Category: Blog

The largest hack in history just became triple the trouble for Yahoo.

Yahoo revealed Tuesday that every single one of its 3 billion accounts got hacked in a 2013 breach. Late last year, it had said that the attack compromised 1 billion accounts — which already made it the largest data breach ever.

The new information stems from an investigation that followed Verizon’s takeover of Yahoo in June in a $4.48 billion deal.

To put things in perspective, 3 billion — every account ever registered on Yahoo — is greater than the number of every user on Facebook, Instagram and Twitter combined.

It’s a landmark development for an already historic breach, and it comes as people are still reeling from yet another supersized hack, an incident at credit-monitoring company Equifax. That one, revealed less than a month ago, affected 145 million Americans, or roughly half the US population, and last week cost Equifax’s CEO his job.

The Yahoo news came on the same day that members of Congress heard testimony from that ex-CEO, Richard Smith, and criticized Equifax for allowing the breach in the first place and for its handling of the matter since then.

Yahoo said it didn’t suffer a new breach, but rather learned of 2 billion additional users having been affected in its 2013 incident. It’s sent a notification to all its users, telling them that it had taken action in 2016 to protect all accounts, requiring password changes and blocking access from accounts with unencrypted security questions.

The information stolen in the massive breach did not include passwords in clear text, payment card data or bank account information. Yahoo is still working with law enforcement to determine who was behind the attack.

Yahoo also suffered a major cyberattack in 2014 in which information from 500 million user accounts was stolen.

Verizon was originally supposed to buy Yahoo for $4.83 billion, but cut the price by $350 million in February in the wake of the security scandal. Yahoo is still reportedly under investigation by the Securities and Exchange Commission for failing to alert users quickly enough.

It’s unclear how much more Verizon would have cut the price if it had known of the 3 billion affected users. Verizon declined to comment beyond the press release.

While navigation systems disappoint, safety technologies score high.

Results of the J.D. 2017 Power Tech Experience Index Study have been released, with Chevrolet and Audi having top showings in two segments apiece, while Lincoln, Kia and Hyundai each claiming one.

The study that began last year, monitors owner satisfaction with new vehicle technology in both premium and non-premium segments, scoring them on a 1,000-point scale. In particular, driver experience and usage of 35 technologies are measured at 90 days of ownership. Major scored categories include entertainment and connectivity, comfort and convenience, driving assistance, collision protection, navigation and smartphone mirroring.

Audi’s Q7 scored the highest among midsize premium vehicles.

Key takeaways from the study, based on survey results from more than 19,500 owners and lessees of all-new or redesigned models within the past three years, are that people are most satisfied with safety technologies such as collision-protection systems, blind-spot warning and backup cameras. At the other end of the spectrum, navigation systems left owners least satisfied.

Satisfaction with basic interactions with climate, infotainment, seat and cluster readouts has also declined compared to last year dropping an average of 83 points, showing that owners are having a more difficult time working with common controls compared to the year before.

For the second year in a row, the Chevrolet Camaro took top honors in the midsize segment, while its Chevrolet Tahoe stablemate scored the highest marks among large vehicles. Audi’s A3 reigned supreme in satisfaction over the small premium segment, with the Q7 crossover coming out on top in the midsize premium class. Other highest-performers include the Kia Niro in the small segment, Hyundai Elantra in the compact category and the Lincoln MKC in the compact premium class.

Apple is speculated to announce the newest redesign of the iPhone Smartphone series potentially called the iPhone 8 or iPhone Edition during Apple’s Keynote on September 12. This will be premium phone with all new technologies being introduced in this phone like the all new Organic LED display with an almost bezel-less design at a new premium $1000 price tag. I expect pre-orders to fill up, it will be a win just to get a pre-order through since I heard they’re behind in production. Here are some of rumored specs:

• Expect T-Mobile, AT&T, Verizon, Sprint to have switch & save or trade-in offers and Apple to have unlocked models
• Stainless steel (More rigid than aluminum) and glass body
• Curved 5.8″ edge-to-edge OLED display (larger than iPhone 7 Plus)
• Improved vertical dual rear lens camera + improved front camera

• All new Apple A11 chip (no longer made by Samsung)
• Facial recognition technology to unlock display; virtual home button
• Wireless charging; Apple Pencil Support; New iOS 11; AR capabile
• 3 colors: Jet Black, Silver, New Gold color (image from VenyaGeskin1)
• Refreshed once every 2 years (unlike annually with the S models)

September 8, 2017 | 10:41pm

Under extreme pressure on Friday, embattled Equifax folded on its “no-sue” demands.

The credit-monitoring company, which revealed on Thursday a massive cyberattack on its national database, took heat from a host of elected officials for offering to help victims of the attack — but only if they gave up their right to sue the Atlanta company.

Equifax said personal information, including Social Security numbers, on up to 143 million Americans were stolen in the May cyberattack.

The company, which said it discovered the hack in July, set up a special site to offer free credit monitoring to victims of the attack.

It is offering the service, called TrustedID, for a year.

But buried in the fine print of the site — and on a page that wasn’t immediately obvious — was an agreement that customers would “resolve all disputes” through “binding individual arbitration.”

In other words, if you get any help, you can’t sue us.

Sen. Elizabeth Warren (D-Mass.), who’s backed a government rule that would limit arbitration, tore into Equifax on Twitter.

“.@Equifax is forcing you to give up your right to join a class action against the company if you want their credit protection product,” Warren wrote. “That’s right: @Equifax fails to protect your data and then they demand you give up legal rights if you want to limit the damage they caused.”

New York Attorney General Eric Schneiderman separately opened an investigation into how the hack happened, and claimed that 8 million New Yorkers could be affected.

The pressure seemed to have worked on Equifax.

On Friday afternoon, the company quietly added to its Web site an FAQ that says its arbitration agreement applies only to TrustedID, and not the cyberbreach.

The hack appears to be one of the largest ever in history. The scope of the data that have been accessed — which includes birth dates, addresses, credit card numbers and driver’s license numbers — has the potential to ruin people’s credit and lead to a large scale of identity theft.

While Equifax claims that it is beefing up its cybersecurity, it also blamed the breach on a software flaw from a vendor.

Hackers were able to breach the company through a flaw in software created by the company Apache, Equifax said, according to Jeffrey Meuler, an analyst at Robert W. Baird, who said he was told as much in a phone call.

“My understanding is the breach was perpetuated via the Apache STRUTS flaw,” Meuler told The Post.

STRUTS is a widely available software system that’s used by many of the nation’s largest companies, including Lockheed Martin, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot and Showtime — plus the Internal Revenue Service, according to lgtm, a software development group.

Equifax has not publicly said how the cyberattack happened.

STRUTS has been under attack by hackers since at least March, according to Ars Technica, which has reported on the software’s vulnerability.

Apache has put out several patches — or software fixes — for its STRUTS system since March. It’s unclear if the company had patched its systems since then.

Representatives for Equifax and Apache weren’t immediately available for comment.

 

On Thursday credit bureau Equifax said a data breach put personal information of 143 million people at risk. Now its response is drawing more outrage, as lawmakers and others accuse it of encouraging consumers who come to it seeking answers to sign away their chance to seek recourse in the courts.

Following the breach, which compromised tens of millions of Social Security numbers and other valuable data, Equifax set up a website to help worried consumers determine whether or not their information was at risk. That website encouraged visitors to sign up for a program known as TrustedID Premier, the company’s credit monitoring service, which provides automated alerts to credit changes and up to $1 million in ID theft insurance.That’s where the trouble began.

TrustedID’s terms of service include an arbitration clause, insisting that customers agree “all claims, disputes, or controversies…shall be finally settled by arbitration” rather than a court of law. Such clauses aren’t unusual for credit monitoring services — or indeed many other consumer products. But in this circumstance, it created the impression that Equifax was asking consumers it had harmed to surrender their legal rights — including becoming part of a class-action law suit — before it would agree to help them.

The deal with arbitration

The current scuffle over Equifax’s terms of service should come as no surprise. It’s a skirmish in a long-running battle that consumer advocates have been fighting against what they call “forced arbitration,” nearly ubiquitous clauses in contracts for products ranging from cell phone plans to financial advice.

Arbitration, when two parties settle disputes in front of a mediator, rather than in court, isn’t necessarily a bad thing. Advocates, including business groups, say it is faster and cheaper than going court. Still consumer advocates, including Warren’s brain child the Consumer Financial Protection Bureau, complain proceedings are opaque and that arbitrators deciding cases may be biased in favor industry. The CFPB issued a rule over the summer that would have banned arbitration clauses from certain financial institutions, though it was later blocked by the House of Representatives.

One key legal avenue that arbitration clauses typically close off for consumers is the class-action lawsuit. That could be significant for Equifax — at least on one proposed class-action lawsuit was already filed against the company late Thursday, according to Bloomberg.

Your options

Imre Szalai, a Loyola University New Orleans law professor who reviewed the TrustedID terms of service at the behest of MONEY on Friday, says consumers who might want to join a suit against Equifax should probably stay away from the program, despite the spokesman’s assurances. That’s because the language is broad enough Equifax’s lawyers could conceivably argue it covers more than just any future incidents.

“If you look at their general terms of use, it just says that any claims involving their credit services are bound by arbitration, but it’s really silent as to timing,” he says. “I think if you are representing Equifax you would say that the arbitration clause is so broad it applies to claims even before you sign up.”

If you’re worried about waiving your rights, the good news is there are plenty of other credit monitoring services out there. Credit Sesame and Credit Karma two popular options.

In the meantime, here are other steps you should take now if you think you may have been affected by the breach.

Alicia Adamczyk

time.com/money

Nearly a year ago, Microsoft teased the development of more affordable VR headsets made by its partners including Dell, which today announced the Visor.

Priced at $349, Dell’s Visor uses cameras for inside-out tracking, so there’s no need to set up desk- or wall-mounted sensors for tracking like those required for the HTC Vive, Oculus Rift or PlayStation VR. Add on Dell’s $99 controllers and you’re ready to game. You can also get a bundle with both for $449.

Dell designed the headset so that it’s comfortable and easy to adjust for different users. A thumbwheel on back lets you quickly adjust the well-cushioned headband, and the balance and extra padding on the face take pressure off your nose and cheeks. Dell also used an anti-stain coating to help keep the headset from getting gross after letting your friends and family use it.

The viewer has dual 1,440×1,440-resolution LCDs to deliver the 360-degree immersive picture and it fits over glasses. And if you need to take break from the action, you can just flip up the viewer. To keep you from getting tangled up in cables, there’s a clip that keeps them together and routed out of your way.

The Visor arrives in October, which is pretty perfect timing, not only for capitalizing on holiday season sales, but for use with new Windows PCs running on Intel’s 8th-gen Core i-series CPUs that will support some VR content even with only the standard built-in integrated Intel graphics.

Starting late September, Walmart customers will be able to use their Google Home devices to place orders using their voice; quite similar to Amazon’s Alexa via Echo devices. In order to accomplish this, the nationwide retailer will make their products available on Google Express.

Similar to placing voice orders with Alexa, Google Home devices will reference your ordering history when purchasing items. Basically, if you placed an order for a 12-pack of Scotts paper towels a two months ago, Google Home will be able to repeat that same order. It’s still up in the air if items can be placed on subscription though; which is great for repeat ordering.

To use this service, customers will need to link their accounts to Google. Walmart estimates that “hundreds of thousands” of products will be available through Google Express. More the less, that’s a small fraction of the retailers entire catalog of more than 65 million items.

Walmart is attempting to grab a large piece of the online shopping ecosystem. While Walmart is frequently the 1st alternative search option after people look for an item on Amazon, Walmart lags behind in average customer orders. The average Amazon customer spends over $150 each month on Amazon while the average Walmart customer only spends a bit over $25.

Besides Google Home devices, anyone with an Android smartphone will be able to use Google’s voice assistant to place voice orders as well. In addition, Google has started offering free delivery on Google Express as long as your order is above each retailers’s minimum purchase when checking out. Shipping speed on Google Express is usually one to three business days.

Today is Samsung day. The company is about to unveil its new big phone — the Samsung Galaxy Note 8. While there has been leaks of the new device, the company could surprise everyone with new software features and new components.

The event will start at 11 AM in New York, 8 AM on the West Coast, 4 PM in London, 5 PM in Paris and midnight in Seoul.

It is going to be live-streamed by Samsung and I’m going to embed the player right here. So please refresh this page once we get close to the event.

Also worth noting, Samsung is going to talk about safety. The Samsung Galaxy Note 7 was a great phone, but it was also a phone that caught fire. The Samsung Galaxy S8 has been doing well, so it seems like people have been forgiving. But it’s hard not to think about the fire incident.

https://youtu.be/dIJ45mImgqc

These days, Apple deals are easy to find, but when you buy your Apple kit is just as important as where you buy it. I took a deep look at the deal life cycle of four landmark Apple devices — the iPhone, the full-size iPad, the iPad mini, and the MacBook Air — to see when resellers like Walmart and Best Buy offer their best discounts.

For each device, I examined deals for the entry level model. For the iPhone and iPad, I analyzed deals for the 16GB model, whereas for the MacBook Air I researched sales on the base 11.6″ configuration. I’ve analyzed the results, and as it turns out, you can save a bit of cash almost immediately on a new Apple item — but the biggest savings come right before, and after, the device is updated.

Apple Devices Hit Their Lowest Price When the Next One is Announced

Price cuts on Apple products tend to become steeper as we approach the next product release. The absolute best time to buy an Apple product is after the next generation is announced; at that time, resellers start slashing prices on available stock to make room for the new hotness.

You may notice, however, that in some cases, the best deal during the model’s current product cycle is sometimes not that far off from the first deal it’ll see after the next generation is announced. It’s important to remember though that you’ll continue to see better and better deals after a model is outdated, until stores run out of inventory.

Refurbs Offer Savings When You Don’t Want to Wait for a Deal

Apple is one of those manufacturers that has a sterling reputation for offering flawless, factory-reconditioned items, since its refurbs come with the same full 1-year warranty that its new products receive. Many consumers who don’t want to pay full price will thus look for refurb deals, which conveniently also follow predictable patterns.

While the difference between the maximum discount you can find on a new unit will sometimes be similar to, or more than, the price cut you’ll receive for a refurb, it’s important to think of Apple’s refurbs as deals that are (mostly) always available; once the model hits the store, it will very likely be available consistently at that reduced price.

When to Buy Each Apple Product

iPhone 16GB

iPhone deals were initially hard to come by. But these days, retailers like Walmart and Best Buy have changed the deal industry by discounting new iPhones just days after their announcement, in an attempt to make a publicity-driven splash. I’ve even seen brand-new, flagship 16GB iPhones drop to $100 within a week of release!

Still, the absolute lowest price that an iPhone will hit while it’s the most current generation will occur about 11 months after debut; in the past, that has meant an attractive $58 price tag, or about 71% off. A savvy Apple shopper will note that said deal is actually lower than the $99 subsidized price the model will likely receive once the next gen is announced, but never fear: Resellers will knock it down even further to $49 afterwards, which is $150 off the original subsidized price it started at.

iPad Air 16GB

Apple tends to refresh its iPad lineup in late October, which is when consumers should be looking for deals. The iPad traditionally sees its best deals in the days before and after the next model is announced. The iPad 4, for instance, hit its all time lows of $400 and $399 just before the iPad Air’s announcement and two days after the iPad Air’s keynote, respectively. For those keeping track, that’s about 20% off list price.

Refurbs: Unlike the iPhone, the Apple Store will sell its own factory-refurbished iPads online. A current model will show up in the store around the 5-month mark, and it’ll offer a consistent $80 off until the next model is announced, at which point it’ll drop to $120 off. Although at any given point, a deal price on a new unit might top Apple’s non-fluctuating refurb offers, they’re an ideal option for someone who wants a discount, but doesn’t want to wait for a deal.

iPad mini with Retina 16GB

Perhaps because I’m only one generation in thus far, the iPad mini with Retina was slow to see its first deal, taking about two and a half months. Similarly to other Apple products, its strongest discounts have come the closer we get to the iPad announcement in October. Based on the deal history of the standard mini, I’m anticipating even steeper price cuts after the second-generation debuts, at which point shoppers should look for 25% off or more.

Refurbs: iPad mini with Retina refurbs took a bit longer to hit the Apple Store than the Air refurbs did, taking six months instead of five. However, I’m predicting that mini refurbs will similarly see another price cut once the next generation is released.

MacBook Air 11.6″

At first glance, the MacBook Air appears to fly in the face of our advice to wait until the next generation is announced to get the best deal. That’s because, for the past few years, the very first deal on a MacBook Air once the next model was released has been slightly higher in price. However, in all instances, another deal rolled in soon after that offered a new rock-bottom price on the model, further supporting our post-announcement theory.

Still, the MacBook Air has a tendency to see sizable discounts during its first run. Saving $100 within days of release is nothing to sneeze at, especially now that the 11.6″ ultraportable is starting at a lower retail price of $899.

Refurbs: If you don’t mind a previous-generation Apple refurb, then buying a reconditioned MacBook Air model once the next one has been announced provides an amazing opportunity to get a beautiful, trendy piece of technology at a fraction of the price — or about 28% off.

You should note that the refurb prices for the MacBook Air are predictions based on past behavior; Apple lowered the starting price on the Air to $899 this spring, and that model has yet to show up at the store as a refurb. However, these numbers would be consistent with Apple’s pricing in the past.

Figuring out when your most-desired Apple product will see the biggest discount is pretty easy once you look at that the deal history (and know which stores will offer the best prices). With a little patience, you’ll be on your way to saving on your Apple gear.

Large businesses, electricity suppliers and government agencies around the world are being affected by a strain of malware widely known as Petya.

At first, it was believed that it was ransomware, because it essentially locks down an infected computer and a ransom note appears on-screen. The note demands $300, paid via bitcoin, in return for unlocking the infected computers. This attack closely mimics the WannaCry ransomware attack that affected more than 230,000 computers in over 150 countries in May.

So, it’s ransomware, right? Probably not. The payment system the hackers set up is pretty much useless. They used only one address for their bitcoin payment, which has already been shut down by the email provider. It’s believed that the ransomware was just a cover for malware designed to do a lot of damage. Besides rendering a computer and its data useless, there is also a Trojan inside of Petya that steals victims’ usernames and passwords.

It’s not really ‘Petya’

Petya is actually a name for an older version of the malware. When key differences emerged, it was given various different names to mark it as a new strain of Petya. GoldenEye was born and seem to have stuck.

How to protect against it

There are two ways Petya/GoldenEye attacks a computer. “The exploit attacks vulnerable Windows Server Message Block (SMB) service, which is used to share files and printers across local networks,” said David Sykes, business security expert at Sophos. “Microsoft addressed the issue in its MS17-010 bulletin in March, but the exploit proved instrumental in the spread of WannaCry last month. The new Petya variant can also spread by using a version of the Microsoft PsExec tool in combination with admin credentials from the target computer.”

These problems have been patched, but some people have not downloaded the fix, so it keeps spreading. Your first line of defense is to be sure you have the latest version of Windows: If you have automatic updates turned on, you’re safe. The update should already be installed to your computer. If you don’t have auto update on, you can download the security update here.

Next, make sure that your antivirus software is up to date. Most antivirus companies already have patches out that block Petya and this new version of it.

Lastly, take sensible everyday precautions. Backing up your computer regularly and keeping a recent backup copy off-site is a good practice. And don’t open attachments in emails unless you know who they’re from and you’re expecting them.