hashing
Latest
Over 20,000 Facebook employees had access to 600 million user passwords
It's a day of the week ending in the letter "y," so it should come as little surprise there's news of another Facebook privacy transgression. The company says it found in January that some user passwords were stored in plain text on its servers. Facebook's systems are supposed to mask passwords, and it has since fixed the issue.
Twitter warns all users to change passwords following internal bug
Twitter announced today that a bug allowed users' passwords to be stored internally without being masked. When things are working correctly, Twitter stores hashed passwords, turning them into random letters and numbers so that no one at the company can see what any user's password is. But a bug caused passwords to be stored within an internal log before the hashing process was complete. Twitter says that it spotted the problem itself and fixed it. But while it claims there has been no evidence that the passwords were misused or that they left the company's systems, Twitter is recommending that everyone change their passwords just to be safe.
Google helps put aging SHA-1 encryption out to pasture
The decades-old SHA-1 encryption used to protect websites is already dying, but a discovery from Google and security researcher CWI Amsterdam could be the killing blow. For the first time, they've found a way to generate a "collision" and create the same critical hash function multiple times. The discovery will make it 100,000 times easier for attackers to slip malicious files into websites or servers than by a brute force attack. That new should help end its use, increasing security around the internet.
Bitcoin rival rewards you for archiving history instead of doing useless math
Other than generating lucre, Bitcoin mining does nothing but waste of time and energy. That's why researchers from Microsoft and the University of Maryland have developed "Permacoins" which reward you for actually doing something useful: backing up important data to your hard drives. For instance, you could earn crypto-coins by helping store, say, the 200TB US Library of Congress to your own disks. You wouldn't be able to cheat and use Dropbox or Google Drive thanks to an encrypted key, and data would be validated using a "proof of reliability" check. With enough participation, it would provide a safe, distributed backup and enable data to be accessed during outages -- like when the Library of Congress went offline during last year's shutdown. It's just a prototype for now, but researchers reckon a 100 Petabyte data pool could be created if users spent the same on storage that they have on pricy mining rigs.
Path vows contact data 'hashing' in next update, chases privacy certification
Path is still trying to pave over those privacy cracks, promising that its next update will "hash" the contact data it previously used to suck up without prior warning. Last month, the app was caught with its digital fingers inside users' address books and while the subsequent (and understandably swift) update allowed users to opt out, the Path devs are still looking to gain privacy certification with TRUSTe. They told The Verge that the next version will still allow contact matching without plucking the precise details at the same time, using a hashing technique that won't identify the data delivered to the social network app. The latest update adds compatibility with Nike+ GPS, plus improvements to the embedded camera and a new music recognition function. It's available now for the mobile OS of your choice at the sources below.
