Check Point Research (CPR) recently discovered that in the last few months, many application developers put their data and users’ data at risk. By not following best practices when configuring and integrating 3rd party cloud services into applications, millions of users’ private data was exposed. In some cases, this type of misuse only affects the users, however, the developers were also left vulnerable. The misconfiguration put users’ personal data and developer’s internal resources, such as access to update mechanisms and storage at risk.
In this research, CPR outlines how the misuse of real-time database, notification managers, and storage exposed over 100 million users’ personal data (email, passwords, names, etc.) and left corporate resources vulnerable to malicious actors.
if you’re thinking of buying a new One SL, you ought to keep in mind that it’ll only work with the newer Sonos S2 app.
This won’t be a problem for every Sonos owner, especially if you bought all your Sonos devices in the past year or two. It might be an issue, however, if you’re still operating a mix of newer and older Sonos hardware. Namely, the “legacy” Sonos products that were “killed off” last year. Those legacy gadgets will only work with the S1 app, and although Sonos committed to providing updates for these devices, controlling a mix of legacy and current Sonos gadgets isn’t possible on the S2 app.
You can’t roll back from the old update which basically only seems to add rounded corners to backgrounds and break in dark mode – except that you allow Sonos to spy on you through the built in microphone with S2.
According to Action News Jax, Bartram Trail High School altered 80 different yearbook photos – all of them of girls. In many of them, crudely photoshopped rectangles in the colour of the girls’ clothing can be seen covering up their chests.
Many of those students have expressed outrage.
“I felt confident that day and I looked good, in dress code,” ninth grader Zoe Iannone told Action News Jax. “When I sent it to my mom and all of us saw it, I felt very sexualized, like that was what they were worrying about.”
Parents are furious as well.
“Our daughters of Bartram deserve an apology,” one anonymous mother told the station. “They are making them feel embarrassed about who they are.”
Techdirt has just written about belated news that the FBI gained access two years ago to the Apple account of Alexandra Elbakyan, the founder of Sci-Hub. This is part of a continuing attempt to stop the widespread sharing of academic papers, mostly paid for by the public, and currently trapped behind expensive paywalls. You might think somebody helping scholars spread their work to a wider audience would be rewarded with prizes and grants, not pursued by the FBI and DOJ. But of course not, because, well, copyright. It’s easy to feel angry but helpless when confronted with this kind of bullying by publishing giants like Elsevier, but a group of publicly spirited Redditors aim to do something about it:
It’s time we sent Elsevier and the USDOJ a clearer message about the fate of Sci-Hub and open science: we are the library, we do not get silenced, we do not shut down our computers, and we are many.
They have initiated what they term a “Rescue Mission for Sci-Hub”, in order to prepare for a possible shutdown of the site:
A handful of Library Genesis seeders are currently seeding the Sci-Hub torrents. There are 850 scihub torrents, each containing 100,000 scientific articles, to a total of 85 million scientific articles: 77TB. This is the complete Sci-Hub database. We need to protect this.
The Redditors are calling for “85 datahoarders to store and seed 1TB of articles each, 10 torrents in total”. The idea is to download 10 random torrents, then seed them for as long as possible. Once enough people start downloading random torrents using these seeds, the Sci-Hub holdings will be safe. That would then lead to the “final wave”:
Development for an open source Sci-Hub. freereadorg/awesome-libgen is a collection of open source achievements based on the Sci-Hub and Library Genesis databases. Open source de-centralization of Sci-Hub is the ultimate goal here, and this begins with the data, but it is going to take years of developer sweat to carry these libraries into the future.
The centralized nature of Sci-Hub is certainly its greatest weakness, since it provides publishers with just a few targets to aim for, both legally and technically. A truly decentralized version would solve that problem, but requires a lot of work, as the Reddit post notes. Still, at least this “rescue plan” means people can do something practical to help Sci-Hub; sadly, protecting Elbakyan is harder.
Belarusian authorities appear to have forced a Ryanair jet to perform an emergency landing in Minsk in order to arrest an opposition blogger wanted for organising last summer’s protests against leader Alexander Lukashenko.
Roman Protasevich, a former editor of the influential Telegram channels Nexta and Nexta Live, was detained by police after his flight was diverted to Minsk national airport due to a bomb threat. Minsk confirmed it had scrambled a Mig-29 fighter to escort the plane.
Protasevich has been accused of terrorism and provoking riots after the Nexta channels became one of the main conduits for organising last year’s anti-Lukashenko protests over elections fraud. Protasevich had been living in exile in 2019 and Poland had previously rejected an extradition request sent by Minsk.
Protasevich was flying on an intra-EU flight from Athens to Vilnius, the capital of Lithuania, when the plane was diverted to Minsk. According to online flight data, the plane was over Belarusian airspace when it diverted course but was closer to Vilnius than Minsk.
[…]
Protasevich, who has been living in exile since 2019, told colleagues earlier on Sunday he had been followed while travelling to the airport in Athens. A Russian speaker had followed him into a line at the airport and attempted to photograph his documents, he wrote to colleagues.
“He was next in line at the document check and just turned around and walked away,” he said. “For some reason, he also tried to secretly photograph my documents.” Colleagues said they had not heard from him since.
The Times of India reports Air India has revealed that a breach compromised about 4.5 million passengers whose data was registered at system provider SITA between August 2011 and late February 2021. The intruders couldn’t obtain passwords, but they had access to names, contact info, tickets and frequent flyer info (including for Star Alliance).
The perpetrators also had access to credit card info, although the usefulness of that data might be limited as the CVV/CVC numbers weren’t included.
The airline said it first learned of the incident on February 25th (and issued a warning on March 19th), but that it only learned the identities of affected passengers on March 25th and May 4th. It was already investigating the breach and had locked down the affected servers, including resetting passwords for its frequent flyer program.
It’s not clear who was responsible for the breach. However, the damage isn’t limited to one airline. STIA told BleepingComputer in a statement that customers from several airlines were victims, including travelers who flew with Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. While this isn’t as large as the 2018 Cathay Pacific breach that touched up to 9.4 million customers, the repercussions could be felt worldwide for a while to come.
CNA Finaincial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.
In March the business revealed it had been hit by an extensive Phoenix Locker infection; this strain of malware was developed by Russian scam artists calling themselves Evil Corp, which may have links to Russian intelligence.
All CNA systems are now back up and running though it appears that the company didn’t manage this themselves and instead coughed up a widelyreported $40m to the extortionists for the means to decrypt the scrambled files.
Virgin Galactic’s rocket-powered plane, carrying two pilots, soared into the upper atmosphere on its third mission to reach space Saturday morning.
The success cues up Virgin Galactic to begin launching paying customers within the next year as the company works to finish its testing campaign at its new headquarters in New Mexico.
Spaceplane VSS Unity reached an altitude of 55.45 miles, according to the company. The US government recognizes the 50-mile mark as the edge of space. The company tweeted Saturday morning that the spaceflight carried technology experiments for NASA’s Flight Opportunities Program.
[…]
Recently, the company installed a new CEO, former Disney executive Michael Colglazier, and has been pledging to slowly ramp up to commercial operations over the next year or so. It’s also focused on constructing a new line of planes, called SpaceShipIII, and is angling to one day fly about 400 flights each year from its New Mexico spaceport.
In a follow-up to our big piece on Top Aces’ recently acquired fleet of second-hand F-16A/B ‘Netz’ fighters from Israel, the company has now taken one of these jets aloft for the first time. This also marks the first time a 4th generation fighter of any kind has been flown by a private adversary support firm.
The maiden flight originated from Top Aces’ newly minted F-16 Center Of Excellence at Mesa Gateway Airport in Arizona. This is where the aggressor firm, which has its main headquarters in Canada, became a truly global operation and is now making a home for its budding F-16 operations. Ultimately, its fleet of Vipers is set to swell to 29 jets.
Kyler Noe
The flight of F-16A 78-0322, which had “Billy Bob” at the controls, lasted roughly an hour and saw the aircraft venture to the west of its home base for a number of checks, before safely returning to Mesa Gateway Airport. The aircraft itself is historic. It took part in Israel’s famous attack on Iraq’s Osirak nuclear reactor in 1981 and is also a MiG killer. You can read more about the jet’s history in this past piece of ours on Top Ace’s second-hand jets and their unique exploits.
ADSBexchange.com
Top Aces plans to use its private 4th generation fighter fleet to support the Pentagon’s growing demand for adversary air support, acting as advanced aggressors for Air Force, Navy, and Marine Corps flight crews. Currently, adversary service providers largely use 3rd generation fighters, some of which are deeply upgraded, to mimic more advanced threats at a cheaper cost than using actual 4th generation fighters.
It will be interesting to see Top Aces make its business case for more complex, and potentially far more expensive, private adversary capabilities. Although, the Air Force, in particular, has taken a methodical approach and upgrading the complexity of these services, so adding F-16s to the mix would seem to be a logical next step, at least conceptually speaking. Fiscally speaking, that could be another story.
Kyler Noe
For more information on Top Aces’ F-16 fleet, make sure to check out our special feature on the topic here. Beyond that, it looks like they threw a GoPro in the cockpit, so we may get some great video from the company of this historic first flight in the not-to-distant future.
It turns out a process called galvanic vestibular stimulation—also known as GVS—can be used to alter a human’s sense of balance by electrically stimulating a nerve in the ear using electrodes. Researchers haven’t quite figured out the best uses of the technology—medical, military, and entertainment companies are all investigating it—but when used properly it can convince a person that they need to move their bodies to the left or right to maintain balance, which the body will automatically do all on its own, even if they’re standing perfectly still. As a result there’s a peculiar side effect of GVS: the technology can be used to partially control a human’s movements as if they were being operated remotely.
That’s exactly what Mean Gene Hacks is doing here. Using about $50 worth of external hardware (plus the cost of a gaming PC) they’ve made BeamNG.drive, a highly realistic physics-based driving simulator—interface with GVS hardware. Custom code translates an in-game vehicle’s motions into the electrical signals that alter a player’s balance, which are delivered to a player’s nerve endings through a pair of adhesive electrodes that attach to the neck just behind the earlobes. The resulting effect has the player uncontrollably leaning to the left or to the right while playing, as if effected by the same G-forces the car in the game is experiencing.
KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian
[…]
DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.
In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.
[…]
DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin. The full exclusion list in DarkSide (published by Cybereason) is below:
Image: Cybereason.
Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they’re detected the malware will exit and fail to install.
[…]
Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not. There is plenty of malware that doesn’t care where in the world you are. And there is no substitute for adopting a defense-in-depth posture, and avoiding risky behaviors online.
[…]
Cybercriminals are notoriously responsive to defenses which cut into their profitability, so why wouldn’t the bad guys just change things up and start ignoring the language check? Well, they certainly can and maybe even will do that (a recent version of DarkSide analyzed by Mandiant did not perform the system language check).
But doing so increases the risk to their personal safety and fortunes by some non-trivial amount
DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, received a total of $90 million in bitcoin ransom payments before shutting down last week, according to new research.
Colonial Pipeline was hit with a devastating cyberattack earlier this month that forced the company to shut down approximately 5,500 miles of pipeline in the United States, crippling gas delivery systems in Southeastern states. The FBI blamed the attack on DarkSide, a cybercriminal gang believed to be based in Eastern Europe, and Colonial reportedly paid a $5 million ransom to the group.
[…]
In a blog post Tuesday, Elliptic said DarkSide and its affiliates bagged at least $90 million in bitcoin ransom payments over the past nine months from 47 victims. The average payment from organizations was likely $1.9 million, Elliptic said.
[…]
Of the $90 million total haul, $15.5 million went to DarkSide’s developer while $74.7 million went to its affiliates, according to Elliptic. The majority of the funds are being sent to crypto exchanges, where they can be converted into fiat money, Elliptic said.
Plastic producers have tried to make us think that individuals can solve pollution by improving our recycling and shopping habits. A new study makes it clear why that’s their tactic. Just 20 companies are responsible for more than half of the world’s trashed single-use plastic.
The Plastic Waste Makers Index, published Tuesday by the Australian foundation Minderoo, is a comprehensive account of the companies manufacturing plastic that goes into disposable products. It shows that energy giants and chemical conglomerates are among the 20 companies that created 55% of global plastic waste. Expanding the view just a bit further, the report also shows that just 100 businesses account for more than 90% of trashed plastic.
The top contributor to throwaway plastics, the report found, is Exxon. In 2019, it contributed 5.9 million metric tons of plastic that got thrown away. In close second and third were the world’s two largest chemical companies, U.S.-based Dow and China’s Sinopec. They created 5.5 million metric tons and 5.3 million metric tons of the stuff respectively.
The research also showed that recycled plastic account for just 2% of the world’s disposable plastics. The vast majority are made from virgin materials, meaning new fossil fuels were extracted to create them.
Italy’s competition watchdog has ordered Google to pay over €100 million ($123 million) for abuse of its dominant position. The regulator said Google had shut out an electric vehicle recharging app from its Android Auto infotainment platform for cars for over two years.
The company at the core of the action is Enel X — a subsidiary of Italian energy provider Enel — which through its JuicePass app gives EV drivers access to about 95,000 public charging points in Europe. The watchdog said by blocking the app for over two years Google was essentially favoring Google Maps, which also lets users search for nearby EV charging points. Along with the fine, the regulator told Google to make the JuicePass app available on Android Auto.
Echoing concerns raised by its EU and UK counterparts, the Italian authority pointed to Google’s gatekeeper status over the digital economy. The regulator said Android OS and the Google Play store had given the company a “dominant position” that allowed it to” control the access of app developers to end users.” In the case of Enel X, the watchdog said that by excluding the JuicePass app Google had put its rival’s business in jeopardy and potentially hobbled the advancement of electric mobility.
The new technique uses a computer to convert attempted handwriting movements from brain activity into on-screen text. As part of their tests, the team worked with a 65-year-old participant (named T5 in the study) who was paralyzed from the neck down due to a spinal cord injury sustained in 2007.
The researchers started by placing two brain chip implants into T5’s motor cortex — the part of the brain that controls movement. They told the participant to imagine he was writing normally with a pen on a piece of ruled paper. The brain chips then sent his neural signal through wires to a computer where an AI algorithm essentially transcribed his “mindwriting” by decoding hand and finger motion.
The end result saw T5 reach a writing speed of about 18 words per minute with 94.1 percent accuracy. Comparatively, an able-bodied adult of a similar age can type about 23 words per minute on a smartphone
Senator Wyden’s office asked the Department of Defense (DoD), which includes various military and intelligence agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), for detailed information about its data purchasing practices after Motherboard revealed special forces were buying location data. The responses also touched on military or intelligence use of internet browsing and other types of data, and prompted Wyden to demand more answers specifically about warrantless spying on American citizens.
Some of the answers the DoD provided were given in a form that means Wyden’s office cannot legally publish specifics on the surveillance; one answer in particular was classified. In the letter Wyden is pushing the DoD to release the information to the public.
[…]
“Are any DoD components buying and using without a court order internet metadata, including ‘netflow’ and Domain Name System (DNS) records,” the question read, and asked whether those records were about “domestic internet communications (where the sender and recipient are both U.S. IP addresses)” and “internet communications where one side of the communication is a U.S. IP address and the other side is located abroad.”
Netflow data creates a picture of traffic flow and volume across a network. DNS records relate to when a user looks up a particular domain, and a system then converts that text into the specific IP address for a computer to understand; essentially a form of internet browsing history.
Wyden’s new letter to Austin urging the DoD to release that answer and others says “Information should only be classified if its unauthorized disclosure would cause damage to national security. The information provided by DoD in response to my questions does not meet that bar.”
[…]
“Other than DIA, are any DoD components buying and using without a court order location data collected from phones located in the United States?” one of Wyden’s questions reads. The answer to that is one that Wyden is urging the DoD to release.
The DIA memo said the agency believes it does not require a warrant to obtain such information. Following this, Wyden also asked the DoD which other DoD components have adopted a similar interpretation of the law. One response said that each component is itself responsible to make sure they follow the law.
Wyden is currently proposing a new piece of legislation called The Fourth Amendment Is Not For Sale Act which would force some agencies to obtain a warrant for location and other data.
A day after US President Joe Biden said the US plans to disrupt the hackers behind the Colonial Pipeline cyberattack, the operator of the Darkside ransomware said the group lost control of its web servers and some of the funds it made from ransom payments.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers,” said Darksupp, the operator of the Darkside ransomware, in a post spotted by Recorded Future threat intelligence analyst Dmitry Smilyanets.
“Now these servers are unavailable via SSH, and the hosting panels are blocked,” said the Darkside operator while also complaining that the web hosting provider refused to cooperate.
In addition, the Darkside operator also reported that cryptocurrency funds were also withdrawn from the gang’s payment server, which was hosting ransom payments made by victims.
The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet, Darksupp said.
Takedown?
This sudden development comes after US authorities announced their intention to go after the gang.
[…]
Or exit scam?
But Smilyanets warns that the group’s announcement could also be a ruse, as no announcement has yet been made by US officials.
The group could be taking advantage of President Biden’s statements as cover to shut down its infrastructure and run away with its affiliate’s money without paying their cuts—a tactic known as an “exit scam” on the cybercriminal underground.
[…]
The news that Darkside lost control of its servers and that a major cybercrime forum was banning ransomware ads, all happening within a span of hours of each other, also had an effect on REvil, arguably considered today’s biggest ransomware operation.
In a post quoting Darkside’s (now-deleted) statement, REvil spokesperson Unknown made an announcement of their own and said they also plan to stop advertising their Ransomware-as-a-Service platform and “go private”—a term used by cybercrime gangs to describe their intention to work with a small group of known and trusted collaborators only.
Additionally, the REvil group also said that it plans to stop attacking sensitive social sectors like healthcare, educational institutes, and the government networks of any country, which it believes could draw unwanted attention to its operation, such as the attention Darkside is getting right now.
In the case of any of such attacks carried out by any of its collaborators, REvil said they plan to provide a free decryption key to victims and stop working with the misbehaving affiliate.
Image: Recorded Future
Furthermore, hours after REvil’s announcement, the operators of the Avaddon ransomware also announced similar updates to their program, with the same clause barring ransomware groups from attacking government entities, healthcare orgs, and educational institutes.
While we may never know who or what is driving these changes among ransomware gangs, it is pretty clear that the Colonial Pipeline attack and its aftermath appears to have broken the camel’s back, and US authorities have started applying some sort of pressure on these groups.
The Tianwen-1 mission, China’s first interplanetary endeavor, reached the surface of the Red Planet Friday (May 14) at approximately 7:11 p.m. EDT (2311 GMT), though Chinese space officials have not yet confirmed the exact time and location of touchdown. Tianwen-1 (which translates to “Heavenly Questions”) arrived in Mars’ orbit in February after launching to the Red Planet on a Long March 5 rocket in July 2020.
After circling the Red Planet for more than three months, the Tianwen-1 lander, with the rover attached, separated from the orbiter to begin its plunge toward the planet’s surface. Once the lander and rover entered Mars’ atmosphere, the spacecraft endured a similar procedure to the “seven minutes of terror” that NASA’s Mars rovers have experienced when attempting soft landings on Mars.
An artist’s concept of China’s first Mars rover mission, Tianwen-1, at the Red Planet. (Image credit: CCTV/CNSA)
A heat shield protected the spacecraft during the fiery descent, after which the mission safely parachuted down to the Utopia Planitia region, a plain inside of an enormous impact basin in the planet’s northern hemisphere. Much like during NASA’s Perseverance rover landing, Tianwen-1’s landing platform fired some small, downward-facing rocket engines to slow down during the last few seconds of its descent.
The China National Space Administration (CNSA) has not yet officially confirmed the successful landing, but it has been announced on social media by the state-run China Global Television Network (CGTN) and by researchers at Macau University of Science and Technology in China.
Succesful landing of #Tianwen1, on #Mars! Landing point: 109.7 E, 25.1 N, less than 40 km from target location in Utopia Planitia. More details expected later! pic.twitter.com/bMSvziscjiMay 15, 2021
See more
China’s Mars rover, called Zhurong after an ancient fire god in Chinese mythology, will part ways with the lander by driving down a foldable ramp. Once it has deployed, the rover is expected to spend at least 90 Mars days (or about 93 Earth days; a day on Mars lasts about 40 minutes longer than a day on Earth) roving around on Mars to study the planet’s composition and look for signs of water ice. Utopia Planitia is believed to contain vast amounts of water ice beneath the surface. It’s also where NASA’s Viking 2 mission touched down in 1976.
An image of Utopia Planitia taken by the Tianwen-1 orbiter at an altitude of about 220 miles (350 kilometers). (Image credit: CNSA)
The six-wheeled rover, which is about the size of NASA’s twin Mars rovers Spirit and Opportunity, carries six scientific instruments on board, including two panoramic cameras, a ground-penetrating radar and a magnetic field detector. It also has a laser that it can use to zap rocks and study their composition, as well as a meteorological instrument to study the climate and weather on Mars.
Zhurong will work in tandem with the Tianwen-1 orbiter to study the Red Planet, and the orbiter will serve as a data relay station for communications between Zhurong and mission controllers on Earth. The orbiter is designed to last for at least one Mars year, or about 687 Earth days.
In a 28-second video, which was posted to Twitter this week by a spokesman for Prime Minister Benjamin Netanyahu of Israel, Palestinian militants in the Gaza Strip appeared to launch rocket attacks at Israelis from densely populated civilian areas.
Instead, the video that he shared, which can be found on many YouTube channels and other video-hosting sites, was from 2018. And according to captions on older versions of the video, it showed militants firing rockets not from Gaza but from Syria or Libya.
The video was just one piece of misinformation that has circulated on Twitter, TikTok, Facebook, WhatsApp and other social media this week about the rising violence between Israelis and Palestinians, as Israeli military ground forces attacked Gaza early on Friday. The false information has included videos, photos and clips of text purported to be from government officials in the region, with posts baselessly claiming early this week that Israeli soldiers had invaded Gaza, or that Palestinian mobs were about to rampage through sleepy Israeli suburbs.
They may be tiny weapons, but BYU’s holography research group has figured out how to create lightsabers — green for Yoda and red for Darth Vader, naturally — with actual luminous beams rising from them.
Inspired by the displays of science fiction, the researchers have also engineered battles between equally small versions of the Starship Enterprise and a Klingon Battle Cruiser that incorporate photon torpedoes launching and striking the enemy vessel that you can see with the naked eye.
“What you’re seeing in the scenes we create is real; there is nothing computer generated about them,” said lead researcher Dan Smalley, a professor of electrical engineering at BYU. “This is not like the movies, where the lightsabers or the photon torpedoes never really existed in physical space. These are real, and if you look at them from any angle, you will see them existing in that space.”
[…]
Smalley and Rogers detail these and other recent breakthroughs in a new paper published in Nature Scientific Reports this month. The work overcomes a limiting factor to optical trap displays: wherein this technology lacks the ability to show virtual images, Smalley and Rogers show it is possible to simulate virtual images by employing a time-varying perspective projection backdrop.
“We can play some fancy tricks with motion parallax and we can make the display look a lot bigger than it physically is,” Rogers said. “This methodology would allow us to create the illusion of a much deeper display up to theoretically an infinite size display.”
To see more of the holography work professor Dan Smalley is doing with his students, check out his lab website here: https://www.smalleyholography.org/
Facebook Inc. was ordered to stop collecting German users’ data from its WhatsApp unit, after a regulator in the nation said the company’s attempt to make users agree to the practice in its updated terms isn’t legal.
Johannes Caspar, who heads Hamburg’s privacy authority, issued a three-month emergency ban, prohibiting Facebook from continuing with the data collection. He also asked a panel of European Union data regulators to take action and issue a ruling across the 27-nation bloc. The new WhatsApp terms enabling the data scoop are invalid because they are intransparent, inconsistent and overly broad, he said.
“The order aims to secure the rights and freedoms of millions of users which are agreeing to the terms Germany-wide,” Caspar said in a statement on Tuesday. “We need to prevent damage and disadvantages linked to such a black-box-procedure.”
The order strikes at the heart of Facebook’s business model and advertising strategy. It echoes a similar and contested step by Germany’s antitrust office attacking the network’s habit of collecting data about what users do online and merging the information with their Facebook profiles. That trove of information allows ads to be tailored to individual users — creating a cash cow for Facebook.
Facebook’s WhatsApp unit called Caspar’s claims “wrong” and said the order won’t stop the roll-out of the new terms. The regulator’s action is “based on a fundamental misunderstanding” of the update’s purpose and effect, the company said in an emailed statement.
The U.S. tech giant has faced global criticism over the new terms that WhatsApp users are required to accept by May 15. Caspar said Facebook may already be wrongfully handling data and said it’s important to prevent misuse of the information to influence the German national election in September.
OSIRIS-REx, a NASA spacecraft tasked with collecting rocks and dust from a nearby asteroid named Bennu, is coming back home after almost five years away. The spacecraft, officially named Origins, Spectral Interpretation, Resource Identification, Security, Regolith Explorer, officially fired its engines to begin its Earthward journey on May 10. Its return trip will take two and half years.
Bennu, the asteroid the spacecraft accosted, is a 1,600-foot-wide (500-meter) hunk of rock and ice located 200 million miles (321 million kilometers) from Earth. OSIRIS-REx snagged a handful of dust last October after a fairly dramatic encounter with the desolate little world. NASA was concerned that OSIRIS-REx wouldn’t be able to bring back a full sample due to leaks in the collection system. Thankfully, the samples now are headed to Earth, where they will be carefully examined by researchers.
A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives.
The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder to be filled up with thousands of files with names that appear to be MD5 hashes.
Windows Defender folder filled with small files
From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB.
File properties of one of these files
While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space.
On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files.
According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.
An NHS Digital-run vaccine-booking website exposed just how many vaccines individual people had received – and did so with no authentication, according to the Guardian.
The booking page, aimed at English NHS patients wanting to book first and second coronavirus jabs, would tell anyone at all whether a named person had had zero, one or two vaccination doses, the newspaper reported on Thursday.
All you need, it says, are the date of birth and postcode of the person whose vaccination status you wanted to check up on.
[…]
Vaccination status is set to become a political hot potato as the UK restarts its economy following the 2020 COVID-19 shutdown. Government policy is to enforce vaccine passports, initially as a means of deterring overseas travel but rumours persist that they will be required for domestic activities. To that end, the ruling Conservatives’ insincere promise in December that vaccine passports wouldn’t become reality at all has prompted a 350,000 strong Parliamentary petition against them.
Carelessness around health data in general has been a feature of the current government’s tech-driven approach to tackling COVID-19. Such repeated incidents have a habit of lodging themselves in the public’s consciousness, making it harder to gain consent for genuine health-boosting measures based on handing data over to public sector bodies.
a company called Flawless has created an AI-powered solution that will replace an actor’s facial performance to match the words in a film dubbed for foreign audiences.
[…]
What Flawless is promising to do with its TrueSync software is use the same tools responsible for deepfake videos to manipulate and adjust an actor’s face in a film so that the movements of their mouths, and in turn the muscles in their faces, more closely match how they’d move were the original performance given in the language a foreign audience is hearing. So even though an actor shot a film in English, to a moviegoer in Berlin watching the film dubbed in German, it would appear as if all of the actors were actually speaking German.
[…]
Is it necessary? That’s certainly up for debate. The recent Academy Award-winning film Parasite resurfaced the debate over dubbing a foreign film versus simply watching it with subtitles. One side feels that an endless string of text over a film is distracting and takes the focus away from everything else happening on screen, while the other side feels that a dub performed by even a talented and seasoned voice artist simply can’t match or recreate the emotions behind the original actor’s performance, and hearing it, even if the words aren’t understood, is important to enjoying their performance as a whole.
[…]
The company has shared a few examples of what the TrueSync tool is capable of on its website, and sure enough, Tom Hanks appears to be speaking flawless Japanese in Forrest Gump.
![a group of people walking down a street next to tall buildings: The Al Shrouq building in central Gaza, which hosts offices for media outlets and companies, was destroyed during Israeli airstrikes on Wednesday.]({"default":{"load":"default","w":"80","h":"45","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gIZnW.img?h=450&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"35","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gIZnW.img?h=351&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"35","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gIZnW.img?h=351&w=624&m=6&q=60&o=f&l=f"}})
