Summary:
The FBI has a database of 100 million fingerprints 45 facial photos. The fingerprints are exempt from the Privacy Act, and under rules recently proposed by the agency, the facial photos and all biometric data would also be exempt. A coalition that includes the ACLU opposes the exemption. Unlike most public records, the photos would not available to examination by the subjects, so they would not be able to ask that errors be corrected. The FBI argues that letting someone know that information about them is in the database would compromise investigations. The public comment period ended on July 6.

Summary:
Sometime before June 2013, hackers stole over 350 million MySpace account credentials. They were recently put up for sale. Even if you forgot you had a MySpace account, this could be a problem for you, especially if you still have the same email address and used the same password for both services. This kind of data breach is not uncommon, and it illustrates the fragility of passwords. Although the title of article emphasizes deleting old accounts, more to the point is the importance of not re-using passwords.

Gene Spafford notes that he nomination cycle for the 2016 induction into the Cyber Security Hall of Fame is now open.

Details on the nomination procedure are available at http://www.cybersecurityhalloffame.com/content/nomination/Cyber-Security-Hall-Of-Fame-Nomination%20Process

Nominations are due by July 20.

Summary:
A new blockchain-based currency, intended for an investment fund, lost at least a third of its value as hackers exploited a software flaw. The developers have been left with a dilemma: fork the code and lose the integrity of the blockchain (and the confidence of the community) or withdraw all funds and close down.

Summary:
More funds have be siphoned from the DAO, and the lead designer announced that the developers were removing their funds.

Summary:
The DNC website is managed by a company called MIS Department, and by registering a similar domain name, hackers may have used a phishing attack to gain access to confidential documents compiled by the Democratic National Committee. At least two security firms attribute forensic evidence to known hacker groups within the Russian government.

Summary:

Summary:
The Pokemon Go phenomenon has a cybersecurity sidelight that is truly disturbing. Downloaded apps are supposed to run with the minimal privileges needed to their operation, but not all developers have the same notion of "minimal". In the "all or nothing" model of app privileges, the user either grants what the app demands or doesn't load the software. In the case of this game, iPhone users are asked to grant full access to their Google accounts to the app. That gives the Pokemon distributor the ability to access the users' email. Granting that privilege to this "insanely" popular game is ... insane.

Summary:
The Computer Fraud and Abuse Act was written long before Facebook was dreamed of, but it has been applied to a use of Facebook messaging that most people would probably consider perfectly legal. In this case, a new service for messaging allowed users to aggregate the use of their own social media accounts through a third party interface. That interface used the users' credential to login to their accounts and send messages to other users. Facebook sent a cease-and-desist order to the third party, but the service continued to operate. The Ninth Circuit Court held this to be a violation of CFAA and other laws. This article criticizes the decision, which is likely to be appealed.