Google's Buzz prompts cybersecurity concerns

Tuesday - 4/20/2010, 5:11pm EDT

Cybersecurity Update - Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Jane Norris (6-10 a.m.) and The Daily Debrief with Chris Dorobek and Amy Morris (3-7 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

  • The "buzz" over Buzz has ten different countries worried about privacy issues. Google launched Buzz in February as part of its Gmail service. It came under fire for automatically creating public circles of friends for users, based on their most frequent e-mail contacts. The company has since changed the service. But ten countries including Germany, Canada and France sent a letter to Google CEO Eric Schmidt, saying they're still extremely concerned that the product was launched in the first place, because it has what they call "privacy issues." They were also concerned about Google Street View, which is a mapping service that includes street-level photos taken throughout neighborhoods. The officials complain it was launched without taking data protection laws and privacy concerns into consideration. The officials called on Google to create default settings that protect users' privacy and to ensure that privacy control settings are prominent and easy to use. Google says it has discussed the issues publicly many times before, and has nothing new to add.

  • Looks like cyber attacks on Google didn't steal passwords. But, it might've stolen the password system. The New York Times reports the system controls access by millions of users worldwide to almost all of the company's Web services, including e-mail and business applications. The Times quotes a person close to the investigation, saying that the program was attacked in December. The raid took less than two days, and leaves open the possibility that intruders might find weaknesses that Google might not realize. It all started with an instant message sent to a Google employee in China who was using Microsoft's Messenger program. The employee clicked on a link, and connected to a "poisoned" site, which inadvertently allowed the hackers to access his personal computer...which led to access to a group of software developers' computers. Ultimately, the intruders were able to gain control of a software repository used by the development team. Company executives declined to comment.