Late last month, Facebook disclosed a massive security vulnerability that it claimed affected some 50 million login tokens, but details were somewhat thin on its impact pending further investigation. In a blog post today, the results are in some ways better and worse.

The company believes its initial estimate of 50 million compromised login tokens—it reset 90 million in total as a cautionary measure—was generous, and Facebook now believes the number of accounts impacted to be closer to 30 million. That’s the good news, if you can call it that.

For 400,000 of the accounts, which these attackers used to seed the process of gathering login tokens, personal information, such as “posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations” and, in one instance, actual message content, were compromised. Of the 30 million ensnared in the attack, Facebook believes that for around half, names and contact information—meaning phone numbers, email addresses, or both—were visible to the attackers; 14 million of that pool had that same information accessible as well as myriad other personal details, which Facebook believes could contain any of the following:

[U]sername, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches

Facebook believes only 1 million of the total compromised accounts had no personal information accessed whatsoever.

Guy Rosen, Facebook’s Vice President of Product Management, is expected to further clarify this update this afternoon. We’ll update this post as details become available.

via Engadget http://www.engadget.com

October 13, 2018 at 07:39PM

via Engadget http://www.engadget.com

October 15, 2018 at 12:57AM

igloohome reveals Smart Padlock

The humble home has gotten ever smarter these days, thanks to the integration with voice assistants such as Amazon’s Alexa into everyday appliances, not to mention the smartphone which seems to have an app for virtually everything. Since the house is meant to be a safe space for the family to rest and relax in, why not consider beefing up your home’s security with igloohome’s latest offering, the aptly named Smart Padlock?

The Smart Padlock is a versatile, remotely-managed security solution which will offer homeowners with a convenient access method in order to control to their properties and assets. Airbnb hosts would certainly find the built-in innovative PIN code technology useful, since it enables owners to grant remote access without requiring the users to download an app before that. Visitors and guests would also find it convenient, since not everyone would have a data plan ready at hand, especially if they are a tourist in the area.

Touted to be the ideal security tool for granting time-sensitive access, the Smart Padlock is currently targeting an Indiegogo campaign launch. Property owners will be able to grant access to their homes, yards, facilities, and other rooms armed with it to virtually anyone: from guests to handymen or other family members through a couple of unique options: PIN codes or Bluetooth keys. PIN codes can be sent over any communication mode including SMS, email or Facebook Messenger. Upon receipt, the user just needs to key in the PIN code on the padlock, and they will work immediately as long as it is within the set time window.

Alternatively, Bluetooth keys can be sent over smartphone, but this will only work if the users are within proximity of it. Upon receiving the Bluetooth key from the owner, all users need to do is to tap ‘unlock’ on the app, and the Smart Padlock will unshackle. We do hope to see more variants of such smart padlocks make their way to the market in the future.

Press Release

Facebook has confirmed that millions of users did in fact have personal data accessed during a serious security breach disclosed late last month.

Initially, the social media giant estimated that 50 million accounts were affected by the hack, but said it was not clear whether any information had actually been stolen.

Facebook has revised the total number of affected users down to around 30 million. But it has also confirmed that hackers accessed personal details in most of those cases — including, for about half of those users, recent searches and locations.

Facebook would not discuss a suspect or a motive, at the FBI’s request. The bureau is actively investigating the breach.

As NPR has previously reported, the hack exploited three separate bugs in Facebook’s code. No passwords were actually compromised, but the hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person. In late September, Facebook detected unusual activity, discovered the bugs and disabled them.

Facebook says the attacks were carried out between September 14 and 27. The attackers moved within social networks, controlling one account at first and from there, accessing that account’s friends, to initially steal access tokens for 400,000, and ultimately 30 million more accounts.

Fifteen million of those users had their names and contact details — which could be email addresses or phone numbers — accessed.

In a more serious breach, 14 million people had a wider array of data accessed, including their gender, religion, relationship status, birthday, current city and hometown, device types, education and work history. Hackers also had access to those users’ last 15 searches, and the last 10 locations they either checked into or were tagged in by someone else.

The 400,000 people whose accounts were first hacked were most seriously compromised, with hackers viewing their posts, their friend lists, their group memberships and the names of recent message conversations (though not, in most cases, the contents of those messages).

“We have no reason to believe the attackers were interested in that information” from those 400,000 users, Guy Rosen, vice president of product management at Facebook, told reporters on Friday. “They were [doing] that in order to get the access tokens for those people’s friends.”

Hackers also gained access to the accounts of about 1 million users, but did not steal any data, Facebook says.

Users can visit Facebook’s help site to determine if their account was among those hacked.

Facebook says they do not believe the attackers created any posts while imitating other users.

The company also says that the hackers would hypothetically have been able to view the last four characters of users’ credit card numbers, but there is no evidence they sought out that information.

Sears — the iconic American retailer that has sold everything from clothing and toys to refrigerators and socket wrenches over its more than 130 year history — may have reached the end. The Sears Holdings company filed for Chapter 11 bankruptcy on Monday, after failing to make a $134 million debt payment.

The bankruptcy filing is the latest and most significant milestone in a long decline for the company once best-known for pioneering the mail-order catalog that featured nearly everything the American consumer might desire.

Today, however, Sears is drowning in $5.5 billion of outstanding debt.

Hedge fund manager Eddie Lampert took over the company in 2013. He was both the company’s biggest investor and a major lender, and tasked with orchestrating a difficult turnout.

Under Lampert’s guidance, the company sold off valuable assets such as the Lands’ End clothing line and legendary Craftsman brand in attempts to increase its cash flow. As part of Monday’s filing, he was removed as the company’s CEO.

Last year, Sears’ stock tumbled after the company acknowledged in an annual filing that its future viability was uncertain. It closed dozens of stores that same year, citing non-profitability. In August, its stock fell from about $6 to below the minimum $1 level Nasdaq stocks must maintain in order to avoid being delisted.

Its Chapter 11 filing will allow Sears to reorganize, and perhaps emerge from bankruptcy with a portion of its business still alive.

“The Chapter 11 process will give Holdings the flexibility to strengthen its balance sheet, enabling the Company to accelerate its strategic transformation, continue right sizing its operating model, and return to profitability,” Lampert said in a statement.

Sears was founded in 1887. It evolved into an American one-stop shop for everything related to the home. Its annual Christmas catalog was immensely popular — at its height, it spanned over 500 pages. In the first half the 20th century, the company even sold about 70,000 pre-cut kit houses — a small part of its then-booming sales. Its strategy of offering all the home merchandise one could dream of in accessible catalogs was path-making.

“Sears is an American institution,” Jerry Hancock, self-proclaimed Sears scholar and historian, told NPR on Sunday. “There are actually a number of communities in North Carolina where almost the entire town is Sears houses that were purchased through the catalog.”

“Sears taught America about the modern world through this catalog,” he said. “It completely changed American life. That catalog was sort of a window into this new consumer world, and it really made a connection with people.”

The company’s recent stature has been far smaller than it was in its heyday, amid a constantly changing retail landscape dominated by Amazon, e-commerce and big-box discount retailers.

Nancy Koehn of the Harvard Business School told NPR in 2017 that in its early days, Sears was like Amazon is today — a retailer of great disruption.

“It wasn’t the Internet, but it was the same idea that no matter where you are you can touch and feel and imagine what these different products could mean in your life by virtue of an outreach, a distribution channel that an imaginative and gutsy retailer — in this case Sears — had created and then invested in and then enlarged,” Koehn said.

The company, which also owns discount retailer Kmart, will close 142 stores by the end of the year as part of the bankruptcy. As of an Aug. 4 filing, Sears Holdings still had 506 Sears locations and 360 Kmart locations.