In December 2009, a critical data breach in the Internet has been experienced. Around 32 million user passwords of rockyou.com web portal were stolen by a hacker which had used SQL injection for his attack. He got all passwords and made them anonymously (i.e. without usernames) available in the Internet to download.

Security experts started analyzing the passwords and Imperva released a study regarding the security level of the passwords. They have come up with the following results:
Read the rest of this entry »

After Mark Zuckerberg, the owner of Facebook, said privacy is no longer a ‘social norm’, Facebook changed its privacy policy and set default privacy settings of most user personal data as “public” without their consent. Facebook has been criticized drastically for this change and was forced to improve its privacy settings. And now Facebook says the new settings are much better and easier.

It is a known fact that people are the weakest link in the security chain. Strong privacy settings should be supported with the wisdom of users. They need to known possible threats and how to protect themselves. Considering Facebook, it is inevitable to keep friends list “secure”. That means one should add a person to his friend list if only he is sure about the identity of this person. This is critical because Facebook’s privacy protection system is mostly based on this distinction.
Read the rest of this entry »