Mobile news

Tags: Featured, Hacking, Mobile Payments, Problems & Issues, Identity Theft Council

23 May 2012

Thinking of buying those shoes with your iPhone? Make sure you're protected from identity theft first.

Neal O'Farrell, the executive director of the Identity Theft Council, gave a talk called "The Hackers Are Coming -- Why the Small Business is the Big Target and What You've Got to Lose" to highlight the dangers of mobile banking for small businesses.

O'Farrell believes the dangers can jeopardize a large segment of businesses and people, explaining, "Eight out of ten mobile banking apps have security flaws, but Apple and the banks don't want you to know that. I'll wait another 20 years to stick my toe in that pond."

Even users with Macs can get their information stolen, and recovery is often problematic. Identity theft via online banking is on the rise, but police investigate less than 1 percent of the crimes.

O'Farrell advocates using a separate, cheap netbook for money transactions, so more frequently used mobile devices won't have the sensitive information on them.

Online banking is far from safe, and mobile finance systems taking stabs at winning loyal users will meet difficulty if people realize how vulnerable their security is to attempted hacks.

O'Farell's advice is at odds with the intentions of a variety of up-and-coming mobile payment systems including Isis and Google Wallet. These businesses will only succeed if consumers feel comfortable with online financial transactions, but O'Farrell points out the need for caution. Isis could have an easier time because it went to great lengths to round up an expansive coterie of security backup, but it still may not outsmart greedy hackers.

In addition to plumbing smartphones and tablets for financial information, hackers also recently targeted medical data, highlighting how identity thieves are liable to explore lots of options to gather sensitive information.

The medical records contained information the hackers could use to figure out passwords and banking information, so although it was not a direct attempt to steal money, identity theft was the end goal. This suggests hackers could also breach smartphones without banking information on them and use other sensitive data to puzzle out account information anyways.

Mobile banking is convenient and consumers have a growing number of options for transactions on the go, but every transaction brings a real identity theft risk. Even though companies are pouring money into ways to make mobile payments mainstream, the continued rise of smartphone-related identity theft may curb adopting this type of transaction unless companies can prove their mobile systems are secure.

Tags: Featured, Hacking, Health & Safety, Problems & Issues, Utah

18 May 2012

The theft of about 780,000 online medical records by unknown hackers from state computers in Utah is sounding alarm bells about the protections of sensitive data.

Last month, hackers stole the data of hundreds of thousands of Medicaid recipients and participants from Utah's Children's Health Insurance Program, including the Social Security numbers of about 280,000 of them. Child records are specifically valuable to criminals because their lack of a credit report or bank account makes it difficult to monitor them for identity theft, leaving their data open for exploitation for years before it is uncovered.

Utah's Department of Health said it was cooperating with the F.B.I. on its breach and working to notify victims, suggesting that Utah's Medicaid and Children's Health Insurance Plan recipients, as well as anyone whose health-care provider might have submitted information to the state for Medicaid coverage within the last four months, monitor their credit and bank accounts.

Utah Gov. Gary Herbert this week called the compromise a "completely unacceptable breach of trust," offered an apology and announced a "comprehensive" response to the massive data breach, including the resignation of Stephen Fletcher, director of the state's Department of Technology Services. The state also offered victims free credit monitoring.

These kinds of patient data breaches are surging, underscoring the need for greater privacy protection. According to the Ponemon Institute, data hacks in healthcare rose more than 30 percent this year, with 96 percent of healthcare organizations reporting at least one breach involving patient information over the past two years.

As part of a 2009 stimulus bill, the U.S. government pays incentives to doctors and hospitals that adopt electronic health records. As a result, more than half of office-based physicians now use digitized records and the number is steadily growing, according to the Centers for Disease Control and Prevention.

Electronic medical records are a treasure trove of personal information, as the Utah breach reflects, including names, Social Security number, birth date, insurance information and personal health details, making them a prime target for hacking and theft.

Utah officials report hackers were able to break into a Medicaid eligibility server, used to validate claims of retirees and others, in part because the security tools on the computer server were not installed properly. Also, much of the vulnerable data should have been deleted from the server once the claim was validated, but they were retained as records.

Some of the exposed data was indecipherable, or disconnected from a name, making it hard to assess the full damage. Investigators have traced the hackers' IP address to Eastern Europe, but haven't identified any suspects.

Hospitals and physicians are likely to search for better ways to bridge the gap between security practices and digitized data. More than 80 percent of physicians now use a smartphone, according to Manhattan Research, to do more patient-focused activities, such as communicating with patients via text messages, checking EKG or other test results and sending patient alerts and reminders, adding to the complexity of the protection issue.

Hospitals, consulting firms, insurers and other big organizations that handle digitized, sensitive patient information expect to increase privacy protection, providing an emerging market for enterprise-class, healthcare-specific device and records security amid growing consumer awareness.

"The people of Utah rightly believe that their government will protect them, their families and their personal data," Herbert said. "As a state government, we failed to honor that commitment. For that, as your governor and as a Utah [citizen], I am deeply sorry."

Credit monitoring and commitment to improve are two consolations for those affected by the Utah breach, but will hardly be enough as medical records zoom towards digitization and hackers hone their skills.

Tags: Featured, Hacking, Problems & Issues, Anonymous, India

17 May 2012

Anonymous hackers darkened several Indian government websites, retaliating against the country's censorship practices in its continued crusade for a free Internet.

The Supreme Court of India and All India Congress Committee websites suffered distributed denial of service attacks under "MT Operation India," leaving them inaccessible for 24 hours. Anonymous crippled the government pages to chastise Indian service providers for blocking file-sharing sites like Vimeo and The Pirate Bay.

India's ISPs acted in anticipation of a pending government proposal, which aims to create a Committee for Internet Related Policies for overseeing the subcontinent's online activities.

The committee, a 50-member UN-backed organization, would hold censorship powers over content deemed inappropriate or offensive by India's ruling party. But Anonymous, whose Pirate Party won parliamentary seats in Sweden and Germany after campaigning for Internet freedom, disagrees with this direction.

"Namaste #India, your time has come to trash the current government and install a new one. Good luck. #SaveTPB #Anonymous #Censorship," the collective tweeted.

Anonymous has a history of denouncing governments that wish to control the Internet, while India has a record of censoring websites. The two interests are now clashing for the second, but likely not the last, time.

Anonymous' first publicized tangle with India occurred in February and concerned the 1984 Bhopal gas leak, which left thousands dead and maimed. The global intelligence firm Stratfor, according to Anonymous, paid corrupt Indian officials to silence victims after the disaster.

Before turning its sights to Bhopal, Anonymous already enjoyed widespread notoriety for challenging worldwide governments on censorship issues.

The collective hit the FBI for nabbing Wikileaks suspects, struck China over its strict censorship policies, even targeting Malaysia and Spain for their attempts to police the Internet.

Anonymous also involved itself in the Arab Spring, fighting against Gaddafi in Egypt and Assad in Syria. The leaderless hackers also criticized Iran over its plans to create a government-run, internal Internet by August 2012.

Until the Stratfor hack this February, however, Anonymous largely remained silent while India sought to censor emails and social media content.

India successfully banned Nokia email servers in April 2011, citing security risks, and enlisted RIM's reluctant help in monitoring BlackBerry Messenger content last fall. The country is also suing Google and Facebook after the Internet giants' allegedly slow response to government requests for proactive censorship of "offensive" content.

But after years of ignoring India's increasingly strict Internet controls, Anonymous is beginning to take interest. The collective may be doing so in part to burnish its reputation as a crusader for freedom after a slew of bad press smeared the hackers this winter.

If India pursues its current direction about online restrictions, however, Anonymous will likely strike the subcontinent more often, denouncing Internet regulation and preserving its own reputation in the process.

Tags: Featured, Lifestyle, Problems & Issues, Reports, London School of Economics, Open University

16 May 2012

Young girls are regularly pressured to send nude pictures or record sexual acts, according to a U.K. report, illustrating how technology can push harassment to new mediums.

"A Qualitative Study of Children, Young People and Sexting," a report by researchers at the London School of Economics, Open University and the U.K.'s Institute of Education, found a third of under-18 texters received a lewd sexual image by text or e-mail. On top of that, the focus group research revealed a substantial portion of young males had dozens of sexual pictures of their peers on their mobile devices, indicating their habit of sharing explicit photos with each other.

"Girls are being pressured by text and on BlackBerry Messenger to send 'special photos' and perform sexual services for boys from an early age. In some cases they are as young as 11. Even while we were interviewing them they were being bombarded with these messages," Institute of Education researcher Jessica Ringrose said, explaining how toxic the climate has become.

Navigating burgeoning sexuality is an inescapable facet of adolescence, and many teens dismiss the adult hand-wringing about the upswing in shared sexual images as unnecessary. After all, teens have engaged in sexual activity throughout human history, and some young people rationalize sexting as an extension of a natural exploration.

Some sexting can be just that, if it stays between the people involved, and the picture sender acts for the right reasons. But the type of persistent, pestering behavior exhibited by many of the young men in the study, coupled with their tendency to pass intimate images around and objectify their subjects, clearly marks this type of behavior as bullying and abusive, not an innocent sexual experiment.

Teen cruelty is nothing new, but recent high-profile suicides springing from relentless bullying is putting a spotlight on the issue, and parents, educators and adults everywhere are desperate to curb socially vicious behavior.

Mobile technology opened up new venues for bullying, letting aggressors bombard their targets at all hours of the day, through Facebook, Twitter, text messages and more. Hurling insults online affords the bully an emotional distance, so young teens making cutting remarks feel secure doing so via social networks or text messages. As a result of the attackers' ability to infiltrate more areas of their lives, bullied adolescents have fewer places of respite. Young people check their phones everywhere, including the home, which brings the problem to more intimate spaces.

In some cases, like the situation between Tyler Clementi and Dharun Ravi, bullying is inextricably linked with technology, with aggressors pursuing and humiliating their targets entirely by digital communication.

Boys far too shy to demand girls take their clothes off in person feel empowered by the distance built into texting, and young people who are well-mannered in person may behave like outsized charlatans on instant messenger.

With young people often outpacing their teachers and parents when it comes to tech savvy, the lack of supervision and education about online etiquette contributes to the churlish behavior. And though some research shows teen sexting is not as rampant as it is often portrayed in the media, this recent study suggests it is still a sizable problem that can lead to widespread self-esteem issues among bullied girls.

Even though U.S. law officials are trying to amend current child pornography laws to keep ignorant teens off sex offender registries, sending these salacious texts can often still land teens in trouble with authorities.

To quell this damaging behavior, parents and educators need to step up to the plate and begin a comprehensive online etiquette campaign. While teens may never stop sending each other naked photos of themselves, smart education strategies can point out and change the climate of blatant sexual harassment.

Tags: Featured, Hacking, Problems & Issues, Reports, Neustar

16 May 2012

Cyber-attacks on small businesses are repelling customers and costing a fortune, leaving owners with tough choices on how to strengthen their online defenses against increasingly common security breaches.

According to a Neustar study, 70 percent of surveyed businesses experienced prolonged distributed denial of service, or DDoS, attacks that drove away countless customers and millions of dollars in potential revenue.

Over five hundred IT professionals admitted their greatest fear is the customer backlash and heavy cost of distributed denial of service attacks. DDoS attacks overload servers with requests, overwhelming websites in a heavy flow of traffic.

Retailers worried about hacking the most, as such attacks cost an average of $100,000 per hour.

"This is a significant amount of money," observed Ted Swearingen, director of the Neustar Security Operations Center. "People don't realize there are a lot of other costs associated with DDoS, such as brand damage."

Neustar's study suggests if large firms suffer monetarily from cyber-attacks, small businesses have an even harder time handling increased security breaches.

For instance, Sony stands out as a significantly damaged brand, following a string of Anonymous DDoS hacks from April until October 2011. The attacks cost millions in cleanup and forced the company to compensate disgruntled users for failing to protect their data.

The Japanese company was big enough to stay afloat following this disaster, but most small entrepreneurs would have sunk in its wake. And in this case Anonymous hackers didn't even aim to steal from Sony's financial centers, preferring instead to humiliate the electronics maker by publicizing user information.

"While Anonymous has been getting a lot of headlines, our data tells us that most of these attacks are happening for the old-school reasons of why you'd want to knock out a site: financial gain and competitive advantage," said Sweringen.

Small businesses are just as vulnerable as big corporations against financial DDoS attacks, since the payout is lower but the threat of retaliation much slimmer. And financially motivated attacks are increasingly common, as Swearingen states.

"You have a one in three chance of a DDoS attack. It is something that IT teams and companies need to prepare for," he warns.

But under five percent of participants in Neustar's study have any protection against DDoS attacks, using only firewalls and rudimentary software to discourage hackers.

Further, many businesses use generic passwords like "password1" and "1234" to shield sensitive data rather that switching to complicated, unhackable codes.

Cyber-insurance, sold by firms like Travelers Companies and Chubb, also offer a refuge to both small and large businesses seeking protection against cyber-criminals. Still, this method is only partially helpful as it may not cover certain claims like civil lawsuits.

New government regulations may also soon enable small businesses to collaborate with the National Security Administration in warding off cyber-criminals. But civil rights advocates say these bills violate the First Amendment and may eliminate more liberties than they grant.

With the number of cyber-hacks is the rise, small companies will need to set aside finances for comprehensive preparations to fortify their electronic defenses to avoid Sony's fate. However, they will also need to weigh whether the investment will be money well-spent, or if any company can really be protected against the ever-increasing -- and more aggressive -- amount of cyber-attacks.

Tags: Amazon, Featured, Problems & Issues, Reports, IDC

04 May 2012

Amazon is banking on a 10-inch tablet to gain market share, but it may be too little, too late, as the Kindle continues to lose its footing.

Kindle sales slowed this quarter, according to IDC, partly due to a drop-off after brisk holiday business, but its lackluster performance may hint at trouble on the horizon for Amazon as customers continue snapping up iPads.

Target announced it will not sell Kindles starting this spring, another hit for the company, as it was the third-largest Kindle retailer. The retailer's announcement is a double blow to Amazon, following news Apple is launching mini-stores in the popular big-box store.

The Kindle sold well as a Christmas gift, but Amazon is having a hard time keeping sales steady as competition in the tablet market increases. The debut of the new iPad likely cut into Kindle sales, as did a strong entry into the tablet market by smaller rival Barnes & Noble.

Amazon has a hard road ahead, because in addition to its sales decline, research shows customers prefer the iPad to the Kindle, despite the price difference. Budget-conscious shoppers took a chance on the Kindle and picked it up as a gift, but the lukewarm consumer response suggests buyers bit the bullet and paid more for a tablet that performs better.

Amazon is prepping a 10-inch version of the Kindle Fire set to move into Apple's turf. The company is also testing an in-app purchasing system, looking to boost revenue and offer better apps. Amazon's decision to make its tablet bigger and give it more apps demonstrates the company's wish to be more like the iPad, but unless it successfully explains what makes the Kindle unique, it will have a hard time grabbing back its corner of the market.

Amazon also faces competition beyond Apple. Google is prepping a line of branded tablets, and Microsoft's recent investment in Barnes & Noble means the smaller bookseller will have ample resources to develop innovative features on its next e-reader.

Unless Amazon can rectify some of the issues plaguing the Kindle -- such as a lack of camera and poor battery life, among others -- while keeping an appealing price, business will continue to spiral downwards.

Amid the gloomy news, Amazon does have a concrete advantage over Apple in one arena: e-books. Apple is embroiled in lawsuits over its e-book pricing strategy, but Amazon is moving in and dropping prices to attract customers. At the same time, Amazon faces problems of its own if antitrust investigators find its pricing is too low for rivals to compete.

The Kindle's sales slump should have Amazon worried, and if the upcoming 10-inch version flops, it will have a difficult time re-proving its worth to consumers.

Tags: Mobile, Problems & Issues, Regulation, Japan

03 May 2012

Phones come in handy in a crisis as long as they work, an obstacle Japan is striving to develop with networks that function even in extreme conditions.

Japan built its burgeoning "disaster-proof" mobile network to withstand natural disasters by quickly diverting traffic from compromised stations and preventing network overload.

The country's interest in improving its networks stems from the 2011 tsunami, which knocked communication in some areas when people desperately needed it. Telecom companies NTT Docomo and KDDI are spearheading separate projects, but the Japanese government is pushing the companies to cooperate to get the networks up and running as soon as possible.

In disasters, mobile service is often more reliable than landlines, and more accessible to people caught away from home during an emergency. During the Japanese tsunami, as well as the tornadoes in the U.S. last summer and a bevy of other crisis incidents, people relied on cell service and social media to communicate with family, friends and rescue teams.

Creating a sturdy emergency network will benefit Japan, which as an island is prone to natural disasters such as tsunamis and earthquakes, and may inspire other nations to concentrate on shoring up their resources to make emergency communication more reliable.

A disaster-proof system in the U.S., however, could be more difficult to create. The fiercely competitive relationships between carriers in the U.S. could hinder similar projects and the government is less likely to demand network-building cooperation. Also, the spectrum squeeze makes it difficult for U.S. carriers to devote bandwidth to establishing comprehensive re-routing systems.

For example, LightSquared's proposed merger with Sprint would have given Sprint access to more satellite-based network resources, but U.S. regulators blocked the deal due to potential interferences with GPS systems. The FAA warned the GPS disturbance might actually decrease safety by interfering with aviation signals, even though LightSquared insisted it could fix the interference issues and still run its towers.

At the same time, unless the government places primacy on letting carriers use such satellites to bolster their networks, the U.S. will have trouble carrying out a project along the same lines as Japan and keeping citizens in contact during emergencies.

AT&T introduced a series of "Remote Mobility Zone" kits, which can connect cell service with satellites in case of emergency, but these cost upwards of $15,000, making them too expensive for most consumers.

This is not good for the U.S. Although the country is less vulnerable to tsunamis than Japan and other Asian countries, the nation still experiences devastating hurricanes, tornadoes and earthquakes, and it needs a foolproof communication system for people just as much as Japan.

Researchers in the U.S. developed a mobile app that uses Bluetooth short-range radio technology to reroute data during service interruptions, but something like that would not be as widespread as a carrier-backed emergency system.

The U.S. is developing emergency mobile services, such as a disaster response text alert system. But if the infrastructure to transmit these messages is damaged, systems like these are useless.

Given the climate in Congress and among carriers in the U.S., it is unlikely AT&T, Verizon and other major carriers will work together on a project along the same scale as Japan's. But, if a wide-scale natural disaster strikes and people are left without service, both regulators and carriers will face angry citizens wondering why they did not harness the technology available while other countries were doing so.

Tags: Health & Safety, Mobile, Problems & Issues, Regulation, Japan

03 May 2012

Phones come in handy in a crisis, as long as they work, an obstacle Japan is striving to develop with networks that work in the most extreme of conditions.

Japan built its burgeoning "disaster-proof" mobile network to withstand natural disasters by quickly diverting traffic from compromised stations and preventing network overload. The country, whose interest in improving its networks, stems from the 2011 tsunami, which knocked out communication when people desperately needed it.

As a result, Telecom companies NTT Docomo and KDDI are spearheading projects, but separately, so the Japanese government is pushing them to cooperate and get the networks up and running as soon as possible.

In disasters, mobile service is often more reliable than landlines, and more accessible to people caught away from home during an emergency. During the Japanese tsunami, as well as the tornadoes in the U.S. last summer and a bevy of other crisis incidents, people relied on cell service and social media to communicate with family, friends and rescue teams.

Japan, an island is prone to natural disasters such as tsunamis and earthquakes, will benefit from the sturdier emergency network, and its actions may inspire other nations to concentrate on making emergency communication more reliable.

A disaster-proof system in the U.S., however, is more difficult to create. The fiercely-competitive relationships between carriers in the U.S. hinders similar projects and the government is less likely to demand network-building cooperation. In addition, the spectrum squeeze makes it difficult for U.S. carriers to devote bandwidth to establishing comprehensive re-routing systems.

For example, LightSquared's proposed merger with Sprint would have given Sprint access to more satellite-based network resources, but U.S. regulators blocked the deal due to potential interferences with GPS systems. Meanwhile, the FAA warned that GPS disturbance may actually decrease safety, by interfering with aviation signals, even though LightSquared insisted it could fix the interference issues and still run its towers.

At the same time, unless the government places primacy on letting carriers use such satellites to bolster their networks, the U.S. will have trouble carrying out a project along the same lines as Japan and keeping citizens in contact during emergencies.

AT&T introduced a series of "Remote Mobility Zone" kits, which connects cell service with satellites in case of emergency, but these cost upwards of $15,000, making them too expensive for most consumers.

The U.S., which experiences devastating hurricanes, tornadoes and earthquakes, needs a foolproof communication system for people just as much as Japan.

Researchers in the U.S. developed a mobile app that uses Bluetooth short-range radio technology to reroute data during service interruptions, but that method wouldn't be as widespread as a carrier-backed emergency system.

The U.S. is developing emergency mobile services, such as a disaster response text alert system, but if the infrastructure to transmit these messages is damaged, systems like these are useless.

Given the climate in Congress and among carriers in the U.S., AT&T, Verizon and other major carriers are unlikely to work together on a project on same scale as in Japan. But, if a widescale natural disaster strikes, and people are left without service, similar to Hurricane Katrina, regulators and carriers will face criticism as to why they didn't harness the technologies available in other countries, such as Japan.

Tags: Featured, Google, Problems & Issues, Viruses & Malware, Reports, Android, Lookout

03 May 2012

A new virus is infecting Android devices, the latest in a persistent threat to Google's operating system.

The new Trojan virus, called "NotCompatible," downloads automatically to users' phones and tablets without their knowledge upon visiting certain websites, according to security firm Lookout. Once a person's device gets infected, all personal information on the handset is at risk to the hackers behind the virus.

Analysts say the threat on Android devices is not widespread at this point, but the fact that a virus can be downloaded through a mobile browser at all is damaging to the platform and could widen the threat of malware to a bigger pool of users. Malware issues within the Android Market have plagued Google's OS for some time, but users could steer clear of threats by making sure their downloaded apps were legitimate.

This new Android virus can hide in Web pages that users visit all the time, leaving all users susceptible to malware without any warning. NotCompatible has only popped up on websites with very little traffic. However, if hackers are able to affect larger sites visited by millions everyday, the Android platform will have a tremendous black eye that may drive off current users and scare away new ones.

Android has a history of issues with viruses that only seems like it's getting worse, but its competitors have nearly pristine reputations. Apple's iOS has a clean record for a mobile platform, and Microsoft's Windows Phone, beginning to emerge as a real player in the market, has shown very little permeability.

Google's OS is still the market share leader in smartphones, but if it can't contain viruses through its mobile browser, its numbers will take a severe hit as customers turn to Apple and Microsoft.

The timing of viruses affecting Android devices through Web browsers couldn't be worse for Google's planned venture into tablets, which will likely find large amounts of users clicking on websites and downloading apps and media. The company is planning on diving deep into the tablet market later this year with Android 4.0 powered devices, but consumer fears about viruses could put a serious damper on those plans.

In the past, Google has fought malware in the Android Market with its Bouncer software, and has defended its OS from claims that it's prone to viruses. However, the steps the company has taken to fix the problem with its apps thus far have been unsuccessful, and issues that continue to pop up suggest the problem is as bad as critics say.

Google needs to get out in front of the this Android virus issue and assure users they won't continue to fall victim, or it runs the risk of its mobile platform becoming the ultimate casualty.

Tags: Cover Story, Facebook, Featured, Problems & Issues, Social Media, Reports, Consumer Reports

03 May 2012

Facebook is keeping tabs on users beyond what they may expect, Consumer Reports discovered, highlighting how people like insurers and burglars can exploit the activity feed.

For example, Facebook compiles information from users who visit pages with "Like" buttons, even if they do not click on the button or post the page. Consumer Reports found that nearly 5 million users publicly posted their whereabouts on their page, which can tip-off burglars, while another nearly 5 million "liked" health-related pages that insurers can use against them.

The gaping holes in Facebook's privacy settings speak to the widespread challenges in keeping online information private. In addition to its data practices, Facebook's custom privacy controls are often too complicated for users to fully grasp, ramping up their risk for security problems.

Facebook insists it keeps its data collecting records private, but past security breaches demonstrate third parties can sometimes track users' Facebook movement, which may prove problematic in the future.

One thing that surprises even privacy-savvy users: friends can share personal information about other friends through third-party apps -- so posts set to "friends only" can end up stored in other companies' records.

Consumer Reports, which advised users how to avoid this, illustrates how personal information gets proliferated in subtle ways.

Facebook isn't intentionally sharing information, but rather, these are "holes" in the privacy system it has in place. The social network won't risks the ire of regulators and a loss of public confidence if it doesn't protect user information, but data aggregators understand Facebook is a treasure trove of valuable information, and are equally unlikely to stop trying to grab hold of the site's potent data.

Responding to government scrutiny, Facebook plans to release reports providing details on the data it collects, but people still need use common sense to protect themselves.

A large swath of users are not Facebook-literate enough to filter their profiles to prevent strangers, employers, the police, the >courts, and even debt collectors from gathering sensitive information, prompting lawmakers to examine the issue.

So part of the problem is a social failure, not Facebook's -- people are not taking the time to understand how the controls work, which can put them in a precarious position, often unknowingly giving an edge to burglars, advertisers and insurance companies.

To play it safe, Facebook users may want to assume anything they post or look at on the site is tantamount to public information. Despite efforts from both the public and Facebook to tighten security policies, companies looking to mine the site for data may find new ways to infiltrate the network, or become more sophisticated about tracking users' history.