Brian Krebs revealed The fact that a company working primarily in the real estate insurance sector has left up to 885 million records exposed on its website – since 2003. The big mistake of First American Financial Corp should have been obvious to anyone who would have thought about security. If you have the URL of a document on your website, you can simply add or subtract one to a number from the URL to access another document.
Given the type of activity of this company, these records include extremely private information. Krebs spoke with Ben Shoval, who drew attention to him and explained that the documents potentially included "Social Security numbers, driver's licenses, account statements, and even documents." internal to the company if you are a small business ".
To date, the company has filled the hole in the security of its website. At present, we can not know if anyone has really benefited from this vulnerability. Unlike the way these kinds of the data exposure disclosures usually goFirst American Financial does not even say that it does not have proof that the documents were consulted. In a statement to Krebs, here's what he said (we underline below):
First American learned that a design flaw in this application allowed unauthorized access to customer data. At First American, security, privacy and confidentiality are top priorities and we are committed to protecting the information of our customers. The company immediately took action to remedy the situation and shut down external access to the application. We are currently evaluating its potential impact on the security of customer information. We will not have any other comments until our internal review is completed..
This afternoon, First American made a second statement to The edge, adding that he hired a third-party forensic science firm to find out if anyone could have access to the records.
May 24thFirst American learned that one of its production applications had a design flaw that allowed unauthorized access to customer data. Security, privacy and confidentiality are top priorities and we are committed to protecting the information of our customers.
As a result, the company immediately took steps to remedy the situation and closed external access to the application. We are currently evaluating its potential impact on the security of customer information. We retained the services of an external law firm to ensure that there was no significant unauthorized access to our clients' data.
Many private data are actually accessible behind URLs that are not password protected, but they are still unaffected by their URLs. They are complex and impossible to guess. Google Photos, for example, shares images in this way. However, even if you grant First American Financial the task of making documents available without a password, it's still incredibly difficult to make these URLs as easy to guess.
Krebs characterizes this data exposure as "truly massive – perhaps superlative", and the number of records and sensitive information that they will certainly exist.
We have solicited further comments from First American Financial, but for the moment, the steps people might take to check if their data has been disclosed are unclear. You can find more information about the exhibition at Krebs on security.
Updated, 7:05 pm ET: Addition of First American's statement and disclosure that it is an external forensic science firm to investigate.
CrossFit, the branded workout program, removed its Facebook and Instagram pages earlier this week and explained the reasoning through a passionate Press release. The announcement lists various reasons for suspending his accounts for an indefinite period, including accusations that Facebook's news feeds are "censored and designed to reflect the political tendencies of Facebook's utopian socialists".
The problem stems from the removal of a Facebook group based in South Africa, Banting meal plans 7 days, that society says arrived without warning or explanation. The group, which is not related to CrossFit but has 1.6 million members and enjoys the benefits of a low-carbohydrate, high-fat diet such as CrossFit's recommended diet, has since been re-established. But the damage was done and the removal was CrossFit's breakthrough in how Facebook deals with user data.
The company describes itself as an opposing group that stands firm and often alone against an unholy alliance of universities, governments, and multinationals in the food, beverage, and pharmaceutical industries. "It seems that CrossFit is regularly facing the world.The ad was placed in a section of the website called "Battles." His position as a dissident voice in the fitness industry is why CrossFit believes it could be a target: "Facebook's action should give any serious reason to pause, especially that of us who engage in activities contrary to mainstream opinion. "
CEO Greg Glassman said at the Morning with chalkFor the CrossFit blog, Facebook "does not meet the standards of confidentiality and decency of my community, so we went out". His list of grievances regarding the social networking site is long, but these are usually honest reviews. Below you will find a complete list of "public complaints" that, in his opinion, could compromise the safety of the CrossFit community:
1 Facebook collects and aggregates user information and shares it with state and federal authorities, as well as with security organizations in other countries.
2 Facebook collaborates with government security agencies as part of citizen monitoring programs such as PRISM.
3 Facebook censors and deletes user accounts based on unknown criteria and at the request of third parties, including governments and foreign government agencies.
4 Facebook collects, aggregates and sells user information as "business." Its business model allows governments as well as businesses to use its algorithm-developed advertising categories as sophisticated tools for data mining and monitoring.
5 Facebook's news feeds are censored and designed to reflect the political tendencies of Facebook's utopian socialists, while remaining vulnerable to misinformation campaigns designed to stoke violence and prejudice.
6 Facebook, by principle and principle, has weaknesses in the protection of intellectual property and is slow to close its intellectual property theft accounts.
7 Facebook's security protocols are mediocre and Facebook has been the victim of the biggest data breach of the users of the story.
8 Facebook is acting to serve the interests of the food and beverage industry by removing accounts from communities that have identified the science of corrupt nutrition responsible for uncontrolled chronic global diseases. In this, it follows the practices of Wikipedia and other private platforms that host public content but retain the ability to suppress or remain silent – without the possibility of real debate or call – information and from perspectives outside a field of belief or narrow thinking. In this case, the right perspective has resulted in the death of millions of people due to preventable diseases. Facebook is therefore complicit in the global crisis of chronic diseases.
Hulu commissioned a new series of horror anthologies based on Nathan Ballingrud's news collection North American lake monsters, according to Deadline. It will be produced by Babak Anvari and Lucan Toh, the creative team behind the horror film Injuries, which debuted at the Sundance Festival in January. They already know about Ballingrud's work: Injuries is based on another Ballingrud story, The visible grime. Anvari wrote and directed the film, and Toh was one of the producers. The film is played by Dakota Johnson, Armie Hammer and Zazie Beetz.
The North American lake monsters series is scheduled as an eight-episode season, produced by Mary Laws, who produced AMC Preacher and co-wrote the film by Nicolas Winding Refn The neon demon. Hulu says the series will explore people's suffering, "they will try to act desperately to try to repair their lives, ultimately showing that there is a thin line between man and beast." Their stories will include "encounters with gothic beasts, including fallen werewolf angels."
This is a pertinent description of the Ballingrud collection. North American lake monsters (The series will probably not share the same name as the collection, just call it Untitled Mary Laws Project) brings together nine Ballingrud news, featuring a man in front of werewolves, a lovecraft adventure in the Arctic, scary vampires, and a father and daughter who take care of the discovery of a lacustrine monster failed.
The collection is an exceptional showcase for the short horror. Individual stories are fantastic examples of how to frame a story and create a sense of tension, using the supernatural to frame the problems that people may encounter each day. There has been an overabundance of good anthology shows about streaming services – Netflix & # 39; s Black mirror, CBS The twilight zone, The HBO Room 104, D & # 39; Amazon Electric dreamsand Hulu Dimension 404 – and if it's done well, this series could be a remarkable entry. If it goes well, Hulu would do well to also look at the latest Ballingrud collection, Injurieswho in stores in april.
The Boring Company, the tunneling company of Elon Musk, recently organized a race between two Tesla vehicles: one on the road under normal traffic conditions, the other in the 1.14 km tunnel under SpaceX's headquarters in Hawthorne, California. Suffice to say that it was not really a contest.
The Tesla Tunnel was the winner, emerging on the road in 3 minutes and 8 seconds before it hit the surface. In fact, the car in the tunnel reached the finish line even before the car in traffic passed the first traffic light.
More specifically, the Tesla in the tunnel has reached a maximum speed of 127 mph. It's much faster than the boring company demonstrated for journalists and city officials (including our own Liz Lopatto) at a lavish event in December. These rides were also incredibly bumpy, which was attributed to a faulty paver. This one seemed to be smoother – at least according to the video footage.
The race was posted on Twitter less than 24 hours after Boring received its first approval dig a pair of tunnels under the Las Vegas Convention Center. The $ 48.6 million project is completed in time for the Consumer Electronics Show in January 2021 – although Musk has suggested that it could be operational by the end of the year.
The boring company started with at 2016 tweet, in which Musk wrote: "The traffic drives me crazy, I'm going to build a tunnel boring machine and just start digging …" It has since evolved to include the tunnel test at Hawthorne, the "people movement" "Recently approved by Las Vegas, with a bid of $ 1 billion for a Chicago tunnel to O. Hare. Airport east on the skatesand the Washington, DC-Baltimore tunnel, which is currently undergoing environmental assessment.
Transportation advocates, however, fear that a new network of car tunnels will only create surface congestion, especially when vehicles line up to enter the tunnel. Musk has also been critical for the construction of tunnels that can only accommodate cars rather than vehicles with greater capacity to carry more people
The Boring Company organized this race to answer a simple question: which is the fastest, the road or the tunnel? But like The rod Associate Editor Thomas Ricker rightly notes that this comparison is false. This equates to "bragging about 5G speed before phones are delivered to consumers".
The effects of The ban on Huawei in the United States continue to grow, with the Chinese computer hardware company now excluded from the group of SD Association (the trade group that accepts standard specifications for SD and microSD cards). In other words, Huawei is no longer allowed to integrate the official support of SD or microSD cards in future phones or laptops, via 9to5Google.
The SD association has confirmed at Android Authority that Huawei's withdrawal from the group was due Trump Executive Order, making the last blow to the beleaguered Chinese society as a result of this ban. MicroSD cards and SD cards will continue to work on existing Huawei hardware, but being excluded from the SD Association means that Huawei will not be able to use future product standards.
The SD Association is also not the first to cut ties: Google, ARM, Intel, Qualcomm and Broadcom are also among the companies that stopped working with Huawei because of the ban. The Wi-Fi Alliance (which sets Wi-Fi standards across the industry) has also "temporarily limited" Huawei's membership due to the ban imposed by the United States. Huawei also voluntarily left JEDEC (to the better-known semiconductor standardization group to set the specifications of the RAM) on problems with the United States also, according to a report of Asian Nikkei Review. All of this could seriously hamper Huawei's ability to produce hardware, let alone competition in the US technology market.
Losing SD cards may not be the biggest problem for the company at the moment. Like with Android and Windows (for which Huawei is already developing alternative operating systems) Huawei has also prepared for a microSD card crash: the company has its own, Nano proprietary memory cards physically smaller than microSD cards and have fully replaced the more universal standard on its new peripherals.
Customers waiting to send Samsung's Galaxy Fold may have just received another bad sign: Best Buy would have canceled all orders for the foldable phone delayed because of the lack of a new Samsung release date.
In an e-mail to customers, Best Buy said that advanced designs and technologies represented many obstacles and the opportunity to cope with a plethora of unplanned failures. These obstacles have led Samsung to postpone the release of the Galaxy Fold, and Samsung has not provided a new release date. Because we give priority to our customers and want them to be supported in the best possible way, Best Buy has decided to cancel all pending pre-orders for the Samsung Galaxy Fold. "
The announcement comes a month after Samsung announced that it would indefinitely delay the Galaxy Fold, while it was intended to solve various problems related to the overhaul units it had distributed (including The edgeOriginal test device). AT & T had previously put a release date on June 13 on the fold after the announcement of the delay, but the carrier has since removed this estimate. Samsung announced earlier in May that it would be wrong to cancel pre-orders from customers who have not confirmed that they still wanted to go to bed on May 31st due to federal regulation.