Daily Archives: October 7, 2021

Neiman Marcus Breach Exposes Data Of 4.6 Million Users

Posted on by

Another day, another massive privacy breach nobody will do much about. This time it’s Neiman Marcus, which issued a statement indicating that the personal data of roughly 4.6 million U.S. consumers was exposed thanks to a previously undisclosed data breach that occurred last year. According to the company, the data exposed included login in information, credit card payment information, virtual gift card numbers, names, addresses, and the security questions attached to Neiman Marcus accounts. The company is, as they always are in the wake of such breaches, very, very sorry:

“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, Chief Executive Officer. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

As is par for the course for this kind of stuff, the actual breach is likely much worse than what’s first being reported here. And by the time the full scope of the breach becomes clear, the press will have largely lost interest. The company set up a website for those impacted to get more information. In this case, impacted consumers didn’t even get free credit reporting, the standard mea culpa hand out after these kinds of events (which is worthless since consumers have received free credit reporting for countless hacks and leaks over the last five to ten years).

[…]

Source: Neiman Marcus Breach Exposes Data Of 4.6 Million Users | Techdirt

Texas abortion: Judge temporarily blocks enforcement of law

Posted on by

A US judge has temporarily blocked a new law in Texas that effectively bans women from having an abortion.

District Judge Robert Pitman granted a request by the Biden administration to prevent any enforcement of the law while its legality is being challenged.

The law, which prohibits women in Texas from obtaining an abortion after six weeks of pregnancy, was drafted and approved by Republican politicians.

The White House praised the latest ruling as an important step.

“The fight has only just begun, both in Texas and in many states across this country where women’s rights are currently under attack,” White House Press Secretary Jen Psaki said.

Texan officials immediately appealed against the ruling, setting the stage for further court battles.

Judge Pitman, of Austin, wrote in an 113-page opinion that, from the moment the law came into effect on 1 September, “women have been unlawfully prevented from exercising control over their lives in ways that are protected by the Constitution”.

“This court will not sanction one more day of this offensive deprivation of such an important right,” he said on Wednesday.

Whole Woman’s Health, which runs a number of clinics in Texas, said it was making plans to resume abortions “as soon as possible”.

But the anti-abortion group Texas Right to Life, accused judges of “catering to the abortion industry” and called for a “fair hearing” at the next stage.

[…]

Source: Texas abortion: Judge temporarily blocks enforcement of law – BBC News

WHO Endorses ‘Breakthrough’ Childhood Vaccine For Malaria

Posted on by

The fight against malaria, one of the world’s worst diseases for decades, is likely to get much easier as the World Health Organization has endorsed the wide use of a malaria vaccine developed by GlaxoSmithKline, the first ever to win such approval. The vaccine will be recommended for children in sub-Saharan Africa and other high-risk areas as a four-dose schedule starting at age 5 months.

[…]

“This is a historic moment. The long-awaited malaria vaccine for children is a breakthrough for science, child health and malaria control,” said WHO Director-General Tedros Adhanom Ghebreyesus in a statement announcing their endorsement of the vaccine. “Using this vaccine on top of existing tools to prevent malaria could save tens of thousands of young lives each year.”

Despite the good news, GlaxoSmithKline’s vaccine, which is currently code-named RTS,S/AS01 but will be branded as Mosquirix, is only modestly effective. In the clinical trials evaluated for WHO approval, it was found to prevent around half of severe cases caused by P. falciparum malaria, compared to the control group. But this level of efficacy was only seen in the first year of vaccination, and by the fourth year, protection had waned to very low levels. At roughly 55% efficacy, the vaccine meets the bare minimum for WHO endorsement.

A major study this year did find that a combination of the vaccine and anti-malarial drugs can further reduce the risk of severe disease and death by 70%, a much more appealing target for public health programs. But even as is, one study has projected that the vaccine would prevent millions of cases and over 20,000 deaths annually in sub-Saharan Africa if deployed widely.

Like other vaccines before it, Mosquirix may also represent the first step toward more effective vaccines in the future. There are several other candidates in development already, including one from Moderna that’s relying on the same mRNA platform as the company’s successful covid-19 vaccine.

Source: WHO Endorses ‘Breakthrough’ Childhood Vaccine For Malaria

EU to file NFC antitrust charges against Apple Pay

Posted on by

Apple’s decision to only allow Apple Pay to access the NFC chip in iPhones could result in the Silicon Valley giant paying hefty anti-monopoly fines in Europe.

The EU is set to file anti-competitive charges against Cupertino regarding its tap-to-pay system, Reuters reported, citing sources. Euro antitrust watchdogs are apparently not happy that the NFC chips in iPhones and iPads are restricted to the iGiant’s Pay software, unfairly locking out alternative wireless payment apps.

The charges will be the result of a European Commission investigation that started last year into Apple’s terms and conditions with merchants, the limited access to the NFC hardware, and more.

“It is important that Apple’s measures do not deny consumers the benefits of new payment technologies, including better choice, quality, innovation and competitive prices,” said Competition Commissioner Margrethe Vestager in 2020. “I have therefore decided to take a close look at Apple’s practices regarding Apple Pay and their impact on competition.”

[…]

Source: Report: EU to file NFC antitrust charges against Apple Pay • The Register

The International Energy Agency publishes the detailed, global energy data we all need, but its funders force it behind paywalls. Let’s ask them to change it.

Posted on by

To make the transition to low-carbon energy sources and address climate change we need open data on the global energy system. High-quality data already exists; it is published by the International Energy Agency. But despite being an international institution that is largely publicly funded, most IEA data is locked behind paywalls. This makes it unusable in the public discourse and prevents many researchers from accessing it. Beyond this, it hinders data-sharing and collaboration; results in duplicated research efforts; makes the data unusable for the public discourse; and goes against the principles of transparency and reproducibility in scientific research. The high costs of the data excludes many from the global dialogue on energy and climate and thereby stands in the way of the IEA achieving its own mission. 

We suggest that the countries that fund the IEA drop the requirement to place data behind paywalls and increase their funding – the benefits of opening this important data are much larger than the costs.

[…]

In 2018, the annual budget of the IEA was EUR 27.8 million. According to the IEA’s budget figures, revenues from its data and publication sales finance “more than one-fifth of its annual budget”. That equates to EUR 5.6 million per year. To put this figure in perspective, it is equal to 0.03% of the total public energy RD&D budget for IEA countries in 2018, which was EUR 20.7 billion. Or on a per capita basis split equally across IEA member countries: 0.44 cents per person per year.

We believe that the relatively small revenues that the paywalls generate do not justify the very large downsides that these restrictions cause.

[…]

The statistical work of the IEA is of immense value. It is the only source of energy data that captures the full range of metrics needed to understand the global energy transition: from primary energy through to final energy use by sub-sector. It is the go-to source for most researchers and forms the basis of the energy systems modelling in the Intergovernmental Panel on Climate Change (IPCC) Assessment Reports. It is also heavily utilised in energy policy, collaborating with the United Nations Framework Convention on Climate Change (UNFCCC) on developments in energy data and analytics.

Some alternative data sources on energy exist, but none come close to the coverage and depth of the IEA data. The BP Statistical Review of World Energy, published by the multinational oil and gas company BP is the most commonly used alternative. As a freely available dataset it is widely used in research and is where the IEA would want to be – ‘at the heart of the global dialogue on energy’. But as it is published by a private fossil fuel company it has some obvious drawbacks.

One is that it focuses on commercially-traded fuels; this means most high- and middle-income countries are included but lower-income countries are almost completely absent even from very basic metrics such as primary energy. It also focuses on primary energy statistics and does not offer insight into the breakdown in final energy or sector-specific allocations.

The series of maps show the comparative geographical coverage of primary and final energy between the publicly available dataset from BP, and the private licensed dataset from the IEA.

[…]

Source: The International Energy Agency publishes the detailed, global energy data we all need, but its funders force it behind paywalls. Let’s ask them to change it. – Our World in Data

World Of Warcraft Update Removes Suggestive Flirts & Jokes – cancel culture wins against humor

Posted on by

Blizzard’s work on cleaning up World of Warcraft in the wake of historical allegations of harassment at the company continues, with the latest round targeting a series of suggestive jokes and flirts that are being removed as part of update 9.1.5.

As detailed by Wowhead, there are a lot of changes, some of them leaving characters with as few as two lines of dialogue to cycle through. And while some are clearly the result of combing back through the archives and removing content that, in the wake of Blizzard’s current crisis, is clearly inappropriate, other cuts are simply down to the fact that it’s now 2021 and some of this stuff is either horribly dated or simply bad.

Some examples of jokes that are being removed are:

Draenei Male: If you could get your hands on my family jewels I would be deeply appreciative.

Goblin Female: I’m a modern goblin woman. Independent? I still let men do nice things to me. But I stopped giving them any credit.

Orc Female: What’s estrogen? Can you eat it?

Tauren Male: Homogenized? No way, I like the ladies.

Meanwhile here are some of the flirts being cut:

Blood Elf Demon Hunter Male: Are you sure you’re not part-demon? I find myself wanting to stalk you.

Blood Elf Female: Normally, I only ride on epic mounts… But, let’s talk.

Dwarf Male: You look pretty, I like your hair, here’s a drink… Are you ready now?

Goblin Male: I got what you need. *sound of zipper*

Highmountain Tauren Female: Are you staring at my rack?

Nightborn Male: Mmmm, I wanna tap that ley line.

Orc Male: Um… You look like a lady.

Troll Female: When enraged, and in heat, a female troll can mate over 80 times in one night. Be you prepared?

Source: World Of Warcraft Update Removes Suggestive Flirts & Jokes

Fine, they are not super clever jokes – but humor is allowed to be bad.

GitHub Removes GTA Fan Projects re3 and reVC Following New Take-Two DMCA Notice

Posted on by

After Take-Two Interactive sent a legal letter to Github referencing a copyright infringement lawsuit against the people behind the popular re3 and reVC Grand Theft Auto fan projects, Github has now removed the repositories for a second time. Take-Two has also demanded the removal of many project forks and wants Github to take action under its repeat infringer policy. TorrentFreak reports: Just before the weekend, a new entry in Github’s DMCA repository revealed the existence of a letter (PDF) sent to Github from Take-Two’s legal team. Dated September 9, 2021 (a week after the copyright lawsuit was filed) it informs Github that legal action is underway and it has come to the company’s attention that the contentious content (and numerous ‘fork’ repositories) continue to be made available on Github’s website. “We request that Github take expeditious action to remove or disable access to the materials [in the attached exhibit], together with any other instances of the same materials available within the same primary ‘GTAmodding/re3’ fork network (e.g. in ‘private’ or newly-created repositories),” it reads.

In common with the first DMCA notice, Github has responded by taking the project’s repositories down. Given that the defendants in the case already stand accused of previously sending ‘bad faith’ counter-notices, it seems unlikely that they will follow up with another set of similar responses that will soon be under the scrutiny of the court. Take-Two also follows up with a line that is becoming more and more popular in copyright infringement matters, one that references so-called ‘repeat infringers.’ “Furthermore, it is requested that Github take appropriate measures to prevent further infringement by the parties responsible, including pursuant to any ‘repeat infringer’ policies maintained by Github.”

This means that if any of the contentious content is reposted to Github, Take-Two would like the code repository to implement its own ‘repeat infringer’ process. It states that “in appropriate circumstances and in its sole discretion, [Github will] disable and terminate the accounts of users who may infringe upon the copyrights or other intellectual property rights of GitHub or others.” The letter also provides a laundry list of repository forks that, on the basis they are also infringing, should be removed. While Github appears to have complied in many cases, there are two notable exceptions. After being targeted by earlier DMCA takedowns, Github users ‘td512‘ and ‘erorcun‘ filed DMCA counter-notices to have their repositories restored. The former previously informed TorrentFreak that he believed Take-Two’s infringement claims to be incorrect. At the time of writing, both repos are still online.

Source: GitHub Removes GTA Fan Projects re3 and reVC Following New Take-Two DMCA Notice – Slashdot

Well done alienating your biggest fans, TakeTwo

MEPs support curbing police use of facial recognition, border biometric data trawling drastically

Posted on by

Police should be banned from using blanket facial-recognition surveillance to identify people not suspected of crimes. Certain private databases of people’s faces for identification systems ought to be outlawed, too.

That’s the feeling of the majority of members in the European Parliament this week. In a vote on Wednesday, 377 MEPs backed a resolution restricting law enforcement’s use of facial recognition, 248 voted against, and 62 abstained.

“AI-based identification systems already misidentify minority ethnic groups, LGBTI people, seniors and women at higher rates, which is particularly concerning in the context of law enforcement and the judiciary,” reads a statement from the parliament.

“To ensure that fundamental rights are upheld when using these technologies, algorithms should be transparent, traceable and sufficiently documented, MEPs ask. Where possible, public authorities should use open-source software in order to be more transparent.”

As well as this, most of the representatives believe facial-recognition tech should not be used by the police in automatic mass surveillance of people in public, and monitoring should be restricted to only those thought to have broken the law. Datasets amassed by private companies, such as Clearview AI, for identifying citizens should also be prohibited along with systems that allow cops to predict crime from people’s behavior and backgrounds.

[…]

The vote is non-biding, meaning it cannot directly lead to any legislative change. Instead, it was cast to reveal if members might be supportive of upcoming bills like the AI Act, a spokesperson for the EU parliament told The Register.

“The resolution is a non-exhaustive list of AI uses that MEPs within the home affairs field find problematic. They ask for a moratorium on deploying new facial recognition systems for law enforcement, and a ban on the narrower category of private facial recognition databases,” the spokesperson added.

It also called for border control systems to stop using biometric data to track travelers across the EU, too.

Source: MEPs support curbing police use of facial recognition • The Register

A French company is using enzymes to recycle one of the most common single-use plastics – PET

Posted on by

In late September, Carbios, a French startup, opened a demonstration plant in central France to test this idea. The facility will use enzymes to recycle PET, one of the most common single-use plastics and the material used to make most beverage bottles.

[…]

Carbios’s new reactor measures 20 cubic meters—around the size of a cargo van. It can hold two metric tons of plastic, or the equivalent of about 100,000 ground-up bottles at a time, and break it down into the building blocks of PET—ethylene glycol and terephthalic acid—in 10 to 16 hours.

The company plans to use what it learns from the demonstration facility to build its first industrial plant, which will house a reactor about 20 times larger than the demonstration reactor. That full-scale plant will be built near a plastic manufacturer somewhere in Europe or the US, and should be operational by 2025, says Alain Marty, Carbios’s chief science officer.

Carbios has been developing enzymatic recycling since the company was founded in 2011. Its process relies on enzymes to chop up the long chains of polymers that make up plastic. The resulting monomers can then be purified and strung together to make new plastics. Researchers at Carbios started with a natural enzyme used by bacteria to break down leaves, then tweaked it to make it more efficient at breaking down PET.

Carbios’s demonstration facility in Clermont-Ferrand, France. Image courtesy of SkotchProd.

Carbios estimates that its enzymatic recycling process reduces greenhouse gas emissions by about 30% compared to virgin PET. Marty says he expects that number to increase as they work out the kinks.

[…]

Source: A French company is using enzymes to recycle one of the most common single-use plastics | MIT Technology Review

How Apple Can Read Your Encrypted iMessages

Posted on by

If you have an iPhone, and your friends mostly have iPhones, you probably use Apple’s Messages app to communicate with them. That’s the nature of things. And aside from the platform’s convenience and ubiquity, one of the iMessage platform’s selling points is that its end-to-end encryption should theoretically ensure that only you and those you text can read your conversations. However, that might not be the case: Apple can likely access the messages for many, many iMessage users, even with end-to-end encryption in place.

[…]

How you back up your messages matters

So yes, your texts are encrypted as sent and received. But few of us delete every text as it comes in; we keep them around in case we want to revisit them later, which means we need to back them up somehow. And as it turns out, how you back up your messages might mean the difference between having an truly secure iMessage history, and giving Apple the key to unlock all your conversations.

[…]

iCloud Backup is not a secure method for saving your messages

Here’s the tricky thing; Messages in iCloud is end-to-end encrypted, just as you’d expect—that’s why there’s no way to access your messages on the web, such as by logging in to icloud.com. There’s one big problem, though: your iCloud Backup isn’t end-to-end encrypted—and Apple stores the key to unlock your encrypted messages within that backup.

[…]

It’s not just your messages; besides Keychain, Screen Time, and Health data, Apple has the key to decrypt all of your iCloud data

[…]

Source: How Apple Can Read Your Encrypted Messages

Search providers compaining that EU Google antitrust measures didn’t achieve anything

Posted on by

Four search providers – DuckDuckGo, Ecosia, Qwant, and Lilo – have penned an open letter to the European Commission claiming that Google is suppressing search engine competition.

The EU has made a number of efforts to counter Google’s search monopoly, including a July 2018 fine and ruling that the company engaged in “illegal tying of Google’s search and browser apps” and “illegal payments conditional on exclusive pre-installation of Google Search.”

Google responded with some licensing changes. In August 2019, it agreed with the EU to provide an Android Choice screen, which included selling spots on the new menu via auction – leading to participants like privacy-centric DuckDuckGo complaining that they were priced out.

Google's new Android Choice screen

Google’s new Android Choice screen

The Android Choice screen has since been revised by further agreement with the European Commission, and now features more options and free participation. The new choice screen includes up to 12 search services, with the five most popular search engines in the local country listed first, as recorded by StatCounter, and is free for search providers.

Third-party search providers are not happy. Today’s open letter [PDF] states that “despite recent changes, we do not believe it will move market share significantly.” The providers say that the new Android Choice menu is “only shown once, in a Google-designed, Google-owned onboarding process. If [users] later decide to switch defaults, they must labour through 15+ clicks or factory-reset their phone.” They also complain that Chrome desktop and other operating systems are not included, and worry that “it doesn’t apply to all search aspects points in Android.”

[…]

“In the meantime, at least one search company went bankrupt. A German company called Cliqz invested €100m into building their own search algorithm and they went bankrupt. Google playing on time is a big problem.”

Cliqz said in its farewell post last year: “We failed to convince the political stakeholders, that Europe desperately needs an own independent digital infrastructure. Here we can only hope that someone else picks up the ball… the world needs a private search engine that is not just using Bing or Google in the backend.”

In Russia, Kroll said: “Yandex went down to a 20 per cent market share. Then they had a real choice screen on a fixed date and it went back to 60 per cent. I’m not saying we should do everything like Russia does, but it shows that it can have an effect.”

[…]

Source: Existence of Bing ‘essential’ to non-Google search engines • The Register

The entirety of Twitch has reportedly been leaked – change your password!

Posted on by

An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information.

The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.

VGC can verify that the files mentioned on 4chan are publicly available to download as described by the anonymous hacker.

One anonymous company source told VGC that the leaked data is legitimate, including the source code for the Amazon-owned streaming platform.

Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday. We’ve requested comment from Twitch and will update this story when it replies.

[UPDATE: Twitch has confirmed the leak is authentic: “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”]

he leaked Twitch data reportedly includes:

  • The entirety of Twitch’s source code with commit history “going back to its early beginnings”
  • Creator payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users enable two-factor authentication to be safe.

If you have a Twitch account, it’s recommended that you also turn on two-factor authentication, which ensures that even if your password is compromised, you still need your phone to prove your identity using either SMS or an authenticator app.

To turn on two-factor identification:

  • Log on to Twitch, click your avatar and choose Settings
  • Go to Security and Privacy, then scroll down to the Security setting
  • Choose Edit Two-Factor Authentication to see if it’s already activated. If not, follow the instructions to turn it on (you’ll need your phone)

Source: The entirety of Twitch has reportedly been leaked | VGC