2.2 bn Facebook users must log out, re-login across devices: Experts
New Delhi, Sep 29 : After Facebook admitted that hackers broke into nearly 50 million users' accounts by stealing their "access tokens" or digital keys, cyber experts on Saturday warned over 2.3 billion users to log out and log back into Facebook, or any of third-party apps that use Facebook login.
Facebook has reset the access tokens of almost 50 million accounts it knew were affected. It has also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to "View As" look-up in the last year.
"For now, logging out and back in is all that is necessary. The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms," Chester Wisniewski, Principal Research Scientist with global cyber security major Sophos, told IANS.
According to Dr Gary McGraw, Vice President of Security Technology, Synopsys (Software Integrity Group), this breach emphasises just how important software security is, and how subtle solid security engineering can be.
"When a feature like 'View As' can be turned on its head into an exploit, it indicates a design problem that led to unanticipated security vulnerability," noted Dr McGraw.
"Design flaws like this lurk in the mind boggling complexity of today's commercial systems, and must be systematically uncovered and corrected when software is being designed and built," he added.
If you've ever wondered what keeps you logged into your account even after you restart your laptop/browser - those are access tokens (cookies).
They maintain a constant session even when your IP changes.
"In this case, hackers were able to steal these tokens, which basically means the hacker could fool Facebook servers to believe they are the authorised users of the target's account that would give the attacker, complete access of the target's account," said Saket Modi, CEO and Co-Founder of Lucideus, an IT risk assessment and digital security services provider.
According to experts, they don't know for how long the vulnerability existed, who the hackers were and the extent of damage that might have been caused in terms of stealing not only one's profile data but, in this case, potentially the personal messages, pictures and chats, among others.
"As a precaution, all Facebook users must log out and re-login into all the gadgets that they have their Facebook session active like your cell phone (app or browser), laptop and desktop, etc," Saket Modi advised.
Facebook said it does not know who is behind this massive security attack.
"We're working hard to better understand these details and "we will update this post when we have more information, or if the facts change," said the company.
In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Gujarat HC orders man to deposit Rs 1 lakh for attending virtual proceedings from toilet
Ahmedabad, July 14 (PTI): The Gujarat High Court on Monday directed a man, facing contempt of court for attending a virtual court hearing while relieving himself on a toilet seat, to deposit Rs 1 lakh with the court's registry after observing that he was ready to tender an unconditional apology.
The incident occurred on June 20 when Justice Nirzar S Desai was hearing a case. A video of the man soon went viral, prompting the high court to initiate suo motu contempt proceedings.
On Monday, the division bench of Justices AS Supehia and RT Vachhani directed the man, identified as Samad Abdul Rehman Shah, to deposit Rs 1 lakh in the court registry by July 22, the next date of the hearing.
"The contemnor has admitted to his conduct during the live-streaming proceedings and submitted that he was ready to tender an unconditional apology. Thus, at this stage, we direct the contemnor to deposit the amount of Rs 1 lakh before the registry of this court by the next date of hearing," the court ordered.
According to the report submitted to the court, Shah attended the hearing on June 20 for a total of 74 minutes, during which he was seen sitting on a toilet and relieving himself.
Shah's lawyer told the court that his client would tender an unconditional apology for his behaviour.
When questioned, the lawyer confirmed he had advised Shah to present himself appropriately for the hearing.
The now-infamous video showed Shah using a toilet during the proceedings, sparking outrage and leading the court to order the video’s immediate removal and ban, citing damage to the judiciary’s image.
Since the COVID-19 pandemic, the Gujarat High Court has permitted lawyers and litigants to join hearings virtually. Proceedings are live-streamed via the court's YouTube channel.
After finishing his business, Shah was seen picking up his phone and leaving. Justice Desai appeared unaware of his surroundings at the time.
Wearing wireless earphones, he can be seen logging in again later in the livestream, sitting in a room and waiting for his turn.
After nearly 10 minutes, he identified himself as Abdul Samad Shah, a resident of Kim village in Surat and the complainant in an assault case.
His lawyers told the court that Shah had lodged a complaint against two individuals but that a compromise had been reached between both parties.
While hearing the petition filed by the accused seeking to quash the FIR, Justice Desai asked Shah if he consented to the plea. Upon hearing Shah’s no-objection, the judge approved the petition.
