Two Congressmen have sent a direct and scathing letter to Facebook’s management regarding privacy failures. The questions come after Facebook mentioned on a blog that application developers would soon have more access than ever before, even to user addresses and phone numbers; and then they abruptly said the plan was postponed.

The letter was announced yesterday on US Representative Edward Markey’s website:

…Reps. Markey and Barton ask Mr. Zuckerberg to respond to questions that include:

* Would any user information in addition to address and mobile phone number be shared with third party application developers under the feature as originally planned, and was any of this information shared prior to Facebook’s announcement that it would suspend implementation of the feature?

* What user information will be shared with third party application developers once the feature is re-enabled?

* What was Facebook’s process for developing and vetting the feature referenced above before the feature was suspended, and what was the process that led Facebook to decide to suspend the rollout of this feature? What is the process Facebook is currently employing to adjust the feature prior to re-enabling it?

* What are the internal policies and procedures for ensuring that new features developed by Facebook comply with Facebook’s own privacy policy, and does the company consider this a material change to its privacy policy?

* What consideration was given to risks to children and teenagers posed by enabling third parties access to their home addresses and mobile phone numbers through Facebook when designing the new feature?

* What are the opt-in and opt-opt option for this new feature?

* Why is Facebook, after previously acknowledging in a letter to Reps. Markey and Barton that sharing a Facebook User ID could raise user concerns, subsequently considering sharing access to even more sensitive personal information such as home addresses and phone numbers to third parties?

No answers so far from Facebook. I did not wait, however. I just deleted my Facebook account.

Hal Pomeranz has announced a new set of tools to help with digital forensics for unallocated space on Linux systems using EXT3 (not compatible with EXT4). Indirect blocks are the areas of a disk that are unlike direct blocks — they are not sequential, nor are they always associated with a start/end to a file:

The problem of indirect blocks in the middle of the file content is addressed by tools like Foremost by simply skipping over the indirect block and ignoring its contents. Actually, Foremost will skip the first indirect block that normally occurs in the 13th data block in the run but fails to remove later indirect blocks (the double and treble indirect block chains) from the recovered image, again leading to file corruption on recovered files larger than 4MB or so.

Simply skipping over or attempting to edit out the indirect block data from the recovered file is probably the wrong thing to do in any event. After all, the block pointer metadata in the indirect blocks provide a map to the location of large chunks of file content from the original file. I have developed a couple of simple command-line tools to find and use the indirect block data to more accurately recover files from unallocated space.

A funny yet sad story in the Daily Mail:

An immigration officer tried to rid himself of his wife by adding her name to a list of terrorist suspects.

He used his access to security databases to include his wife on a watch list of people banned from boarding flights into Britain because their presence in the country is ‘not conducive to the public good’.

As a result the woman was unable for three years to return from Pakistan after travelling to the county to visit family.

The tampering went undetected until the immigration officer was selected for promotion and his wife name was found on the suspects’ list during a vetting inquiry.

No one noticed for three years that the officer was married to a no-fly wife? No one noticed that a woman was on the list without any justifiable cause? So they started to promote him and then fired him, both for his talented work with the security database. In other words, he could arbitrarily enter someone into the list of terrorist suspects. His mistake was to enter someone into the list to whom he was married.

Meanwhile, the Daily Mail also reports that a tiny souvenir soldier toy from a museum was successfully detained and disarmed by officers at Gatwick Airport.

His three-inch, plastic toy gun was branded a ‘firearm’ and banned from a transatlantic flight. […] They said rules were rules.

Probably not loaded