Doing shady things - infosec links December 10, 2014

DEA Sets Up Fake Facebook Page in Woman's Name - Bruce Schneier - Schneier on Security

A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were "racy") and use it to set up a fake Facebook page in her name.

Verizon's 'Perma-Cookie' Is a Privacy-Killing Machine - Robert McMillian - WIRED

The company—one the country’s largest wireless carriers, providing cell phone service for about 123 million subscribers—calls this a Unique Identifier Header, or UIDH. It’s a kind of short-term serial number that advertisers can use to identify you on the web, and it’s the lynchpin of the company’s internet advertising program. But critics say that it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.

Be Wary of 'Order Confirmation' Emails - Brian Krebs - Krebs on Security

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.