Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients

Posted on by

Facebook is collecting ultra-sensitive personal data about abortion seekers and enabling anti-abortion organizations to use that data as a tool to target and influence people online, in violation of its own policies and promises.

In the wake of a leaked Supreme Court opinion signaling the likely end of nationwide abortion protections, privacy experts are sounding alarms about all the ways people’s data trails could be used against them if some states criminalize abortion.

A joint investigation by Reveal from The Center for Investigative Reporting and The Markup found that the world’s largest social media platform is already collecting data about people who visit the websites of hundreds of crisis pregnancy centers, which are quasi-health clinics, mostly run by religiously aligned organizations whose mission is to persuade people to choose an option other than abortion.

[…]

Reveal and The Markup have found Facebook’s code on the websites of hundreds of anti-abortion clinics. Using Blacklight, a Markup tool that detects cookies, keyloggers and other types of user-tracking technology on websites, Reveal analyzed the sites of nearly 2,500 crisis pregnancy centers – with data provided by the University of Georgia – and found that at least 294 shared visitor information with Facebook. In many cases, the information was extremely sensitive – for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

[…]

Source: Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients – Reveal

Telegram criticizes Apple for subpar web app features on iOS, crippling app

Posted on by

A week after confirming plans for Telegram Premium, the messaging platform’s CEO, Pavel Durov, is again criticizing Apple’s approach to its Safari browser for stifling the efforts of web developers.

Durov would very much like his web-based messaging platform, Telegram Web, to be delivered as a web app rather than native, but is prevented from offering users a full-fat experience on Apple’s mobile devices due to limitations in the iOS Safari browser.

There’s no option for web developers on Apple’s iPhone and iPad to use anything but Safari, and features taken for granted on other platforms have yet to make it to iOS.

“We suspect that Apple may be intentionally crippling its web apps,” claimed Durov, “to force its users to download more native apps where Apple is able to charge its 30 percent commission.”

[…]

Source: Telegram criticizes Apple for subpar web app features on iOS • The Register

Samsung accused of cheating on hardware benchmarks – again

Posted on by

[…]

The South Korean titan was said to have unfairly goosed Galaxy Note 3 phone benchmarks in 2013, and faced with similar allegations about the Galaxy S4 in 2018 settled that matter for $13.4 million.

This time Samsung has allegedly fudged the results for its televisions, specifically the S95B QD-OLED and QN95B Neo OLED LCD TVs.

These accusations were raised this month by YouTube channel HDTVTest on the S95B, and by reviews site FlatpanelsHD on the QN95B. The claims boils down to Samsung allegedly using an algorithm to detect when benchmarking software was running on the set and adjusting the color and artificially boosting luminance by up to 80 percent during the test to make the equipment look better in reviews.

According to the FlatpanelsHD report, those levels of brightness can’t be sustained during normal use without damaging the TV’s backlight panel.

An algorithm to detect and hoodwink benchmarking software is just what Samsung was accused of employing in those earlier examples.

[…]

Source: Samsung accused of cheating on hardware benchmarks – again • The Register

Time to throw out those older, vulnerable Cisco SMB routers – they’re not gonna fix critical bugs for you

Posted on by

[…]Cisco has just released fixes for seven flaws, two of which are not great.

First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it’s not going to fix. In other words, junk your kit or somehow mitigate the risk.

[…]

The first security flaw, tracked as CVE-2022-20798, is an authentication bypass vulnerability in the virtual and hardware versions of Cisco Secure Email and Web Manager, and the Cisco Email Security Appliance. It occurs when the device uses Lightweight Directory Access Protocol (LDAP) for external authentication, and the good news is that Cisco disables external authentication by default.

A remote user could exploit the flaw “by entering a specific input on the login page of the affected device,” the networking titan warned in a security advisory this week. Once the intruder has gained unauthorized access, they could perform any number of illicit actions from the web-based interface including crashing the device.

Another high-severity flaw, CVE-2022-20664, in these same virtual and hardware appliances could allow a remote, authenticated user to steal credentials from a LDAP external authentication server connected to a device. However, exploiting this bug would require valid operator-level, or higher, credentials. It received a CVSS score of 7.7, and Cisco issued a software update to fix this bug, too.

More e-waste

The second critical vulnerability exists in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers, which the vendor stopped selling [PDF] in 2019. Cisco isn’t issuing a fix for this one, and said there’s no workaround. Instead, customers should upgrade to newer hardware.

The flaw, tracked as CVE-2022-20825, also received a 9.8 CVSS score, and it’s due to insufficient user input validation of incoming HTTP packets.

“An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface,” according to Cisco’s security alert. “A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges,” and also stop and restart the device, resulting in a denial of service.

In addition to the two critical and one high-severity vulnerabilities, Cisco disclosed an additional four medium-severity flaws on Wednesday.

[…]

Source: Time to throw out those older, vulnerable Cisco SMB routers • The Register

Julian Assange Extradition to US Approved by UK Government

Posted on by

Julian Assange—founder of the whistleblowing website WikiLeaks—can now be extradited from the United Kingdom to the United States, where he will face charges of espionage.

In April, a London court filed a formal extradition order for Assange, and the UK Home Secretary approved the order today, meaning that Assange can be extradited back to the United States. According to CNBC , Assange is facing 18 charges of espionage for his involvement with WikiLeaks, the website that published hundreds of thousands of classified military documents in 2010 and 2011.

Assange has been in prison or the Ecuadorian Embassy in London for much of the last decade. He’s currently being held in a high-security prison in London. Assange has the right to appeal today’s decision within 14 days, and WikiLeaks indicated it would be doing just that in a statement posted on Twitter this morning.

“This is a dark day for press freedom and for British democracy,” WikiLeaks said. “Julian did nothing wrong. He has committed no crime and is not a criminal. He is a journalist and a publisher, and he is being punished for doing his job.”

[…]

Source: Julian Assange Extradition to US Approved by UK Government

The Earth moves far under our feet: A new study shows that the inner core oscillates

Posted on by

USC scientists have found evidence that the Earth’s inner core oscillates, contradicting previously accepted models that suggested it consistently rotates at a faster rate than the planet’s surface.

Their study, published today in Science Advances, shows that the inner core changed direction in the six-year period from 1969–74, according to the analysis of seismic data. The scientists say their model of inner core movement also explains the variation in the length of day, which has been shown to oscillate persistently for the past several decades.

“From our findings, we can see the Earth’s surface shifts compared to its inner core, as people have asserted for 20 years,” said John E. Vidale, co-author of the study and Dean’s Professor of Earth Sciences at USC Dornsife College of Letters, Arts and Sciences. “However, our latest observations show that the inner core spun slightly slower from 1969–71 and then moved the other direction from 1971–74. We also note that the length of day grew and shrank as would be predicted.

“The coincidence of those two observations makes oscillation the likely interpretation.”

[…]

Utilizing data from the Large Aperture Seismic Array (LASA), a U.S. Air Force facility in Montana, researcher Wei Wang and Vidale found the inner core rotated slower than previously predicted, approximately 0.1 degrees per year. The study analyzed waves generated from Soviet underground nuclear bomb tests from 1971–74 in the Arctic archipelago Novaya Zemlya using a novel beamforming technique developed by Vidale.

The new findings emerged when Wang and Vidale applied the same methodology to a pair of earlier atomic tests beneath Amchitka Island at the tip of the Alaskan archipelago—Milrow in 1969 and Cannikin in 1971. Measuring the compressional waves resulting from the , they discovered the inner core had reversed direction, sub-rotating at least a tenth of a degree per year.

[…]

The study does support the speculation that the inner core oscillates based on variations in the length of day—plus or minus 0.2 seconds over six years—and geomagnetic fields, both of which match the theory in both amplitude and phase. Vidale says the findings provide a compelling theory for many questions posed by the research community.

“The inner core is not fixed—it’s moving under our feet, and it seems to going back and forth a couple of kilometers every six years,” Vidale said. “One of the questions we tried to answer is, does the inner core progressively move or is it mostly locked compared to everything else in the long term? We’re trying to understand how the formed and how it moves over time—this is an important step in better understanding this process.”

Source: The Earth moves far under our feet: A new study shows that the inner core oscillates

US Copyright Office sued for denying AI model authorship

Posted on by

The US Copyright Office and its director Shira Perlmutter have been sued for rejecting one man’s request to register an AI model as the author of an image generated by the software.

You guessed correct: Stephen Thaler is back. He said the digital artwork, depicting railway tracks and a tunnel in a wall surrounded by multi-colored, pixelated foliage, was produced by machine-learning software he developed. The author of the image, titled A Recent Entrance to Paradise, should be registered to his system, Creativity Machine, and he should be recognized as the owner of the copyrighted work, he argued.

(Owner and author are two separate things, at least in US law: someone who creates material is the author, and they can let someone else own it.)

Thaler’s applications to register and copyright the image behalf of Creativity Machine, however, have been turned down by the Copyright Office twice. Now, he has sued the government agency and Perlmutter. “Defendants’ refusal to register the copyright claim in the work is contrary to law,” Thaler claimed in court documents [PDF] filed this month in a federal district court in Washington DC.

“The agency actions here were arbitrary, capricious, an abuse of discretion and not in accordance with the law, unsupported by substantial evidence, and in excess of Defendants’ statutory authority,” the lawsuit claimed.

Thaler’s lawyer, Ryan Abbott, believes the Copyright Office should overturn its previous decision and process Thaler’s original application. “The refusal to register the copyright claim in the work should be set aside and the application reinstated,” he argued.

[…]

Source: US Copyright Office sued for denying AI model authorship • The Register

Scientists covered a robot finger in living human skin

Posted on by

[…] At the moment, robots are sometimes coated in silicone rubber to give them a fleshy appearance, but the rubber lacks the texture of human skin, he says.

To make more realistic-looking skin, Takeuchi and his colleagues bathed a plastic robot finger in a soup of collagen and human skin cells called fibroblasts for three days. The collagen and fibroblasts adhered to the finger and formed a layer similar to the dermis, which is the second-from-top layer of human skin.

Next, they gently poured other human skin cells called keratinocytes onto the finger to recreate the upper layer of human skin, called the epidermis.

The resulting 1.5-millimetre-thick skin was able to stretch and contract as the finger bent backwards and forwards. As it did this, it wrinkled like normal skin, says Takeuchi. “It is much more realistic than silicone.”

The robot skin could also be healed when it was cut by grafting a collagen sheet onto the wound.

However, the skin began to dry out after a while since it didn’t have blood vessels to replenish it with moisture.

In the future, it may be possible to incorporate artificial blood vessels into the skin to keep it hydrated, as well as sweat glands and hair follicles to make it more realistic, says Takeuchi.

It should also be possible to make different skin colours by adding melanocytes, he says.

The researchers now plan to try coating a whole robot in the living skin. “But since this research field has the potential to build a new relationship between humans and robots, we need to carefully consider the risks and benefits of making it too realistic,” says Takeuchi.

Source: Scientists covered a robot finger in living human skin | New Scientist

Planting Undetectable Backdoors in Machine Learning Models

Posted on by

We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.
First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees that given black-box access to the original model and the backdoored version, it is computationally infeasible to find even a single input where they differ. This property implies that the backdoored model has generalization error comparable with the original model. Second, we demonstrate how to insert undetectable backdoors in models trained using the Random Fourier Features (RFF) learning paradigm or in Random ReLU networks. In this construction, undetectability holds against powerful white-box distinguishers: given a complete description of the network and the training data, no efficient distinguisher can guess whether the model is “clean” or contains a backdoor.
Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial examples. In particular, our construction can produce a classifier that is indistinguishable from an “adversarially robust” classifier, but where every input has an adversarial example! In summary, the existence of undetectable backdoors represent a significant theoretical roadblock to certifying adversarial robustness.

Source: [2204.06974] Planting Undetectable Backdoors in Machine Learning Models

Testing firm Cignpost can profit from sale of Covid swabs with customer DNA

Posted on by

A large Covid-19 testing provider is being investigated by the UK’s data privacy watchdog over its plans to sell swabs containing customers’ DNA for medical research.

Source: Testing firm can profit from sale of Covid swabs | News | The Sunday Times

Find you: an airtag which Apple can’t find in unwanted tracking

Posted on by

[…]

In one exemplary stalking case, a fashion and fitness model discovered an AirTag in her coat pocket after having received a tracking warning notification from her iPhone. Other times, AirTags were placed in expensive cars or motorbikes to track them from parking spots to their owner’s home, where they were then stolen.

On February 10, Apple addressed this by publishing a news statement titled “An update on AirTag and unwanted tracking” in which they describe the way they are currently trying to prevent AirTags and the Find My network from being misused and what they have planned for the future.

[…]

Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, which can run modified firmware or not be an AirTag at all (Apple devices currently have no way to distinguish genuine AirTags from clones via Bluetooth).

The source code used for the experiment can be found here.

Edit: I have been made aware of a research paper titled “Who Tracks the Trackers?” (from November 2021) that also discusses this idea and includes more experiments. Make sure to check it out as well if you’re interested in the topic!

[…]

Survey of Alternative Displays

Posted on by

[Blair Nearl] has been working on an information database for artists and hackers – a collection of non-conventional display technologies available to us. We’ve covered this repository before, six years ago – since then, it’s moved to a more suitable platform, almost doubled in size, and currently covers over 40+ display technology types and related tricks. This database is something you should check out even if you’re not looking for a new way to display things right now, however, for its sheer educational and entertainment value alone.

[…]

If you’re ever wondered about the current state of technology when it comes to flexible or transparent displays, or looked for good examples of volumetric projection done in a variety of ways, this is the place to go. It also talks about interesting experimental technologies, like drone displays, plasma combustion or scanning fiber optics. Overall, if you’re looking to spend about half an hour learning about all the ways there are to visualize something, this database is worth a read. And, if there’s a display technology the author might’ve missed and you know something about, contributions are welcome!

Someone setting out to compile information about an extensive topic is always appreciated, and helps many hackers on their path. We’ve seen that done with 3D printer resin settings and SMD part codes, to name just a few. What’s your favourite hacker-maintained database?

Source: Alternative Display Technologies And Where To Find Them

Things like Transparent displays, volumetric displays, modified polarizers, e-ink, flexible displays, lasers and projectors, lightfield displays, head mounted displays, projection on water or fog, diffusion and distortion, switchable glass, drone displays, electrochromic paint, acoustic levitation display, plasma combustion and many more

The survey itself is here

Some of Canon’s wireless Pixma printers are stuck in reboot loops

Posted on by

Over the last day or two, there have been a growing number of reports by people who own certain Canon Pixma printers that the devices either won’t turn on at all or, once turned on, get stuck in a reboot loop, cycling on and off as long as they’re plugged in. Verge reader Jamie pointed us to posts on Reddit about the problem and Canon’s own support forum, citing problems with models including the MX490, MX492, MB2010, and MG7520.

Some believe their problem is due to a software update Canon pushed to the printers, but that hasn’t been confirmed yet. In response to an inquiry from The Verge, corporate communications senior director and general manager Christine Sedlacek said, “We are currently investigating this issue and hope to bring resolution shortly as customer satisfaction is our highest priority.”

Until there is an official update or fix, some people in the forums have found that disconnecting the printers from the internet is enough to keep them from rebooting, with control still possible via USB.

To get the printers to work while maintaining your connection to the internet and their connection to local network devices, one reply from a customer on Canon’s support forum suggests a method that many people report has worked for them. If you’re experienced with network setups, DNS servers, and IP addresses, it could be worth trying, but for most people, I’d recommend waiting for an official solution.

To follow their steps, then, after taking your internet offline, turn on the printer, go into its network settings, and, under web service setup, select DNS server setup and choose manual setup. In that section, input an internal network address (192.168.X.X, with numbers replacing X that aren’t in use by any other devices on your local network), press “OK,” and then press “no” for a secondary DNS server. This keeps the printer connected to your router without accessing the wider internet, and, for some reason, has been enough to stop the devices from rebooting.

Source: Some of Canon’s wireless Pixma printers are stuck in reboot loops – The Verge

What Is Pegasus Spyware? Why is it important? Infographic

Posted on by

If you’ve been following the latest news on government surveillance scandals around the world, the name Pegasus may have popped up in your feed. It’s a complex story, so we’ve put together an infographic explainer that covers all the basics.

How does Pegasus work? Check. Which world leaders were targeted? Check. Astonishing subscription costs? Check. Gasp. Check. Our infographic should help you understand why NSO’s Pegasus software is in the news so much.

Check it out below, or download it in full here.

Source: What Is Pegasus? All About the Infamous Software (Infographic) – CyberGhost Privacy Hub

Fan’s Rare Recordings Of Lost 1963 Beatles’ Performances Can’t Be Heard, Because … Copyright

Posted on by

There’s a story in the Daily Mail that underlines why it is important for people to make copies. It concerns the re-surfacing of rare recordings of the Beatles:

In the summer of 1963, the BBC began a radio series called Pop Go The Beatles which went out at 5pm on Tuesdays on the Light Programme.

Each show featured the Beatles performing six or seven songs, recorded in advance but as live, in other words with no or minimal post-production.

The BBC had not thought it worth keeping the original recordings, even though they consisted of rarely heard material – mostly covers of old rock ‘n’ roll numbers. Fortunately, a young fan of the Beatles, Margaret Ashworth, used her father’s modified radio connected directly to a reel-to-reel tape recorder to make recordings of the radio shows, which meant they were almost of broadcast quality.

When the recording company EMI was putting together an album of material performed by the Beatles for the BBC, it was able to draw on these high-quality recordings, some of which were much better than the other surviving copies. In this case, it was just chance that Margaret Ashworth had made the tapes. The general message is that people shouldn’t do this, because “copyright”. There are other cases where historic cultural material would have been lost had people not made copies, regardless of what copyright law might say.

Margaret Ashworth thought it would be fun to put out the old programmes she had recorded on a Web site, for free, recreating the weekly schedules she had heard back in the 1960s. So she contacted the BBC for permission, but was told it would “not approve” the upload of her recordings to the Internet. As she writes:

after all these years, with the Beatles still extremely popular, it seems mean-spirited of the BBC not to allow these little time capsules to be broadcast, either by me or by the Corporation. I cannot believe there are copyright issues that cannot be solved.

Readers of this blog probably can.

Source: Fan’s Rare Recordings Of Lost Beatles’ Performances Can’t Be Heard, Because Copyright Ruins Everything | Techdirt

Microsoft’s free Top Gun ‘Flight Simulator’ expansion is finally here

Posted on by

Now that Top Gun: Maverick is finally reaching theaters, the matching Microsoft Flight Simulator expansion is launching as well. Microsoft and Asobo Studio have released the free add-on to both hype up the Tom Cruise movie and give you a taste of the US Navy’s real-world flight training. You’ll get a “Maverick Edition” livery for the F/A-18E Super Hornet fighter jet, but you’ll also learn how to land on an aircraft carrier, perform combat maneuvers and navigate challenging terrain at low altitude.

[…]

Source: Microsoft’s free Top Gun ‘Flight Simulator’ expansion is finally here | Engadget

Now Amazon to put creepy AI cameras in UK delivery vans

Posted on by

Amazon is installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

The technology was first deployed, with numerous errors that reportedly denied drivers’ bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers’ driving behavior for safety reasons. The same system is now being rolled out to vehicles in the UK.

Multiple cameras are placed under the front mirror. One is directed at the person behind the wheel, one faces the road, and two are located on either side to provide a wider view. The cameras do not record constant video, and are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what’s going on in and around the vehicle. Delivery drivers can also activate the cameras to record footage if they want to, such as if someone’s trying to rob them or run them off the road. There is no microphone, for what it’s worth.

Audio alerts are triggered by some behaviors, such as if a driver fails to brake at a stop sign or is driving too fast. Other actions are silently logged, such as if the driver doesn’t wear a seat-belt or if a camera’s view is blocked. Amazon, reportedly in the US at least, records workers and calculates from their activities a score that affects their pay; drivers have previously complained of having bonuses unfairly deducted for behavior the computer system wrongly classified as reckless.

[…]

Source: Now Amazon to put ‘creepy’ AI cameras in UK delivery vans • The Register

GM Discloses Data Breach of Cars’ Locations, Mileage, Service

Posted on by

General Motors suffered a hack that exposed a significant amount of sensitive personal information on car owners—names, addresses, phone numbers, locations, car mileage, and maintenance history.

The Detroit-based automaker revealed details of the incident in a breach disclosure filed with the California Attorney General’s Office on May 16. The disclosure explains that malicious login activity was detected on an unspecified number of GM online user accounts between April 11 and 29. Further investigation revealed that the company had been hit with a credential stuffing attack, which saw hackers infiltrate user accounts to steal customer reward points, which they then redeemed for gift cards

[…]

In addition to the reward points theft, the incident also exposed a significant amount of user information. GM’s breach notification lays out a full list of the information that may have been compromised by the hackers:

  • first and last name
  • personal email address
  • home address
  • username
  • phone number
  • last known and saved favorite location
  • OnStar package (if applicable)
  • family members’ avatars and photos
  • profile picture
  • search and destination information
  • reward card activity
  • fraudulently redeemed reward points

[…]

Source: GM Discloses Data Breach of Cars’ Locations, Mileage, Service

Cheap gel film pulls buckets of drinking water per day from thin air

Posted on by

Water scarcity is a major problem for much of the world’s population, but with the right equipment drinking water can be wrung out of thin air. Researchers at the University of Texas at Austin have now demonstrated a low-cost gel film that can pull many liters of water per day out of even very dry air.

The gel is made up of two main ingredients that are cheap and common – cellulose, which comes from the cell walls of plants, and konjac gum, a widely used food additive. Those two components work together to make a gel film that can absorb water from the air and then release it on demand, without requiring much energy.

First, the porous structure of the gum attracts water to condense out of the air around it. The cellulose, meanwhile, is designed to respond to a gentle heat by turning hydrophobic, releasing the captured water.

Making the gel is also fairly simple, the team says. The basic ingredients are mixed together then poured into a mold, where it sets in two minutes. After that it’s freeze-dried, then peeled out of the mold and ready to get to work. It can be made into basically any shape needed, and scaled up fairly easily and at low-cost.

The gel film can be cut and molded into whatever shape is needed

The gel film can be cut and molded into whatever shape is needed
University of Texas at Austin

In tests, the gel film was able to wring an astonishing amount of water out of the air. At a relative humidity of 30 percent, it could produce 13 L (3.4 gal) of water per day per kilogram of gel, and even when the humidity dropped to just 15 percent – which is low, even for desert air – it could still produce more than 6 L (1.6 gal) a day per kilogram.

[…]

Source: Cheap gel film pulls buckets of drinking water per day from thin air

MGM Resorts’ 142m person customer data now leaked on Telegram for free

Posted on by

Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.

The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they “assume at least 30 million people had some of their data leaked.” MGM Resorts, a hotel and casino chain, did not respond to The Register‘s request for comment.

The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter’s Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums.

But while crooks initially sold those 142 million records on a dark-web marketplace for about $3,000 as a packaged deal, this time the data is freely available on Telegram, which vpnMentor rightly describes as “much more accessible for even the least tech-savvy people.”

Perhaps the recent takedown of stolen-data market RaidForums and the Hydra dark-web souk has something to do with this? Or that the info is no longer worth selling, or no one’s interested in buying it, perhaps.

According to the VPN services company, the data dumped on Telegram includes the following customer information from before 2017:

  • Full names
  • Postal addresses
  • Over 24 million unique email addresses
  • Over 30 million unique phone numbers
  • Dates of birth

[…]

Source: MGM Resorts’ customer data now leaked on Telegram for free • The Register

Twitter fined $150 million after selling 2FA phone numbers + email addresses to targeting advertisers

Posted on by

Twitter has agreed to pay a $150 million fine after federal law enforcement officials accused the social media company of illegally using peoples’ personal data over six years to help sell targeted advertisements.

In court documents made public on Wednesday, the Federal Trade Commission and the Department of Justice say Twitter violated a 2011 agreement with regulators in which the company vowed to not use information gathered for security purposes, like users’ phone numbers and email addresses, to help advertisers target people with ads.

Federal investigators say Twitter broke that promise.

“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina Khan.

Twitter requires users to provide a telephone number and email address to authenticate accounts. That information also helps people reset their passwords and unlock their accounts when the company blocks logging in due to suspicious activity.

But until at least September 2019, Twitter was also using that information to boost its advertising business by allowing advertisers access to users’ phone numbers and email addresses. That ran afoul of the agreement the company had with regulators.

[…]

Source: Twitter will pay a $150 million fine over accusations it improperly sold user data : NPR

GitHub saved plaintext passwords of npm users in log files

Posted on by

GitHub has revealed it stored a “number of plaintext user credentials for the npm registry” in internal logs following the integration of the JavaScript package registry into GitHub’s logging systems.

The information came to light when the company today published the results of its investigation into April’s unrelated OAuth token theft attack, where it described how an attacker grabbed data including the details of approximately 100,000 npm users.

The code shack went on to assure users that the relevant log files had not been leaked in any data breach; that it had improved the log cleanup; and that it removed the logs in question “prior to the attack on npm.”

GitHub already sent out notifications for “known victims of third-party OAuth token theft” in April but today said it planned to “directly notify affected users of the plaintext passwords and GitHub Personal Access Tokens based on our available logs.”

Credentials in plaintext, eh? How very last century.

The number of users affected and how long the plaintext storage took place was not mentioned, but we’ve asked Github for more information. GitHub completed its acquisition of NPM Inc on 15 April 2020. Techies have already taken to the Hacker News messaging board to detail emails they received from npm.

[…]

Source: GitHub saved plaintext passwords of npm users in log files • The Register

Smart Contact Lenses with AR screens

Posted on by

 

[…]The BBC recently covered Mojo, a company developing smart contact lenses that not only correct vision but can show a display. You can see a video from CNET on the technology below.

The lenses have microLED displays, smart sensors, and solid-state batteries similar to those found in pacemakers. The company claims to have a “feature-complete prototype” and are going to start testing, according to the BBC article. We imagine you can’t get much of a battery crammed into a contact lens, but presumably, that’s one of the things that makes it so difficult to develop this sort of tech.

The article mentions other smart contacts under development, too, including a University of Surrey lens that can monitor eye health using various sensors integrated into the lens. You have to wonder how this would be in real life. Presumably, the display turns off and you see nothing, but it is annoying enough having your phone beep constantly without getting messages across your field of vision all the time.

It seems like this is a technology that will come, of course. If not this time, then sometime in the future. While we usually think the hacker community should lead the way, we aren’t sure we want to hack on something that touches people’s eyeballs.[…]

 

[…]

Source: Smart Contact Lenses Put You Up Close To The Screen | Hackaday

Clearview AI Ordered to Purge U.K. Face Scans, Pay GBP 7.5m Fine

Posted on by

The United Kingdom has had it with creepy facial recognition firm Clearview AI. Under a new enforcement rule from the U.K.’s Information Commissioner’s office, Clearview must cease the collection and use of publicly available U.K. data and delete all data of U.K. residents from their database. The order, which will also require the company to pay a £7,552,800 ($9,507,276) fine, effectively calls on Clearview to purge U.K. residents from its massive face database reportedly consisting of over 20 billion images scrapped from publicly available social media sites.

The ICO ruling which determined Clearview violated U.K. privacy laws, comes on the heels of a multi-year joint investigation with the Australian Information Commissioner. According to the ICO ruling, Clearview failed to use U.K. resident data in a way that was fair and transparent and failed to provide a lawful reason for collecting the data in the first place. Clearview also failed, the ICO notes, to put in place measures to stop U.K resident data from having their data collected indefinitely and supposedly didn’t meet higher data protection standards outlined in the EU’s General Data Protection Regulation.

[…]

Source: Clearview AI Ordered to Purge U.K. Face Scans, Pay Fine

Hashed Takes $3.5B Hit, Delphi Digital Discloses Loss After Terra’s LUNA Collapse

Posted on by

The collapse of the tokens linked to the Terra ecosystem, stablecoin terraUSD (UST) and Luna (LUNA), has led to some major investors coming clean and detailing their losses. Two more backers of Terra are disclosing exactly how their balance sheets have been affected.

Delphi Digital, a research firm and boutique investor, said in a blog post that it always had concerns about the structure of UST and LUNA, but believed that the sizable reserves in the Luna Foundation Guard, a nonprofit that supports the Terra network, would prevent the unthinkable from happening.

[…]

The firm wrote that in the first quarter of 2021, Delphi Ventures Master Fund purchased a small amount of LUNA, worth 0.5% of its net asset value (NAV) at the time. That position grew as LUNA’s value increased and the fund increased its holdings, including a $10 million investment in the LFG’s funding round in February. That investment is now worthless.

While Delphi said that it didn’t sell any LUNA, it’s now sitting on “a large unrealized loss.”

[…]

One of Terra’s other prominent backers is Hashed, an early-stage venture fund based in Seoul, South Korea. The company invested in TerraForm Labs’ $25 million venture round in 2021, according to Crunchbase data.

[…]

Hashed didn’t immediately respond to a request for comment, but on-chain data shows that the firm had staked over 27 million in LUNA on the Columbus 3 mainnet, 9.7 million in LUNA for the Columbus 4 mainnet and 13.2 million in LUNA on the current Columbus 5 mainnet.

CoinDesk - Unknown

Terra’s blockexporer for the Columbus-3 mainnet shows Hashed had significant holdings of Luna (Hubble blockexplorer)

All in all, Hashed’s losses amount to over $3.5 billion using pricing data from early April.

Local media in South Korea report that more than 200,000 investors in the country hold Terra-related tokens.

[…]

Source: Hashed Wallet Takes $3.5B Hit, Delphi Digital Discloses Loss After Terra’s LUNA Collapse