This week has been hard for lots of people, for lots of reasons, but at least it’s over. As a parting shot, though, Facebook announced a security breach that affected at least 50 million people[1]—and possibly as many as 90 million. Or who knows! Maybe more. It’s early days yet.
Facebook hasn’t yet figured out who the hackers are—and may never—or the full extent of the damage, although the attackers could have gained full access to affected accounts. Oh, and also apparently to any account you used Facebook to login to[2]. Not great!
In other concerning news, new research illustrates how mobile sites access some of your smartphone’s sensors[3]—including motion and light—without asking permission or notifying you at all. Security researchers at ESET caught Russian hackers using a clever technique called a UEFI rootkit[4], which not even swapping in a new hard drive will fix. And while deputy attorney general Rod Rosenstein kept his job this week, don’t expect the Mueller investigation status quo to last[5] much beyond the midterm elections regardless.
There was at least some good news to be found. The new series of YubiKey hardware authentication tokens will support the FIDO2 standard, which is a very jargon-heavy way of saying you’ll be able to plug them into your computer instead of using a password someday[6]. And while Google introduced a very confusing, not great change[7] to Chrome that made it look like people were logged in against their wishes, they ended up making it optional. Which is a partial win?
Elsewhere, DIY gun evangelist Cody Wilson resigned from the company he founded, Defense Distributed[8], amid unassociated legal turmoil[9]. Don't