Connect with us

Tech

What You Need To Know About Facebook’s Massive Data Breach

Published

on

You may not have noticed, but it turns out that there was a massive massive data breach at Facebook last week. Over 90 million users on the site were forced to log out and then log back into their accounts, and it is suspected that these people may have been the hardest hit by the hack. For these people, Facebook initiated a forced password change to secure their accounts right away.

The security breach occurred on Friday afternoon when a group of unidentified hackers managed to exploit three previously unknown vulnerabilities on the social media website and mobile application. The hackers reportedly stole data from 50 million users, but the website ended up resetting the tokens of 90 million Facebook users out of an abundance of caution. So just because you were locked out, doesn’t necessarily mean that your data was stolen, but you should still take all of the necessary precautions.

In a conference call with reporters, Facebook vice president of product Guy Rosen gave some important updates on the situation. Rosen explained that the company managed to detect the breach after the security team noticed an unusual spike in traffic on its servers which revealed a massive cyberattack that had been going on since September 16th. Rosen also said that the discovery revealed three bugs that Facebook was able to fix.

PHOTOGRAPH: DAVID PAUL MORRIS/GETTY IMAGES

The first bug incorrectly offered users a video uploading option within certain posts that enables people to wish their friends ‘Happy Birthday,’ when accessed on the “View As” page. Another bug was in the video uploader which incorrectly generated an access token that had permission to log into the Facebook mobile app. The third bug somehow targeted friends of the affected user. The company says that your password was not compromised, but the hackers were able to gain access to your account anyway. It is still best practice to change your password anyway just in case, especially if you are one of the many users who were logged out last week.

Facebook is now facing a class-action lawsuit after the data breach. Just after news of the hack went public two Facebook users, Carla Echavarria from California and another anonymous user from Virginia, filed a class-action complaint against the company in the US District Court for the Northern District of California.

As we explained in an article earlier this week, you can check your active sessions on Facebook to find out if someone has been inside of your account, which applies to this hack as well. The instructions can be found below:

To get started, just select Security and login.

From there you’ll be able to see where you’re logged in, and provides information like the type device of device that logged in and its location, as well as showing which devices are ‘active now,’  along with a history of all logins.

If you see a device you don’t recognize or trust,  you will have the option to log that device out of your account. You also have the option to log out of all the devices that are currently logged in.

Facebook Hack: 10 Important Updates You Need To Know About – by thehackernews.com

1.) Facebook Detected Breach After Noticing Unusual Traffic Spike — Earlier this week, Facebook security team noticed an unusual traffic spike on its servers, which when investigated revealed a massive cyber attack, that had been ongoing since 16 September, aimed at stealing data of millions of Facebook users.

2.) Hackers Exploited Total 3 Facebook Vulnerabilities — The hack was accomplished using three distinct bugs of Facebook in combination.

The first bug incorrectly offered users a video uploading option within certain posts that enables people to wish their friends ‘Happy Birthday,’ when accessed on “View As” page.

The second bug was in the video uploader that incorrectly generated an access token that had permission to log into the Facebook mobile app, which is otherwise not allowed.

The third bug was that the generated access token was not for you as the viewer, but for the user that you were looking up, giving attackers an opportunity to steal the keys to access an account of the person they were simulating.

3.) Hackers Stole Secret Access Tokens for 50 Million Accounts — The attackers walked away with secret access tokens for as many as 50 million Facebook users, which could then be used to take over accounts.

Access Tokens “are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.”

4.) Your Facebook Account Password Has Not Been Compromised, But, Wait! — The good news is that the attack did not reveal your Facebook account passwords, but here’s the bad news — it’s not even required.

An application or an attacker can use millions of secret access tokens to programmatically fetch information from each account using an API, without actually having your password or two-factor authentication code.

5.) Hackers Downloaded Users’ Private Information Using Facebook API — Although it is not clear how many accounts and what personal information was accessed by hackers before Facebook detected the incident, the year-old vulnerabilities had left all your personal information, private messages, photos and videos wide open for hackers.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the company said.

6.) Your “Logged in as Facebook” Accounts at 3rd-Party Apps/Websites Are At Risk — Since secret tokens enabled attackers to access accounts as the account holder themselves, it could have allowed them to access other third-party apps that were using Facebook login — a feature that lets you sign up for, and log in to, other online services using your Facebook credentials.

7.) Facebook Reset Access Tokens for 90 Million Accounts — In response to the massive breach, Facebook reset access tokens for nearly 50 million affected Facebook accounts and an additional 40 million accounts, as a precaution. This means that nearly 90 Million Facebook users were logged out of their accounts on Friday.

8.) Check Active Sessions on Facebook to Find If Your Account Have Been Hacked — Many Facebook users have noticed unknown IP addresses from foreign locations that apparently had accessed their account unauthorizedly.

You can head on to “Account Settings → Security and Login → Where You’re Logged In” to review the list of devices and their location that have accessed your Facebook account.

If you found any suspicious session that you never logged in, you can revoke back the access in just one click.

9.) Breach Isn’t Connected to the Hacker Who Pledged to Delete Zuckerberg’s Personal Page — Earlier this week, a Taiwanese hacker, Chang Chi-Yuang, claimed that he would demonstrate a critical zero-day vulnerability in Facebook by broadcasting himself hacking Mark Zuckerberg’s Facebook page on Sunday.

However, it is not clear whether the latest Facebook breach has anything to do with Chang’s hack, at least Facebook does not believe so.

Besides this, Chang Chi-Yuang Today says he canceled the stream and reported the bug to Facebook.

10.) Facebook Faces Class-Action Lawsuit Over The Massive Hack — Just after the news of the breach went public, two residents, Carla Echavarria from California and another from Virginia, filed a class-action complaint against the social media giant in US District Court for the Northern District of California.

Both allege that Facebook failed to protect their and additional potential class members data from going into wrong hands due to its lack of proper security practices.

The social media giant has already been facing criticism on handling of user data and its privacy policies in the wake of the Cambridge Analytica scandal, in which personal data of 87 million Facebook users was sold to and misused by a data-mining firm without their consent.

Facebook has already reset account logins for tens of millions of users and is also advising affected users who had Instagram or Oculus accounts linked to their Facebook account to de-link and than link those accounts again so that the access tokens can be changed.

The vulnerabilities exploited by the hackers are fixed, and Facebook is working with the FBI to investigate the security incident, which has impacted approximately 2.5% of Facebook users of its over 2 billion user base.

Since the investigation is still in the early stages, Facebook has yet to determine whether the attackers misused the stolen access tokens for 50 million accounts or if any information was accessed.

Michelle Williams is a New York native and Cornell University alumni currently living in Los Angeles and working as a journalist for numerous Midialab ventures. Williams began her career working as a copy editor for a large television production firm and then moved on to entertainment writing after developing some industry contacts in LA.

Advertisement

Tech

Study Shows Electric Cars Become Practically Useless In Cold Weather

Published

on

According to recent studies, cold temperatures significantly reduce the performance of electric cars, especially when it comes to battery life.

One study by AAA suggested that cold temperatures can reduce the range of the batteries in most electric cars by over 40 percent. It was also noted that the performance can be even worse when the interior heaters are used.

However, even electric car owners who live in hot regions are not safe, because high temperatures can also reduce battery range, although to a far lesser degree.

Luckily, this damage is not permanent, and the battery range returns to normal when average temperatures return, but even if that is the case, this would make electric cars unfeasible for a large portion of the population who live in areas where the temperature is not ideal.

Electric car owners have been discovering this fact over the years as they have attempted to drive their vehicles in extreme temperatures. Electric car owners are finding that their new vehicles are much more sensitive to temperature than the ones they owned before.

Electric Cars

shutterstock

Greg Brannon, AAA’s director of automotive engineering, said that it is important for drivers of electric cars to understand that these vehicles have limitations in extreme climates, this way they are less likely to get caught off guard and stuck out in the cold when their car unexpectedly runs out of battery life.

In the study, AAA tested 2018 models for the BMW i3s, Chevrolet Bolt, Nissan Leaf, Volkswagen e-Golf and the 2017 Tesla Model S 75D. Each of these cars has a minimum range of at least 100 miles per charge, but many dropped significantly when exposed to severe temperatures. The researchers used a machine called a dynamometer to test the cars.

Electric Cars

shutterstock

A dynamometer is a measuring device that is built similar to a treadmill and is inside a climate-controlled cell. Once in the dynamometer, the researchers tested the cars running at different temperatures, 20 degrees, and 95 degrees, then compared how the cars performed under those circumstances with how they performed in a setting where the temperature was set at 75 degrees Fahrenheit.

Electric Cars

shutterstock

The researchers found that the driving range for these vehicles fell by 12 percent while driving in 20 degree temperatures. When the interior heater in the car was used, that range dropped to an incredible 41 percent of its normal capacity.

Meanwhile, when driving in 95 degree heat, the battery life for these vehicles dropped 4 percent on average. However, these numbers got worse if air conditioning was in use. When air condition was used in 90 degree heat, the expected battery life for these cars was reduced by 17 percent.

Tesla responded to the results in a statement, suggesting that the data they collected from their customers shows that there was only a 1 percent drop at 95 degrees, but the company refused to release their data for cold weather.

AAA stands by their results, saying that the study followed test procedures drawn up by the auto engineering trade group, SAE.

To mitigate the reduction in range caused by severe temperatures, AAA suggests that electric car owners warm their vehicles up while they are still plugged in.

Continue Reading

Tech

Engineer Creates First Ever Working Lightsaber With Plasma That Can Cut Through Steel

Published

on

James Hobson, a Canadian engineer and YouTuber based has created a filly functional lightsaber using plasma that can melt through metal. Hobson is known to his YouTube fans as “The Hacksmith” and he has accomplished incredible engineering feats in the past.

In a new video for Hacksmith Industries’ “Make It Real” series, Hobson shows how he was able to create the device. The video has already gathered over 12 million views. The lightsaber is attached to a portable backpack connected to a hilt that pumps out a constant stream of propane gas which. Once the gas is mixed with oxygen, it creates a beam of plasma that looks very similar to the lightsabers from the Star Wars franchise. The device burns at over 4,000 degrees Fahrenheit, which means that it can cut right through thick pieces of metal and steel.

In his video, Hobson also demonstrated how the color of the lightsaber can be changed by adding different salts to the mixture. For example, boric acid can make the beam green, while sodium chloride, more commonly known as table salt can turn it yellow. Calcium chloride will produce an amber color, while strontium chloride will turn the beam red.

“Even with all of our new equipment and capabilities, we’re still bound by the laws of thermodynamics. Well, theories say that plasma is best held in a beam by a magnetic field, which, scientifically, checks out. The issue is producing a strong enough electromagnetic field to contain a blade, well the lightsaber would have to be quite literally built inside a box coated in electromagnets, which turns it into a kind of useless science project,” Hobson explained in his video.

The device was incredibly expensive to make, the laminar nozzle alone cost about $4,000.

The lightsaber first appeared in the original Star Wars film and has since appeared in every Star Wars movie, with at least one lightsaber duel occurring in each main film installment. In 2008, a survey of approximately 2,000 film fans found it to be the most popular weapon in film history.

For the original Star Wars film, the film prop hilts were constructed by John Stears from old Graflex press camera flash battery packs and other pieces of hardware. The full sized sword props were designed to appear ignited onscreen, by later creating an “in-camera” glowing effect in post-production. The blade is a three-sided rod which was coated with a Scotchlite retroreflector array, the same type that is used for highway signs. A lamp was positioned to the side of the taking camera and reflected towards the subject through 45-degree angled glass so that the sword would appear to glow from the camera’s point of view.

(David McNew/Getty Images)

Animator Nelson Shin, who was working for DePatie–Freleng Enterprises at the time, was asked by his manager if he could animate the lightsaber in the live-action scenes of a film. After Shin accepted the assignment, the live-action footage was given to him. He drew the lightsabers with a rotoscope, an animation which was superimposed onto the footage of the physical lightsaber blade prop. Shin explained to the people from Lucasfilm that since a lightsaber is made of light, the sword should look “a little shaky” like a fluorescent tube. He suggested inserting one frame that was much lighter than the others while printing the film on an optical printer, making the light seem to vibrate.

Continue Reading

Tech

Lamborghini Releases GoKart Pro For Adults For $1,500

Published

on

Lamborghini has released a new electric go-kart in its typical black and yellow colors and they are relatively cheap at $1,500.

You might be too broke to afford the luxury famous sports car, however, the new electric go-kart from the Italian sports manufacturer is affordable and fast at 25 mph (40 km/h), which is faster than typical go-karts. Although, its not street legal here in the U.S. like its bigger brothers for different reasons. The new Lamborghini is built strictly for the race track and can fold up into the trunk of your car.

But don’t let laws stop you! Speed limits can be adjusted using a smartphone app and if you are going faster than the cop chasing you, you can zip off into an alleyway or the woods disappearing from his vision. Your brand new pocket lamborghini comes with a big bucket seat which holds a maximum passenger weight of 220 lb (100 kg.) This go-kart is also equip with an electric engine sporting a 432Wh battery, which gives you a maximum travel distance of about — 15.5 miles, or about 25 km – the equivalent of 62 laps around a 400-meter track.

Officially known as the Ninebot GoKart Pro Lamborghini Edition.

The go-kart is designed in partnership with Chinese smartphone maker Xiaomi, which owns a personal transporter company Segway-Ninebot, whom have teamed up with the Italian carmaker to bring consumers the Ninebot GoKart Pro Lamborghini Edition, electrek, reported.

The signature yellow racer with black wheels has a self-balancing Xiaomi scooter which propels it forward, whle its rear tires are high-traction rubber wheels for safe turning and drifting. Again, those coppers will never catch you in this baby with the ability to drift and make sharp turns, just watch out for the spike strip.

On top of all that, your new $1,500 play toy will have Ackermann steering, meaning that each wheel will have its own pivot to allow for sharp and accurate turning. Functional headlights will ensure that there won’t be any nasty collisions or spills on the raceway, while the sick rear wing on the kart will give it sharp aerodynamism and handling improvements.

Want additional features? Lamborghini has you covered, the kart also includes built-in Bluetooth speakers to allow you to play music or mabe you want the loudness  of a Lamborghini’s V8 and V12 piston engines, compared to the relatively silent sound of the kart’s electric motor.

“In addition, as a bonus, there is a program in the go-kart, which will ensure the release of loud noises, which will make not only the driver but also the surroundings reveal that there are beasts ‘under the hood’, in the form of a Lamborghini engine,” a press release from Xiaomi a Chinese tech giant that is popular among consumers in Latin America, Europe, and Asia due to its high-quality mid-range and budget Android smartphones.

The Chinese smartphone manufacturer also produces a range of other odd affordable tech products, ranging from sleek miniature washer dryers to electric toothbrushes, e-bikes and scooters, air conditioners and even rice cookers – as well as other eccentric internet-connected (IoT) devices that comprise Xiaomi’s expanding line of “smart lifestyle” products.

Now, you’ll be able to get your very own “Lamborghini” for the insanely low price of 9999 Chinese Yuan, or about $1,480, from the Mi Store. Tbat’s less than 100 payments of $150. Save up those pennies if you want to style with the Lamborghini go-kart. Although, though I hope you don’t mind paying in Chinese Yuan because that’s your only option to obtain this sweet ride.

The only reason you wouldn’t want to try this out is if you hate having fun. You can wattch a video below of the revealing of the product.

Continue Reading

Trending

Total
226
Share