If you're one of the victims of the recently revealed hack of Facebook, you should be extra careful on the internet — and extra watchful of your other online and offline accounts.
The data hackers gleaned from the social network could be used for identity theft, and to access accounts ranging from those at banks and other financial institutions to online stores. It also could be used in so-called spear phishing attacks, in which hackers use the information they know about particular users to send them personalized messages that convince them to leak their passwords or other critical data.
Some 30 million accounts were compromised in the attack, which Facebook first announced three weeks ago. The hackers were able to gain access to names and phones numbers of nearly all of those users as well as personal details such as birth dates, relationship status, gender, and education and work histories for 14 million of them.
This data can potentially be used to hijack accounts on other services besides Facebook as well. The password reset feature on many sites asks users to answer certain security questions. Those questions often ask for just the kind of personal details that were revealed in the Facebook hack.
But it's not just online accounts that are at risk. Information such as names and birth dates can also be used to gain access to banking accounts or medical records over the phone.
You can find out whether you were affected by the Facebook attack by logging into your account and going to a security page the company has set up. We've created a hotlink for you at cat5.tv/fbhack
Sent to us by: Bekah Ferguson
Someone has reportedly siphoned personal information on 30,000 or more US Department of Defense workers.
According to anonymous sources at the Pentagon in Washington DC, an unnamed individual was able to access department travel records earlier this year, and would have been able to log employees' submitted personal information – such as names, dates of birth, and credit card numbers.
Both military and civilian workers are believed to have been caught up in the theft, and current estimates sit at roughly 30,000 people having their records exposed to miscreants, with that number set to climb as the investigation continues.
The data theft is said to have occurred not within the Pentagon itself, but rather with a third-party vendor it uses to book travel. The vendor was not identified.
Word of the data spill comes as the DoD is looking to kick off a major reorganization of its IT operations with the awarding of the 10-year $10bn JEDI contract program. Cloud vendors are being asked to put together proposals that would see a single vendor get the task of creating a new cloud system to handle operations for the entire department.
That an outside vendor would be tangled up in the theft of personally sensitive information just as the Pentagon looks to offload the bulk of its agency and employee data to another third party with JEDI is not a particularly good look.
Still, a mere 30,000 personnel records would actually be huge improvement from the government's worst data fumble, the 20 million-plus records stolen by Chinese hackers in the 2015 OPM mega-hack.
Sent to us by: Roy W. Nash
The UK Government wants to secure smart home gadgets.
Makers of smart home devices are being encouraged to make their gadgets secure against hack attacks.
The UK has published a voluntary code of practice for manufacturers that shows how they can proof their creations against common attacks.
It aims to stop gadgets being hijacked and used to mount cyber-attacks - and stamp out designs that let cyber-thieves steal data.
The government initiative is aimed at makers of small smart gadgets for the home, such as web-connected doorbells, cameras, toys and burglar alarms - the so-called internet of things.
An increasing number of cyber-attacks exploit poor security on these gadgets.
The detailed code includes 13 separate steps manufacturers can take to produce more secure products.
The steps include securely storing customer data, regularly updating software, requiring users to choose stronger passwords, making it easier for users to delete data and re-set a device, as well as setting up a vulnerability disclosure policy.
Two companies so far, HP and Hive Centrica, have agreed to follow the code.
Sent to us by: Roy W. Nash
Someone Used a Deep Learning AI to Perfectly Insert Harrison Ford Into Solo: A Star Wars Story
Casting anyone other than Harrison Ford in the role of Han Solo just feels like sacrilege, but since Ford is now 76 years old, playing a younger version of himself would be all but impossible. Or at least impossible if you rely on the standard Hollywood de-aging tricks like makeup and CG. Artificial intelligence, it turns out, does a pretty amazing job at putting Ford back into the role of Solo.
The YouTube channel “derpfakes” uses the Deepfakes technique with free software and has been posting videos that demonstrate the impressive, and at times frightening, capabilities of image processing using artificial intelligence. Using a process called deep learning, an AI analyzes a large collection of photos of a given person, creating a comprehensive database of them in almost any position and pose. It then uses that database to intelligently perform an automatic face replacement on a source clip, in this case replacing actor Alden Ehrenreich’s face with Harrison Ford’s.
As we’ve seen before, like when deep learning was used to erase actor Henry Cavill’s Justice League mustache, the results are not only good, they’re actually better than the visual trickery that Hollywood visual effects studios are capable of.
Sent to us by: Robbie Ferguson