Facebook hacker paid through crowd sourcing

I think it’s a great initiative this Bug Bounty Program. Apparently quite a few companies are doing this, i.e. payment to white hat hackers, who report a security flaw.

Facebook has this initiative. However when a researcher and white hat hacker (Khalil from Pakistan) reported a flaw to the FB security team, they responded saying it was not a flaw. Well this was just a little bit annoying. He tried a couple of times for them to understand, and then he said, ok warned them that he would exploit the flaw.

The flaw allowed anyone that is not in your friends list to post directly on your FB Wall! So Khalil posted a message onto Mark Zuckerberg’s Wall. Facebook refused to pay the bounty amount to Khalil on the premise that he didn’t follow protocol.

Now this is old news… about a week old. However, what is new is that the CTO of a company called BeyondTrust decided that Khalil should be compensated for his service and created a crowd-sourced fund for the researcher, with a goal of reaching $10,000 after which the amount will be deposited in Khalil’s account. In addition to that, Maiffret deposited $3,000 from his own pocket to the fund. In less than 24 hours, 79 people contributed nearly $9,000 into the fund. Read more HERE.

Rights of the Data Subject – Data Protection

Panopticon blog have given a really clear/concise description on the changes to the Subject Code of Practice. The Information Commissioner (.ico) published his new ‘Subject Access Code of Practice’ only yesterday.

What I was delighted to find were rights of data-subjects when in social media context to know how/if their data is being used outside of its original intention. Also that social networking sites need to provide some means for the data subject to request for this information. I was really pleased to find the rights of children included to demand the right of access…. read below that I’ve cut&paste from Panopticon blog.

“a child’s right of access – Data about a child belongs to that child, rather than to any parent or guardian. It is therefore the child which enjoys the right of access to their data, albeit that that right may be exercised on their behalf by their parent or guardian. A variety of considerations come into play when a data controller is asked to respond to a request made by a child directly”

Don’t use gmail

In fact I wouldn’t use any email provider outside of the EU if you an EU resident. A recent court case concludes that you cannot expect privacy when using a third party to manage your email, i.e. it is likened to having an assistant who may open your mail for you.

This is an outrage !

Seems that the email service that Edward Snowden recommended as actually protecting your privacy in the US is being forced to share all data and subsequently shut down! The owner and operator of the service, Ladar Levison, has been gagged. Reading between the lines, it looks like he will move his services outside of the US.

His advice is don’t share any of your data on US servers! Read more in infosecurity.

Measuring influence

One of the tweets I received at @virtualshadows was from ‏@rushkoff an article on how to find the world’s most influential thinkers. I was intrigued by this because the subject of my MBA thesis was on finding the ‘influencers’ within an organization. They normally were not the managers, or those placed higher in the hierarchy. Often the most influential people in an organization have their span of influence grossly understated.

I’ve now uploaded all my publications to http://www.digitalbee.se under The BUZZ/Karen’s Publications…I know original 😉 I will also load up my MBA thesis. As it was a whole year’s work, and seems a pity that (apart from for its evaluation/grading at Henley) I’ve been keeping it all to myself up until now.

TRUST is a currency

The PRISM exposure has presented non-US companies with a dilemma. The drive is into the cloud, but they don’t want their information outside of safe EU jurisdiction. According to Forbes it is estimated that the US will lose a lot of $USD as a result.

What needs to be clear here is that PRISM is about government nosing around in our social media activities without us being informed of this. Organizations could say that this is not a risk as they are not in the social media space (unless it is their core competence)… or is it?

What these undercover eavesdropping indicates is that the US government can’t be trusted. They have not been transparent in what they are doing. They are eavesdropping behind the backs of their own citizens. Even after Edward Snowden exposure they continued to deny. I see ‘trust’ as a world currency. Each one of us creates or destroys trust based on our personal/professional actions. This is especially pertinent now in this very connected world we live in today. Transparency is a foundation for trust, and governments that continue this facade of lying to its citizens, are at the cost of trust.. and eventually $USD will pay the price!

Whistleblowers & ‘transitional data’ the way forward?

Natasha Lomas at TechCrunch talks about how “Systematic Surveillance Will Eat Itself“. She talks about how there is some positives product from this surveillance epidemic. In main it is represented by:

1) whistleblowers, e.g. Edward Snowden; and,

2) the rise in ephemeral type technologies that place information online in a more transitional, temporary state than what is normal today.

My take is more the move towards a ‘transparent’ society, but I am now thinking that maybe this is either the compromise, end-point that we come to, or maybe a stopping house on-route to transparency. The reason why I really do not see a strong place at this ‘half-way house’ is because it is still assuming that governments are lying to its citizens and the rest of the world, and hence the need for whistleblowers (who pay a hefty personal price for their efforts) and hence the need for ephemeral type technologies for the citizen to cover their backs… not cool!