Aug 292012
 August 29, 2012  Posted by  Misc

Geeta Dayal reports:

Don’t you dare even think about your banking account password when you slap on those fancy new brainwave headsets.

Or at least that seems to be the lesson of a new study which found that sensitive personal information, such as PIN numbers and credit card data, can be gleaned from the brainwave data of users wearing popular consumer-grade EEG headsets.

A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets.

Read more on Threat Level.

Aug 292012
 August 29, 2012  Posted by  Business, Court

Erik Gruenwedel reports:

A number of Netflix subscribers have filed objections to a court decision on a privacy act complaining the proposed $9 million class-action settlement leaves little for those allegedly wronged.

A Northern California court in February found the Los Gatos, Calif.-based streaming pioneer violated provisions of the 1988 Video Privacy Protection Act that disallows video rental services from accessing subscriber information up to two years after cancelation.

About 50 subscribers reportedly have filed formal objections to the court complaining the settlement awards more than $2 million to lawyers involved in the case, about $30,000 to each of the initial six plaintiffs, and little to anyone else. The complaints say the lack of financial remuneration undermines the validity of the case and rendering it little more than a frivolous lawsuit benefitting lawyers.

Read more on HomeMedia.

Aug 292012
 August 29, 2012  Posted by  Business, Court

Kelly Fiveash reports that Consumer Watchdog will be able to file a brief opposing the FTC-Google settlement.

Consumer Watchdog, a non-profit outfit, has until 21 September to submit a friend-of-the-court brief expressing its views on the deal struck between the FTC and Google.

US district court judge Susan Illston granted [PDF] attorneys representing the group the right to file the brief. She said Google and the FTC would have to respond to Consumer Watchdog’s gripes about the settlement no later than 28 September.

The group is seeking amicus status [PDF] to oppose the settlement.

Read more on The Register.

Aug 292012
 August 29, 2012  Posted by  Breaches, Business

Jeffrey Roman writes:

News of Google’s $22.5 million settlement with the Federal Trade Commission has come and gone, yet privacy issues reflected in the case remain a concern. Where are the gaps and how can companies fill them? Attorney Francoise Gilbert offers details.

“Many companies just pay lip service to privacy,” says Gilbert of the IT Law Group in an interview with Information Security Media Group’s Tom Field [transcript below]. “They have a privacy policy on their website because that’s what’s expected from them, but they don’t go beyond that.”

Two aspects of the Google case that fascinate Gilbert are that Google misrepresented its practices in its privacy policy, and the company misrepresented its compliance with the Self-Regulatory Code of Conduct of the Network Advertising Initiative.

Read more on BankInfoSecurity.