Sally Beauty Holdings has confirmed that hackers broke into its payment systems and stole customer card data. About a year ago the retail chain suffered a similar intrusion.

The company launched an investigation in early May after receiving reports of unusual activity involving payment cards used at some of its stores. While it now has sufficient evidence to confirm an illegal intrusion, the company declined to comment on the breach’s scope until the forensics investigation is complete.

Sally Beauty is one of the largest retailers of beauty products in the U.S. and has over 4,500 stores.

In March last year, the company said hackers stole up to 25,000 customer records containing payment card data. According to the company’s annual report for 2014, attackers managed to install malware on some of its point-of-sale systems and captured “track 2” card data.

Track 2 refers to one of the data tracks encoded on a card’s magnetic stripe. It contains the card’s number and expiration date and can be used by criminals to clone it.

“There can be no assurances that we will not suffer another cyber-attack or data security breach in the future and, if we do, whether our physical, technical and procedural safeguards will adequately protect us against such attacks and breaches,” the company said in its report.

The compromise of point-of-sale systems with memory-scraping malware has resulted in some of the largest card breaches over the past two years. The technique was used to steal 56 million payment card records from Home Depot last year and 40 million from Target in late 2013.

United Airlines is offering rewards to researchers for finding flaws in its websites but the company is excluding bugs related to in-flight systems, which the U.S. government says may be increasingly targeted by hackers.

The bug bounty program rewards people with miles that can be used for the company’s Mileage Plus loyalty program as opposed to cash, which web giants such as Google, Facebook and Yahoo pay.

Many companies have launched reward programs to attract independent researchers to investigate their software code and confidentially report flaws before hackers discover them.

United may be the first airline to create such a program, but the airline will not accept bugs found in onboard Wi-Fi, entertainment or avionics systems.

It warned of possible criminal and legal investigations for any testing of live systems on planes or aircraft systems.

The program comes shortly after United bumped heads with a security researcher who has probed aircraft software flaws. Chris Roberts, founder and CTO of One World Labs, was questioned by police and FBI agents following a flight last month on a United 737/800.

Roberts had written a joking tweet on April 15 referring to the aircraft’s Engine Indication and Crew Alerting System, or EICAS, which monitors a variety of systems.

United’s program comes about a month after a report from the U.S. Government Accountability Office warned that aircraft avionics systems could be at risk due to increasing Internet connectivity.

Software vulnerabilities in firewalls that separate cabin systems from cockpits could be subverted and “allow an attacker to gain remote access to avionics systems and compromise them,” it said.

The airline will give 1 million air miles for an eligible remote execution flaw, 250,000 for issues such as authentication bypass, brute force or timing attacks and 50,000 for cross-site scripting and request forgery flaws.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Upon learning of Reddit’s plan to change its rules to prohibit harassment and make the site friendlier, some users reacted with resentment and confusion.

Reddit, known for the unconstrained nature of its discussions among people who post anonymously, said on Thursday that it will also now let users contact Reddit employees to report abusive posts. The changes were made to balance free expression with privacy and safety, and improve the quality and range of discourse on the site, according to the company.

But in a discussion thread on Reddit, some users called the changes vague because they didn’t clarify what constituted harassment. Others said the changes would destroy free expression on the site, or characterized them as a ploy to attract advertisers.

“Posting meaningless feel-good drivel like this makes companies feel better about making ad buys,” one user wrote, referring to Reddit’s announcement.

Another said the changes show that Reddit’s strategy of letting the community police itself hasn’t worked. The changes, the user predicted, would spark an arbitrary crackdown on expression, speech and communities that admins on the site simply don’t like.

Reddit defined harassment as continued actions to torment or demean someone, making any reasonable person feel Reddit is not a safe platform to express their ideas, or fear for their own and others’ safety. But some thread participants weren’t satisfied with that definition.

In response, a Reddit staffer said in the thread that the site would pay attention to the context and form of harassment. “We care very much about not overreaching as much as helping those being harassed,” the staffer said.

Still, others expressed concern over how Reddit would deal with harassment complaints, afraid that users might be banned from the site without justification. A spokeswoman for the site declined to clarify this point further.

The anti-harassment rules come less than three months after Reddit said it would ban revenge porn, or nude photos and videos posted without people’s consent. When the iCloud accounts of celebrities like Jennifer Lawrence and Kate Upton were broken into last year, some of their nude photos were posted to Reddit.

Meanwhile, the “Gamergate” controversy, in which males targeted female critics of the video game industry, played out on Reddit, and other sites like 4chan and YouTube.

The changes, the spokeswoman said, are meant to address new types of harassment on the site. In a survey conducted by Reddit last month, the site found that the number one reason why users said they would not recommend the site to others was hateful and offensive content.

Reddit’s philosophy underlying the changes is not altogether new. The site’s previous rules of etiquette also banned rudeness, and encouraged people to be civil, suggesting that they ask themselves: “Would I say it to the person’s face?”

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach’s e-mail address is zach_miners@idg.com

One of the pitches Smart Labs makes on its website promoting Halo WX, purportedly the smartest smoke alarm ever created, is that “safety shouldn’t discriminate.” The company’s referring to Halo’s ability to connect with most smart-home systems including Iris, iControl, SmartThings, and Apple’s reportedly delayed HomeKit, but it could have just as easily been in response to Mother Nature’s indiscriminate tendencies when it comes to natural disasters ranging from hurricanes, floods and tornadoes.

Smart Labs says its Halo WX is the first alarm to quickly detect flash fires, smoldering fires, and carbon monoxide in a single device, but that’s not all it does. Halo WX is pre-configured to receive geographically localized tornado warnings issued by the National Weather Service

Why this matters: Halo and Halo WX aren’t the first smart smoke alarms on the market, but Smart Labs does have ambitions of them being the best. In addition to the advanced functionality of Halo WX, both also supposedly do a better job than competitors like Nest at reducing false alarms through “intelligent monitoring of five different sensors.” Nest has been criticized for sounding a false alarms, and if you prescribe to the ‘boy who cried wolf’ philosophy, that could make you less likely to react appropriately to a real emergency.

The Halo WX’s weather-alert feature was born out of a close call involving the father of Smart Labs co-founder Ben Stagg, who had a close encounter with the tornado that struck Joplin, MO and claimed 160 lives back in 2011. While working on a farm not far from Joplin, Stagg senior happened to hear a weather bulletin on a radio in his barn as he walked by. He had barely enough time to take cover, though according to an accounting of his event in the Charlotte Business Journal , winds had become so strong that he couldn’t close the cellar doors before the storm passed. He survived the incident, though many others weren’t so lucky.

Combined with a house fire that later struck one of Stagg’s family members in 2014, he was sufficiently motivated to develop a better, smarter smoke alarm. The end result is Halo WX, a connected device that can pull weather alerts from the Internet and deliver them to your mobile device. You’re in control of which alerts you want to receive, so if you’re not concerned about hurricanes or tsunamis tearing through your location, you don’t have to be bothered with related notifications.

Halo WX also boasts a 10-year battery backup that ensures those annoying chirps warning of low battery life will be few and far between. The device itself is hardwired directly into your home’s power source, though if you lose power, it can still receive emergency messaging for up to a week. These messages might include helpful information such as evacuation routes or safe drinking water locations, to name just two examples.

Smart Labs is currently accepting pre-orders for Halo WX through a crowdfunding effort on Indiegogo. If you can do without the weather alerts, Early Bird pricing for Halo is set $60. Halo WX offers the same flash fire, smoldering fire, and CO detection as Halo, but adds natural disaster alerts for an Early Bird price of $80.

A lopsided vote in the U.S. House of Representatives this week to rein in the National Security Agency’s domestic telephone records dragnet won muted praise, with many supporters calling on Congress to take stronger action.

Critics, meanwhile, slammed the USA Freedom Act for extending the section of the antiterrorism Patriot Act that the NSA has used to collect the telephone records of nearly all U.S. residents. The bill, passed by a 338-88 vote late Wednesday, would end the NSA’s bulk collection of domestic telephone records, while allowing the agency to continue to collect phone and other business records in a more targeted manner.

The bill’s failure to kill the business and telephone records section of the Patriot Act, which would expire on June 1 without congressional action, is “fake reform,” according to digital rights groups Fight for the Future and Demand Progress and progressive carrier CREDO Mobile. The bill would expand NSA surveillance powers to VoIP and video chats and would take the “wind out of the sails of real reform by appearing to have addressed mass surveillance,” the groups said on a new website, USAFreedom.fail.

The USA Freedom Act is “the opposite of reform,” Tiffiniy Cheng, co-founder of Fight for the Future, said by email.

There’s no reason for the NSA to be surveilling “everyone and their mom in order to go after their targets,” she added. “That’s just rogue and illegal behavior and part of selling a culture of fear. We’re demanding to see them build a case to surveil my mom and millions of Internet users around the world before they get one more peek at our private lives.”

Other digital rights and tech groups praised the House for advancing the bill, but several called on lawmakers to broaden their focus on surveillance reform. The USA Freedom Act addresses only domestic records collection by the NSA and the FBI; it takes no action to limit the NSA’s controversial overseas surveillance of the content of email, texts, telephone calls and other electronic communications.

The House bill also faces a tough fight in the Senate, where Majority Leader Mitch McConnell, a Kentucky Republican, has introduced legislation to extend the business and telephone records section of the Patriot Act with no new limits on the NSA.

Senator Ron Wyden, an Oregon Democrat, promised to fight any renewal of the Patriot Act that doesn’t include reforms. “Supporters of dragnet surveillance are fighting to preserve the status quo, but the American public is rightfully demanding a change,” he said in a statement. “It is time for mass surveillance to end, and I will filibuster any attempt to extend this illegal surveillance, which violates core American rights without making our country any safer.”

The House passage of the USA Freedom Act is an “important first step” toward reforming surveillance, even though other reforms are needed, Kevin Bankston, policy director at the New America Foundation’s Open Technology Institute, said by email. The vote sends an “unequivocal message” to the Senate that a simple renewal of the Patriot Act is off the table, he added.

Congress needs to pass additional reforms, including so-called backdoor searches of U.S. communications inadvertently collected by the NSA when it targets the foreign communications of people suspected to be connected to terrorist groups, Wyden said.

Sponsors of the USA Freedom Act defended it, calling it the first major step toward surveillance reform since former NSA contractor Edward Snowden leaked information about the agency’s programs starting in mid-2013.

By ending the NSA’s bulk collection of U.S. phone records, the bill ends an “assault on Americans’ civil liberties,” Representative Bob Goodlatte, a Virginia Republican and sponsor of the bill, said in a video. “This bill reforms our intelligence-gathering programs so that they operate in a manner that reflects core American values.”

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s email address is grant_gross@idg.com.