每日新闻摘要：5.4亿个Facebook用户记录泄露

Plus Android Q Beta 2 hits Pixel devices, Verizon flips the switch on its 5G Network in a couple of new cities, and Apple announces the Beats Powerbeats Pro to compete with its own AirPods. Wait, what?

再加上Android Q Beta 2进入Pixel设备，Verizon在几个新城市切换了其5G网络的开关，Apple宣布Beats Powerbeats Pro与自己的AirPods竞争。等一下

5.4亿个Facebook用户记录，密码，注释和更多信息泄漏 (540 Million Facebook User Records, Passwords, Comments, and More Leaked)

The biggest story to hit the scene over the last day was undoubtedly another Facebook leak. This time, sensitive data like passwords was part of the leak, but also Facebook IDs, comments, reactions, account names, and more.

在过去的一天中发生的最大故事无疑是Facebook的又一次泄密事件。这次，诸如密码之类的敏感数据是泄漏的一部分，但同时也是Facebook ID，注释，React，帐户名等等。

This leak came by way of third-party app developers being careless with user data and storing it on an unsecured Amazon S3 server. Specifically, two services were found to be responsible for this data leak: a Mexican-based media company called Cultura Colectiva and an application with Facebook integration called At the Pool.

发生这种泄漏的原因是第三方应用程序开发人员不小心使用用户数据并将其存储在不安全的Amazon S3服务器上。具体来说，发现有两个服务负责此数据泄漏：一家位于墨西哥的媒体公司Cultura Colectiva和一个与Facebook集成的应用程序At The Pool。

The former was responsible for the majority of the damage here, with 146GB of data in nearly 540 million records. At the Pool, by contrast, was only responsible for about 22,000 passwords, though they were specific to the app. As the research company responsible for these findings, UpGuard, notes, At the Pool is only an issue for users who re-use passwords across various sites.

前者是造成这次破坏的主要因素，近5.4亿条记录中有146GB的数据。相比之下，尽管在泳池中，密码只针对该应用程序，但仅负责大约22,000个密码。作为负责这些发现的研究公司， UpGuard指出，对于那些在各个站点之间重复使用密码的用户而言，“在泳池”仅是一个问题。

The good news here is that the data buckets have since been removed from Amazon servers; the issue, however, is that it’s unclear how much exposure they garnered before being pulled. In a statement to Gizmodo, Facebook notes that it’s against its policy to store information on public databases, and it worked with Amazon to pull this data once it was made aware of the issue. Here’s the full statement for those interested:

好消息是，此后数据存储桶已从Amazon服务器中删除。然而，问题在于，尚不清楚他们在被拉动之前获得了多少曝光。 Facebook在给Gizmodo的声明中指出，将信息存储在公共数据库上是违反其政策的，一旦发现该问题，它便与Amazon合作提取此数据。这是那些有兴趣的人的完整声明：

Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.

Facebook的政策禁止将Facebook信息存储在公共数据库中。一旦收到该问题的警报，我们便与Amazon一起拆除了数据库。我们致力于与我们平台上的开发人员合作，以保护人们的数据。

The biggest issue here for Facebook users, however, is that the data was leaked in the first place. Once that happens, it doesn’t go away—if your data was part of this particular breach, then it’s out there now. Facebook can’t control it. As UpGuard so accurately pointed out “the data genie cannot be put back in the bottle.”

但是，对于Facebook用户而言，最大的问题是，数据最初是泄漏的。一旦发生这种情况，它就不会消失-如果您的数据属于此特定违规行为的一部分，那么现在就已经存在。 Facebook无法控制它。正如UpGuard所准确指出的那样，“数据精灵无法放回瓶子里。”

The upside is that if you’ve never used either of the services in question, then you’re safe. If you have, however, then it’s probably cause for concern.

好处是，如果您从未使用过任何有问题的服务，那么您就很安全。但是，如果有，可能会引起关注。

[UpGuard via Gizmodo]

[通过Gizmodo的 UpGuard ]

Apple News：Beats Powerbeats Pro宣布将与AirPods竞争 (Apple News: Beats Powerbeats Pro Announced to Compete with AirPods)

Also, Apple comes under scrutiny for Apple Watch and iPad Pro issues, the price of the HomePod comes down, and more.

此外，Apple还受到Apple Watch和iPad Pro问题的审查，HomePod的价格下降等等。

The Beats truly wireless headphones that were recently found in iOS 12.2’s source code are now official. They feature Apple’s H1 chip and “Hey Siri” integration, making them true AirPod competitors. [9to5Mac]

最近在iOS 12.2的源代码中发现的Beats真正的无线耳机现已正式上市。它们采用了Apple的H1芯片和“ Hey Siri”集成，使其成为真正的AirPod竞争对手。 [ 9to5Mac ]
Apple has recently had issues with its MacBook keyboards, which is sort of addressed last week. But now it’s under more fire because of issues with Apple Watch batteries swelling and iPad Pros missing keystrokes. Not a good look for Apple. [Gizmodo]

苹果公司最近在MacBook键盘上遇到了问题，上周已解决了该问题。但是现在，由于Apple Watch电池膨胀和iPad Pro缺少击键的问题，它受到的打击更大。对苹果来说不是一个好样子。 [ Gizmodo ]
If you’ve been thinking of picking up a HomePod, now may the time—Apple just dropped the price by $50, putting it at $299. What a bargain. [MacRumors]

如果您一直在考虑购买HomePod，现在也许是时候了— Apple刚刚将价格下调了50美元，降至299美元。这真是个便宜货。 [ MacRumors ]
MacWorld recently went hands-on with the new iPad Air with a full review, calling it “the sweet spot.” [MacWorld]

MacWorld最近动手试用了全新的iPad Air，并进行了全面评测，称其为“最佳选择”。 [ MacWorld ]
Engadget also reviewed the new Air. And guess what? They liked it too. [Engadget]

Engadget还审查了新Air。你猜怎么着？他们也喜欢。 [ Engadget ]
If you have a Vizio TV, beta invites are rolling out for users to test AirPlay integration. You can learn more about signing up for the beta here. [9to5Mac]

如果您有一台Vizio TV，则将推出Beta版邀请供用户测试AirPlay集成。您可以在此处了解有关注册Beta的更多信息。 [ 9to5Mac ]

As you’re most likely aware of, Apple owns Beats. And while it wouldn’t make sense for Beats to totally ignore the truly wireless headphone market, it’s fascinating to see the company release the Powerbeats Pro with such similar features to Apple’s own AirPods.

正如您最可能知道的那样，Apple拥有Beats。尽管Beats完全忽略真正的无线耳机市场并没有任何意义，但令人惊奇的是，该公司发布了Powerbeats Pro，其功能与苹果自己的AirPods相似。

One could argue that the market for Apple’s headphones is dramatically different than anything offered by Beats, but it’s still interesting to see it compete with itself, so to speak.

有人可能会辩称，Apple耳机的市场与Beats提供的任何产品都大不相同，但可以说与自己竞争还是很有趣的。

I guess in the end it doesn’t really matter which one you buy, though—Apple is getting paid either way. Good game, Apple.

我想最后还是买哪一个都没关系-苹果会以任何一种方式获得报酬。好游戏，苹果。

Google新闻：Android Q Beta 2已发布 (Google News: Android Q Beta 2 is Out)

Plus Google’s Call Screening is coming to more devices, the Galaxy S10 5G is coming, and bad news for small music artists using the Play Artist Hub.

加上Google的“呼叫筛选”功能将应用到更多设备上，Galaxy S10 5G即将出现，对于使用Play Artist Hub的小型音乐艺术家来说，这也是一个坏消息。

Android Q Beta 2 is here with fixes and features aplenty. Most of which we’ll now talk about below. [Android Developers Blog]

Android Q Beta 2现已提供大量修复和功能。现在我们将在下面讨论其中的大多数内容。 [ Android开发者博客 ]
The big features of Q Beta 2: chat bubbles and foldable phone support. Nice. [The Verge]

Q Beta 2的主要功能：聊天气泡和可折叠的电话支持。真好 [ 边缘 ]
Q Beta 2 features iOS-like task switching, which is amazing. Keep stealing iOS gestures, Google. So good. [Android Police]

Q Beta 2具有类似于iOS的任务切换功能，这非常了不起。 Google，请继续窃取iOS手势。这么好。 [ Android警察 ]
There’s a new Pixel Themes app to change fonts, icons, accent colors, and more on Pixel devices. [XDA Developers]

有一个新的Pixel Themes应用程序可以更改Pixel设备上的字体，图标，强调色等。 [ XDA开发人员 ]
Media notifications in Q Beta 2 now feature progress bars. [Android Police]

Q Beta 2中的媒体通知现在具有进度条。 [ Android警察 ]
Good news for left-swipers: Q Beta 2 lets you choose which way you swipe to dismiss notifications. [9to5Google]

对于左撇子来说，这是个好消息：Q Beta 2让您选择滑动方式以关闭通知。 [ 9to5Google ]
A new feature called “Scoped Storage” keeps apps in their own sandbox in the phone’s storage partition. Apps can’t see or write to other apps’ sandboxes, either. This is a killer privacy feature. [Android Police]

一项名为“范围存储”的新功能可将应用程序保留在手机存储分区中的自己的沙箱中。应用程序也无法查看或写入其他应用程序的沙箱。这是一个杀手级的隐私功能。 [ Android警察 ]
Wi-Fi and Bluetooth both got toggles in the root Settings menu in Android Q. It looks a lot like Chrome OS. [9to5Google]

Wi-Fi和蓝牙都在Android Q的根“设置”菜单中进行了切换。它看起来很像Chrome操作系统。 [ 9to5Google ]
Screenshots on Q Beta 2 no longer show the notch. Thank you, Google! [Android Police]

Q Beta 2的屏幕截图不再显示该缺口。谢谢Google！ [ Android警察 ]
In non-ANdroid Q news, Verizon is reportedly going to release the 5G Galaxy S10 on May 16th. Yay? [9to5Google]

在非《 Anandroid Q》新闻中，据报道，Verizon将于5月16日发布5G Galaxy S10。好极了？ [ 9to5Google ]
Google’s Call Screening feature, which is one of the best things about Pixel devices, is coming to the Moto G7 and One phones. [The Verge]

Google的“呼叫筛选”功能是Pixel设备的最佳功能之一，它即将用于Moto G7和One手机。 [ 边缘 ]
As Google (slowly) transitions from Play Music to YouTube Music, it’s shutting down the Play Artist Hub that gave smaller artists a way to directly upload music and manage their own presence in the Play Store. That’s a real bummer. [9to5Google]

随着Google(慢慢地)从Play音乐过渡到YouTube音乐，它关闭了Play Artist Hub，使较小的艺术家可以直接上传音乐并管理自己在Play商店中的存在。那真是个无赖。 [ 9to5Google ]
Did you know that you can use picture in picture to watch local videos in Chrome? Apparently, you can. [Techdows]

您是否知道可以使用画中画功能在Chrome中观看本地视频？显然可以。 [ Techdows ]

Watching Android beta versions roll out to Pixel devices is fascinating because you can watch the developers at work. Getting to see new features and optimizations as they roll out is always such a cool thing, and it’s always exciting to comb through the new stuff to get a feel for what’s happening behind the scenes.

观看Android beta版向Pixel设备推出的过程非常有趣，因为您可以观看开发人员的工作情况。不断推出新功能和优化总是一件很酷的事情，梳理新事物以了解幕后发生的事情总是令人兴奋。

In Q Beta 2, the most exciting feature to me is Scoped Storage. Giving apps blanket access to my device’s entire storage partition never felt quite right to me, so giving each app its own storage sandbox makes a lot of sense! Most apps outside of file managers don’t need to see anything else anyway, so this is a brilliant privacy feature. Good on you, Google!

在Q Beta 2中，我最激动的功能是范围存储。让应用程序全面访问设备的整个存储分区对我来说从来都不是一件正确的事，因此为每个应用程序提供自己的存储沙箱非常有意义！无论如何，文件管理器之外的大多数应用都不需要查看其他任何内容，因此这是一个出色的隐私功能。 Google祝您一切顺利！

其他新闻：有人找到了所有那些“丢失的” MySpace歌曲 (Other News: Someone Found All Those “Lost” MySpace Songs)

Plus Verizon flips the switch for its 5G network in a pair of new cities, there’s a third-party Switch controller with a headphone jack, and a scary proof-of-concept malware shows massive vulnerabilities in hospital equipement.

加上Verizon在两个新城市中切换其5G网络的交换机，还有一个带有耳机插Kong的第三方Switch控制器，以及一种可怕的概念验证恶意软件，显示出医院设备中的巨大漏洞。

A few weeks ago it was announced that nearly 500,000 songs were lost by MySpace in a server migration. Today, an “anonymous academic group” came forward with all that lost music. It apparently downloaded 1.3 terabytes of tunes from the once-popular network for research purposes. Super cool. [The Verge]

几周前宣布，MySpace在服务器迁移中丢失了将近500,000首歌曲。今天，一个“匿名学术团体”出现了所有失去的音乐。它显然从曾经流行的网络下载了1.3 TB的音乐，用于研究目的。超酷。 [ 边缘 ]
Verizon’s 5G network is live in Chicago and Minneapolis. Gotta go fast! [CNET]

Verizon的5G网络位于芝加哥和明尼阿波利斯。得快！ [ CNET ]
PDP announced the Faceoff Deluxe+ wired controller for Switch, and it features a headphone jack built-in. It just makes sense. [Engadget]

PDP宣布推出用于Switch的Faceoff Deluxe +有线控制器，并内置了耳机插Kong。这很有意义。 [ Engadget ]
You can now get HBO directly through the Roku Channel. No need for a separate app. Nice. [The Verge]

现在，您可以直接通过Roku频道获取HBO。无需单独的应用程序。真好 [ 边缘 ]
This doesn’t really have anything to do with tech, but I thought it was cool and wanted to share: a research group made a tiny guillotine to decapitate mosquitoes to help fight malaria. So metal. [Wired]

这实际上与技术没有任何关系，但我认为这很酷，并希望与他人分享：一个研究小组制造了一个小断头台，将蚊子斩首以帮助抗击疟疾。好金属。 [ 有线 ]
In less fun news, researches in Isreal showed off a proof-of-concept malware that highlights the vulnerabilities in hospital equipment. This particular piece of malware attacked CT machines, placing fake cancer nodules into the scan. This fooled radiologists into thinking the patient had cancer. That is terrifying. [The Washington Post]

在不太有趣的消息中，Isreal的研究展示了一种概念验证型恶意软件，该恶意软件突出了医院设备中的漏洞。这种特殊的恶意软件攻击了CT机，从而在扫描中放置了假癌结节。这欺骗了放射科医生以为患者患有癌症。太恐怖了 [ 华盛顿邮报 ]

I’m a parent of a chronically ill child. We rely on bloodwork, scans, cultures, and more to monitor his health every month. This is absolutely crucial to his overall wellbeing. The thought of someone being able to hack, compromise, or otherwise taint these scans is horrifying.

我是一个慢性病孩子的父母。我们每月都要依靠血液检查，扫描，文化等来监控他的健康状况。这对他的整体健康至关重要。有人能够入侵，破坏或以其他方式污染这些扫描的想法令人震惊。

But the biggest question here is why? Why would someone want to do this? Malware is a portmanteau of “Malicious Software,” which at its core points to the why: malice. Maybe there’s money to be maid off of this—there certainly is for hospitals or prescription providers, but surely we can’t assume the very people treating us for our ailments could also be responsible for diagnosing things that don’t exist, right? While I would never suggest such a thing as fact, it is something we’ve seen happen in the past.

但是这里最大的问题是为什么 ？为什么有人要这样做？恶意软件是“恶意软件”的代名词，其核心指向原因：恶意。也许有钱可以帮忙—肯定是有医院或处方提供者的，但我们当然不能认为治疗我们疾病的人也可能负责诊断不存在的事情，对吗？虽然我永远不会建议这样的事实，但这是我们过去看到的事情。

But the point of this research still stands: there are real vulnerabilities in hospital equipment, and it’s high time we started taking this seriously. People’s lives are at risk here.

但是这项研究的重点仍然是：医院设备中确实存在漏洞，现在应该开始认真对待这一问题了。这里的人民生命处于危险之中。

翻译自: https://www.howtogeek.com/410160/daily-news-roundup-facebook-data-leaks-for-540-million-users/