Facebook hack. Facebook said a recent breach of its network affected 30 million users, 20 million fewer than it estimated when it first announced the incident a couple of weeks ago. The company said the breach exposed more intimate personal information than previously thought: things people searched for, places they had “checked into,” demographic, and contact information. Meanwhile, Facebook purged hundreds of accounts it said were spreading misinformation.
Don’t answer the phone. A researcher for Google’s Project Zero team, a group that hunts for bugs and urges companies to fix them, found a flaw in Facebook’s WhatsApp messaging app that could enable an attacker to crash the app simply by tricking someone into answering a video call. Natalie Silvanovich, the researcher, said she discovered and reported the bug in late August. Facebook fixed it by early October. By the way, the company just released Portal, a device that lets you make video calls…
Google minus. Google said it would shutter its social media service, Google Plus, after earlier this year discovering a security vulnerability that could have allowed people to access hundreds of thousands of users’ personal information. The Wall Street Journal originally reported this as a “data breach,” but walked back this labelling after Google said it found no evidence that people’s data were misused. Here is a worthwhile essay that goes over the difference between a breach and a bug, and why such distinctions are important.
An unexpected layover. Federal agents lured a Chinese government spy to Belgium where he was apprehended and transferred to the U.S. He now faces prosecution over economic espionage charges in the states. The accused, Yanjun Xu, a senior officer with China’s Ministry of State Security (MSS), is alleged to have stolen trade secrets from aerospace companies. This is the first time a Chinese government spy has been brought to the U.S. to face charges.
Without a doubt, Tesla Model 3 reviews have sparked an avalanche of comments both pro and con. Some love the minimalist interior, others miss the buttons and dials. Exterior door handles provoke angst from those who want a normal handle, and are a marvel of simplicity and beauty from others. Some want dials and idiot lights, not some large cell phone in the middle of the dash or lack of a dash. Reports of lots full of unsold Model 3s are held up as evidence that no one is buying them, while financial services report that Tesla can’t deliver sold Model 3s fast enough and the average sales price with options and accessories is approaching twice the base sticker price.
Many of the Tesla Model 3 reviews being posted start with sentences like the one in our local paper, the reviewer stated that he had borrowed his friend’s Model 3 for a couple of hours on Sunday afternoon. Some reviewers had access to the car for a week. Some reviews were obviously slanted one way or the other either by design or ignorance. Virtually every review lists the official specs for the car so at least that part is balanced across the board. This will be an owner’s Tesla Model 3 review.
What Is It?
Picked up my Model 3 Long Range in March 2018, the VIN number was in the 7000 range, so it isn’t one of the very early ones and doesn’t have dual motors nor performance mode. That said, it does now have well over 6000 miles on it. Better yet, I’ve had a Model S for two years, so I was interested in comparing the two cars.
I already knew how the S handled city driving and long trips. So, a request to take my wife to Asheville, NC, from Southwest Florida sounded like a good opportunity to test the Model 3 on a long drive. The plans were to travel to Asheville, pick up my sister-in-law at the airport, then spend a week doing the tourist thing in North Carolina, Tennessee, and Georgia. Mileage for the trip: about 2500 miles.
How does it look? While beauty is subjective, the Model 3 looks beautiful. Apparently, at least 450,000 people agree with me, if order numbers tell anything. There is no question it is a sibling of the Model S. I do like the wheel appearance without the aero covers, debated putting them back on for the trip, but vanity won out over efficiency.
Next, we had to load up the car. Many reviewers state the official storage capacity of 15 cubic feet. I didn’t have any cubic feet to pack, but did have suitcases, a road bike, bike gear and pump, a cooler for munchies, a box of model trains to donate to a museum in Hendersonville, NC, and of course we were going to pick up sister-in-law with her suitcase and carry-on bag. The Model 3 swallowed all the stuff up without effort.
Really? All that and a sister-in-law as well?
Navigation And A Shortcoming
The drive north towards Asheville brought the first issue that I would ask Tesla to consider. The navigation system told us that we would stop to charge in Lake City, Florida; then Macon, Georgia; and then at the Supercharger in Asheville. The trip started out great, but the coffee we were sipping demanded that we stop in Ocala after only 200 miles. There is a Supercharger there, so we plugged in while we recycled the coffee. Somewhat disconcerted to be depositing used coffee and the cell phone beeps with a message from the car telling me that charging is complete and let’s get moving. There should be a trip planning feature to add in bladder stops. The unscheduled stop meant that the original route and stops changed and we ended up with one additional short charging session before reaching Asheville.
How Does It Feel?
The Model 3 feels different when traveling down the road than the Model S. I’d like to say that if feels stiffer, but not rattle your teeth stiffer. Not “I can feel this in my back” stiffer, just feels more attentive. The Model S feels like it just wants to give you a hug and take care of you. The Model 3 feels more like it wants to have fun if you do.
The Back Seat
Picked up my sister-in-law and into the back seat she went. She would occupy the 60% side of the rear seat for a week. Plenty of leg room, head room, and elbow room, but it was the back seat and some reviewers had panned the back seat as uncomfortable. If she still loves me after a week, then the rear seat can’t be that bad.
The week encompassed many different driving styles — from city traffic in Asheville, to back country roads in Tennessee and Georgia. An AirBnB on top of a mountain with a mile-long two-track road up to it was no challenge for the Model 3. The visibility afforded by the Model 3’s large glass windows and roof made the Blue Ridge Mountain drive gorgeous. The Model 3 is a comfortable car. My favorite road was over Mount Pisgah, NC. Hairpins, switchbacks, climbs, descents, and short straightaways gave ample time to learn the Model 3’s capabilities. Pushing the Model 3 into the turns, I learned to let the regenerative braking haul the speed down, and when the end of the turn came up, a push on the accelerator would launch the car towards the next curve — a grin on my face and two women screaming at me to slow down resulted.
Sister-in-Law … Thumbs Up!
The end of the week came, and before dropping my sister-in-law at the airport, I asked her how she fared in the back seat. She said the seat was very comfortable but what really amazed her was how quiet it was back there. That got me to wondering how the Model 3 noise level compared to the Model S, so I took an unscientific comparison between the two cars. Same stretch of road, same speed, and roughly the same surrounding traffic. (Possibly not the exact same vehicles around me, but same amount of traffic.) The Model S did appear to be slightly quieter.
Tesla Superchargers seem to be everywhere. Nowhere in our travels did we worry about range, and with the navigation system directing us to the Superchargers, we didn’t spend time trying to locate them. This is definitely a Tesla moat that will be tough to cross by other EV manufacturers. The speed with which the Model 3 charges was amazing. An extra bonus was a sightseeing trip to the Sierra Nevada Brewery in Hendersonville that had solar-powered L2 chargers right outside the front door. Had to plug in just so I could say a few miles were driven on sun power.
Build quality on my car certainly looks perfect. The interior feels and looks luxurious. There are no rattles, shakes, or odd noises unless you consider no exhaust or engine noise to be odd. The forward view from the driver’s seat is unparalleled due to the sloping front hood and no instrument cluster in front of the driver. A feature I noticed and like is that when driving at night, the lack of lighted instruments in front of your eyes made it easier to watch traffic. Did I mention the Model 3 doesn’t have a tailpipe?
Long Trips — No Worries
Taking long trips is one thing Teslas do very well. The charging infrastructure already in place is extensive, with even more on the way. Short charging times are the secret to long trips. The speed which the Model 3 recharges is about 33% faster than the Model S.
Model 3 — Needs vs Wants
It’s a matter of Tesla recognizing the customer’s wants and needs. No one needs a car that can travel 300 miles between charges when we average 40 miles a day. Does anyone need a fast charger when a car can be plugged in overnight and be fully charged in the morning. No one needs more than one charger station at a stop. People don’t need a car that can out-accelerate almost any other car on the road. Tesla understands that what people need and what they want can be two entirely different things.
Can Model 3 Demand Continue?
The Model 3 probably doesn’t need too many more Tesla Model 3 reviews. The word seems to be getting out to the public. Since acquiring my Model 3 in March, three people have stopped by to look and ride and two of them bought Model 3s. The third decided on a used Model S for about the same money. Demand should continue to be high. The car is well built, fun to drive, and the ability to meet any travel needs conveniently makes it the go-to car for people looking to drop the tailpipe.
Court Nederveld Court is currently a columnist for a local newspaper. His EV history started 2009 when he found and restored a 1994 US Electricar Chevy S-10. He has owned a Nissan LEAF and currently a Tesla Model S.
The challenge puts people inside a coffin for 30 straight hours. If nature calls, participants are allowed to exit their coffin to use the restroom during designated break times. Outside of the six-minute restroom break every hour, any other departures from the box will result in a disqualification.
“Devastated” is the word Geoff Kruth used to describe the people who were awarded the master sommelier title last month, only to have it stripped away after the results of a portion of the exam were cast out this week.
The board of directors of the Court of Master Sommeliers unanimously voted to invalidate the results of the difficult tasting segment after evidence surfaced that the confidentiality of the wines was breached during the testing process.
An unnamed master sommelier, serving as a proctor, reportedly leaked the answers.
Twenty-three people had just been inducted to the Court of Master Sommeliers on Sept. 10 after passing the test in St. Louis, but the board’s action means they will have to relinquish the title until they retake the tasting section of the exam. The board said it plans to expedite the process for the candidates involved.
The title of master sommelier marks the highest recognition of wine and spirits knowledge, beverage service abilities and professionalism in the hospitality trade.
“It’s fair to say anyone would be devastated,” said Kruth, who passed the tasting portion of the exam after two tries in 2008. “The first thing I thought of is those nightmares you have that you really didn’t finish college. We can assume they’re all very upset and it’s a very unfortunate situation.”
Kruth is the president of GuildSomm, an educational website for wine professionals, which he launched in 2009. He was featured in the 2012 documentary film “Somm.” He’s also the proprietor of Geyserville’s Lost & Found boutique winery that produces 1,500 cases of pinot noir, chardonnay and syrah annually.
“The entire sommelier community is shocked by the entire thing and saddened,” he said.
GuildSomm is not affiliated with the Court of Master Sommeliers. Kruth said he’s not privy to all the information the board has, so he can’t comment on its decision disqualify the tasting portion of the exam. But as a master sommelier, Kruth can give insight into the tasting segment of the exam, giving us a peek into what these 23 candidates tackled.
Candidates, Kruth said, endeavor to describe and identify the six wines in the tasting. The descriptors include visual appearance, aroma, palate, and winemaking techniques. Identifying the wine requires candidates to name the varietal and the general region the wine hails from, the vintage and the quality level in terms of classification.
The flight represents classic wines from classic places and there are in the neighborhood of 50 to 100 classic wine styles, Kruth said. Examples include: pinot noir from Sonoma County, pinot noir from Burgundy, tempranillo from Rioja, malbec from Argentina and albarino from Spain.
“To prepare, it’s typical for people to be tasting wines in this format on a daily basis for many years,” Kruth said. “I did for six years before I passed. Typically, people who pass can describe and identify five or six of the wines correctly, but there are many factors involved in scoring.”
The tasting can be tricky, Kruth said, because it’s easy to get thrown off by focusing on one feature of a wine rather than many to identify it. But if you keep a multi-faceted mindset, it’s easier to pinpoint the wine.
William “Bill” K. Coors, grandson of Coors founder Adolph Coors and former chairman of the company’s board, died Saturday at his home, the company announced. He was 102.
During more than 65 years with the company, Coors helped transform a regional brewery, distributing in only a few Western states, into one of the world’s largest breweries. Under his watch, Coors revolutionized the beer industry with the introduction of the recyclable aluminum beer can in 1959.
Bill Coors is survived by three children, seven grandchildren and four great-grandchildren. He was married three times — first to Geraldine Jackson, with whom he had four children. His second marriage was with Phyllis Mahaffey, with whom he had one son. Later in life he married Rita Bass, who died in 2015.
“Today our father, grandfather and uncle passed away,” the Coors family said in a statement. “Bill was a consistent and steady mentor and leader of our family both professionally and personally. He shared with us his passion for brewing, his dedication to wellness and his commitment to sharing our family legacy with upcoming generations. He was dedicated to our family, our family businesses and having a positive impact on our community. We will miss Bill’s leadership, his stories and his smile.”
Bill Coors continued to taste test Coors beer until his 100th birthday — and, according to company spokesman Colin Wheeler, “He was so good at his job he could tell where the beer had been brewed!”
In 2003, at age 87, Coors retired from the boards of the Adolph Coors Company and the Coors Brewing Company, although he remained with the company as chief technical adviser.
He maintained a positive outlook on life, learning to ride the highs and lows of a demanding business.
“I’ve taken my kicks,” Coors would say, according to a release from the company. “But I have had a fascinating life and I’ve been richly rewarded.”
President and CEO of Molson Coors, Mark Hunter, mourned Bill Coors’ passing in a statement, writing the company “stands on the shoulders of giants like Bill Coors.”
“His dedication, hard work and ingenuity helped shape not only our company but the entire beer industry,” Hunter said.
Bill Coors was born on Aug. 11, 1916, the second son of Adolph Coors Jr. and May Coors. He grew up in the shadows of the Coors brewery with his three siblings, Adolph III, Joseph and May. The brewery was their playground, where they would shoot home movies, row canoes along the creek and make model airplanes out of wood in the company machine shop.
Coors especially loved the piano, playing it from age 6 through his elder years.
At 13, Coors left the state to attend Phillips Exeter Academy, a famed boarding school in New Hampshire. It was there he learned to row crew, which he continued to enjoy in college. He earned his bachelor’s degree in chemical engineering from Princeton University in 1938.
After earning a master’s degree from Princeton in 1939, Coors returned to Golden to work for his father.
The development of the recyclable beer can in 1959 is perhaps one of his proudest and most-known accomplishments, the company said. At the time, beer came in tin-lined steel containers that affected the quality and taste. Bill Coors realized that beer chills quicker in aluminum, it’s lighter and cheaper to transport, and it doesn’t alter the taste. The release of the can led to one of the most successful recycling programs in the country — Cash for Cans.
In 2017, Bill Coors received the Jeff Becker Beer Industry Service Award for a lifetime of dedication to the beer industry. He was involved with numerous civic, educational and business organizations over the years, including Boys & Girls Clubs of Metro Denver, the Colorado Symphony Orchestra and the Colorado School of Mines Foundation.
The Coors family will not hold formal memorial ceremonies, as directed by Bill Coors. In lieu of flowers or other sentiments, the family welcomes people to contribute to the William K. Coors Memorial Fund, hosted by the Denver Foundation.
What started as an April Fool’s joke, may actually become a reality for Elon Musk.
The CEO of Tesla Motors jokingly tweeted earlier this year a picture of him passed out, and first used the term “Teslaquila.”
Though the tweet was in response to Tesla’s stock falling 22 percent the previous month, which resulted in some backlash from investors, Musk submitted “intend to use” trademark application Monday for a tequila called Teslaquila.
“Elon was found passed out against a Tesla Model 3, surrounded by ‘Teslaquilla’ bottles, the tracks of dried tears still visible on his cheeks,” Musk tweeted in Apri. “This is not a forward-looking statement, because, obviously, what’s the point? Happy New Month!”
Elon was found passed out against a Tesla Model 3, surrounded by “Teslaquilla” bottles, the tracks of dried tears still visible on his cheeks.
This is not a forward-looking statement, because, obviously, what’s the point?
It isn’t clear when, where or even if Teslaquila will hit the shelves, but the trademark application shows signs of a “good faith intention” to use it in the future, according to a CNBC report.
The move is reminiscent of a moment in the HBO comedy series Silicon Valley, which satirizes the tech industry, in which a tech billionaire launches a tequila company called “Tres Commas” in honor of the three commas in his net worth figure.
On Friday, the inaugural nonstop departure for Singapore left from Newark. The aircraft and its 161 passengers completed the 9,535-mile route about an hour quicker than its 18-hour, 30-minute scheduled time.
Now that it’s back, the new Singapore-Newark flight shaves hours off most of the current connecting options for flights between Singapore and the New York City area.
It’s a welcome change for regulars of the route like Bill Rosenthal, a publishing executive from New York City. Rosenthal began flying the route back in 2006 during Singapore Airlines’ previous run on the route that ended in 2013. Rosenthal says he’s lost count of how many times he’s done it, but he estimates he averages three to four visits per year.
When Singapore discontinued the route, he went back to the Singapore’s longer, one-stop option that goes via Frankfurt.
“It’s so much easier to get on the plane in New York, sit for a really long time, and then walk off the plane in Singapore,” he said as the flight ticked into its 14th hour somewhere over Chengdu, China. “I’ll go right back to taking this flight on a regular basis,” he added.
While the flight was comprised of mostly business travelers like Rosenthal and media, there was no shortage of “avgeek”-types on the plane, too. Their reason for taking the flight? Because they could.
Nestled in the very last row of the airplane, Philip Lewis had an elaborate video setup.
“It’s my first inaugural flight, and I want to film the full flight, especially this one. It’s the longest one in the world,” he said. “I thought it would be a novelty.”
Lewis flew in from England just for the flight, taking another Singapore Airlines flight from Manchester, England, to Houston before flying to Newark.
It was a huge roll of the dice, considering that Lewis wasn’t 100% positive that his row would even have a window. “It made me a bit nervous,” he said.
But luck came through for Lewis. Not only did he get his window, his seat was one of a handful that stood alone by itself in the very rear of the premium economy cabin. It even came with its own storage area that, as it turned out, was perfectly situated for the tripod.
The camera had been dutifully rolling since the aircraft pushed back over 16 hours ago.
“You just need two battery packs, 11 hours each, and a camera that can be constantly plugged in. And a 128 gigabyte card.”
Of course time isn’t the only superlative on Friday’s flight, the return flight of Singapore Airlines’ re-launch of its record-setting Singapore-Newark route.
On board are 35 bottles of champagne and 60 bottles of wine — 30 red and 30 white, according to Singapore Airlines Food and Beverage Director Anthony McNeil, who’s also a chef.
In total, over two tons of catering and catering equipment was loaded onto the airplane, said McNeil.
While much of that weight is glassware and china, the rest is from all the food and beverage necessary to support a massive on-board menu.
Business-class menus offered choices between sous-vide cooked beef fillets with mushroom cream sauce, baked cheese-herb crusted halibut and an oriental chicken noodle soup, among others. Appetizers, two dessert choices, a fruit and cheese cart, and coffee and tea service rounded out the dining options.
Premium economy offered choices between pan-fried fish in a thai curry sauce, braised beef with roasted garlic and herb roasted chicken breast. And, just as in business class, fliers could choose among appetizers, desserts, bread, and coffee and tea service.
And in both cases, that’s just what’s available for lunch. Dinner, served around the twelve-hour mark, was equally as extensive.
And then of course there’s snacking; the time-honored way of passing time on the ground and in the air alike.
According to McNeil, this meant offering more than just potato chips and chocolate bars. Instead, he says the carrier opted for more substantive and healthy items like noodle bowls, soups, and sandwiches.
“Often times the snacks fulfill a gap in the schedule, so when you look at the clock and there’s still ten hours to go and you want something different to do rather than watch a movie, dining provides you a little bit of a release from the flight as well,” he said.
In total, McNeil said there were 480 different meal combinations offered on the flight.
“We have people that want to eat really simply, and we’ve got people that want to eat big filets and have a beautiful glass of wine,” said McNeil. “We need to cover a broad spectrum of passengers flying,” he said.
On this particular flight on this particular airplane — the new “Ultra long-range” variant of the Airbus A350 — there are only 161 passengers aboard. In part to save weight, the airline installed only 67 business class seats and 94 premium economy seats. There is no economy.
Both cabins features large TV screens that can access 1,200 hours of content; 200 more than normal Singapore flights. They also all have in seat power, WiFi, USB ports, storage, and small amenity kits.
Business class, however, has the added bonus of full lie flat seating.
It is quite the journey for the crew as well. Seventeen total crew members share the time, split between four pilots and thirteen crew.
For Friday’s lead pilot, Capt. Indranil Ray Chaudhury, the Newark inaugural was almost too good to be true.
“It’s the coolest thing you can ever do,” said Chaudry during a break in his duties. “I love to fly, but you don’t often get an opportunity like this: brand new aircraft, inaugural, flying over the poles? It’s a dream!”
The route, which on Friday took the aircraft within miles of the north pole, presents some unique challenges for the pilots.
“As soon as you enter the polar route, you have to fly on true heading,” said Chaudhury. While pilots often use magnetic headings to determine location and direction, magnet-based compasses will often produce erratic, unpredictable results in the polar regions.
There’s also the question of where you can land the airplane in the event of an emergency. With nothing buy sea ice and remote Arctic islands, there isn’t much to choose from. Typically twin-engine jets are only approved to divert to airports up to 180 minutes, or three hours away. But the sheer remoteness warrants the need to extend that to airports up to 240 minutes away.
“You need special approval from the regulators”, said Chaudhury.
In fact the flight often passes so far away from civilization that the airline installed a specialized closet just in case someone passes away before the crew can land.
Fear not, though; the airline says it has yet to be put into use.
It is not the first time the two cities have been connected. Singapore flew the route starting in 2004, making it the undisputed long-haul king. The flights were operated with the Airbus A340-500, then one of the only airplanes capable of flying such a distance. While regulars of the route loved it, the jet’s four gas-guzzling engines and very limited passenger load of only about 100 made it financially unsustainable. Singapore canceled the route in November 2013.
But the introduction of Airbus’ new two-engine A350-900 “ULR” made the resumption of the route possible.
The jet is technically a derivative, or sub-species if you will, of Airbus’ already popular A350 line of aircraft. The wide-body jet was first delivered in 2014, designed with long-haul flying in mind. Currently offered in two major models, the -900 and the -1000, the jets carrying between 250 and 350 passengers, depending on how each airline chooses to configured it. The ULR variant is based off of the A350-900.
Both are made of lightweight composite materials and utilize the latest in engine technology.
Airbus says passengers will notice the aircraft’s wide cabins, high ceilings, and extra-large windows.
“You’ll notice the quieter cabin as soon you take off,” Airbus spokesperson Sean Lee during a pre-flight interview.
Lee says the cabin is five decibels quieter on average compared to competing aircraft.
“This makes it easier to relax or sleep without the need for noise-cancelling headphones or ear-plugs,” said Lee.
In addition, the jet’s carbon-fiber composite build enables airlines to set the cabin altitude to the equivalent of 6,000 feet — more comfortable to humans than the equivalent of 8,000 feet found on most airplanes. The result means more humidity inside the cabin, leaving flyers feeling less dry and worn out during — and after — a long flight.
There also are the changes that the passengers won’t notice.
Airbus says the jet carries an extra 24,000 litres (about 6,300 gallons) of fuel over its standard A350 jet, good for an impressive total of 165,000 litres (about 43,500 gallons).
Other changes including extending the jet’s wingtips and to help eek out every last ounce of performance.
The changes result in a jet that is capable of flying up to 11,100 statute miles and stay aloft for more than 20 hours, making the resumed Singapore-Newark flight possible for the plane.
At present Singapore is the only airline to have ordered the ULR variant of the A350, wich seven on order. But Airbus’ Lee says several other airlines are considering the aircraft.
As more of the specialized airplanes enter Singapore’s fleet, the airline will use the jet to relaunch another U.S. route — Singapore-Los Angeles — in November. That flight will be a comparatively short 8,770 miles.
Both routes are the latest salvos in what has become the era of the ultra-long-haul flight. Qatar Airways last year launched what has now fallen to the second-longest flight on earth, a 9,032 mile connection between Doha, Qatar, and Auckland, New Zealand. Qantas claims third place with its new, 9,010-mile journey between Perth, in western Australia, and London. That service began earlier this year, the first ever regularly scheduled airline flight to operate nonstop between Australia and Europe.
As long flights have proliferated, routes now don’t even break the top ten without flying about 8,400 miles — roughly 16 hours of flight time.
For all the hoopla of the Newark-Singapore relaunch, however, none of today’s top-ten longest routes have yet to hold a candle to the longest scheduled nonstop flights in history, at least when measured by time.
That record was set sixty-one years ago in 1957, says John Hill, Assistant Director of the SFO Museum in San Francisco.
“Pan American Airways started nonstop West Coast–Europe service with the Douglas DC-7C in 1957,” he said, a distance that was otherwise unheard of at the time.
TWA followed not long after with the Lockheed L-1649 Starliner, flying nonstop between San Francisco and London. The flight time, and this remains the undisputed record, often exceeding 23 hours, said Hill.
While elaborate meals and ample space were common in that era of air service, it wasn’t always a pleasant ride. Unable to fly as high as today’s jetliners, long-range aircraft of the day often had to fly through rough weather — instead of over it — making for a bumpy ride. Add in four large piston engines, those planes also were much noisier.
But even then, there was an option to upgrade. The cost to upgrade to a fully reclining sleeper seat? A whopping $50 — or about $437 when adjusted for inflation — on the Pan American flights, according to Hill.
“Two-factor authentication” is a reassuring phrase. Setting it up feels like installing a brand-new, heavy-duty deadbolt on your door. Until you realize that there is a single building that stores the working keys for millions of deadbolts, paired with your name and address, and that that place is guarded by people who don’t understand locks very well.
That is basically the realization millions of Facebook users are having (or should be) as the result of the company’s latest massive security breach. In an Oct. 12 post cryptically and unhelpfully titled “An Update on the Security Issue,” Guy Rosen, Facebook’s VP of product management, wrote that for “15 million people, attackers accessed two sets of information—name and contact details (phone number, email, or both, depending on what people had on their profiles).”
That effectively compromises two-factor authentication for all of those users, not just on Facebook, but on any service that allows only text messages as the second form of authentication. (Here’s how to find out if you are affected.)
Security freaks have long been telling us not to rely on text messages for two-factor authentication. It might seem safe—your phone is Face ID’d, or has a long password, or an especially elaborate gesture thingy. But the technology that causes a text to get to you in the first place is not itself secure.
As Wired wrote in 2016, “Attacks on political activists in Iran, Russia, and even here in the US have shown that determined hackers can sometimes hijack the SMS messages meant to keep you safe.” Last year, security researchers at Positive Technologies made a video in which they easily intercept SMS messages and gain access to the Gmail and Coinbase accounts of a hypothetical target, using just their name and phone number.
For the 15 million people mentioned, any service they are registered with that uses text messaging for two-factor authentication effectively has been reduced back to one factor—the bad old password. And that is the case for many services. Only days ago did Instagram, which is owned by Facebook, move away from using only text messages for 2FA.
The Facebook hackers would have at least the names and phone numbers or emails for those 15 million. But they have a lot more, too. The post continues:
For 14 million people, the attackers accessed the same two sets of information [as in name, number and/or email], as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
That has the makings of an epic phishing expedition. It might even be enough to answer other, more personal forms of authentication, like the “only you know the answer” security questions banks often use.
Facebook compromising text-based SMS is made even worse by the fact that, as was recently revealed, it allowed advertisers to target users based on their phone numbers, even if they had only shared those numbers with Facebook for the purpose of… setting up two-factor authentication.
It’s no wonder that, after that came to light, CEO Mark Zuckerberg couldn’t really answer when asked whether users should still trust his company.