Facebook stored hundreds of millions of user passwords in plain text for years

Krebs on Security reported that Facebook stored hundreds of millions of user passwords in plain text for years.

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.


A written statement from Facebook provided to KrebsOnSecurity says the company expects to notify “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.” Facebook Lite is a version of Facebook designed for low speed connections and low-spec phones.

Notified or not, it’s a good time to reset your passwords.

Two-thirds of all Android antivirus apps are frauds

Catalin Cimpanu reported ZDNet that two-thirds of all Android antivirus apps are frauds.

That means that 170 of the 250 Android antivirus apps had failed the organization’s most basic detection tests, and were, for all intent and purposes, a sham.

“Most of the above apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business,” the AV-Comparatives staff said.

“Examples of the latter category are developers who make all kinds of apps, are in the advertisement/monetization business, or just want to have an Android protection app in their portfolio for publicity reasons,” researchers said.

Having worked on Android apps before, this is a very frustrating situation for developers. On many occasions, we received negative reviews for the Android apps because our apps were flagged as malware by an antivirus app.

Nevertheless, there’s a way to get pass many of these antivirus apps.

However, results didn’t reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn’t actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code).

Essentially, some antivirus apps would mark any app installed on a user’s phone as malicious, by default, if the app’s package name wasn’t included in its whitelist. This is why some antivirus apps detected themselves as malicious when the apps’ authors forgot to add their own package names to the whitelist.

In other cases, some antivirus apps used wildcards in their whitelist, with entries such as “com.adobe.*”.

In these cases, all a malware strain had to do was to use a package name of “com.adobe.[random_text]” to bypass the scans of tens of Android antivirus products.

Do you have an antivirus app on your Android phone?

Samsung Galaxy S10 Plus unlocks with the video of the owner’s face

Dan Seifert reported for The Verge about the unlocking features of Samsung Galaxy S10 Plus.

But it’s not as fast or reliable as the traditional, capacitive fingerprint scanner on the back of the S9. The target area for the reader is rather small (though the lockscreen will show you a diagram of where to place your finger) and I had to be very deliberate with my finger placement to get it to work.

Even then, I often had to try more than once before the S10 would unlock. I’d just rather have a Face ID system that requires less work to use, or at the very least, an old-school fingerprint scanner on the back of the phone. The S10 does have a face unlock feature, but it’s just using the camera to look for your face and compare it to a previous image — there’s no 3D mapping or anything. I was actually able to unlock the S10 with a video of my face played on another phone.

Unless Samsung fixes this problem, S10 owners should avoid using face recognition.

Samsung says it developed the ultrasonic scanner because feedback from customers said they wanted the fingerprint reader on the front of the phone, and this design allowed for more screen real estate than placing a capacitive sensor in a bezel below the screen. The S10 also lacks the iris scanning login option of older Galaxy models, which would have required more sensors than the new hole-punch screen design has room for. The company told me that it will continually adjust and optimize the face scanner’s performance leading up to the S10’s availability.

But here’s my feedback to Samsung: go copy Apple’s Face ID system. It’s far easier and more reliable to use than the S10’s nifty-looking but ultimately disappointing in-screen fingerprint scanner.

If it was that easy to copy Face ID, you would see more phones with comparable facial recognition sensors.

Samsung Galaxy S10 Plus Review: A $1,000 Smartphone With Compromises

Brian Chen wrote for The New York Times about Samsung Galaxy S10,a $1,000 Smartphone With Compromises.

My bumpy experience with the print sensor firmed up one conclusion: Face recognition is a more convenient method for unlocking phones, and Samsung is behind Apple in this area.

There are some cons to using FaceID but the pros far outweigh these annoyances.

I found that the fingerprint reader on Samsung’s Galaxy S10 Plus was an improvement over past models. But the device’s biometrics over all were still weaker than the features on Apple’s iPhone, Samsung’s biggest rival.

That’s the general feedback that I get from Android users I know. They often end up using the passcode because it’s faster that way.

Drew Blackard, a director of product marketing at the company, said that based on customer feedback, the fingerprint sensor was the most popular method for unlocking devices. As a result, the company focused on improving that feature.

He added that Samsung was studying face recognition and had made it more difficult to trick the scanner with a photo of a person’s face. “Is it an area that we’re continuing to look at? The answer is: Of course,” Mr. Blackard said.

I have to say Samsung’s decision to focus on fingerprint sensing instead of upgrading its face scanner is not particularly satisfying. User feedback isn’t generally an ideal way to design security features. After all, many people also enjoy using the same weak passwords across all their internet accounts.

Perhaps the fingerprint reader is more popular because the face recognition method doesn’t quite work as expected?

US cities burn recyclables after China bans imports

Oliver Milman reported for The Guardian that US cities burn recyclables after China bans imports.

Until recently, China had been taking about 40% of US paper, plastics and other recyclables but this trans-Pacific waste route has now ground to a halt. In July 2017, China told the World Trade Organization it no longer wanted to be the end point for yang laji, or foreign garbage, with the country keen to grapple with its own mountains of waste.

Recycling isn’t always the answer. There’s reducing and reusing too.

“The unfortunate thing in the United States is that when people recycle they think it’s taken care of, when it was largely taken care of by China,” said Gilman. “When that stopped, it became clear we just aren’t able to deal with it.”

There needs to be an increased awareness of what happens when we recycle. Instead of just thinking we are doing the right thing by recycling, think further down the process. This shouldn’t be something that’s out of sight, out of mind.

Forget USB 3.0 & USB 3.1: USB 3.2 Moving Forward

Zhiye Liu wrote for Tom’s Hardware that USB 3.0 and USB 3.1 will become USB 3.2.

Both USB 3.0 and USB 3.1 are to be considered generations of the USB 3.2 specification. USB 3.1 Gen 1 (formerly known as USB 3.0), which offers speeds up to 5 Gbps, will be rebranded into USB 3.2 Gen 1 while USB 3.1 Gen 2, which supports communication rates up to 10 Gbps, will be called USB 3.2 Gen 2 moving forward. Since USB 3.2 has double the throughput (20 Gbps) of USB 3.1 Gen 2, the updated standard has been designated as USB 3.2 Gen 2×2.

This is going to make it so consumer-friendly, USB Implementers Forum.

Anti-vaxx propaganda has gone viral on Facebook. Pinterest has a cure

Julia Carrie Wong reported for The Guardian about how Pinterest is taking action against anti-vaccination propaganda that Facebook has failed to address.

Pinterest has responded by building a “blacklist” of “polluted” search terms.

“We are doing our best to remove bad content, but we know that there is bad content that we haven’t gotten to yet,” explained Ifeoma Ozoma, a public policy and social impact manager at Pinterest. “We don’t want to surface that with search terms like ‘cancer cure’ or ‘suicide’. We’re hoping that we can move from breaking the site to surfacing only good content. Until then, this is preferable.”

It doing the socially responsible thing. Common sense isn’t common. We need to have some form of gatekeeping to ensure the right information goes out. Freedom of speech doesn’t mean free reach.

AirPods are the second-best selling Apple product within two years of launch, search rate up 500% YoY

Alex Allegro reported for 9to5Mac that AirPods are the second-best selling Apple product within two years of launch with search rate up 500% year-on-yar.

When comparing between AirPods search interest from December 2016 — the initial month of release — and data from December 2018, Google search rates have skyrocketed a massive ten times over.

Above Avalon explains,
Comparing peak AirPods search interest over the three most recent holiday seasons, the juxtaposition is startling. The following are Google search interest for “AirPods” in the U.S. indexed to 100 (represents maximum search interest):

  • 2016 holiday season: 10 (AirPods search interest was 10% the volume of peak search interest).
  • 2017 holiday season: 20 (100% year-over-growth in search interest)
  • 2018 holiday season: 100 (500% year-over-year growth in search interest)

Everyone I know who has AirPods rave about them. Looking forward to the next generation model.

How did Apple’s AirPods go from mockery to millennial status symbol?

Elena Cresci reported on how Apple’s AirPods went from mockery to millennial status symbol.

Of all the widely ridiculed tech products, Apple’s AirPods have experienced an extraordinary turnaround. Back in 2016, they were roundly mocked by the tech industry. Tiny wireless earbuds? It seemed like a recipe for disaster – streets would be littered with these lost headphones, which would clutter up city pavements like discarded gloves and babies’ socks.

It is worth noting that such mockery has often been aimed at Apple products. A classic example is the iPhone. People laughed at the lack of a physical keyboard and the pricing. Then there’s the memes about the iPad name sound like sanitary pads. How’s iconic is the iPad brand today?

Those who don’t understand or appreciate the products are quick to make fun of it. In hindsight, the mockery made good publicity and Apple gets the last laugh.

Baidu has built an AI cat shelter to care for strays

TechNode reported that Baidu has built an AI cat shelter to care for strays.

The shelter, which comes complete with toys, regular dispatches of food and water, and warm spaces to sleep, features feline facial recognition to grant access. It can also check its guests for various diseases and assess whether or not they’ve been neutered. If it identifies a sick cat, a message is sent to a nearby volunteer organization that looks after stray animals to come and administer the required help.


Baidu’s development is an especially impactful one for northern China’s cat population, with sub-zero temperatures and the difficulty of obtaining food leading Dongbei News to estimate that just 4 in 10 stray cats make it through the winter in the country’s northeastern regions.

Tech can make the world a better place if we put our hearts to it.