By BARBARA ORTUTAY and FRANK BAJAK
AP Technology Writers

SAN FRANCISCO — Facebook left hundreds of millions of user passwords readable by its employees for years, the company acknowledged Thursday after a security researcher exposed the lapse.

By storing passwords in readable plain text, Facebook violated fundamental computer-security practices. Those call for organizations and websites to save passwords in a scrambled form that makes it almost impossible to recover the original text.

“There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users’ passwords in plain text,” said cybersecurity expert Andrei Barysevich of Recorded Future.

Facebook said there is no evidence its employees abused access to this data. But thousands of employees could have searched them. The company said the passwords were stored on internal company servers, where no outsiders could access them. Even so, some privacy experts suggested that users change their Facebook passwords.

The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.3 billion users worldwide.

The security blog KrebsOnSecurity said Facebook may have left the passwords of some 600 million Facebook users vulnerable. In a blog post , Facebook said it will likely notify “hundreds of millions” of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users that their passwords were stored in plain text.

Facebook Lite is a version designed for people with older phones or low-speed internet connections. It is used primarily in developing countries.

Last week, Facebook CEO Mark Zuckerberg touted a new “privacy-focused vision” for the social network that would emphasize private communication over public sharing. The company wants to encourage small groups of people to carry on encrypted conversations that neither Facebook nor any other outsider can read.

The fact that the company couldn’t manage to do something as simple as encrypting passwords, however, raises questions about its ability to manage more complex encryption issues — such in messaging — flawlessly.

Facebook said it discovered the problem in January. But security researcher Brian Krebs wrote that in some cases the passwords had been stored in plain text since 2012. Facebook Lite launched in 2015 and Facebook bought Instagram in 2012.

The problem, according to Facebook, wasn’t due to a single bug. During a routine review in January, it say, it found that the plain text passwords were unintentionally captured and stored in its internal storage systems. This happened in a variety of circumstances — for example, when an app crashed and the resulting crash log included a captured password.

But Alex Holden, the founder of Hold Security, said Facebook’s explanation is not an excuse for sloppy security practices that allowed so many passwords to be exposed internally.

Recorded Future’s Barysevich said he could not recall any major company caught leaving so many passwords exposed. He said he’s seen a number of instances where much smaller organizations made such information readily available — not just to programmers but also to customer support teams.

Security analyst Troy Hunt, who runs the “haveibeenpwned.com” data breach website, said the situation may be embarrassing for Facebook but not dangerous unless an adversary gained access to the passwords. Facebook has had major breaches, most recently in September when attackers accessed some 29 million accounts.

Jake Williams, president of Rendition Infosec, said storing passwords in plain text is “unfortunately more common than most of the industry talks about” and tends to happen when developers are trying to rid a system of bugs.

He said the Facebook blog post suggests storing passwords in plain text may have been “a sanctioned practice,” although he said it’s also possible a “rogue development team” was to blame.

Hunt and Krebs both likened Facebook’s failure to similar stumbles last year on a far smaller scale at Twitter and GitHub; the latter is a site where developers store code and track projects. In those cases, software bugs were blamed for accidentally storing plaintext passwords in internal logs.

Facebook’s normal procedure for passwords is to store them encoded, the company noted Thursday in its blog post.

That’s good to know, although Facebook engineers apparently added code that defeated the safeguard, said security researcher Rob Graham. “They have all the proper locks on the doors, but somebody left the window open,” he said.

KANSAS CITY, Mo. (AP) — A gas stop in Missouri paid off handsomely for a Shawnee, Kansas, man, to the tune of $50 million.

The Missouri Lottery said Thursday that Hira Singh claimed a $50 million Mega Millions jackpot at the agency’s office in Jefferson City.

Singh stopped at a Kansas City, Missouri, QuikTrip store for gas earlier this month. While there, he bought a Mega Millions ticket for the March 12 drawing.

Good choice. It matched all of the numbers: 10, 12, 16, 49 and 57, with a Mega Ball of 18.

Singh didn’t initially realize he won. He found out while using a Check-A-Ticket machine. Just to be sure, he checked three times.

KANSAS CITY (AP) — A man accused of trying to burn down a Planned Parenthood clinic in February now faces new charges.

Wesley Brian Kaster was originally charged March 4 with maliciously damaging a building owned by  Planned Parenthood Great Plains that also provides services in Wichita and Overland Park and receives federal financial assistance.

A grand jury indictment on Wednesday replaced that charge with two new counts — using explosive material to maliciously damage federal property and malicious use of explosive materials.

An attorney for Kaster didn’t immediately respond to a message seeking comment.

The clinic in the central Missouri city of Columbia was empty when the pre-dawn fire broke out Feb. 10 . Authorities allege that the 42-year-old man broke the glass front door and threw in a “Molotov cocktail-type device.”

MANHATTAN, Kan. (AP) — Kansas State University is becoming cheaper for good students from five more states.

The Kansas Board of Regents agreed this week to allow new students from Arkansas, California, Colorado, Oklahoma and Texas to begin paying less in fall 2020. To qualify, they must have at least a 3.25 overall high school GPA and scores of either 22 on the ACT or 1100 on the SAT. President Richard Myers says it will help with recruitment.

Under the reduced rate, they would have paid $6,562.50 this fall for 14 credit hours. Regular out-of-state students spent $11,610, and in-state students shelled out $4,375.

Qualifying students from nine other states already can receive out-of-state tuition at the same reduced rate, which is 150 percent of the in-state tuition cost.

ELLSWORTH COUNTY — Law enforcement authorities are investigating a suspect on numerous charges after a high-speed chase.

Just before 12:30a.m. Friday,  an officer on patrol in Salina noticed a maroon Chevrolet Equinox that seemed to be trying to evade the officer, according to Salina Police Captain Paul Forrester.

When the officer reported it, another officer suggested that the driver of the Equinox might be William Donahue, Jr., 19, of Salina, who was wanted on four Saline County District Court warrants, three Salina Municipal Court warrants and for questioning in multiple cases.

The officer continued pursuing the Equinox as it pulled onto northbound Interstate 135 from Magnolia. Another officer was able to pull alongside the vehicle and positively identify Donahue as the driver, according to Forrester.

Officers attempted to stop the vehicle, but it exited I-135 at State Street, traveled westbound on Kansas Highway 140 at speeds reaching 100 mph and the vehicle blew through Brookville at 80 mph, according to Forrester.

Salina police had to stop their pursuit in the western part of Saline County because they had no radio contact with dispatchers and other law enforcement personnel.

At that point, the Kansas Highway Patrol and then the Ellsworth County Sheriff’s Office took over the pursuit. Ellsworth County deputies used stop spikes to stop the vehicle.

Deputies took Donahue  into custody and brought him back to the Saline County Jail.  In addition to the warrants, Donahue is being held on  requested charges of Theft (from a March 9 case at Menards), Obstruction (from a case on March 10), Felony flee and elude, Driving while suspended, Improper lane usage and Speeding.

JERUSALEM (AP) — U.S. Secretary of State Mike Pompeo says it’s “possible” that President Donald Trump is like Queen Esther, who saved Jews in the Old Testament.

Pompeo made the statement in an interview with a Christian broadcast outlet this week on a trip to the Middle East.

The interviewer asked if Trump is “like Queen Esther,” who interceded with her husband to save Jews in what was then Persia and is now Iran. Trump has backed new sanctions on Iran aimed at reducing its ability to threaten Israel.

Pompeo said in response that “As a Christian, I certainly believe that’s possible.”

The secretary of state recently drew criticism for holding a briefing exclusively for “faith-based” journalists.

Pompeo on Friday vowed new measures against what he said was the “threat” from Iran.

On Thursday, President Donald Trump abruptly declared the U.S. will recognize Israel’s sovereignty over the disputed Golan Heights, a major shift in American policy that gives Israeli Prime Minister Benjamin Netanyahu a political boost a month before what is expected to be a close election.

As a cadet, I studied the battles of the Golan. Israeli heroism there saved this great nation. @POTUS’ bold decision to recognize #Israel’s sovereignty over the Golan Heights honors the sacrifices of the Israeli people and reality. It’s proper for this land to be part of Israel. pic.twitter.com/0HFWBYJFvL

— Secretary Pompeo (@SecPompeo) March 22, 2019

The administration has been considering recognizing Israel’s sovereignty over the strategic highlands, which Israel captured from Syria in 1967, for some time and Netanyahu had pressed the matter with visiting Secretary of State Mike Pompeo just a day earlier.

U.S. and Israeli officials said Wednesday they had not expected a decision until next week, when Netanyahu is to visit the U.S.

But in a tweet that appeared to catch many by surprise, Trump said the time had come for the United States to take the step, which Netanyahu warmly welcomed as a “miracle” on the Jewish holiday of Purim.

After 52 years it is time for the United States to fully recognize Israel’s Sovereignty over the Golan Heights, which is of critical strategic and security importance to the State of Israel and Regional Stability!

— Donald J. Trump (@realDonaldTrump) March 21, 2019

“After 52 years it is time for the United States to fully recognize Israel’s Sovereignty over the Golan Heights, which is of critical strategic and security importance to the State of Israel and Regional Stability!” Trump tweeted.

The U.S. will be the first country to recognize Israeli sovereignty over the Golan, which the rest of the international community regards as disputed territory occupied by Israel whose status should be determined by negotiations between Israel and Syria. Attempts to bring Israel and Syria to the table have failed. It was not immediately clear how a U.N. peacekeeping force in the Golan might be affected by the U.S. move. That force’s mandate expires at the end of June.

There had been signals a decision was coming. Last week, in its annual human rights report, the State Department dropped the phrase “Israeli-occupied” from the Golan Heights section, instead calling it “Israeli-controlled.”

Pompeo had brushed questions about the change aside, insisting even earlier Thursday that there was no change in policy. However, in comments to reporters ahead of a Purim dinner with Netanyahu and his wife at their Jerusalem home, Pompeo hailed the shift.

“Tonight, President Trump made the decision to recognize that that hard-fought real estate, that important place, is proper to be a sovereign part of the state of Israel,” he said.

Netanyahu, who is embroiled in a fierce re-election campaign ahead of April 9 voting, smiled broadly while delivering his own remarks.

“We have the miracle of Purim,” he said. “Thank you President Trump.”

Netanyahu has for weeks been stepping up longstanding Israeli requests for the U.S. and others to recognize Israel’s sovereignty over the Golan. He has bolstered Israel’s traditional argument that the area has for all practical purposes been fully integrated into Israel by accusing Iran of trying to infiltrate terrorists from Syria into the plateau.

“At a time when Iran seeks to use Syria as a platform to destroy Israel, President Trump boldly recognizes Israeli sovereignty over the Golan Heights,” Netanyahu tweeted.

Trump’s announcement came as Pompeo was wrapping up a two-day visit to Jerusalem during which he lauded warm ties with Israel, met with Netanyahu on at least three separate occasions and promised to step up pressure on Iran.

Pompeo’s events with Netanyahu included a visit to the Western Wall that made him the highest-ranking U.S. official to visit the Jewish holy site with any Israeli leader and appeared to further signal the Trump administration’s support for Israel’s control of the contested city. Trump has recognized Jerusalem as Israel’s capital and moved the U.S. Embassy there from Tel Aviv, prompting the Palestinians to sever ties with the administration.

Pompeo’s presence also appeared to signal Trump’s support for Netanyahu the political candidate. Netanyahu, facing a tough challenge from a popular former military chief and reeling from a series of corruption allegations, has repeatedly sought to focus attention on his foreign policy record and strong ties with Trump.

“The Trump administration is absolutely endorsing Netanyahu,” said Alon Pinkas, former consul general of Israel in New York. “It’s very rare for a secretary of state to come visit an Israeli prime minister without any apparent diplomatic reason justifying it, without a peace process, without any regional agenda.”

Pompeo said his trip had nothing to do with politics or U.S. policy on Jerusalem, although for decades American officials refrained from visiting the Western Wall with Israeli leaders to avoid the appearance of recognizing Israeli sovereignty over the city’s most sensitive holy sites. Israel captured east Jerusalem and the Old City in the 1967 Mideast war. The Palestinians seek east Jerusalem as the capital of a future state.

“I’m going to stay far away from the decisions that the Israeli people will make here in a few weeks,” Pompeo told reporters. “It wouldn’t be appropriate for the U.S. secretary of state to comment on Israeli domestic politics.”

The Old City is home to the Western Wall and the Church of the Holy Sepulcher, where tradition says Jesus was entombed and resurrected. Pompeo, a Christian, also stopped at the church.

Next to the Western Wall is a hilltop compound revered by Jews as the Temple Mount and by Muslims as the Noble Sanctuary. The spot, which once housed the biblical Jewish Temples, is the holiest site in Judaism and today is home to the Al-Aqsa Mosque, the third-holiest site in Islam.

The competing claims to the site are a frequent source of tension and lie at the heart of the Israeli-Palestinian conflict.

When Trump recognized Jerusalem as Israel’s capital, he said it did not determine the city’s final borders. But the gesture was perceived as unfairly siding with Israel and prompted the Palestinians to cut contacts with U.S. officials. The Palestinians have already rejected a planned Mideast peace initiative by the administration.

Nabil Abu Rudeineh, spokesman for Palestinian President Mahmoud Abbas, said Pompeo’s visit added additional obstacles to peace hopes. “While they are claiming to be trying to solve the conflict, such acts only make it more difficult to resolve,” he said.

While previous secretaries of state have traditionally met with the Palestinians when visiting the region, Pompeo has no such talks planned.

By IVAN MORENO
Associated Press

MILWAUKEE — A fight between beer giants escalated Thursday after MillerCoors filed a lawsuit against Anheuser-Busch that accused its rival of trying to “frighten” consumers into switching to Bud Light with “misleading” Super Bowl ads.

MillerCoors said in the lawsuit filed in Wisconsin federal court that St. Louis-based Anheuser-Busch has spent as much as $30 million on a “false and misleading” campaign, including $13 million in its first commercials during this year’s Super Bowl. The ad showed a medieval caravan pushing a huge barrel of corn syrup to castles for MillerCoors to make Miller Lite and Coors Light. The commercial states that Bud Light isn’t brewed with corn syrup.

Chicago-based MillerCoors and Anheuser-Busch have the biggest U.S. market share at 24.8 percent and 41.6 percent, respectively, but they’ve been losing business in recent years to smaller independent brewers, imports, and wine and spirits, according to the Brewers Association.

Anheuser-Busch’s ad drew a rebuke from the National Corn Growers Association, which thanked MillerCoors for its support. In its lawsuit, MillerCoors said it’s “not ashamed of its use of corn syrup as a fermentation aid.”

Corn syrup is used by several brewers during fermentation. During that process, corn syrup is broken down and consumed by yeast so none of it remains in the final product. Bud Light is brewed with rice instead of corn syrup, but Anheuser-Busch uses corn syrup in some of its other beers, including Stella Artois Cidre and Busch Light.

Responding to the lawsuit, Anheuser-Busch said its campaign is truthful and designed to bring consumers “transparency” about what’s in the beer they drink.

“MillerCoors’ lawsuit is baseless and will not deter Bud Light from providing consumers with the transparency they demand,” said Gemma Hart, the vice president of communications at Anheuser-Busch. “We stand behind the Bud Light transparency campaign and have no plans to change the advertising.”

MillerCoors maintains Anheuser-Busch is preying on health conscious consumers who have negative connotations of corn syrup, sometimes confusing it with the high-fructose corn syrup in sodas.

“Anheuser-Busch is fearmongering over a common beer ingredient it uses in many of its own beers, as a fermentation aid that is not even present in the final product. This deliberate deception is bad for the entire beer category,” Marty Maloney, a MillerCoors spokesman, said in a statement.

MillerCoors wants a judge to order Anheuser-Busch to stop the ads and to give MillerCoors any profits it earned as a result of the campaign. Besides the television commercials, Anheuser-Busch has spread its campaign through social media, full-page newspaper ads, and billboards placed in Milwaukee.

MillerCoors said its competitors campaign is intended to “irreparably harm” the company’s reputation.
The feud threatens to disrupt an alliance between the two companies to work on a campaign to promote the beer industry amid declining sales.

By Angel Tran
KU Statehouse Wire Service

TOPEKA — When Deepal Patel was violently attacked by her husband, she was afraid, in danger and unsheltered, she said. She couldn’t return home to where the attack happened, and she had limited time and money to find a new and safer place. Patel reached out to her landlord for help, who gave her choices that weren’t “real options.”

She could either stay at the home where she was attacked, pay a $300 transfer fee for a new apartment in the same complex where she’d be responsible for the old and new lease, or buyout the lease.

“None of the options were safe nor were they affordable,” Patel said. “Worst of all, they gave my abuser power and control to continue victimizing me when I was fighting to get away.”

On Wednesday, March 6, the Senate Judiciary Committee heard a bill that would enact housing protections for victims of domestic violence, sexual assault, human trafficking or stalking.

According to Senior Assistant Revisor of Statutes Jason Thompson, Senate Bill 150 would be a new section of law and consist of the following:

• Landlords cannot deny tenancy to someone because they are a victim of domestic violence, sexual assault, human trafficking or stalking.
• Landlords cannot evict tenants who are victims of domestic violence, sexual assault, human trafficking or stalking.
• Tenants are not liable for rent after they vacate the premises for the reasons listed.
• Tenants must provide a statement, court record or document to indicate that they qualify for protections.
• Any false information given could result in a denial of tenancy, eviction or violation.
• Landlords can impose a reasonable termination fee on tenants, but only if the fee is within the terms of the lease agreement.
• Definitions of “domestic violence,” “human trafficking,” “sexual assault,” and “stalking” are the same as in K.S.A 75-452, also known as the “Safe at Home” law where victims can obtain a substitute mailing address so they cannot be tracked.

Sen. Dinah Sykes (D-Johnson), the main sponsor of SB 150, said safe housing is crucial when victims are trying to leave a dangerous situation. She said there are existing housing protections for those who have been discriminated against for reasons such as race, sex or religion — and that it’s time to extend those protections.

Although there are many resources, they are not always permanent or available. Sykes said emergency shelters are often full and landlords can refuse housing because of a victim’s dangerous situation.

“Safe housing is an important step toward leaving an unsafe situation,” Sykes said. “The least we can do is make sure these victims are not discriminated against in housing when they do try and escape danger.”

Shannon Leeper, a detective for the Lenexa Police Department, worked with Deepal Patel on her case and also spoke in favor of the bill during the committee meeting.

“Not allowing a victim to break a rental lease without substantial cost re-victimizes them and substantially increases their chances of being seriously harmed,” she said.

According to Julie Donelon, president and CEO of the Metropolitan Organization to Counter Sexual Assault in Kansas City, Missouri, about 55 percent of sexual assault attacks happen at or near the victim’s home, yet there are still no housing protections.

Donelon said victims face many consequences for breaking their leases and are often left with little to no choice. They may have to stay in their room or break their lease and damage their credit report and rental history, she said.

“This bill offers reliefs — emotionally, socially, and economically — to victims,” Donelon said.

Michelle McCormick, program director for the YWCA Center for Safety and Empowerment in Topeka, shared the story of an unnamed survivor who was abused twice at the same apartment complex even though she requested an emergency transfer to other housing. While the victim was hospitalized for a substantial time, McCormick said, she received a notice for eviction and “no grace or understanding from the apartment complex.”

“The chief strategy that [abusers] are using is to limit the options of their victims and survivors from getting to safety,” McCormick said. “This bill is an opportunity…to help create more options for safety.”

In addition to these testimonies, there were many others that echoed similar thoughts in support of the bill. Proponent testimonies came from organizations including the Westwood Police Department, Sisters of Charity of Leavenworth, Kansas Interfaith Action, United Community Services of Johnson County, Wichita Family Crisis Center, Kansas Coalition Against Sexual and Domestic Violence, Keep Girls Safe Foundation and The Associated Landlords of Kansas.

“My apartment community and my landlord betrayed me, and I was denied my safety,” Patel said. “Passing this bill could save lives, provide safety and shelter to women who are brave enough to leave.” Since then, Patel has obtained an order of protection from the District Court and has worked with the Lenexa Police Department to find safety from her abuser.

There were no opponents to the bill.

SB 150’s fiscal note reported that landlords would not be able to evict or refuse leasing to individuals that have been or are in imminent danger of domestic violence, sexual assault, human trafficking or stalking. Tenants would also not be liable for rent if they vacate the property for those reasons.

Although the bill would provide additional housing protections, the Office of Judicial Administration claimed that the bill would have a minor fiscal effect on the Judicial Branch’s operations.

The Kansas Senate just passed SB150 40-0. This is a great step forward in protecting victims of domestic violence, sexual assault and stalking.

— Dinah Sykes (@dinah_sykes) March 14, 2019

On March 14, the Senate took final action on the bill and passed it as amended. It was received and introduced by the House the following day. The House Judiciary Committee met for the bill hearing on March 19. No action was taken and nothing is scheduled for SB 150 as of March 21.

Angel Tran is a University of Kansas senior from Wichita majoring in journalism.

WASHINGTON (AP) — Arkansas-based Tyson Foods is recalling more than 69,000 pounds (31,297 kilograms) of frozen, ready-to-eat chicken strips because they may be contaminated with pieces of metal.

The U.S. Agriculture Department said Thursday the products were produced on Nov. 30, 2018, and have a best if used by date of Nov. 30, 2019. The products have the establishment number “P-7221” on the back of their packages.

The USDA says it received two complaints about the metal, but there are no confirmed reports of anyone being injured.

The USDA is concerned the products could still be in freezers. Consumers should throw out the packages or return them to the place of purchase.

The recall comes after Tyson in January recalled some chicken nuggets because customers said they found pieces of “soft, blue rubber” inside.

DONIPHAN COUNTY —The KDOT is currently assisting with response to flooding in Doniphan County by moving 100 tons of sand from storage domes in Horton to Elwood.

Just after  8p.m. Thursday, Doniphan County Emergency Management sounded alarms to begin evacuations, according to their social media page. The city of Elwood sounded the sirens  for evacuation of the city. The water level has reached 30.13 feet and still rising 2 tenths of an inch an hour. KDOT was on stand-by to assist with evacuations.

Once evacuation were complete KDOT had planned to close the U.S. 36 ramps going into the city to keep people from returning.

During a community meeting city officials told residents utilities would be shut off to homes in advance of  possible flooding.

The evacuations in Elwood and Wathena were voluntary, according to city officials.  The levees were working to hold back the cresting Missouri River.

U.S. 59 remains closed at Kansas/Missouri State Line. Kansas 7 is also closed from Sparks, Kansas to Nebraska State line due to the flooding.  For more information on travel go to Kandrive.org

 

DICKINSON COUNTY — The Abilene Police Department is asking for the public’s help in locating this white 1967 Ford Mustang. From the Abilene Police Department’s Facebook page:

KANSAS CITY (AP) — A Kansas City-area high school student has been charged after allegedly taking photos and videos up other students’ shorts.

The Platte County prosecutor charged 17-year-old Jared A. Scott with six counts of misdemeanor invasion of privacy Tuesday.

Scott’s attorney didn’t immediately return an Associated Press request for comment Thursday.

Two girls recently told Park Hill South High School administrators that Scott used a cellphone to shoot video up of one student’s shorts. Another said that also happened to her last year, although she didn’t report it then.

According to court records, Scott denied using his cellphone to take those photos after being confronted.

Authorities identified a third possible victim after reviewing surveillance footage from the school. Investigators also say they found photos of six possible victims.