Facebook Enables One-Click Identity Theft Option for Rogue Application Developers
In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number. Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users. I realize that Facebook users will only have their personal information accessed if they “allow” the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this. Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service. Read the full Sophos blog post here.

‘Call of Duty’ Gamers Hack Medical Server
Nothing, not even the law, is going to stop gamers from playing “Call of Duty.” On Tuesday, Seacoast Radiology in Rochester, N.H. notified all potentially affected patients that its server had been hacked in November, exposing the names, dates of birth, addresses, Social Security numbers and medical procedure codes of 231,400 people. But unlike most cyberattacks, the hackers in this case weren’t interested in identity theft. Their goal? They wanted to play ” Call of Duty: Black Ops,” and they needed a powerful server to host their session. On Nov. 12 at 2:00 a.m. — only three days after the video game went on sale — the hackers hijacked Seacoast’s server, staying for a total of 4-1/2 hours, Don Wood, Seacoast Radiology’s business manager, told SecurityNewsDaily. Read the full MSNBC post here.

Skimming Fight: New Tech a Must
Card fraud will increase in 2011, says Avivah Litan, Gartner Research vice president and distinguished analyst. Skimming attacks will be more sophisticated and globally coordinated. “Flash attacks,” which rely on coordinated, often international, efforts to simultaneously withdraw funds from multiple ATMs, are just the beginning. Add the increasing sophistication of the technology used by fraudsters, including Bluetooth and other wireless communications for the transmission of stolen cardholder data, and it’s clear banking institutions, merchants and the card networks have an uphill battle ahead of them. That’s not to say the battle can’t be won, Litan says. It just means the fight will require new techniques and different perspectives. “There is more discussion now than ever about stronger cardholder authentication, which means even if the data is skimmed at a point of sale or at a gas pump, it can’t be used without the physical card in the person’s hand,” she say. “It used to be, on debit, that the bank had enough authentication with just the PIN. Now, all of that is being broken by the latest trend of attacks, so banks are getting much smarter in the way they are approaching fraud detection and the systems are getting more sophisticated.” Read the full BankInfoSecurity post here.

Fans’ Data Deemed Safe After Reported World Cup Breach
UK football fans are in the clear after a World Cup football ticket data breach scare broke last year. Following reports in Norway that the UK could be a source of a leaked database of personal details on 250,000 football fans, the UK Information Commissioner’s Office (ICO) investigated. It was reported the database contained details of those fans internationally who had purchased tickets for football matches for the 2006 FIFA World Cup in Germany. The database was believed to have been unlawfully sold on the black market, following allegations made in the Norwegian newspaper “Dagbladet”. The newspaper alleged that personal information, including the passport details of 35,689 ticket purchasers from the UK, were included on a database that had been sold to an organisation in Norway. Read the full ComputerWorld post here.

Recent Data Breach at the Pentagon Federal Credit Union
Last month, the Pentagon Federal Credit Union (PenFed) discovered that a laptop infected with malware was used to access a database that contained customers’ personal and financial information, including Social Security numbers and credit card numbers. PenFed says it has identified the source and taken steps to prevent future occurrences. If you were one of the debit or credit customers affected by the data breach, then you received a new card. SecurityNewsDaily reports that Roderick Mitchell, PenFed’s executive vice president of operations, mailed a letter to customers and wrote, “We have no indication that your information has been misused.” Mitchell also stressed that no PINs or passwords were accessed in the incident. But if you’re a PenFed customer – even if you didn’t receive a new debit or credit card – it’s a good idea to watch your accounts to make sure your data is safe. The PenFed Premium Travel Rewards American Express Card was recently included in our roundup of airline and travel rewards cards. Read the full CreditBloggers post here.

NSA App to Help Recruit Cyber Experts
Looking for a job? There’s and app for that. The National Security Agency has unveiled two smartphone applications to help the NSA recruit cybersecurity experts. The NSA app — Career Links — is available through iTunes and delivers real-time agency updates like employment opportunities to iPhone and Droid users. GovInfoSecurity reports that NSA is also employing smartphones’ tagging abilities on many of its print-based recruitment advertisements. This means future recruits can use their phones to scan these tags which will launch a video related to the advertisement’s content. Check out more from FedNewsRadio here.

The Better Business Bureau is warning consumers about the latest ‘phishing’ scam that is making the rounds of Facebook this week. This new Facebook threat encourages you to click on a “Dislike” button. The major red flag for this scam is that Facebook does not yet have a “Dislike” button. The Facebook message that encourages you to get the “Dislike” button states, “I just got the Dislike button, so now I can dislike all of your dumb posts!!!” or “Get the official Dislike button now.”

Why should you avoid the “Dislike” button? According to the BBB, this scam will install malware or spyware on your computer to extract your personal information that can be used to steal your identity.

So for now, Facebook is keeping things on the positive side – you can still only “Like” things. Isn’t it better that way? We don’t need a cruel new Facebook, and better yet, we don’t need our identities stolen in a phishing scam.

So, what does a massive organization like Facebook do when it appears to be on the “wrong side of the law” when it comes to privacy? It brings in the big guns. According to the San Jose Business Journal, Facebook has hired lawyer Timothy J. Muris (pictured), the former chairman of the Federal Trade Commission, to help deal with this situation. The hiring follows the Palo Alto social networking company’s appointment in March of Timothy D. Sparapani, a senior lawyer with the American Civil Liberties Union, to become its director of public policy.

Here’s the wrinkle though. Yesterday, Facebook has denied the hiring of Muris. But the details seem fuzzy at this point. Last month, Muris told Marketwatch that “I’m not confirming or denying that I represent Facebook.” Hmmm…seems kind of vague.

Meanwhile a number of privacy watchdogs sent letters to Congress and the Federal Trade Commission asking for an investigation into Facebook’s move to share personal data with third party sites.

Finally, in an ironic twist, a Facebook board member became the victim of recent hack, which resulted in his personal Facebook account sending phishing e-mails to his friends.