By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Facebook has admitted having a “security issue” with nearly 50 million accounts which had their “access tokens” compromised. The social media giant has reset tokens for another 40 million accounts as a “precaution.” The issue affected nearly 50 million accounts, which would require users to re-enter their passwords. The security issue was discovered by the company’s engineers on Tuesday. Hackers have been apparently able to fetch the so-called “access tokens” – digital keys, which allow a user to stay logged into Facebook and to not re-enter their passwords each time they use the application. “Our investigation is still in its early stages. But it's clear that attackers exploited a vulnerability in Facebook's code that impacted "View As", a feature that lets people see what their own profile looks like to someone else,” the tech giant said in a statement. The vulnerability has been already fixed, according to Facebook, and the “View As” feature has been temporarily disabled. “This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted "View As." The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens,” Facebook stated. Damage done by the attack is yet to be evaluated, it remains unclear whether the affected accounts “were misused or any information accessed.” Source of the attack and who was behind it also remain unidentified, according to Facebook.

Microsoft Surface laptops are now eligible for “recommended” status in Consumer Reports’ ratings. Last year we removed that designation because of poor predicted reliability in comparison with laptops from other brands. Reliability evaluations are based on surveys of our members. We now have results from our latest survey. “Microsoft’s reliability is now on par with most other laptop brands,” allowing its products to be recommended, says Martin Lachter, a senior research associate at Consumer Reports. This is the first year that brand reliability is being factored into the Overall Scores for many products rated by Consumer Reports. Owner satisfaction, which is based on the same survey of our members, is also being incorporated into the Overall Score. The new reliability scores are ready just as we’ve completed our lab testing of the recently released Microsoft Surface Go. That 10-inch Surface Go, released in August, is meant to be a two-in-one laptop, though a keyboard must be purchased separately. The Surface Go isn’t receiving a CR recommendation, but that’s based on the results of lab testing, not member survey data. The Surface Go is the only Surface that isn’t getting a recommendation; the company’s other models, including the Surface Pro, Surface Laptop, and Surface Book 2, do score well enough to be recommended. (Based on feedback from Microsoft, we are testing and rating these devices as laptops; last year we considered some Surface products separately as laptops and as tablets.) Learn more by visiting OUR FORUM.

Cloudflare announces today support for encrypted Server Name Indication, a mechanism that makes it more difficult to track user's browsing. A web server can host multiple websites, with all of them sharing the same external IP address. This is possible through virtual hosting, a method that allows splitting the resources among available domain names. Server Name Indication (SNI) is a component of the TLS protocol that makes it possible for a server to present different TLS certificates that validate and secure the connection to websites behind the same IP address. An application with SNI support includes the hostname it is trying to reach the beginning of the handshake process with the server. This initial conversation in the TLS negotiation process happens in the clear, exposed to every node along the way, allowing an observer to track users or to influence (block, slow down) the connection to websites it does not sympathize. An encrypted SNI (ESNI) eliminates the risk of exposing the destination name. Learn more on OUR FORUM.

Along with Material Design, the latest version of Google’s popular Chrome browser also brings along some under the hood changes which may not be as desirable to users concerned about their privacy. With Google Chrome 69, logging into any Google service such as Gmail or YouTube will now also log you into the browser itself, which means a large number of items will automatically be uploaded to Google’s servers, where they can presumably be indexed, a user and ad profile be created or subpoenaed for your divorce proceedings. Prior to this users had to consciously log into the browser, and users who were not logged in had their bookmarks, browser, and other items stored only locally. Google’s privacy policy makes the difference between logged in and logged-out (basic browser) mode clear. I suspect at this point most of us have given up the fight to keep our data on our own computers and out of the cloud, but for those who are still fighting the good fight, and who are rightfully outraged by this, besides protesting loudly may also want to use an alternate browser focussed on privacy such as the Brave browser. Keep up to date and visit OUR FORUM.

Virtual reality (VR) can do some amazing things, whether that’s immersive video game entertainment, traveling the world, connecting with friends or holding a meeting in virtual spaces and much more. Yet there’s one inherent cravat with the technology, and that’s using a keyboard. Developers tend to either avoid requiring keyboard inputs in their software but there are times when all those buttons are needed, for example going online in VR, and having a headset on your face while typing can prove awkward. Enter Tap Systems with its new Tap Wearable Keyboard and Mouse device. As you can see from the images Tap is designed to fit comfortably around a users fingers and thumb, connecting to any Bluetooth enabled device. Tap allows users to compose text, play video games, point, click and scroll using just about any available surface. When it comes to VR, the device removes the need to see what your hands are doing as tapping does not require the user to aim for keys, so they can edit documents, create spreadsheets, compose emails and texts all within a virtual environment. So how does it work? Well, Tap doesn’t use the traditional QWERTY keyboard, instead, users create letters by tapping one or more fingers onto a surface. So, for example, tapping your thumb would create the letter A, and so on. Of course with only five sensors there’s going to be quite a few combinations, which is why the company has created a teaching tool to help users become acquainted with the system. Compatible with Microsoft’s virtual desktop environment for Windows Mixed Reality, Tap can also be used with virtual desktop applications running on the Oculus Rift and HTC Vive. Additional features include a battery that can provide 8 hours of use and 7 days standby, full customization for video games and apps, adjustable ring sizes plus a recharging case. More details can be found on OUR FORUM.

On Friday, Apple will release the iPhone XS and XS Max with the XR coming in October. All these phones will partake in the annual ritual of being praised for their Appleness and criticised for the price, as per usual. These devices will also all ship with Face ID, a first for Apple which previously only offered FaceID on one device — the iPhone X. Other smartphone makers are quickly offering facial recognition systems on their own devices, from the mid-range to the most premium. As time goes on, it becomes more and more likely that your next smartphone will ship with facial recognition. If you’re more likely to use Windows 10 laptops, you’ll probably have some form of facial recognition on it too as Windows Hello catches on. Use Facebook? Your Facebook account already has facial recognition. The firm is using it to match users to their untagged photos. For the regular consumer, it’s magical in a sense, but also a little unsettling. Tech writers often explore the magical aspects of facial recognition software being installed on all our devices, but rarely the potential downsides. In other words, facial recognition is everywhere, but we haven’t really talked about it – not really. As techies, we’ve explored the fun parts of facial recognition, your phone unlocks super fast, your laptop does the same too. Microsoft’s Brad Smith has called for regulation of facial recognition software by the US Congress earlier this year, opting to open the debate in a move uncharacteristic of tech companies who are often resistant to the prospect of restrictive legislation and loathe to introduce the topic themselves. More in-depth details can be found on OUR FORUM.