Amazon Strong-arms Small Businesses to Share User Data

Posted on April 16, 2021 by Robin Edgar

Amazon reportedly pressured smart-thermostat maker Ecobee to fork over data from its voice-enabled devices even when customers weren’t actively using them. When Ecobee pushed back, the e-commerce giant threatened to box the company out of high-profile selling events like Prime Day or refuse Alexa certification for future devices, according to a Wall Street Journal report this week.

Last year, Amazon approached Ecobee among other Alexa-enabled device sellers about sharing “proactive state” data from customers, several company executives confirmed to the Journal. With this data, Amazon would receive updates about the device’s status at all times even when customers weren’t using them, such as the temperature of their home or whether their doors are locked, among other examples.

[…]

However, when Ecobee initially refused to provide users’ proactive state data, Amazon warned that a refusal might bar the company from major selling events like Prime Day or prevent its future devices from receiving Alexa certification, said one of the people the Journal spoke with. Given that Amazon controls a huge chunk of the global e-commerce market (nearly 40% in the U.S. alone), that kind of move can bankrupt smaller companies like Ecobee.

[…]

In addition to stealing designs from other companies for its AmazonBasics line, Amazon also purportedly pressures industry partners to use its logistics arm, Fulfillment by Amazon, by threatening to make it more difficult to sell products on its marketplace, according to the Journal. Amazon even reportedly competes with the companies it invests in, of which Ecobee is one, using its position as a shareholder to access confidential information and develop similar products.

Last October, a House Judiciary antitrust subcommittee concluded what we all already knew: That Amazon and other tech giants have “monopoly power” in their respective markets and “abuse their power by charging exorbitant fees, imposing oppressive contract terms, and extracting valuable data from the people who rely on them.”

Source: Amazon Strong-arms Small Businesses to Share User Data

Microsoft received almost 25,000 requests for consumer data from law enforcement over the last six months

Posted on April 16, 2021 by Robin Edgar

Microsoft has had a busy six months if its latest biannual digital trust report is anything to go by as law enforcement agencies crept closer to making 25,000 legal requests.

Requests for consumer data reached 24,798 during the second half of 2020, up from 24,093 during the previous six-month period, and quite a jump from the 21,781 for the same period in 2019.

“Non-content data” requests, which require a subpoena (or local equivalent), accounted for just over half of disclosures and were slightly down on the same period in 2019. Microsoft rejected 25.81 per cent of requests in the last six months of 2020, up on the 20.14 per cent of the same period in 2019.

As for where those requests came from, Microsoft highlighted a handful of countries including Brazil, France, Germany, the United Kingdom, and the United States. The US was the worst offender (going by quantity of requests) accounting for 5,682 (up from 4,315 for same period in 2019). Germany was not far behind with 4,976 (up from 3,310) while the UK submitted 3,558 requests (a small increase from 3,312 for the same period in 2019).

As well as consumer data, Microsoft received 109 requests from law enforcement agencies for enterprise cloud customer data in the second half of 2020. It was unable to bat back 40, where the company was “compelled” to provide some information. “19 cases,” it said, “required the disclosure of some customer content, and in 21 of the cases we were compelled to disclose non-content information only.”

Still, while that 25,000 figure may seem a little worrying, it is considerably less than the first sets of figures made available by Microsoft. For the latter half of 2013 the total requests were above 35,000.

Away from the criminal side of things, Microsoft also received a comparatively small number of emergency and civil legal requests. Of the latter, it rejected just over 75 per cent in the latter half of 2020.

The report makes for fascinating reading and, while the company is to be applauded for publishing it, the accompanying Privacy Report is an occasionally grim reminder of just how much information Microsoft can slurp from users. Particularly if the customer concerned decides to be helpful and check that Optional diagnostic data box.

[…]

Source: Microsoft received almost 25,000 requests for consumer data from law enforcement over the last six months • The Register

DARPA picks Lockheed Martin and Blue Origin to build nuclear spacecraft

Posted on April 16, 2021 by Robin Edgar

[…]

To speed up the pace of NTP tech development, the Pentagon’s Defense Advanced Research Projects Agency (DARPA) has selected a trio of companies to build and demonstrate a nuclear-based propulsion system on a spacecraft above low-Earth orbit by 2025. The prime contractors include Jeff Bezos’ private space project Blue Origin, Lockheed Martin, and General Atomics.

Over the next 18 months, phase 1 of the DRACO (Demonstration Rocket for Agile Cislunar Operations) program will see the companies split across two tracks to develop a craft that has the ability to rapidly maneuver in cislunar space (between the Earth and the moon). The award win marks a new national security contract for Blue Origin, according to CNBC, while its DRACO counterparts are regulars on the defense circuit.

Bezos’ company and Lockheed Martin — granted $2.5 million and $2.9 million, respectively — will now work on competing designs for an operational spacecraft powered by an NTP system. DARPA awarded General Atomics $22 million to develop the nuclear reactor.

[…]

Source: DARPA picks Lockheed Martin and Blue Origin to build nuclear spacecraft | Engadget

Sound location inspired by bat ears could help robots navigate outdoors

Posted on April 16, 2021 by Robin Edgar

Sound location technology has often been patterned around the human ear, but why do that when bats are clearly better at it? Virginia Tech researchers have certainly asked that question. They’ve developed a sound location system that mates a bat-like ear design with a deep neural network to pinpoint sounds within half a degree — a pair of human ears is only accurate within nine degrees, and even the latest technology stops at 7.5 degrees.

The system flutters the outer ear to create Doppler shift signatures related to the sound’s source. As the patterns are too complex to easily decipher, the team trained the neural network to provide the source direction for every received echo. And unlike human-inspired systems, it only needs one receiver and a single frequency.

[…]

Source: Sound location inspired by bat ears could help robots navigate outdoors | Engadget

US expels Russian diplomats in response to SolarWinds hack and election interference

Posted on April 16, 2021 by Robin Edgar

The US is following through on promises of retaliation against Russia for its alleged involvement in the SolarWinds cyberattack. The AP reports that President Biden has expelled 10 Russian diplomats from Washington, DC, including members of intelligence services, in response to actions that include the SolarWinds hack. The White House also imposed sanctions on 32 “entities and individuals” as an answer to reported 2020 election interference attempts.

Biden formally blamed the Russia-backed cyberattack group Cozy Bear (aka APT29) as the culprit behind the SolarWinds breach. The FBI, NSA and CISA also issued a joint cybersecurity advisory warning of vulnerabilities Russian intelligence used to compromise networks. The Treasury Department, meanwhile, declared that six Russian technology companies were involved in creating the tools to enable “malicious cyber activities.”

[…]

The actions also encompass a number of non-technology concerns, such as bounties on US soldiers in Afghanistan, Russia’s ongoing actions in Crimea and the attempts to silence Russian opposition leader Alexei Navalny.

[…]

Source: US expels Russian diplomats in response to SolarWinds hack | Engadget

Blue Origin launches and lands space rockets without exploding. Unlike SpaceX.

Posted on April 16, 2021 by Robin Edgar

Blue Origin has successfully completed a test launch and landing of its reuseable New Shepard rocket with an advanced capsule design, bringing the outfit one step closer to eventually sending up paying passengers.

The test flight, codenamed NS-15 as it’s the 15th to date, was conducted at 1651 UTC (1151 CDT) at a Blue Origin site near Van Horn, Texas, on Wednesday. Two Blue Origin employees climbed up the launch tower, entered the capsule, and were strapped into their seats, and followed final procedures to prepare for a fake take off. Just before the New Shepard was due to fly, however, they left the capsule, with just Mannequin Skywalker, the instrument-stuffed dummy Blue Origin uses, to make the short journey.

The flight was the first test of the new capsule design that’ll be more comfortable for people paying six-figure sums to go into space. New acoustic and temperature controls were tested, as well an improved radio and control systems. NASA wants to see all is right before putting humans on it.

You can watch the whole thing again here. Skip to 1:53:39 to get to the countdown.

NS-15 was completed in just over ten minutes, according to the mission’s broadcast. First, the capsule separated from the booster at about three minutes into the flight. After the booster reached its highest point – about 350,000 feet or 106.7 kilometres – it slowed down and reentered the atmosphere.

It was guided back onto is landing pad and performed a rocket burn to slow its speed down to five miles per hour at seven minutes into the flight for a soft landing. The capsule touched down around three minutes later.

[…]

Source: Blue Origin sends Mannequin Skywalker aloft again, testing out comfier capsule for future space tourists • The Register

Millions of passwords leaked by hacked webshop Allekabels.nl

Posted on April 16, 2021 by Robin Edgar

Webshop Allekabels has leaked private data and passwords of millions of Dutch people. It may be the largest password data breach in the Netherlands ever.

Allekabels’ stolen database, containing the private data of some 3.6 million people, was put up for sale on a hacker forum at the end of January for a sum of 15,000 euros. Audio and computer cables are available for purchase via Allekabels, as well as suspension brackets and antennas.

RTL Nieuws has viewed and verified the stolen data.

This totals some 2.6 million unique email addresses linked to names, home addresses, telephone numbers, dates of birth and encrypted passwords.

At least 109,000 IBAN numbers of Allekabels customers were also stolen and traded.

[…]

Source: Miljoenen wachtwoorden op straat door hack webshop Allekabels.nl – Emerce

SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US

Posted on April 16, 2021 by Robin Edgar

Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy.

One of the sanctioned companies is Positive Technologies, familiar in the West for, among other things, in-depth research exposing vulnerabilities in Intel’s hardware security architecture.

Formal attribution of the SolarWind hacks, echoing tentative findings made by Kaspersky Lab, came in a US Treasury Department statement issued this afternoon.

The compromise saw Russian state intelligence operatives carefully compromise the build systems of SolarWinds’ network monitoring software Orion to distribute a backdoor into its 18,000 customers. Those customers included the UK and US governments, among many others

“The Russian Intelligence Services’ third arm, the SVR, is responsible for the 2020 exploit of the SolarWinds Orion platform and other information technology infrastructures. This intrusion compromised thousands of US government and private sector networks,” said the US Treasury.

The American attribution was echoed by the British government with Foreign Secretary Dominic Raab saying in a statement: “We see what Russia is doing to undermine our democracies. The UK and US are calling out Russia’s malicious behaviour, to enable our international partners and businesses at home to better defend and prepare themselves against this kind of action.”

The US Defence Department added: “Recent Russian SVR activities include compromising SolarWinds Orion software updates, targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse.”

The NCSC also said in a public statement that “the overall impact on the UK of the SVR’s exploitation of this software is low.” Government departments have refused to even talk about the impact of the Orion compromise despite it being in widespread use around Whitehall and further afield, lending credibility to the notion that UK.gov was more widely hit by the breach than it wants to admit.

[…]

Other sanctioned outfits included ERA Technopolis, aka Pasit; Neobit, an infosec firm which was also the alma mater for a Russian spy who sneaked into Microsoft back in 2010; the Russian state compsci research institution; and a Russian business called Advanced System Technology AO.

US persons are banned from doing business with any of the above.

Source: It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US • The Register

Google Earth Now Shows Decades of Climate Change in Seconds

Posted on April 16, 2021 by Robin Edgar

Google Earth has partnered with NASA, the U.S. Geological Survey, the EU’s Copernicus Climate Change Service, and Carnegie Mellon University’s CREATE Lab to bring users time-lapse images of the planet’s surface—24 million satellite photos taken over 37 years. Together they offer photographic evidence of a planet changing faster than at any time in millennia. Shorelines creep in. Cities blossom. Trees fall. Water reservoirs shrink. Glaciers melt and fracture.

“We can objectively see global warming with our own eyes,” said Rebecca Moore, director of Google Earth. “We hope that this can ground everyone in an objective, common understanding of what’s actually happening on the planet, and inspire action.”

Timelapse, the name of the new Google Earth feature, is the largest video on the planet, according to a statement from the company, requiring 2 million hours to process in cloud computers, and the equivalent of 530,000 high-resolution videos. The tool stitches together nearly 50 years of imagery from the U.S.’s Landsat program, which is run by NASA and the USGS. When combined with images from complementary European Sentinel-2 satellites, Landsat provides the equivalent of complete coverage of the Earth’s surface every two days. Google Earth is expected to update Timelapse about once a year.

The Timelapse images are stark. In Southwestern Greenland, warmer Atlantic waters and air temperatures are accelerating ice melt.

Claushavn, Greenland

Source: Google

Tree loss in Brazil in 2020 surged by a quarter over the prior year.

Mamoré River, Brazil

Source: Google

Solar farms are rising in China.

Longyangxia Solar Park, located in Gonghe County, Qinghai Province.

Source: Google

This image, below, illustrates what it took to make a viewable experience. The 24 million images had to be processed to remove clouds or other obstructions and then stitched together into the final product.

Twenty-four million satellite images from 1984 to 2020 were analyzed to identify and remove artifacts, like clouds.

Source: Google

“Now, our one, static snapshot of the planet”—Google Earth—“has become dynamic, providing ongoing visual evidence of Earth’s changes from climate and human behavior occurring across space and time, over four decades,” Moore said. “And this was made possible because of the U.S. government and European Union’s commitments to open and accessible data.”