Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

DOJ Say Evidence Against Oath Keepers Came From Signal Chats

Posted on by

While many of the groups that took part in last year’s siege on the U.S. Capitol turned to Facebook and Telegram groups to plan their part in the attack, the Oath Keepers—a far-right org that’s best described as somewhere between a militia and a rag-tag group of wannabe vigilantes—are alleged to be bigger fans of the encrypted chat app Signal, instead.

In court filings that were made public this week following the arrest of 10 Oath Keeper members and the group’s leader Stewart Rhodes for their alleged role in the Capitol riots, authorities claim that they were able to access multiple invite-only chatrooms where group members coordinated their role in the riots. Authorities describe detailed meetings discussing everything from combat and firearms training to the uniforms Oath Keeper members were going to wear the day of. What’s less clear is how these encrypted chats were divulged in the first place.

[…]

While it’s clear that these docs lay out some pretty horrific chats happening over Signal, it’s less clear how authorities were able to access these chats in the first place. Law enforcement has clashed with this particular app for years while trying to glean information on suspects that use it, and Signal often publicly brushed those attempts off.

In 2018, Signal’s developers told Australian authorities that it wouldn’t be able to comply with the country’s new Assistance and Access Law even if it wanted to because each message’s encrypted contents are protected by keys that were “entirely inaccessible” to the people running the app. More recently, authorities in California tried multiple times to get the company to budge on the issue and comply with the state’s subpoena requests, only to be met with the same responses each time.

“Just like last time, we couldn’t provide any of that,” Signal’s team wrote in a blog post at the time. “ It’s impossible to turn over data that we never had access to in the first place.” Heck, even recent FBI training docs that were obtained via Freedom of Information Act requests reveal that the agency can’t access people’s chats on the app!

[…]

It’s possible that one of the Oath Keeper members that was privy to these chatrooms cooperated with authorities and handed the details over.

[…]

Another theory is that authorities gained access to these chats by gaining access to one of the defendants’ locked devices

[…]

Source: DOJ Say Evidence Against Oath Keepers Came From Signal Chats

Or  they infiltrated the group and were invited into the chatroom…

John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

Posted on by

A class action lawsuit filed in Chicago has accused John Deere of running an illegal repair monopoly. The lawsuit alleged that John Deere has used software locks and restricted access to repair documentation and tools, making it very difficult for farmers to fix their own agricultural equipment, a problem that Motherboard has documented for years and that lawmakers, the FTC, and even the Biden administration have acknowledged.

[…]

The situation is so bad that it’s created a boom in the secondary market. Used tractors are selling for hundreds of thousands of dollars, in part, because they’re easier to repair than modern machines.

Forest River Farms, a farming corporation in North Dakota, filed the recent antitrust lawsuit against John Deere, alleging that “Deere’s network of highly-consolidated independent dealerships is not permitted through their agreements with Deere to provide farmers or repair shops with access to the same software and repair tools the Dealerships have.”

[…]

Last year, President Biden signed an executive order aimed at making it easier for everyone to fix their own stuff. He also directed the FTC to formally adopt a pro right-to-repair platform. Legislation has been introduced in congress that would enshrine the right-to-repair and similar laws are working their way through various statehouses across the country. Microsoft’s shareholders have pressed the company to do more for repair and even Apple is backing away from its monopolistic repair practices.

[…]

Source: John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

German IT security watchdog: No evidence of censorship function in Xiaomi phones

Posted on by

Germany’s federal cybersecurity watchdog, the BSI, did not find any evidence of censorship functions in mobile phones manufactured by China’s Xiaomi Corp (1810.HK), a spokesperson said on Thursday.

Lithuania’s state cybersecurity body had said in September that Xiaomi phones had a built-in ability to detect and censor terms such as “Free Tibet”, “Long live Taiwan independence” or “democracy movement”. The BSI started an examination following these accusations, which lasted several months. read more

“As a result, the BSI was unable to identify any anomalies that would require further investigation or other measures,” the BSI spokesperson said.

Source: German IT security watchdog: No evidence of censorship function in Xiaomi phones | Reuters

Google’s and Facebook’s top execs accused of fixing ads

Posted on by

The alleged 2017 deal between Google and Facebook to kill header bidding, a way for multiple ad exchanges to compete fairly in automated ad auctions, was negotiated by Facebook COO Sheryl Sandberg, and endorsed by both Facebook CEO Mark Zuckerberg (now with Meta) and Google CEO Sundar Pichai, according to an updated complaint filed in the Texas-led antitrust lawsuit against Google.

Texas, 14 other US states, and the Commonwealths of Kentucky and Puerto Rico accused Google of unlawfully monopolizing the online ad market and rigging ad auctions in a December, 2020, lawsuit. The plaintiffs subsequently filed an amendment complaint in October, 2021, that includes details previously redacted.

On Friday, Texas et al. filed a third amended complaint [PDF] that fills in more blanks and expands the allegations by 69 more pages.

The fortified filing adds additional information about previous revelations and extends the scope of concern to cover in-app advertising in greater detail.

Presently, there are three other US government-backed unfair competition claims against Google ongoing: a federal antitrust lawsuit from the US Justice Department, a challenge from Colorado and 38 other State Attorneys General (filed around the same time as the Texas-led complaint), as well as a competition claim focused on Android and the Google Play Store filed last July.

The third amendment complaint delves into more detail about how Google allegedly worked “to kill header bidding,”

[]…]

The deal, referred to as “Jedi Blue” internally and eventually as “Open Bidding” when discussed publicly, allegedly allowed Facebook to win ad auctions even when outbid by competitors.

The third amended complaint explains, “Facebook’s Chief Operating Officer [REDACTED] was explicit that ‘[t]his is a big deal strategically’ in an email thread that included Facebook CEO [REDACTED].

[…]

The expanded filing includes new allegations about how Google used Accelerated Mobile Pages to hinder header bidding.

Google first created Accelerated Mobile Pages (“AMP”), a framework for developing mobile webpages, and made AMP compatible with Google’s ad server but substantially hindered compatibility with header bidding. Specifically, Google made AMP unable to execute JavaScript in the header, which frustrated publishers’ use of header bidding.

[…]

What’s more, the revised filing adds support for the claim that a Google ad program called Dynamic Revenue Share or DRS cheated to help Google win more valuable ad impressions.

“DRS manipulated Google’s exchange fee after soliciting bids in the auction and after peeking at rival exchanges’ bids to win impressions it would have otherwise lost,” the revised complaint says.

And the complaint now contends that Google personnel admitted the unfairness of the DRS system: “Google internally acknowledged that DRS made its auction untruthful: ‘One known issue with the current DRS is that it makes the auction untruthful as we determine the AdX revshare after seeing buyers’ bids and use winner’s bid to price itself (first-pricing)….'”

[…]

Source: Google’s and Facebook’s top execs accused of fixing ads • The Register

Apple Lets Developers in the Netherlands Offer Payment Options, escape from the 30% squeeze

Posted on by

Apple will grudgingly allow dating app developers in the Netherlands to use alternative payment methods in the App Store, but it doesn’t like it, and the score hasn’t been settled yet.

In an update on its developers’ blog on Friday, Apple said dating app developers will have two new optional “entitlements” in the App Store, which sounds strangely medieval, but OK. Besides using Apple’s in-app payment system—which nearly all developers worldwide are obligated to use, with some exceptions—they will also be able to include an in-app link directing users to their website to make a purchase or use a third-party payment system in the app.

According to Apple, developers can choose only one of the two entitlements and have to request it from Apple. For those who want to continue using Apple’s in-app payment system, where the company takes between a 15% and 30% cut of every purchase, no action is needed.

[…]

Source: Apple Lets Developers in the Netherlands Offer Payment Options

Yes, a small country can make a big difference!

North Korea made ‘$400m’ in cryptocurrency heists last year

Posted on by

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader’s coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 – although part of the reason might be that they are now so valuable people are taking more care with them.

Source: North Korea made ‘$400m’ in cryptocurrency heists last year • The Register

Teen hacker finds bug that lets him control 25+ Teslas remotely. Also 1000s of auth tokens expired silmutaneously

Posted on by

A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.

David Colombo explained in the thread that the flaw was “not a vulnerability in Tesla’s infrastructure. It’s the owner’s faults.” He claimed to be able to disable a car’s remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car’s exact location.

[…]

On a related note, early on Wednesday morning, a third-party Tesla app called TezLab reported that it saw the “simultaneous expiry of several thousand Tesla authentication tokens from Tesla’s side.” TezLab’s app makes use of Tesla APIs that allow apps to do things like log in to the car and enable or disable the anti-theft camera system, unlock the doors, open the windows, and so on.

Source: Teen hacker finds bug that lets him control 25+ Teslas remotely | Ars Technica

Ransomware puts New Mexico prison in lockdown, closes doors, security cameras to personnel

Posted on by

[…]

Commissioners told the court that all of Bernalillo County, which covers the US state of New Mexico’s largest city Albuquerque, had been affected by a January 5, 2022, ransomware attack, including the Metropolitan Detention Center (MDC) that houses some of the state’s incarcerated.

[…]

Over the phone, a spokesperson for the facility told The Register on Wednesday that services are still being repaired.

The attack took automatic security doors offline on January 5th, requiring officials to open doors manually with keys until that particular function could be revived.

Officials said in their filing that County-operated databases, servers, and internet service had been compromised. At MDC, this has meant limited access to email and no access to County wireless internet. This is particularly problematic, the officials say, because the MDC’s structure and location interferes with cellular service.

“One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras,” they explained. “As of the evening of January 5th, there was no access to cameras within the facility.”

MDC instituted a temporary lockdown in response to the situation. Court-related video conferences are also not happening.

Several County databases at MDC are also believed to have been corrupted by the attack.

“The Incident Tracking System (ITS), the database in which MDC creates and houses all incident reports, including inmate fights, use of force, allegations of violations of the Prison Rape Elimination Act, is not currently available as it is suspected to be corrupted by the attack,” the filing states.

“Further, the Offender Management System (OMS) which MDC uses to store and access information about inmates including inmate account data is likewise unavailable at the present.”

[…]

The plaintiffs in the case have taken the opportunity to submit the statement [PDF] of a registered nurse who announced that she was quitting her job at MDC because of concerns about conditions there. The nurse, Taileigh Sanchez, describes dire staff shortages at MDC and problems with a new electronic medical records system, issues that have been made worse by the ransomware attack.

The attack denied access to current medical records, she said, which may have prevented some inmates from getting their medications.

Sanchez said she told supervisors about her concerns – which date back before the ransomware hit – but faced retaliation. “Even though I like my job, and have even been here 11 years, I will be resigning my full-time position effective immediately due to the safety concerns I have for our clientele and our staff,” she said in her declaration.

Source: Ransomware puts New Mexico prison in lockdown • The Register

Open source maintainer PLC4X hits out at corporate freeloaders, stops offering free support

Posted on by

Yet another developer of open source software has tired of companies utilizing the code he helps maintain without giving anything back to support the project.

On Tuesday, Christofer Dutz, creator of Apache PLC4X, said he will stop providing community support for the software if corporate users fail to step up and open their wallets.

“The industry seems to like using PLC4X and open-source in general, but doesn’t seem to be willing to support the people working on it,” he wrote in a post to GitHub. “So, I will stop providing free community support for PLC4X.”

Dutz is one of six listed maintainers of Apache PLC4X, a set of libraries for communicating with programmable logic controllers – industry-specific devices involved in the automation of various manufacturing tasks. His demand for support exists outside his involvement with the Apache Foundation; he maintains a separate IT consultancy called c-ware to help companies design and implement PLC4X software to suit their respective businesses.

C-ware has launched several crowdfunding initiatives to adapt Apache PLC4X to Python, Rust, and TypeScript, among other enhancements, but these have barely attracted any funding commitments.

[…]

Source: Open source maintainer hits out at corporate freeloaders • The Register

With log4j fresh in memory it’s pretty clear that this widespread use of FOSS without any money going the way of the non-university funded maintainers is not sustainable

FTC’s latest monopoly lawsuit against Meta Facebook gets go-ahead

Posted on by

The Federal Trade Commission’s antitrust complaint that Facebook, er, Meta operates as a monopoly will be heard by the courts after the US watchdog’s initial lawsuit was dismissed.

In December 2020, the FTC accused Meta of “illegally maintaining its personal social networking (PSN) monopoly through a years-long course of anticompetitive conduct.” It threatened to break up the mega-corporation and undo its acquisitions Instagram and Whatsapp.

This legal challenge fell flat, however, when judges threw the case out six months later. Evidence supporting the idea it unlawfully dominated social media was said to be lacking though the regulator was given another chance to file an amended lawsuit. A federal judge has now agreed to hear the case this time.

“First, the FTC has now alleged enough facts to plausibly establish that Facebook exercises monopoly power in the market for PSN services,” Judge James Boasberg ruled [PDF] this week.

“Second, it has adequately alleged that the company’s dominant market share is protected by barriers to entry into that market. Third, the agency has also explained that Facebook not only possesses monopoly power, but that it has willfully maintained that power through anticompetitive conduct — specifically, the acquisitions of Instagram and WhatsApp.”

The amended lawsuit brings up pretty much the same allegations as the first lawsuit. It claims Meta has been operating as a monopoly for years with Instagram and Whatsapp under its belt, and that it has enforced anticompetitive practices to deter or thwart rivals.

[…]

Source: FTC’s latest monopoly lawsuit against Meta gets go-ahead • The Register

UltraRAM Breakthrough Brings Combined Memory and Storage to a single wafer

Posted on by

Scientists from the Physics and Engineering Department of the UK’s Lancaster University have published a paper detailing a breakthrough in the mass production of UltraRAM. Researchers have pondered over this novel memory type for several years due to its highly attractive qualities, and the latest breakthrough means that mass production on silicon wafers could be within sight. UltraRAM is described as a memory technology which “combines the non-volatility of a data storage memory, like flash, with the speed, energy-efficiency, and endurance of a working memory, like DRAM.”

ULTRARAM fabrication

(Image credit: Lancaster University)

Importantly, UltraRAM on silicon could be the universal memory type that will one day cater to all the memory needs (both RAM and storage) of PCs and devices.

[…]

The fundamental science behind UltraRAM is that it uses the unique properties of compound semiconductors, commonly used in photonic devices such as LEDs, lasers, and infrared detectors can now be mass-produced on silicon. The researchers claim that the latest incarnation on silicon outperforms the technology as tested on Gallium Arsenide semiconductor wafers.

An ULTRARAM cell

(Image credit: Lancaster University)

Some extrapolated numbers for UltraRAM are that it will offer “data storage times of at least 1,000 years,” and its fast switching speed and program-erase cycling endurance is “one hundred to one thousand times better than flash.” Add these qualities to the DRAM-like speed, energy efficiency, and endurance, and this novel memory type sounds hard for tech companies to ignore.

If you read between the lines above, you can see that UltraRAM is envisioned to break the divide between RAM and storage. So, in theory, you could use it as a one-shot solution to fill these currently separate requirements. In a PC system, that would mean you would get a chunk of UltraRAM, say 2TB, and that would cover both your RAM and storage needs.

The shift, if it lives up to its potential, would be a great way to push forward with the popular trend towards in-memory processing. After all, your storage would be your memory – with UltraRAM; it is the same silicon.

[…]

Source: UltraRAM Breakthrough Brings New Memory and Storage Tech to Silicon | Tom’s Hardware

Undersea Cable Connecting Norway With Arctic Satellite Station Has Been Mysteriously Severed

Posted on by

n undersea fiberoptic cable located between mainland Norway and the Svalbard archipelago in the Arctic Ocean has been put out of action in a still-mysterious incident. The outage on the subsea communications cable — the furthest north of its kind anywhere in the world — follows an incident last year in which different cables linking an undersea surveillance network off the Norwegian coast were severed, a story that we covered in detail at the time.

The latest disruption involves one of two fiberoptic cables that enable communications between the Norwegian mainland and Norwegian-administered Svalbard that lies between the mainland and the North Pole. The outage occurred on the morning of January 7, but was first widely reported yesterday. The extent of the damage is not clear from the official press release from Space Norway, the country’s space agency, which maintains the cables primarily in support of the Svalbard Satellite Station (SvalSat), but it is significant enough that it is expected to require the services of an ocean-going cable-laying vessel.

Bjoertvedt/Wikimedia Commons

The Svalbard Satellite Station atop the mountain of Platåberget on the island of Spitsbergen in Svalbard, Norway.

In addition to the SvalSat facilities, the fiber-optic cables provide broadband internet to Svalbard. The SvalSat site consists of more than 100 satellite antennas on a mountain plateau and is the largest commercial ground station of its kind.

Being located between mainland Norway and the North Pole means that SvalSat is in much demand with operators of polar-orbiting satellites, being one of only two ground stations from which data can be downloaded from these types of satellites on each of the Earth’s rotations.

Space Norway, which operates the undersea cables, confirms that the second is still functioning normally, but the loss of the first means there is now no redundancy available until repairs can be made.

[…]

Source: Undersea Cable Connecting Norway With Arctic Satellite Station Has Been Mysteriously Severed

FAA’s Statement On Mysterious US wide Air Traffic Halt after Korean missile launch Leaves More Questions Than Answers

Posted on by

The Federal Aviation Administration has finally put out an official statement regarding a still very mysterious ground stop order that it issued to all aircraft in the western U.S. and Hawaii yesterday around 2:30 PM PST. While the incident is now confirmed, there are still a significant number of unanswered questions, including the most important one: what triggered this decision in the first place? You can get up to speed first on what The War Zone had been able to determine in our initial reporting here

The Federal Aviation Administration (FAA) issued their statement just before 9:40 AM PST this afternoon, over 20 hours after the order was sent. The War Zone had already reached out to the FAA with a number of basic questions regarding the event, but we have still not received a direct response.

FAA’s full statement, so far, regarding this incident, is as follows:

As a matter of precaution, the FAA temporarily paused departures at some airports along the West Coast on Monday night. Full operations resumed in less than 15 minutes. The FAA regularly takes precautionary measures. We are reviewing the process around this ground stop as we do after all such events.

This statement is immediately curious for a number of reasons. For one, publicly available recordings of air traffic controllers on the ground talking with pilots at the time show that this pause was not limited to the West Coast of the continental United States. For instance, pilots in Honolulu, Hawaii were given similar instructions.

One source, a pilot flying into Yuma, Arizona, which lies around 150 miles inland from the West Coast, told The War Zone that the alert had been described to them as “national ground stop.” This also highlights that we know that the stop order did not only impact departures. Other air traffic control recordings make clear that even some aircraft were ordered to land as soon as possible, as well.

The FAA statement makes no mention of what prompted it to take this “precaution,” either. Air traffic controllers at Burbank in California can be heard in one recording referencing an unspecified “national security threat.”

There had been reports, as well as general speculation, that the ground stop may have been related to a North Korean missile launch that occurred right at almost the same time that FAA issued its order. This was not entirely out of the realm of reason.

[…]

Source: FAA’s Statement On Mysterious Air Traffic Halt Leaves More Questions Than Answers

White House invites tech firms to discuss open-source software security in January

Posted on by

White House National Security Advisor Jake Sullivan has invited major tech firms to discuss ways that the cybersecurity of open-source software can be improved, Bloomberg reported on Thursday.

According to Bloomberg, the tech firms include “major software companies and developers.” Cloud providers are also reportedly among the invited companies.

Anne Neuberger, deputy national security advisor for cyber and emerging technology, will reportedly host a one-day discussion in January with representatives of the invited tech companies. The discussion will involve “company officials responsible for open-source projects and security,” according to Reuters.

The White House’s invitation to tech companies comes a few weeks after the discovery of a critical vulnerability in Log4j, a widely used open-source tool. In a letter to the invited tech firms, Sullivan reportedly stated that the popularity of open-source software projects and the fact that they’re maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability.”

[…]

Source: White House invites tech firms to discuss open-source software security in January – SiliconANGLE

A real problem is that due to rabid insistence by hard core FOSS advocates who are usually tenured at a university and thus have a good salary, Open source maintainers are not really allowed to make any money, whilst uptake and complexity of their software has grown massively, making it an uphill slog maintaining the software for no renumeration whatsoever.

Google and Facebook Fined Big in Russia for Failing to Remove Banned Content – imprisonment threats follow forcing local data storage

Posted on by

A Russian court fined Alphabet Inc.’s Google 7.2 billion rubles ($98 million) and Meta Platforms Inc. 2 billion rubles Friday for failing to remove banned content, the largest such penalties yet, as the authorities escalate a crackdown on foreign technology companies.

The fines were due to the companies’ repeated failure to comply with orders to take down content and based on a percentage of their annual earnings in Russia, the federal communications watchdog said in a statement. Google and Meta could face more fines if they don’t remove the material, it said.

[…]

The government is also pushing tech companies to comply with its increasingly strict laws on localizing data storage. This year, Google and Apple Inc. removed a protest-voting app from their Russian stores during parliamentary elections after the authorities threatened to imprison their local staff.

Until the latest rulings, however, fines for failure to remove content were generally insignificant. In September, Russia’s federal communications watchdog said companies that did not delete content could face fines of 5% to 20% of their annual local revenue.

Google earned revenues in Russia of about 85 billion rubles in 2020, according to the Spark-Interfax database.

“For some reason, the company fulfills decisions of American and European courts unquestioningly,” Anton Gorelkin, a ruling party deputy in the lower house of parliament who sits on the Information Policy committee, wrote on Telegram after the Google ruling was announced Friday. “If the turnover fine doesn’t bring Google to its senses, I’m afraid that some very unpleasant measures will be taken.”

[…]

Source: Google in Russia Fined $98 Million for Failing to Remove Banned Content – Bloomberg

EXCLUSIVE Dutch watchdog finds Apple app store payment rules anti-competitive – sources

Posted on by

The Dutch antitrust authority has found that Apple’s rules requiring software developers to use its in-app payment system are anti-competitive and ordered it to make changes, four people familiar with the matter said, in the latest regulatory setback for the iPhone maker.

Apple’s app-store payment policies, in particular its requirement that app developers exclusively use its payment system where commissions range between 15% and 30%, have long drawn complaints from developers.

[…]

The Netherlands’ Authority for Consumers and Markets (ACM) last month informed the U.S. technology giant of its decision, making it the first antitrust regulator to make a finding the company has abused market power in the app store, though Apple is facing challenges in multiple countries.

ACM has not levied a fine against Apple, but demanded changes to the in-app payment system, the people said. The decision has not been seen by Reuters.

An ACM spokesperson declined to comment, saying that the matter is currently under legal review. The regulator has previously said it expects to publish its decision this year.

[…]

Source: EXCLUSIVE Dutch watchdog finds Apple app store payment rules anti-competitive – sources | Reuters

LG’s Next-Gen OLED EX Tech Promises Major Improvements

Posted on by

[…]

OLED EX (the EX stands for Evolution and eXperience, unfortunately) promises to boost maximum brightness, enhance picture quality, and allow for smaller display bezels. The underlying technology—millions of individual self-lit pixels—hasn’t changed, but the use of an isotope called deuterium combined with algorithmic image processing can increase brightness by up to 30% over conventional OLED displays, LG claims.

As boring as that may sound, the science behind it is actually pretty fascinating. LG found a way to extract deuterium, a rather scarce isotope (there is one deuterium atom in 6,000 hydrogen atoms) that’s twice as heavy as hydrogen from water, then applied it to its TV’s OLED elements. LG says stabilized deuterium compounds let the display emit brighter light while improving efficiency over time.

Moving to the second change, LG is using a “personalized” machine learning algorithm that predicts the usage of each light-emitting diode (on up to 8K TVs) based on your viewing habits, then “precisely controls the display’s energy input to more accurately express the details and colors of the video content being played.”

Source: LG’s Next-Gen OLED Tech Promises Major Improvements

T-Mobile Has Suffered Yet Another Data Breach

Posted on by

The news comes via internal documents shared with The T-Mo Report, embedded below. They state that there was “unauthorized activity” on some customer accounts. That activity was either the viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both.

This comes just on the heels of a previous breach back in August. This time around, though, the damage appears to be much less severe. It seems only a small subset of customers are affected. There is no further detail about what exactly happened, with the documents simply saying that some info was leaked.

Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.

The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.

The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.

[…]

Source: [Update: T-Mobile Statement] Exclusive: T-Mobile Has Suffered Yet Another Data Breach

Airbnb Hides Guest First Names in Oregon to Stop Discrimination

Posted on by

[…] Beginning on Jan. 31, hosts will only see the initials of guests’ first names until they confirm a booking request, Airbnb announced in a December news announcement spotted by the Verge. After a host confirms the booking, the guest’s full name will appear. The change to how names are displaced will be in place for at least two years.

“While we have made progress, we have much more to do and continue working with our Hosts and guests, and with civil rights leaders to make our community more inclusive,” Airbnb said.

In its announcement, the company said the update is consistent with the voluntary settlement agreement it reached with individuals in Oregon in 2019 “who raised concerns regarding the way guests’ names are displayed when they seek to book a listing.”

According to the Oregonian, in 2017 Portland resident Patricia Harrington filed a lawsuit against Airbnb. She claimed that because Airbnb requires guests to disclose their full name and include a photo, which hosts’ review before they accept a booking, the company was allowing hosts to discriminate against Black guests. This constituted a violation of Oregon’s public accommodation laws, she alleged.

Airbnb settled the lawsuit, which included two more Black women in Oregon, in 2019. By that time, Harrington had died.

The lawsuit’s claims weren’t wrong. Black guests have been sounding the alarm about discrimination on the platform for years and even created a hashtag: #AirbnbWhileBlack. In 2016, a Harvard Business School study even found that requests from guests with African American names were roughly 16% less likely to be accepted by hosts than identical guests with distinctively white names.

[…]

“Given that the impact of this change is unknown, the implementation will be limited,” Airbnb spokesperson Liz DeBold Fusco said in an email. “We will evaluate the impact of this change to understand if there are learnings from this work that can inform future efforts to fight bias.”

[…]

Source: Airbnb Hides Guest First Names in Oregon to Stop Discrimination

Roblox and many other huge tech businesses Save Millions Taking Advantage Of A Massive Tax Dodge

Posted on by

Game-making platform and fledgling metaverse Roblox made the news yesterday as the focus of a New York Times report about a ‘90s era tax cut that’s spun out of control. Originally created to foster investment in small businesses, the Qualified Small Business Stock, or Q.S.B.S., exemption has transformed into a way for ultra-wealthy businesses to avoid paying taxes on huge amounts of profits.

I’d say it seemed like a good idea at the time, but it really wasn’t. Launched in 1993, the Qualified Small Business Stock exemption was presented as a means to get more people investing in start-ups by shielding some of a company’s profits from taxation. Originally the exemption meant an investor would be shielded from paying taxes on half of profits up to 10 million dollars, but that was eventually changed to exempt the entire 10 million

[…]

the U.S. tax system for voting into being a loophole-laden exemption that would eventually be so abused that participating in it would be considered a right-of-passage for Silicon Valley’s ultra-wealthy. The problem with the Q.S.B.S. exemption is that it can be cloned. All it takes is gifting stock to friends and family. Though they haven’t invested in the company, they nevertheless still qualify for the exemption, so you can ensure that large chunks of money stay within close orbit of your control without needing to pay taxes on said cash.

According to financial reports and the New York Times’ sources, Roblox founder David Baszucki has been able to multiply the exemption 12 times over, gifting stock to his wife, his four children, and various other relatives. In the fall of 2020, months before Roblox went public, Baszucki’s mother-in-law started giving away shares to relatives. Since they were gifted, those shares also qualified for the exemption. In March of 2021, Roblox went public, valued at 45 billion.

While this all sounds horrible and super-cheaty, there’s nothing at all illegal about this practice. It has a name, stacking, but is also known as peanut-buttering

[…]

 

Source: Roblox Saves Millions Taking Advantage Of A Shocking Tax Dodge

UK National Crime Agency finds 225 million previously unexposed passwords

Posted on by

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.

We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed.

The NCA shared 585,570,857 with HIBP, and Hunt said 225,665,425 were passwords that he hasn’t seen before in the 613 million credentials HIBP already stored before the NCA handed over this new batch.

The NCA sent Hunt a statement explaining how it found the passwords:

During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility. Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown.

The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offences.

The NCA’s statement to Hunt did not reveal the source of the password trove, or how it was discovered. Hunt did reveal the following were found among the newly compromised passwords.

  • flamingo228
  • Alexei2005
  • 91177700
  • 123Tests
  • aganesq

Today’s release brings the total Pwned Passwords count to 847,223,402, a 38 percent increase over the last release. 5,579,399,834 occurrences of a compromised password are represented across HIBP.

[…]

Source: UK National Crime Agency finds 225 million previously unexposed passwords • The Register

Yes, Norton 360 has a built in cryptominer. Deletion is not easy.

Posted on by

Norton antivirus’s inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.

The addition of Ncrypt.exe, Norton 360’s signed cryptocurrency-mining binary, to installations of Norton antivirus isn’t new – but it seems to have taken the non-techie world a few months to realise what’s going on.

Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock’s pitch, as we reported, was that people dabbling in cryptocurrency mining probably weren’t paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?

In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. While this compares well to the 100 per cent takings that criminals covertly deploying cryptominers help themselves to, some might say it’s a bit excessive for minimal effort on Norton’s part.

[…]

“If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard,” says the FAQ on Norton’s website.

Uninstalling it altogether takes a bit more persistence, it appears, with users needing to disable Norton Product Tamper Protection (intended to protect the antivirus product from being disabled or deleted by malware) before going through the usual Windows uninstallation steps.

Norton isn’t alone: last year a maker of Wi-Fi routers offered to mine cryptocurrency on users’ devices if they supplied connectivity to the general public.

[…]

Source: Yes, Norton 360 has a built in cryptominer. Deletion is easy • The Register

CyberPowerPC case uses Kinetic Architecture to adjust airflow in real-time

Posted on by

[…]

Kinetic Architecture is a concept on which buildings are designed to allow parts of the structure to move. CyberPowerPC took this idea and created a KINETIC chassis with 18 individually controlled articulating vents that open and close automatically, all based on the computer’s current internal ambient temperatures.

“We are entering 2022 with some of our most sophisticated and elegant designs ever. For discriminating gamers our PC Master Builders are ready to hand-build and test new gaming PCs that are ultra-clean, streamlined, and deliver maximum performance for those who want something truly unique.”

Eric Cheung, CyberPowerPC CEO

The vents aren’t a simple case of opening and closing either and adjust based on every degree of internal temperature by opening to varying degrees. Users can customize and adjust the temperature ranges as well, and a quick button will allow you to fully open or close the vents instantly. The KINETIC chassis supports full ATX size motherboards, up to seven 120mm or five 140mm fans, and most extended length graphics cards.

Key features of the CyberPowerPC KINETIC chassis include:

  • CyberPowerPC exclusive patent pending kinetic design.
  • 18 Individually actuating vents that adjust in real time to ambient case temperatures.
  • Maximizes airflow and cooling case temps are high.
  • Reduces noise and dust when case temps are low.
  • Temperature sensor ranges can be adjusted to fit your needs.
  • Available in both black and white mid-tower options.

The CyberPowerPC KINETIC Series PC case will ship in Q3 2022 from CyberPowerPC.com and CyberPowerPC’s network of authorized retailers and distributors. The chassis is backed by a one-year warranty and lifetime technical support. The suggested MSRP is US$249.

[…]

Source: [CES 2022] CyberPowerPC case uses Kinetic Architecture to adjust airflow in real-time

France fines Meta, Google: Cookies must be as easy to reject as to accept

Posted on by

Google and Facebook have come a little unstuck in the cookie department as French watchdog Commission Nationale de l’Informatique et des Libertés (CNIL) slapped the pair with a €150m and €60m fine respectively.

The CNIL kicked off its investigations after receiving complaints regarding the way cookies can be refused on facebook.com, youtube.com and google.fr. The crux of the matter is that while there is a button to permit immediate acceptance of cookies, there is not the equivalent to refuse them as easily. “Several clicks are required to refuse all cookies, against a single one to accept them,” explained the CNIL.

“The restricted committee,” it went on, “considered that this process affects the freedom of consent: since, on the internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent. This constitutes an infringement of Article 82 of the French Data Protection Act.”

[…]

Source: France fines Meta, Google: Cookies must be easier to reject • The Register

Scientists Figured Out Which Animals Were in a Zoo Just by Taking DNA From the Air

Posted on by

Researchers were able to identify 74 species of animals by looking for DNA in air samples collected at two zoos. The experiment shows that free-floating DNA could be used to track wild animals, including endangered or invasive species, without needing to observe them directly.

Environmental DNA (eDNA) has shaken up how animal populations can be monitored, managed, and conserved. Instead of having to find physical evidence of animals—scales, fur, feces, or sightings—researchers can rely on the microscopic bits of genetic material that fall off creatures as they move around their environment. Merely taking a soil or water sample can give researchers a sense of an entire ecosystem.

But researchers have wondered whether air could provide the same level of information as soil and water. Last year, a UK-based team detected naked mole rat DNA by sampling air from the rodents’ burrows in a lab setting. (They also detected human DNA, presumably from the researchers who worked in the lab.) But proving the method’s success in open air was a different beast. To test the technique further, two research teams used a setting that included unmistakeable subjects: zoos in England and Denmark. Their two papers are published today in Current Biology.

[…]

To run their experiment, the scientists used a fan with a filter, drawing in air from within and around the zoo. The team then used polymerase chain reaction (PCR)—the same tech used in many covid-19 tests—to amplify the genetic information on the filter, essentially creating many copies of the genetic material they found. They were able to identify 25 species in the UK and 49 species in Denmark. In the UK study, eight of the identified species were animals native to the area rather than zoo inhabitants, while six non-zoo animals were detected in the Denmark study.

Elizabeth Clare, a scientist, kneels while holding a filter for sampling air for environmental DNA.
Elizabeth Clare, author of one of the studies, samples air for environmental DNA.Photo: Elizabeth Clare
[…]

The closer to extinction a species creeps, the harder it is for it to be monitored. eDNA methods make that conservation work easier. It means keeping track of the last vaquitas and perhaps settling the debate over the fate of the ivory-billed woodpecker.

Airborne DNA still requires more research, but Clare noted how quickly waterborne DNA became a widely used method in conservation. Perhaps the latest innovation in DNA surveys will happen sooner than we think.

Source: Scientists Figured Out Which Animals Were in a Zoo Just by Taking DNA From the Air