RockYou has come under fire recently after a SQL injection flaw resulted in a data breach which exposed over 32 million RockYou user emails and passwords. Rather than immediately solving the problem however, RockYou was complacent. As Nik Cubrilovic pointed out, “They have not taken steps to rectify the problems that caused the breach and have not addressed their users in a suitable or adequate manner. An appropriate response would have been to take the site down for a period of a few hours and enforce that users enter new passwords, which would be stored in a hashed or encrypted form.” Two weeks later a class action has been filed.
Read the rest of this entry »

So, the latest thing is age-verification for minors, where sites like MySpace and Facebook confirm the identities of members under 18 and restrict access only to other children or parent-approved adults. Sounds good and solves a basic online security problem, and a big one at that, right?

Well, yes and no. As the New York Times reported last week, “Online Age Verification for Children Brings Privacy Worries” since the cost of doing this kind of business can be kind of steep – at least under current proposals. The Times discussed one company in particular, eGuardian of Ontario, CA, which “asks a parent to submit the birth date, address, school and gender of a child, then it asks schools to confirm the information.”
Read the rest of this entry »