ReadWriteWeb

After Facebook's recent privacy settings "adjustment," the social network is now reporting that 35% users who had never before engaged with their privacy settings took the initiative to do so instead of accepting the updated suggestions put before them by the social network. To Facebook, this number is a very, very good thing. Although nowhere near a majority of users, this engagement rate is much higher than industry averages. Plus, as Facebook's director of public policy Tim Sparapani points out, "35% of 350 million users is an extraordinary number."

But should Facebook really be proud here? What about the other 65% of users who blindly accepted the defaults?

Google has just launched a new program aimed at improving security for its new Web browser, Google Chrome. Developers who find a bug in either Chrome or Chromium, the open source codebase used as the testing grounds for Chrome, will receive anywhere from $500 to $1,337 for reporting the issue. The amount of the reward will vary depending on the severity of the security hole discovered, says Google. Those bugs deemed "particularly severe or particularly clever" will receive the higher amount.

A recently discovered security flaw in Twitter's Flash-based website widget may have allowed attackers access to the login credentials of any Twitter user. According to Mike Bailey, an analyst at Foreground Security, the problem involves a known vulnerability in Adobe's Flash programming language, the language used to code the Twitter widget. In response, Twitter has disabled the widget in question while they research the issue further.

The big Hollywood pictures always make breaking into computers look like a fabulously hip and complicated process. It involves excitement and ingenuity and often times, because it's just so difficult and exciting, a bit of sweat on the brow. But in reality, it's as easy as "123456". And if that doesn't work, we'd suggest trying "12345", next.

A report released today looks at a list of 32 million passwords and what it finds doesn't
say good things about most of us and our password practices.

Websense has just launched a new security suite for the Web, a product called Defensio 2.0. The main selling point of this software is its ability to protect users from malicious content posted to their Facebook profiles. Using a combination of technologies - which include a URL category blocker, a profanity filter, an executable file blocker, and a script blocker - users can configure what content can appear on their Facebook profiles or their public pages. In addition to offering Facebook security, Defensio offers blog protection, too, supporting a number of platforms including Wordpress and Drupal.

In December, Facebook made a series of bold and controversial changes regarding the nature of its users' privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only - no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter.

Those of you who edited your privacy settings prior to December's change have nothing to worry about - that is, assuming you elected to keep your personalized settings when prompted by Facebook's "transition tool." The tool, a dialog box explaining the changes, appeared at the top of Facebook homepages this past month with its own selection of recommended settings. Unfortunately, most Facebook users likely opted for the recommended settings without really understanding what they were agreeing to. If you did so, you may now be surprised to find that you inadvertently gave Facebook the right to publicize your private information including status updates, photos, and shared links.

Want to change things back? Read on to find out how.

It looks like Microsoft has moved to the "sticks and stones" method for handling public relations gaffes. As we reported yesterday, France joined Germany in suggesting that its citizens switch from Internet Explorer to, well, anything else. Now, Microsoft's UK security chief, Cliff Evans, has responded by saying that switching to other browsers will only open you up to more security vulnerabilities than staying with Internet Explorer.

That's saying a lot for the browser implicated in the Great Google Caper of 2010 and we have multiple security experts who said a lot on why it just isn't true.

After years of trying to convince technologically inept relatives to stop using Internet Explorer, computer geeks worldwide may finally have something new to back up their words: the advice of the German and French governments.

The French government joined Germany today in recommending that its citizens switch to another browser in light of last week's admission by Microsoft that Internet Explorer 6, 7 and 8 all contained the same security vulnerability, in which "Internet Explorer can be caused to allow remote code execution."

On Saturday, an exclusive AP report told a story of an AT&T network glitch which allowed some mobile users the ability to login to other people's Facebook accounts. Although according to the story only a handful of people were affected by this glitch, the security flaw could have "far reaching implications for everyone on the Internet," wrote the reporter.

After reviewing the details of the incident, the "glitch" appears to be more of an issue with some misconfigured software at AT&T and less of an internet-wide security concern, as previously feared. That being said, the wireless company regarded the incident seriously and has taken measures to prevent similar issues from reoccurring in the future.

Earlier this week, Facebook and security company McAfee announced a partnership which offers Facebook's 350 million users a free six-month subscription to McAfee's security software. Interested parties can visit the Protect Your PC tab on the McAfee Page on Facebook to sign up for the deal. However, the most interesting part of this new partnership isn't the online coupon, it's the drastic change Facebook is taking to protect its network involving required virus scanning of user PCs. As of now, users whose accounts have been compromised won't be permitted to log back into Facebook until their PC is scanned for malware and the infections are removed. Is Facebook overstepping its role by getting into the virus-scanning game? Or is this new move a brilliant strategy that will help make Facebook a safer place?

More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google's official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.

Although Google's politely-worded blog post doesn't come out and directly blame the Chinese government for these attacks, many have suspected that is the case, including, apparently, Secretary of State Hillary Clinton. Now even more sources are coming out to confirm the Chinese government's involvement. According to Verisign, their sources within the defense-contracting and intelligence-consulting communities also believe "agents of the Chinese state or proxies thereof" are to blame for these recent attacks.

Google has announced that Gmail will now operate using HTTPS, a secure connection between a browser and a server, by default. Previously, users could turn on HTTPS connections as the default in their settings, but the situation has now been reversed.

Google said that after taking a look at the trade-off between speed and security - the primary concern in this case - they decided that it was worth it to the end-user to automatically use a secure connection.

It's been a month since PayPal released its global payment APIs and the company is already primed to make some new announcements at today's Le Web Conference. ReadWriteWeb caught up with VP of Product Development Osama Bedier for an early look at the company's latest announcements.

Earlier this week, the news of the first iPhone worm made its way around the net. Since the worm only targeted jailbroken devices and then only those which had the SSH program installed, there wasn't a need for concern on the part of most iPhone users. However, a second hacker tool which uses the same security hole as the so-called iKee worm has reared its head and this one is far more dangerous. According to security firm Intego, the new hacker tool goes after personal data stored on the device including email, contacts, SMS messages, calendars, photos, music files, videos and any other data recorded by any iPhone app.

In other words, if you're the owner of a jailbroken phone, you should now be concerned.

A federal lawsuit filed on Wednesday is charging an iPhone development firm with collecting users' cell phone numbers without their permission. The developer, a game-making firm by the name of Storm8, is the entity behind popular games like iMobsters, World War, Racing Live, Vampires Live, Kingdoms Live, Zombies Live and Rockstars Live, among others. The company has five titles ranked in the top 50 free apps list in iTunes and seven titles in the top 100.

According to the pending class-action suit, Storm8 used a well-known backdoor method to "access, collect, and transmit" the wireless phone numbers belonging to their software's users.

Now the company has publicly responded to the suit by posting on their forums a sort of mea culpa as well as their plans to ask for a dismissal of the lawsuit due to its "complete lack of merit."

Proposal Would Kill Beacon, Have Facebook Paying $9.5 Million

Late last week, a federal judge in California gave preliminary approval to a settlement of the class action lawsuit regarding Facebook's Beacon program. The controversial program, launched back in November of 2007, allowed Facebook users to share online purchases made on third-party affiliate websites with their social networking friends. The problem with the program was that it was opt-out instead of opt-in, angering many Facebook users who unknowingly shared information they wished they wouldn't have.

Recently, Roger Thompson, chief research officer at security firm AVG, discovered over half a dozen Facebook applications that had been compromised by malicious hackers. Although the apps' reach was small with relatively few users being affected, Thompson was concerned because it was the first time he had seen apps themselves hacked as opposed to something like Facebook profile pages, a common target for the still-spreading Koobface worm.

While this incident alone wouldn't generate much excitement given the low-profile nature of the applications affected, it's not the only example of unsafe applications on Facebook. Another researcher just spent an entire month scouring Facebook apps for security vulnerabilities and what he found is disturbing: six of the hacked apps were in the top ten, 9700 applications were affected, and the potential victims totaled 218 million users.

Google Wave, the company's new real-time collaboration platform currently in private beta, is more secure than traditional email, claims the company. According to Greg D'alesandre, Google Wave product manager, that's because Google has focused on addressing privacy and security issues as the product was built from the ground up instead of waiting to deal with them later. Speaking to media in Sydney today, he detailed several of Wave's security features which are meant to stop criminals from exploiting the new technology and harming Wave users.

Just because computing is done in the cloud, that doesn't mean it has to be insecure and subject to outages. Or so says the U.S. Defense Department who just put into operation their cloud computing services for military personnel. Originally launched a year ago, the platform, called RACE (Rapid Access Computing Environment), was initially used for the testing and development of new applications. Now, the military says RACE is ready to go live...complete with 99.999% uptime - the same as their regular computing environment. Take that, Google!

Yesterday's phishing attack in which several thousand Hotmail username and password combinations were leaked to the web now appears to be just the beginning of a massive phishing attack affecting users of multiple webmail services including Gmail, Yahoo, AOL, Comcast, and Earthlink. The original list was posted anonymously on pastebin.com, a site generally used by developers sharing code snippets. Again, that site recently saw the addition 20,000 more login details from other webmail service providers, indicating what may the largest scale phishing attack to date.