Facebook 員工爆料內部密碼存了明碼

Krebs on Security 這邊看到的:「Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years」,Facebook 官方的回應在「Keeping Passwords Secure」這邊。

幾個重點,第一個是範圍,目前已經有看到 2012 的資料都有在內:

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.

另外的重點是這些資料已經被內部拿來大量搜尋 (喔喔):

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

另外是 Legal 與 PR 都已經啟動處理了,對外新聞稿會美化數字,降低傷害:

“The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source said. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.”

另外也會淡化後續的程序:

Renfro said the company planned to alert affected Facebook users, but that no password resets would be required.

去年的另外一則新聞可以交叉看:「Facebook’s security chief is leaving, and no one’s going to replace him」:

Instead of building out a dedicated security team, Facebook has dissolved it and is instead embedding security engineers within its other divisions. “We are not naming a new CSO, since earlier this year we embedded our security engineers, analysts, investigators, and other specialists in our product and engineering teams to better address the emerging security threats we face,” a Facebook spokesman said in an email. Facebook will “continue to evaluate what kind of structure works best” to protect users’ security, he said.

看起來又要再換一次密碼了... (還好已經習慣用 Password Manager,所以每個站都有不同密碼?)

喔對,另外補充一個概念,當他們說「我們沒有證據有人存取了...」的時候,比較正確的表達應該是「我們沒有稽核這塊... 所以沒有證據」。

Amazon 西雅圖辦公室拿隔壁棟 Data Center 的廢熱當空調

Amazon 的其中一個辦公室拿隔壁 data center 的廢熱借來當自己辦公室的空調:「Amazon to use data centre waste heat to warm corporate offices」,原始報導在「The super-efficient heat source hidden below Amazon's Seattle headquarters」。除了嘗試省電省成本以外,對企業形象也比較好...

隔壁 Westin Building Exchange 的地址是「2001 6th Ave #300, Seattle, WA 98121」,辦公室則是在「2040 6th Ave, Seattle, WA 98121」,無論是從地址上看,或是 Google Maps 上可以看,都可以看出來兩棟就在旁邊而已,拉管線就簡單很多了。

預定二十五年省 80M 度電,所以一年大約是 3.2M 度,以「Seattle, WA Electricity Rates | Electricity Local」這邊給的數字來算,商業用店每度是 USD$0.068,每年大約省下 USD$217,600 (所以每年大約可以省下台幣六百萬),以 3800 人的辦公室來說其實有點微妙,不過以 PR 的角度還看其實就很划算了 XDDD:

It is expected, over the course of 25 years, to save approximately 80 million kWh of electricity use by Amazon.

不知道這套系統花多少錢...