Daily Archives: March 21, 2019

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years and were searched by FB engineers

Posted on by

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

Source: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security

Facebook responds:

As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way

“some” – hundreds of millions!

https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/

Humans Built Complex Societies Before They Invented Moral Gods

Posted on by

The appearance of moralizing gods in religion occurred after—and not before—the emergence of large, complex societies, according to new research. This finding upturns conventional thinking on the matter, in which moralizing gods are typically cited as a prerequisite for social complexity.

Gods who punish people for their anti-social indiscretions appeared in religions after the emergence and expansion of large, complex societies, according to new research published today in Nature. The finding suggests religions with moralizing gods, or prosocial religions, were not a necessary requirement for the evolution of social complexity. It was only until the emergence of diverse, multi-ethnic empires with populations exceeding a million people that moralizing gods began to appear—a change to religious beliefs that likely worked to ensure social cohesion.

Belief in vengeful gods who punish populations for their indiscretions, such as failing to perform a ritual sacrifice or an angry thunderbolt response to a direct insult, are endemic in human history (what the researchers call “broad supernatural punishment”). It’s much rarer for religions, however, to involve deities who enforce moral codes and punish followers for failing to act in a prosocial manner. It’s not entirely clear why prosocial religions emerged, but the “moralizing high gods” hypothesis is often invoked as an explanation. Belief in a moralizing supernatural force, the argument goes, was culturally necessary to foster cooperation among strangers in large, complex societies.

Source: Humans Built Complex Societies Before They Invented Moral Gods

Hundreds of South Korean motel guests were secretly filmed and live-streamed online

Posted on by

About 1,600 people have been secretly filmed in motel rooms in South Korea, with the footage live-streamed online for paying customers to watch, police said Wednesday.

Two men have been arrested and another pair investigated in connection with the scandal, which involved 42 rooms in 30 accommodations in 10 cities around the country. Police said there was no indication the businesses were complicit in the scheme.
In South Korea, small hotels of the type involved in this case are generally referred to as motels or inns.
Cameras were hidden inside digital TV boxes, wall sockets and hairdryer holders and the footage was streamed online, the Cyber Investigation Department at the National Police Agency said in a statement.
Cameras found by police hidden inside a hotel wall outlet (left) and hair dryer stand (right).

Cameras found by police hidden inside a hotel wall outlet (left) and hair dryer stand (right).
The site had more than 4,000 members, 97 of whom paid a $44.95 monthly fee to access extra features, such as the ability to replay certain live streams. Between November 2018 and this month, police said, the service brought in upward of $6,000.
“There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet,” police said.
South Korea has a serious problem with spy cameras and illicit filming. In 2017, more than 6,400 cases of illegal filming were reported to police, compared to around 2,400 in 2012.

Source: Hundreds of South Korean motel guests were secretly filmed and live-streamed online – CNN