Facebook 員工爆料內部密碼存了明碼

Krebs on Security 這邊看到的:「Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years」,Facebook 官方的回應在「Keeping Passwords Secure」這邊。

幾個重點,第一個是範圍,目前已經有看到 2012 的資料都有在內:

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.

另外的重點是這些資料已經被內部拿來大量搜尋 (喔喔):

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

另外是 Legal 與 PR 都已經啟動處理了,對外新聞稿會美化數字,降低傷害:

“The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source said. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.”

另外也會淡化後續的程序:

Renfro said the company planned to alert affected Facebook users, but that no password resets would be required.

去年的另外一則新聞可以交叉看:「Facebook’s security chief is leaving, and no one’s going to replace him」:

Instead of building out a dedicated security team, Facebook has dissolved it and is instead embedding security engineers within its other divisions. “We are not naming a new CSO, since earlier this year we embedded our security engineers, analysts, investigators, and other specialists in our product and engineering teams to better address the emerging security threats we face,” a Facebook spokesman said in an email. Facebook will “continue to evaluate what kind of structure works best” to protect users’ security, he said.

看起來又要再換一次密碼了... (還好已經習慣用 Password Manager,所以每個站都有不同密碼?)

喔對,另外補充一個概念,當他們說「我們沒有證據有人存取了...」的時候,比較正確的表達應該是「我們沒有稽核這塊... 所以沒有證據」。

Amazon 西雅圖辦公室拿隔壁棟 Data Center 的廢熱當空調

Amazon 的其中一個辦公室拿隔壁 data center 的廢熱借來當自己辦公室的空調:「Amazon to use data centre waste heat to warm corporate offices」,原始報導在「The super-efficient heat source hidden below Amazon's Seattle headquarters」。除了嘗試省電省成本以外,對企業形象也比較好...

隔壁 Westin Building Exchange 的地址是「2001 6th Ave #300, Seattle, WA 98121」,辦公室則是在「2040 6th Ave, Seattle, WA 98121」,無論是從地址上看,或是 Google Maps 上可以看,都可以看出來兩棟就在旁邊而已,拉管線就簡單很多了。

預定二十五年省 80M 度電,所以一年大約是 3.2M 度,以「Seattle, WA Electricity Rates | Electricity Local」這邊給的數字來算,商業用店每度是 USD$0.068,每年大約省下 USD$217,600 (所以每年大約可以省下台幣六百萬),以 3800 人的辦公室來說其實有點微妙,不過以 PR 的角度還看其實就很划算了 XDDD:

It is expected, over the course of 25 years, to save approximately 80 million kWh of electricity use by Amazon.

不知道這套系統花多少錢...

StackOverflow 上離開 Vim 方法的文章...

被拿出來當 PR 宣傳了:「Stack Overflow: Helping One Million Developers Exit Vim」。

由於 Vim 是 Unix-like 系統一定會內建的 editor,所以常常被拿來放在 tutorial 裡面 (考慮到普及性,但完全不熟的初學者就...),或是不小心在輸入 vipw 或是 visudo 之類的指令就中獎了:

可以看到 pageview 破一百萬次了 XDDD 而且流量也都很穩定:

依照地區來拆開的話:(不過沒有照人口數正規化...)

然後做交叉分析,看這些卡在 Vim 的人平常是看什麼其他的文章:

回到資料分析的角度來看,這些東西可以透過有 cookie 的 access log 做到。有 access log 後可以用 Google CloudBigQuery,也可以用 AWS 家的 Amazon Athena 做。

Airbnb 被抓到操作站上資料以美化數據

在「How Airbnb's Data hid the Facts in New York City」這篇文章裡提到了 Airbnb 在去年 (2015 年) 十一月時操作站上資料,美化數據的證據。

Airbnb 在 2015 年 12 月時發表了一篇「Data on the Airbnb Community in NYC」,說明 Airbnb 對紐約地區的貢獻的種種之類的 PR 文章。

Airbnb 的文章裡面提到了資料是取自 2015 年 11 月 17 日的資料:

As of November 17, 2015 there were 35,966 active Airbnb listings in New York.

而作者則發現了 2015 年 11 月 17 日當天,Airbnb 站上的資料被「清理」過:

A major part of Airbnb's recent data release was a snapshot of New York City listings as of November 17, 2015. This report shows that the snapshot was photoshopped: in the days leading up to November 17, Airbnb ensured a flattering picture by carrying out a one-time targeted purge of more than 1,000 listings. The company then presented November 17 as a typical day in the company’s operations and mis-represented the one-time purge as a historical trend.

而且只針對紐約地區清理:

No similar event took place in other cities in North America or elsewhere.

完整的分析在「how_airbnbs_data_hid_the_facts_in_new_york_city.pdf」可以取得 PDF 檔,可以看到裡面同時有兩個不同資料來源的分析並確認 (Murray Cox 與 Tom Slee 所蒐集的資料)。

維基百科開始對公關公司反擊了...

維基百科對於針對維基百科條目「美化」的公關公司反擊了:「Wikimedia Foundation sends cease and desist letter to WikiPR」,PDF 可以在「2013-11-19_C&D_letter_to_WikiPR_from_Cooley.pdf」取得。

主要是以使用者條款作為依據,要求對方禁止對維基百科上的文章「美化」(像是移除負面的事實),不過看起來這種事情只會轉入地下,不會消失... :p

Facebook 僱用公關公司,試著攻擊 (抹黑) Google...

很多地方看到這則新聞,隨便引用個 (OSNews):「Facebook Hired PR Firm To Secretly Smear Google」。

本來只有傳出「公關公司受到某公司的要求要抹黑 Google」,大家狂猜是哪些公司,是 Apple 還是 Microsoft,結果最後是 Facebook 在被爆破後承認了:「Facebook Busted in Clumsy Smear on Google」。

另外一個可以看的說明是 FUD (中文版:FUD),解釋這類行為。