpose so far.

LulzSec Hackers Finally Explain Themselves

Posted on


By PARMY OLSON
.

The mischievous hacking group LulzSec has posted an unusually serious statement to mark their 1,000th tweet, and for the first time it explains in some detail why they’ve gone on a month-and-a-half long hacking spree claiming the likes of PBS, SonyPictures.com, and an FBI affiliate as victims.

In one way the statement seeks to justify the group’s server breaches and data thefts as a warning to anyone who uses the Internet: that we are too complacent about the security of our data online.

This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly.

In other words, just because it hasn’t been announced that someone has stolen our email passwords, that doesn’t mean it hasn’t happened. There are plenty of “blackhat” hackers out there pilfering data in the same way, but they don’t announce it to the world, LulzSec says, or how easy the process was. After announcing its hack on SonyPictures.com, for instance, LulzSec pointed out that Sony had not encrypted user information and passwords, but stored them in plain text. Still, this argument is partly a matter of circumstance – the group could have been doing the same thing 15 years ago but not been able to make the same point about the susceptibility of our data.

LulzSec also admits that they carry out their attacks because doing so is fun and “lulz”-worthy. While this logic will resonate with anyone who regularly visits image boards like 4chan, a piece of Internet real estate where unidentified users often collaborate on pranks, many will still question this logic:

Most of you reading this love the idea of wrecking someone else’s online experience anonymously. It’s appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend’s recently stolen MSN account.

And right now, the group seems to have gone beyond caring about the consequences:

We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be. But you know, we just don’t give a living f*** at this point.

Ultimately, LulzSec with their quickly-amassed 187,000 Twitter followers, are aware that they’re only enjoying a brief moment of fame.

You’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle.

The state ends with “Thank you, bitches, Lulz Security.”

Read the whole thing here.

Protect yourself from Olympic phishing scams

Posted on


Nobody yet knows for certain whether they have been allocated 2012 Olympic event tickets. Until June 24, when confirmations arrive, there remains the risk that some people will have been the victim of cybercrime.

Until this uncertainty and the concern it has created has abated, below are some top tips courtesy of VADition on what do if you are concerned about the risks you may have been exposed to during the Olympic ticket application process.

1. If an ‘Olympics’ related sum has been taken from your account, do not assume that it is bona fide just because it says ‘Olympics Tickets 2012’ or some other official sounding reference. Contact your bank or card provider to query the origin of the transaction.

2. If you receive any correspondence pertaining to be from the Olympics authorities, read it carefully for spelling errors, peculiar language or anything else that doesn’t look quite right. If in any doubt, share the correspondence with the Olympics authorities yourself before accepting that any of the information is true, or following any instructions on it.

3. If you need to access the Olympics ticket website again, do so by entering the full website address manually into your browser window. Do not click any links you have received or used before, as these can be spoofed (i.e. redirect to another address different from the one you see on the page).

4. If your bank or card provider proactively contacts you regarding any specific bank transaction, or about your account in general, remain extremely vigilant to phishing threats and be cautious about disclosing any personal information.

5. Continue to routinely check your bank statements carefully. If your account details have been stolen, it could be some considerable time before the thief decides to take advantage.

6. For more guidance, consider a government endorsed, independent provider of authoritative advice like Get Safe Online. Or consider placing a fraud alert on your credit reports. Your bank should be able to help you do this.

Face Recognition and Facebook’s Recurring Privacy Problem

Posted on


Once again, Facebook has messed with users’ privacy in the name of a new feature.

 

The latest controversy is over Facebook facial recognition, which can automatically tag friends in photos just by matching the image to a massive database of faces.

 

Face recognition is a useful, time-saving feature — at least when it works. But it’s also a creepy addition to Facebook that opts you in automatically. As my colleague Sarah Jacobsson Purewal reported, you can only opt out of getting automatically tagged by friends. The database can still technically match your name to your face.

 

Therein lies Facebook’s big dilemma, the one that comes up time after time, with each new change to the site that demands more of users’ personal information: Yes, letting users opt-in to new features would be a more respectful approach. But because Facebook is inherently social — that is, it relies on the participation of many users — opt-in is much trickier to pull off. In some cases, it’s just impractical.

 

Take, for example, the “instant personalization” feature introduced last year. This allows partnering Websites to use and display information from your public Facebook profile, and from your friends’ public profiles. For example, if you write user reviews on Rotten Tomatoes or Yelp, your friends can see those reviews when they visit the site, provided they’re logged into Facebook. Had Facebook made this feature opt-in instead of opt-out, most people wouldn’t have bothered. That would defeat the purpose of personalization, which relies on having lots of recommendations from people you know.

 

A simpler example is Facebook’s broader attitude toward public vs. private information. In late 2009, Facebook made changes to its privacy settings to put an emphasis on “everyone,” so that users would share their status updates with the entire Internet by default. In making this change, Facebook was trying to be more like Twitter — a massive, ongoing, public conversation between lots of people, regardless of whether they’re friends or strangers. I like Twitter, and I understand by Facebook would want to make this change. But again, it only works if a critical mass of people are participating. That’s why the “Everyone” option for status updates is opt-out, rather than opt-in.

 

With facial recognition, Facebook faces the same dilemma. Facebook could give people the choice to opt in to its photo recognition database, but then how many people would bother? The whole point of Facebook facial recognition is to tag all of your friends in a photo without any manual work. If most of your friends aren’t participating, the feature is worthless.

 

I’m not defending Facebook’s actions, but I understand why the site behaves the way it does. As long as Facebook introduces new features, there will be new privacy snafus. Facial recognition wasn’t the first, and won’t be the last.

 

Follow Jared on Facebook and Twitter for even more tech news and commentary.

SEGA Pass Hacked

Posted on


SEGA Pass, the gaming company’s member database and online network, has been hacked.

SEGA took the SEGA Pass system offline Thursday. Friday morning, it sent an email to Pass members alerting them that an unauthorized and unidentified third party had gained access to the SEGA Pass database.

Members’ email addresses, birth dates and encrypted passwords were obtained in the attack, according to the company.

SEGA is also telling members that it has reset their passwords, that all access to SEGA Pass has been temporarily suspended and that Pass users should consider changing their passwords on other sites.

No party has stepped up to claim responsibility as of yet, though hacker group LulzSec tweeted at SEGA Friday morning: “We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”

Meanwhile, LulzSec recently claimed responsibility for hacking Sony’s and Nintendo’s servers, taking down theCIA’s website and hacking the U.S. Senate.

The full contents of the email SEGA sent to Pass members can be seen below, courtesy ofPlaystationlifestyle.net:

Dear ___,

As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on csescalations@sega.com

Image courtesy of Flickr, Redherring1up