Daily Archives: September 14, 2024

New Dutch government declares asylum emergency – even though there isn’t – to bypass parliament. This is how authoritarianism begins.

Posted on by

The new programme of the Dutch cabinet under Prime Minister Dick Schoof reflects the tough migration stance promised during the election campaign, outlining a comprehensive plan to radically reform the country’s asylum system and push for an opt-out from EU migration policies. 

The Schoof cabinet’s plans for the upcoming term were unveiled today (13 September).  

The government’s newly published programme builds on the key agreements reached earlier this year after extensive negotiations between the former Liberal Party for Freedom and Democracy (VVD), led by the successor to former prime minister Mark Rutte, Wilders’ Freedom Party (PVV), New Social Contract (NSC) party and Citizen-Farmer Movement. 

The programme echoes the hardline stance on migration that dominated the campaign rhetoric and outlines a broad package of measures aimed at radically reforming the asylum system, citing “pressure on housing, healthcare, and education” as threats to social cohesion and safety.

“We must change direction and cut the influx immediately. That’s why I’m introducing the strictest asylum policy ever,” said the Minister of Asylum and Migration from the far-right populist PVV Marjolein Faber on X just before the programme’s release. 

A key element of the strategy focuses on action at the European level, including reforms to regulations and international treaties, as the government plans to take the issue to Brussels “as soon as possible” to achieve “an opt-out from European asylum and migration regulations.” 

At last week’s Ambrosetti Forum in Cernobbio, PVV leader Geert Wilders reiterated his call for EU countries to have an opt-out option on immigration and asylum policies.  

Last week, Minister Faber announced in her debut parliamentary debate that the cabinet intends to declare the asylum crisis an emergency – bypassing parliamentary approval – to swiftly enact measures to cut the migrant influx.

The programme addresses the asylum crisis, including a new Asylum Crisis Law as part of its structural reforms, as well as a redefinition of the nuclear family to restrict family reunification.

It also mentions the scrapping of indefinite asylum permits, allowing periodic reviews to determine if protection is still needed or if individuals can be returned to their home countries. 

Following last November’s national election, which was prompted by the collapse of the fourth Rutte cabinet over immigration policy disputes, Geert Wilders’s far-right party PVV emerged victorious. Securing a landslide victory with 37 seats, PVV became the largest party in the Dutch parliament. 

However, despite winning the election, Wilders opted not to personally join the government. Instead, Dick Schoof, an unelected career bureaucrat who previously headed the Dutch intelligence agency AIVD and served as a top official at the Ministry of Justice, was appointed prime minister by the King last July. 

Source: New Dutch government unveils toughest asylum reform in history – Euractiv

Five new massive satellites outshine most evening stars and will get bigger

Posted on by

A Texas telecommunications startup launched its first five massive “BlueBird” communications satellites into orbit on September 12. Each device is nearly 700-feet-wide when fully deployed, and like BlueWalker 3—AST SpaceMobile’s 2022 prototype, also in orbit—every BlueBird will soon shine brighter than most stars and planets in the night sky. But despite the concerns of critics and experts alike, the company’s CEO vows they are “just getting started.”

Founded in 2017, AST SpaceMobile is currently working with AT&T to construct the world’s first space-based cellular broadband network. In a statement on Thursday, AT&T Chief Operating Officer Jeff McElfresh said it’s all part of a plan to offer “a future where our customers will only be hard to reach if they choose to be.” AST SpaceMobile successfully delivered its BlueWalker 3 prototype into low-Earth orbit (LEO) in September 2022, and demonstrated it by allowing a smartphone to make a voice call the following September. Less than a month after the milestone, an international study published in Nature confirmed BlueWalker 3’s peak brightness matched that of Procyon and Achernar, two of the ten brightest stars in the night sky. Subsequent observations recorded even higher magnitudes similar to the stars that make up the constellation of Orion.

Each of the five BlueBirds now in orbit are roughly the same size as BlueWalker 3, meaning they will soon offer similar experiences for sky observers—sometimes visible even to the naked eye. But to achieve a reliable, high speed, and commercially viable satellite broadband network, AST SpaceMobile says it will need to deploy a constellation of nearly 90 satellites.

During a livestream of Thursday’s launch, company founder, chairman, and CEO Abel Avellan said many future satellite iterations will be “three-and-a-half-times larger” than the current BlueBirds. Such a scaling up would make each new, fully deployed device around 2425-square-feet in diameter, or about half the size of a regulation NBA basketball court. As Gizmodo noted on September 13, there are currently no legal restrictions for satellite brightness.

Gigantic satellite constellation arrays are growing at a rate that eclipses both regulatory oversight and experts’ concerns. Shortly after BlueWalker 3’s launch in 2022, the committee speaking on behalf of the International Astronomical Union uniformly denounced its delivery, describing it as “a big shift in the constellation satellite issue [that] should give us all reason to pause.”

AST SpaceMobile is far from the only company pursuing similar projects. SpaceX’s ongoing Starlink internet endeavor intends to eventually include as many as 7,000 satellites in orbit, in spite of its own share of public criticism. Meanwhile, advocates continue to stress the dangers of orbital pollution from decommissioned satellites and debris, often referred to as “space junk.” Without proper oversight and cleanup efforts, experts have repeatedly warned of the possibility of initiating a “Kessler cascade.” In these scenarios, the untenable amount of human-made objects leads to ever-increasing collisions, causing debris to deorbit and pose a danger to anything in its path.

In a statement provided to Popular Science, a spokesperson said that “AST SpaceMobile is committed to the responsible use of space as we advance our goal of using space-based, satellite technology to connect directly with everyday smartphones and help bring broadband to billions of people worldwide who do not have access today.”

Source: Five new massive satellites outshine most evening stars | Popular Science

Cats have brain activity recorded with the help of crocheted hats

Posted on by

Scientists have recorded electrical activity in the brains of awake cats for the first time, thanks to specially crocheted wool caps that hold the electrodes in place.

The technique gives researchers a way to assess chronic pain in cats and could lead to novel treatments, says Aude Castel at the University of Montreal in Canada.

About a quarter of all adult cats live with chronic pain due to osteoarthritis, which gets worse with age. Because treatment options are limited and generally involve significant side effects, Castel and her colleagues have been seeking alternative ways to relieve pain in cats, such as aromatherapy.

Electroencephalograms (EEGs) can be helpful in assessing the effects of such treatments because they can show the brain’s responses to pain and to stimulation of the senses. Thus far, though, the only EEGs carried out in cats have been performed in sedated animals.

Castel and her colleagues attempted to place electrodes on the heads of 11 awake, adult cats – all of which had osteoarthritis – in order to record their brain activity in response to smelling a variety of substances and seeing different wavelengths of light. However, the cats regularly shook their heads, causing the electrodes to shift out of place or fall off. Finally, the researchers realised they could take advantage of a new fashion for cats: crocheted caps.

“When you spend more time putting electrodes back on than you do actually recording the EEGs, you get creative,” says team member Aliénor Delsart, also at the University of Montreal.

The team asked a graduate student to crochet special cat caps to hold the electrodes, inspired by a tutorial on YouTube. With the new hats in place, the researchers found that the electrodes stayed in position and that the cats no longer tried to play with or chew the wires.

The EEG recordings in the awake cats were mostly usable, although a few still had too much interference from the cats’ head movements. Even so, the results allowed the team to determine critical brain activity related to the cats’ pain levels and reactions to various smells and coloured lighting.

As such, the team plans to use the EEG caps in future studies to determine how various treatments – including drugs and alternative therapies like odours and lighting – affect the cats’ perception of pain, says Delsart.

 

Journal reference:

Journal of Neuroscience Methods DOI: 10.1016/j.jneumeth.2024.110254

Source: Cats have brain activity recorded with the help of crocheted hats | New Scientist

Fortinet confirms data breach after hacker claims to steal 440GB of files

Posted on by

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server.

Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services.

Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet’s Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download.

[…]

The threat actor, known as “Fortibitch,” claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay.

In response to our questions about incident, Fortinet confirmed that customer data was stolen from a “third-party cloud-based shared file drive.”

[…]

Earlier today, Fortinet did not disclose how many customers are impacted or what kind of data has been compromised but said that it “communicated directly with customers as appropriate.”

A later update shared on Fortinet’s website says that the incident affected less than 0.3% of its customer base and that it has not resulted in any malicious activity targeting customers.

[…]

In May 2023, a threat actor claimed to have breached the GitHub repositories for the company Panopta, who was acquired by Fortinet in 2020, and leaked stolen data on a Russian-speaking hacking forum.

Source: Fortinet confirms data breach after hacker claims to steal 440GB of files

Ouch. A 440GB leak is huge.

Apple Vision Pro’s Eye Tracking Exposed What People Type

Posted on by

[…]

Today, a group of six computer scientists are revealing a new attack against Apple’s Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device’s virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes.

“Based on the direction of the eye movement, the hacker can determine which key the victim is now typing,” says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.

To be clear, the researchers did not gain access to Apple’s headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime.

[…]

 

Source: Apple Vision Pro’s Eye Tracking Exposed What People Type | WIRED

1.3 million Android-based TV boxes backdoored; researchers still don’t know how

Posted on by

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.

Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Dozens of variants

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections.

“At the moment, the source of the TV boxes’ backdoor infection remains unknown,” Thursday’s post stated. “One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access.”

The following device models infected by Vo1d are:

TV box model Declared firmware version
R4 Android 7.1.2; R4 Build/NHG47K
TV BOX Android 12.1; TV BOX Build/NHG47K
KJ-SMART4KVIP Android 10.1; KJ-SMART4KVIP Build/NHG47K

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What’s more, Doctor Web said it’s not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models.

Further, while only licensed device makers are permitted to modify Google’s AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user.

[…]

The statement said people can confirm a device runs Android TV OS by checking this link and following the steps listed here.

[…]

It’s not especially easy for less experienced people to check if a device is infected short of installing malware scanners. Doctor Web said its antivirus software for Android will detect all Vo1d variants and disinfect devices that provide root access. More experienced users can check indicators of compromise here.

Source: 1.3 million Android-based TV boxes backdoored; researchers still don’t know how | Ars Technica

After Synology breaks video station, plex, HEIC, H.265, backups, update now also breaks Surveillence station. What is going on there?!

Posted on by

Installed DSM 7.2.2-72806 on my DS1821+. The update automatically updated Surveillance Station to 9.2.1-11374.

When updating I received the following notice:

Surveillance Station will automatically install the Surveillance Video Extension package. After this update, the Live View Analytics app will no longer be supported. The support for HEVC (H.265) cameras will undergo the following changes, while AVC (H.264) cameras will remain unaffected:
Unsupported features:

Motion detection by Surveillance Station

Continuing to take snapshots after events for email notifications

Adjusted mechanisms:

Event snapshot

Thumbnails (e.g., thumbnails for IP cameras, detection results, timeline preview)

There was also a warning stating:

DS cam Android 3.10.0 or above, iOS 5.9.0 or above:

H.265 camera streams might not be able to play:

If any issues occur with live streaming or video playback, consider changing the camera’s video format to H.264 or using a mobile device that supports H.265 format.

Once the update was finished and I opened Surveillance Station I received this warning:

Some H.265 cameras’s motion detection has been reconfigured or disabled. In this update, Surveillance Station no longer supports H.265 cameras to configure motion detection using Surveillance Station ‘s algorithms. The motion detection setting is automatically switched to using camera’s built-in algorithm if available. Otherwise, the motion detection is disabled. The related functions (e.g., recording schedule, notification, alarm, and action rule) will also be affected.

Testing Surveillance Station in Chrome it is completely broken. There are no previews for my cameras, recordings can’t be played back, etc. This all worked before the update, although I normally use the client. https://imgur.com/a/47m5ukO

Using the Surveillance Station Client on my Mac, there are almost no changes. The camera previews work, hovering over the timeline in monitor center displays a preview, recordings can be played back, smart time-lapse recording in h265 works, etc. https://imgur.com/a/RBVM2ET

Under the camera settings, I can still set a recording schedule, the only thing that was removed is the option to use the Synology detection algorithm under Event Detection. Advanced Event (Smart Event) settings still work. https://imgur.com/a/TFoKvJk

In Monitor Center all previous events from before the update are missing (I can’t jump to the last motion event), but the files themselves are still there in recordings. https://imgur.com/a/PJHBVd3

The iOS app still works fine with no issues.

Ultimately the only change for me is that I now have to configure event detection by logging into each camera recording in h265, everything else is the same as before.

Cameras I tested with are Hikvision DS-2CD2385G1-I recording in h265+ and Reolink E1 Pros.

Source: My experience updating to Surveillance Station 9.2.1-11374