Facebook staff had access to millions of people's passwords

Facebook revealed on Thursday it didn't properly mask the passwords of hundreds of millions of it users and stored them in an internal database that could be accessed by its staff.

The company said it discovered the passwords during a security review in January and launched an investigation. Facebook did not say for how long they had been storing passwords in this way.
It will be notifying hundreds of millions of Facebook users and tens of thousands of Instagram users if their passwords were involved.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," Pedro Canahuati, a Facebook vice president wrote on Thursday.

He added that Facebook typically "masks people's passwords when they create an account so that no one at the company can see them."

The news was first reported by Krebs on Security.

The iPhone 11 could scan the veins in your face to unlock

Apple’s upcoming iPhone 11 may use a form of Face ID that scans veins to determine who’s picking it up, according to newly discovered patents.

The patent, filed in February 2018 and discovered by BGR, shows a front-facing camera on a device which scans the veins and blood vessels in a user’s face to determine who’s using it, a feature called 'subepidermal imaging'.

This camera would scan your face, possibly using infrared, and the device’s processor would compute the information using a range of processes that are also detailed in the patents, which involve scoring the scan based on previous templates and scans.

While a patent is no guarantee that a feature will be included in a device – this patent was filed before the release of the iPhone XS, and the feature didn’t make it into that phone – it would be a small but useful step in improving the security of Apple’s handsets.

Why not Face ID? 

If Apple did choose to use this feature for the iPhone 11, it wouldn’t be the first company to use vein recognition as a way to unlock a phone – the LG G8 ThinQ will also have this tech when it releases at some point in mid-2019.

The reason many companies are moving from face recognition to veins is that some phones, like the Samsung Galaxy S10, can be tricked into unlocking for the wrong user by masks or photographs, but subepidermal imaging removes this risk.

The patent includes a rough sketch of whatever iPhone or iPad would use this technology, including its camera, which would have a flood illuminator and speckle illuminator, two forms of imaging technology, as well as the main sensor – but we can’t tell anything else about the device from the picture.

The iPhone 11 launch is still a way out, given that Apple always launches its flagship handset towards the end of the year

How to set up emergency location sharing on Android, iOS

Smartphones are spectacular for snapping photos, scanning the news, and sending messages, but they can also be literal lifesavers if you take the time to set them up before the need arises.

Both Android and iOS have easy-to-use systems for sharing your location with a friend, family member, or other trusted contact in an emergency. You can even create connections that’ll allow you to check up on loved ones to see if their phone has detected movement lately and then request an automated location update if you’re unable to reach them.

The key to all of this is to configure your emergency system ahead of time so it’ll be available in case an actual emergency occurs. Take two minutes now, and then rest easy knowing your phone’s ready.

The simple option for iOS

If you’ve got an iPhone, Apple offers a built-in Emergency SOS system that gives you a quick way to call 911 (or the equivalent emergency service provider) and then alert a group of predefined emergency contacts — all in one fell swoop

To start, you need to tell your phone who your emergency contacts are:

• Open the Health app.
• Tap the “Medical ID” tab.  
• Tap “Edit.” (If you haven’t yet created a medical ID, you’ll need to do that first.)
• Find the “Add emergency contact” option, and add however many people you want.

Apple’s iOS Health app holds the key to configuring emergency location sharing on an iPhone.

Now, if you’re ever in an emergency situation with an iPhone 8 or later:

• Press and hold the power button along with either volume button, and you’ll see an “Emergency SOS” countdown appear on your screen.
•  Keep holding both buttons until the countdown ends. 
• Your iPhone will automatically call 911, and as soon as the call disconnects, the phone will text your emergency contacts with your current location. 

 If you have an iPhone 7 or earlier, press the power button five times fast, then drag your finger across the Emergency SOS slider that appears on the screen to initiate that same process.

The simple option for Android

Android doesn’t have a similar all-in-one function, though it does provide a way to offer emergency services information about a preassigned emergency contact from the lock screen. While the setup may differ somewhat depending on what phone you have and which version of Android it runs, the basics should be the same.

• Go to your phone’s lock screen. (You don’t have a screen lock set? Why not?)
• Look for the word “Emergency” at the bottom of the lock screen. Tap on that.
• Tap on “Emergency information” and then on the pencil symbol (or, depending on your phone, on “Add”). You’ll be asked to put in your PIN or lock pattern.
• This will bring you to your Emergency information screen where you can add personal information (such as blood type or any existing medical conditions) and any contacts you want to be notified.

The advanced option for Android or iOS

For a more robust setup in which you can share and request locations with trusted contacts — without needing to make a 911 call — download Google’s Trusted Contacts app for Android or iOS. Once you’ve signed in, create your list of connections.

• Tap the “Add Contacts” box on the app’s main screen.
• Find and tap the name of anyone you want to add.
• Once that person has approved your request (and installed the app onto their phone as well), you’ll always be able to see if they’ve been active recently and also if their phone’s battery is critically low.

Then, if you ever want to send a location alert:

• On the app’s main screen, select the person with whom you want to share your location.
• Tap “Send location alert now.”
• Your location will be shared for 24 hours or until you hit the “Stop” button.

And to request someone else’s location:

• Tap the person’s name on the app’s main screen.
• Tap “Ask for [person’s] location.”
• The app will alert the person to your request, and if they don’t respond within a set period of time, it’ll automatically share their location with you.

By default, Google’s Trusted Contacts app will share a requested location after five minutes without a response.

It’s the type of thing you hope you’ll never need, but with loved ones, in particular, it can bring valuable peace of mind to have it standing by just in case. 

6 things small businesses can do to improve cybersecurity

Small businesses can be more vulnerable to cyberattacks than larger companies because they often don't have sophisticated and comprehensive systems to protect themselves from hackers, viruses, malware and what's called ransomware. And owners who are focused on customers and employees may not ensure that their defenses are up to date.

But there are things small businesses can do to improve cybersecurity. Here are six:

• Don't do it alone. Small companies, if they can't afford their own in-house technology experts, should hire consultants who specialize in helping small businesses build and maintain their defenses.
• Think beyond your system. Companies can be attacked through other businesses or computer users including vendors and online storage services. Small business owners should ask anyone who links into their computers about the steps they take to protect everyone's data. "It's not OK to just contract with a firm. It's also doing due diligence," says Diana Burley, a professor at George Washington University's Graduate School of Education and Human Development, whose expertise includes cybersecurity.
• Back up everything. When Marcos Francos' company, Atlanta-based Mighty Clean Home, was attacked by ransomware, his files were rendered inaccessible. But because he had backed up all of his data, he didn't have to pay the ransom demanded by cyberthieves to unlock the files, and he was able to restore his system.
• Stay current. Software and hardware manufacturers routinely issue updates and what are called patches to improve security. Every device at a small business needs to have all updates and patches downloaded and installed.
• Get an EIN. Owners need to guard against a stolen identity from affecting their business accounts. So instead of using a Social Security number for business, they should have an Employer Identification Number. It's easy to obtain one from the IRS website, www.irs.gov.
• Beware of phishing scams. These are invasions that are often delivered by email with links or attachments. Owners and all employees need to be aware that cyberthieves are sending emails that look legitimate; when the links or attachments are clicked on, destructive malware enters the computer or network. Barry Kelly, CEO of technology consultant Kelser Corp., has training emails sent internally to staffers to help them sharpen their ability to detect phishing emails. That includes Kelly himself.

"I got caught three months ago" and clicked on one of emails, he admits.