Samsung launches stand alone mobile security chip

Posted on by

Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.

The chip, which has the said-once-never-forgotten name “S3FV9RR” – aka the Mobile SE Guardian 4 – is a follow-up to the dedicated security silicon baked into the Galaxy S20 smartphone series launched in February 2020.

The new chip is Common Criteria Assurance Level 6+ certified, the highest certification that a mobile component has received, according to Samsung. CC EAL 6+ is used in e-passports and hardware wallets for cryptocurrency.

It has twice the storage capacity of the first-gen chip and supports device authorisation, hardware-based root of trust, and secure boot features. When a bootloader initiates, the chip initiates a chain of trust sequence to validate each components’ firmware. The chip can also work independently from the device’s main processor to ensure tighter security.

“In this era of mobility and contactless interactions, we expect our connected devices, such as smart phones or tablets, to be highly secure so as to protect personal data and enable fintech activities such as mobile banking, stock trading and cryptocurrency transactions,” said Dongho Shin, senior vice president of marketing at Samsung System LSI, which makes logic chips for the South Korean conglomerate.

“With the new standalone security element solution (S3FV9RR), Samsung is mounting a powerful deadbolt on smart devices to safeguard private information.” Which should be handy for all manner of devices – perhaps even Internet of things devices.

Source: Galaxy S20 security is already old hat as Samsung launches new safety silicon • The Register

Ex-Green Beret arrested in Carlos Ghosn case has no stranger to danger

Posted on by

This Dec. 30, 2019, image from security camera video shows Michael L. Taylor, center, and George-Antoine Zayek at passport control at Istanbul Airport in Turkey. Taylor, a former Green Beret, and his son, Peter Taylor, 27, were arrested Wednesday in Massachusetts on charges they smuggled Nissan ex-Chairman Carlos Ghosn out of Japan in a box in December 2019, while he awaited trial there on financial misconduct charges. / AP

Decades before a security camera caught Michael Taylor coming off a jet that was carrying one of the world’s most-wanted fugitives, the former Green Beret had a hard-earned reputation for taking on dicey assignments.

Over the years, Taylor had been hired by parents to rescue abducted children. He went undercover for the FBI to sting a Massachusetts drug gang. And he worked as a military contractor in Iraq and Afghanistan, an assignment that landed him in a Utah jail in a federal fraud case.

So when Taylor was linked to the December escape of former Nissan CEO Carlos Ghosn from Japan, where the executive awaited trial on financial misconduct charges, some in U.S. military and legal circles immediately recognized the name.

Taylor has “gotten himself involved in situations that most people would never even think of, dangerous situations, but for all the right reasons,” Paul Kelly, a former federal prosecutor in Boston who has known the security consultant since the early 1990s, said earlier this year.

“Was I surprised when I read the story that he may have been involved in what took place in Japan? No, not at all.”

Wednesday, after months as fugitives, Taylor, 59, and his son, Peter, 27, were arrested in Massachusetts on charges accusing them of hiding Ghosn in a shipping case drilled with air holes and smuggling him out of Japan on a chartered jet. Investigators were still seeking George-Antoine Zayek, a Lebanese-born colleague of Taylor.

“He is the most all-American man I know,” Taylor’s assistant, Barbara Auterio, wrote to a federal judge before his sentencing in 2015. “His favorite song is the national anthem.”

Kelly, now serving as the attorney for the Taylors, said they plan to challenge Japan’s extradition request “on several legal and factual grounds.”

“Michael Taylor is a distinguished veteran and patriot, and both he and his son deserve a full and fair hearing regarding these issues,” Kelly said in an email.

Some of those who know Taylor say he is a character of questionable judgment, with a history of legal troubles dating back well before the Utah case. But others praise him as a patriot, mentor and devoted family man, who regularly put himself at risk for his clients, including some with little ability to pay.

“He is the most all-American man I know,” Taylor’s assistant, Barbara Auterio, wrote to a federal judge before his sentencing in 2015. “His favorite song is the national anthem.”

In 1993, a Massachusetts state trooper investigated Taylor for drug running and sued his supervisor after being told to stop scrutinizing the prized FBI informant. In 1998, Taylor was granted immunity in exchange for testifying against a Teamsters official accused of extortion. In 1999, he pleaded guilty to planting marijuana in the car of a client’s estranged wife, leading to her arrest, according to a 2001 report in the Boston Herald.

Taylor also made headlines in 2011 when he resigned as football coach at a Massachusetts prep school, Lawrence Academy, which was stripped of two titles. Taylor was accused of inappropriate donations, including covering tuition for members of a team that included seven Division I recruits.

“Michael Taylor was the only person in this great country that was able to help me, and he did,” a California woman whose son was taken to Beirut, wrote to the sentencing judge in the Utah military contracting case. “Michael Taylor brought my son back.”

“It wasn’t pleasant what he was yelling at us across the field. He was calling us out for not being man enough to kick the ball,” said John Mackay, who opposed Taylor as coach of St. George’s School in Rhode Island. “His zeal, probably like he does everything in life, is to the Nth degree.”

The security business that Taylor and a partner set up decades ago was initially focused on private investigations but their caseload grew through corporate work and unofficial referrals from the State Department and FBI, including parents whose children had been taken overseas by former spouses.

“Michael Taylor was the only person in this great country that was able to help me, and he did,” a California woman whose son was taken to Beirut, wrote to the sentencing judge in the Utah military contracting case. “Michael Taylor brought my son back.”

In 2012, federal prosecutors alleged that Taylor won a U.S. military contract to train Afghan soldiers by using secret information passed along from an American officer. The prosecutors said that when Taylor learned the contract was being investigated, he asked an FBI agent and friend to intervene.

The government seized $5 million from the bank account of Taylor’s company and he spent 14 months in jail before agreeing to plead guilty to two counts. The government agreed to return $2 million to the company as well as confiscated vehicles.

The plot to free Ghosn apparently began last fall, when operatives began scouting Japanese terminals reserved for private jets. Tokyo has two airports within easy reach of Ghosn’s home. But the group settled on the private terminal at Osaka’s Kansai International Airport, where machines used to X-ray baggage could not accommodate large boxes.

On the day of the escape, Michael Taylor and Zayek flew into Japan on a chartered jet with two large black boxes, claiming to be musicians carrying audio equipment, according to court papers.

Around 2:30 that afternoon, Ghosn, free on hefty bail, left his house on a leafy street in Tokyo’s Roppongi neighborhood and walked to the nearby Grand Hyatt Hotel, going to a room there and departing two hours later to board a bullet train for Osaka.

That evening, his rescuers wheeled shipping boxes through the Osaka private jet terminal known as Premium Gate Tamayura — “fleeting moment” in Japanese. Terminal employees let the men pass without inspecting their cargo.

At 11:10 p.m., the chartered Bombardier, its windows fitted with pleated shades, lifted off. The flight went first to Turkey, then to Lebanon, where Ghosn has citizenship, but which has no extradition treaty with Japan.

“I didn’t run from justice,” Ghosn told reporters after he resurfaced. “I left Japan because I wanted justice.”

Source: Ex-Green Beret arrested in Carlos Ghosn case has done dangerous work | Autoblog

Sir Richard Branson: Virgin Orbit rocket launch from 747 fails on debut flight

Posted on by

The booster was released from under the wing of one of the UK entrepreneur’s old jumbos which had been specially converted for the task.

The rocket ignited its engine seconds later but an anomaly meant the flight was terminated early.

Virgin Orbit’s goal is to try to capture a share of the emerging market for the launch of small satellites.

It’s not clear at this stage precisely what went wrong but the firm had warned beforehand that the chances of success might be only 50:50.

The history of rocketry shows that maiden outings very often encounter technical problems.

“Test flights are instrumented to yield data and we now have a treasure trove of that. We accomplished many of the goals we set for ourselves, though not as many as we would have liked,” said Virgin Orbit CEO Dan Hart.

“Nevertheless, we took a big step forward today. Our engineers are already poring through the data. Our next rocket is waiting. We will learn, adjust, and begin preparing for our next test, which is coming up soon.”

Source: Sir Richard Branson: Virgin Orbit rocket fails on debut flight – BBC News

Create Deepfakes in 5 Minutes with First Order Model Method

Posted on by

et’s explore a bit how this method works. The whole process is separated into two parts: Motion Extraction and Generation. As an input the source image and driving video are used. Motion extractor utilizes autoencoder to detect keypoints and extracts first-order motion representation that consists of sparse keypoints and local affine transformations. These, along with the driving video are used to generate dense optical flow and occlusion map with the dense motion network. Then the outputs of dense motion network and the source image are used by the generator to render the target image.

First Order Model Approach

This work outperforms state of the art on all the benchmarks. Apart from that it has features that other models just don’t have. The really cool thing is that it works on different categories of images, meaning you can apply it to face, body, cartoon, etc. This opens up a lot of possibilities. Another revolutionary thing with this approach is that now you can create good quality Deepfakes with a single image of the target object, just like we use YOLO for object detection.

Keypoints Detection

If you want to find out more about this method, check out the paper and the code. Also, you can watch the following video:

Building your own Deepfake

As mention, we can use already trained models and use our source image and driving video to generate deepfakes. You can do so by following this Collab notebook.

In essence, what you need to do is clone the repository and mount your Google Drive. Once that is done, you need to upload your image and driving video to drive. Make sure that image and video size contains only face, for the best results. Use ffmpeg to crop the video if you need to. Then all you need is to run this piece of code:

source_image = imageio.imread('/content/gdrive/My Drive/first-order-motion-model/source_image.png')
driving_video = imageio.mimread('driving_video.mp4', memtest=False)


#Resize image and video to 256x256

source_image = resize(source_image, (256, 256))[..., :3]
driving_video = [resize(frame, (256, 256))[..., :3] for frame in driving_video]

predictions = make_animation(source_image, driving_video, generator, kp_detector, relative=True,
                             adapt_movement_scale=True)

HTML(display(source_image, driving_video, predictions).to_html5_video())

Here is my experiment with image of Nikola Tesla and a video of myself:

Conclusion

We are living in a weird age in a weird world. It is easier to create fake videos/news than ever and distribute them. It is getting harder and harder to understand what is truth and what is not. It seems that nowadays we can not trust our own senses anymore. Even though fake video detectors are also created, it is just a matter of time before the information gap is too small and even the best fake detectors can not detect if the video is true or not. So, in the end, one piece of advice – be skeptical. Take every information that you get with a bit of suspicion because things might not be quite as it seems.

Thank you for reading!

Source: Create Deepfakes in 5 Minutes with First Order Model Method

Software Development Environments Move to the Cloud

Posted on by

If you’re a newly hired software engineer, setting up your development environment can be tedious. If you’re lucky, your company will have a documented, step-by-step process to follow. But this still doesn’t guarantee you’ll be up and running in no time. When you’re tasked with updating your environment, you’ll go through the same time-consuming process. With different platforms, tools, versions, and dependencies to grapple with, you’ll likely encounter bumps along the way.

Austin-based startup Coder aims to ease this process by bringing development environments to the cloud. “We grew up in a time where [Microsoft] Word documents changed to Google Docs. We were curious why this wasn’t happening for software engineers,” says John A. Entwistle, who founded Coder along with Ammar Bandukwala and Kyle Carberry in 2017. “We thought that if you could move the development environment to the cloud, there would be all sorts of cool workflow benefits.”

With Coder, software engineers access a preconfigured development environment on a browser using any device, instead of launching an integrated development environment installed on their computers. This convenience allows developers to learn a new code base more quickly and start writing code right away.

[…]

Yet cloud-based platforms have their limitations, the most crucial of which is they require reliable Internet service. “We have support for intermittent connections, so if you lose connection for a few seconds, you don’t lose everything. But you do need access to the Internet,” says Entwistle. There’s also the task of setting up and configuring your team’s development environment before getting started on Coder, but once that’s done, you can share your predefined environment with the team.

To ensure security, all source code and related development activities are hosted on a company’s infrastructure—Coder doesn’t host any data. Organizations can deploy Coder on their private servers or on cloud computing platforms such as Amazon Web Services or Google Cloud Platform. This option could be advantageous for banks, defense organizations, and other companies handling sensitive data. In fact, one of Coder’s customers is the U.S. Air Force, and the startup closed a US $30 million Series B funding round last month (bringing its total funding to $43 million), with In-Q-Tel, a venture capital firm with ties to the U.S. Central Intelligence Agency, as one of its backers.

Source: Software Development Environments Move to the Cloud – IEEE Spectrum

Lockdown-Ignoring Sweden Now Has Nordic Europe’s Highest Per-Capita Death Rate and only 7.3% antibodies

Posted on by

Sweden’s death rate per million (376) “is far in advance of Norway’s (44), Denmark’s (96) and Finland’s (55) — countries with similar welfare systems and demographics, but which imposed strict lockdowns…” reports the Guardian, “raising concerns that the country’s light-touch approach to the coronavirus may not be helping it build up broad immunity.”

“According to the scientific online publication Ourworldindata.com, Covid-19 deaths in Sweden were the highest in Europe per capita in a rolling seven-day average between 12 and 19 May. The country’s 6.25 deaths per million inhabitants a day was just above the UK’s 5.75.”

Slashdot reader AleRunner writes: Immunity levels in Sweden, which were expected to reach 33% by the start of May have been measured at only 7.3%, suggesting that Sweden’s lighter lockdown may continue indefinitely whilst other countries begin to revive their economies. Writing about new Swedish antibody results in the Guardian Jon Henley goes on to report that other European countries like Finland are already considering blocking travel from Sweden which may increase Sweden’s long term isolation.

We have discussed before whether Sweden, which locked down earlier than most but with fewer restrictions could be a model for other countries.

As it is, now, the country is looking more like a warning to the rest of the world.
The Guardian concludes that the Swedish government’s decision to avoid a strict lockdown “is thought unlikely to spare the Swedish economy. Although retail and entertainment spending has not collapsed quite as dramatically as elsewhere, analysts say the country will probably not reap any long-term economic benefit.”

Source: Lockdown-Ignoring Sweden Now Has Europe’s Highest Per-Capita Death Rate – Slashdot

A drastic reduction in hardware overhead for quantum computing with new error correcting techniques

Posted on by

A scientist at the University of Sydney has achieved what one quantum industry insider has described as “something that many researchers thought was impossible”.

Dr. Benjamin Brown from the School of Physics has developed a type of error-correcting code for quantum computers that will free up more hardware to do useful calculations. It also provides an approach that will allow companies like Google and IBM to design better quantum microchips.

He did this by applying already known code that operates in three-dimensions to a two-dimensional framework.

“The trick is to use time as the third dimension. I’m using two physical dimensions and adding in time as the third dimension,” Dr. Brown said. “This opens up possibilities we didn’t have before.”

His research is published today in Science Advances.

“It’s a bit like knitting,” he said. “Each row is like a one-dimensional line. You knit row after row of wool and, over time, this produces a two-dimensional panel of material.”

Fault-tolerant quantum computers

Reducing errors in is one of the biggest challenges facing scientists before they can build machines large enough to solve useful problems.

“Because quantum information is so fragile, it produces a lot of errors,” said Dr. Brown, a research fellow at the University of Sydney Nano Institute.

Completely eradicating these errors is impossible, so the goal is to develop a “fault-tolerant” architecture where useful processing operations far outweigh error-correcting operations.

“Your mobile phone or laptop will perform billions of operations over many years before a single error triggers a blank screen or some other malfunction. Current quantum operations are lucky to have fewer than one error for every 20 operations—and that means millions of errors an hour,” said Dr. Brown who also holds a position with the ARC Centre of Excellence for Engineered Quantum Systems.

“That’s a lot of dropped stitches.”

Most of the building blocks in today’s experimental quantum computers—quantum bits or qubits—are taken up by the “overhead” of .

“My approach to suppressing errors is to use a code that operates across the surface of the architecture in two dimensions. The effect of this is to free up a lot of the hardware from error correction and allow it to get on with the useful stuff,” Dr. Brown said.

Dr. Naomi Nickerson is Director of Quantum Architecture at PsiQuantum in Palo Alto, California, and unconnected to the research. She said: “This result establishes a new option for performing fault-tolerant gates, which has the potential to greatly reduce overhead and bring practical quantum computing closer.”

Source: A stitch in time: How a quantum physicist invented new code from old tricks

More information: Science Advances (2020). DOI: 10.1126/sciadv.eaay4929 , advances.sciencemag.org/content/6/21/eaay4929

Breathing Habits Are Related To Physical and Mental Health

Posted on by

Breathing is a missing pillar of health, and our attention to it is long overdue. Most of us misunderstand breathing. We see it as passive, something that we just do. Breathe, live; stop breathing, die. But breathing is not that simple and binary. How we breathe matters, too. Inside the breath you just took, there are more molecules of air than there are grains of sand on all the world’s beaches. We each inhale and exhale some 30 pounds of these molecules every day — far more than we eat or drink. The way that we take in that air and expel it is as important as what we eat, how much we exercise and the genes we’ve inherited. This idea may sound nuts, I realize. It certainly sounded that way to me when I first heard it several years ago while interviewing neurologists, rhinologists and pulmonologists at Stanford, Harvard and other institutions. What they’d found is that breathing habits were directly related to physical and mental health.

Today, doctors who study breathing say that the vast majority of Americans do it inadequately. […] But it’s not all bad news. Unlike problems with other parts of the body, such as the liver or kidneys, we can improve the airways in our too-small mouths and reverse the entropy in our lungs at any age. We can do this by breathing properly. […] [T]he first step in healthy breathing: extending breaths to make them a little deeper, a little longer. Try it. For the next several minutes, inhale gently through your nose to a count of about five and then exhale, again through your nose, at the same rate or a little more slowly if you can. This works out to about six breaths a minute. When we breathe like this we can better protect the lungs from irritation and infection while boosting circulation to the brain and body. Stress on the heart relaxes; the respiratory and nervous systems enter a state of coherence where everything functions at peak efficiency. Just a few minutes of inhaling and exhaling at this pace can drop blood pressure by 10, even 15 points. […] [T]he second step in healthy breathing: Breathe through your nose. Nasal breathing not only helps with snoring and some mild cases of sleep apnea, it also can allow us to absorb around 18% more oxygen than breathing through our mouths. It reduces the risk of dental cavities and respiratory problems and likely boosts sexual performance. The list goes on.

Source: Breathing Habits Are Related To Physical and Mental Health – Slashdot

Linux not Windows: Why Munich is shifting back from Microsoft to open source – again

Posted on by

In a notable U-turn for the city, newly elected politicians in Munich have decided that its administration needs to use open-source software, instead of proprietary products like Microsoft Office.

“Where it is technologically and financially possible, the city will put emphasis on open standards and free open-source licensed software,” a new coalition agreement negotiated between the recently elected Green party and the Social Democrats says.

The agreement was finalized Sunday and the parties will be in power until 2026. “We will adhere to the principle of ‘public money, public code’. That means that as long as there is no confidential or personal data involved, the source code of the city’s software will also be made public,” the agreement states.

The decision is being hailed as a victory by advocates of free software, who see this as a better option economically, politically, and in terms of administrative transparency.

However, the decision by the new coalition administration in Germany’s third largest and one of its wealthiest cities is just the latest twist in a saga that began over 15 years ago in 2003, spurred by Microsoft’s plans to end support for Windows NT 4.0.

Because the city needed to find a replacement for aging Microsoft Windows workstations, Munich eventually began the move away from proprietary software at the end of 2006.

At the time, the migration was seen as an ambitious, pioneering project for open software in Europe. It involved open-standard formats, vendor-neutral software and the creation of a unique desktop infrastructure based on Linux code named ‘LiMux’ – a combination of Linux and Munich.

By 2013, 80% of desktops in the city’s administration were meant to be running LiMux software. In reality, the council continued to run the two systems – Microsoft and LiMux – side by side for several years to deal with compatibility issues.

As the result of a change in the city’s government, a controversial decision was made in 2017 to leave LiMux and move back to Microsoft by 2020. At the time, critics of the decision blamed the mayor and deputy mayor and cast a suspicious eye on the US software giant’s decision to move its headquarters to Munich.

In interviews, a former Munich mayor, under whose administration the LiMux program began, has been candid about the efforts Microsoft went to to retain their contract with the city.

The migration back to Microsoft and to other proprietary software makers like Oracle and SAP, costing an estimated €86.1m ($93.1m), is still in progress today.

“We’re very happy that they’re taking on the points in the ‘Public Money, Public Code’ campaign we started two and a half years ago,” Alex Sander, EU public policy manager at the Berlin-based Free Software Foundation Europe, tells ZDNet. But it’s also important to note that this is just a statement in a coalition agreement outlining future plans, he says.

“Nothing will change from one day to the next, and we wouldn’t expect it to,” Sander continued, noting that the city would also be waiting for ongoing software contracts to expire. “But the next time there is a new contract, we believe it should involve free software.”

Any such step-by-step transition can be expected to take years. But it is also possible that Munich will be able to move faster than most because they are not starting from zero, Sander noted. It can be assumed that some LiMux software is still in use and that some of the staff there would have used it before.

[…]

Source: Linux not Windows: Why Munich is shifting back from Microsoft to open source – again | ZDNet

Libraries Have Never Needed Permission To Lend Books, And The Move To Change That Is A Big Problem

Posted on by

There are a variety of opinions concerning the Internet Archive’s National Emergency Library in response to the pandemic. I’ve made it clear in multiple posts why I believe the freakout from some publishers and authors is misguided, and that the details of the program are very different than those crying about it have led you to believe. If you don’t trust my analysis and want to whine about how I’m biased, I’d at least suggest reading a fairly balanced review of the issues by the Congressional Research Service.

However, Kyle Courtney, the Copyright Advisor for Harvard University, has a truly masterful post highlighting not just why the NEL makes sense, but just how problematic it is that many — including the US Copyright Office — seem to want to move to a world of permission and licensing for culture that has never required such things in the past.

Licensing culture is out of control. This has never been clearer than during this time when hundreds of millions of books and media that were purchased by libraries, archives, and other cultural intuitions have become inaccessible due to COVID-19 closures or, worse, are closed off further by restrictive licensing.

What’s really set Courtney off is that the Copyright Office has come out, in response to the NEL, to suggest that the solution to any such concerns raised by books being locked up by the pandemic must be more licensing:

The ultimate example of this licensing culture gone wild is captured in a recent U.S. Copyright Office letter. Note that this letter is not a legally binding document. It is the opinion of an office under the control of the Library of Congress, that is tasked among other missions, with advising Congress when they ask copyright questions, as in this case.

Senator Tom Udall asked the Copyright Office to give its legal analysis of the NEL and similar library efforts, and it did so… badly.

The Office responded with a letter revealing their recommendation was not going to be the guidance document to “help libraries, authors, and online outlets,” but, ultimately, called for more licensing. It also continued a common misunderstanding of an important case, Capitol Records, LLC v. ReDigi Inc., 910 F. 3d 649 (2d Cir 2018).

We’ve written about the Redigi case a few times, but as Courtney details, the anti-internet, pro-extreme copyright folks have embraced it to mean much more than it actually means (we’ll get back that shortly). Courtney points out that the Copyright Office seems to view everything through a single lens: “licensing” (i.e., permission). So while the letter applauds more licensing, that’s really just a celebration of greater permission when none is necessary. And through that lens the Copyright Office seems to think that the NEL isn’t really necessary because publishers have been choosing to make some of their books more widely available (via still restrictive licensing). But, as Courtney explains, libraries aren’t supposed to need permission:

Here’s the problem though: these vendors and publishers are not libraries. The law does not treat them the same. Vendors must must ask permission, they must license, this is their business model. Libraries are special creatures of copyright. Libraries have a legally authorized mandate granted by Congress to complete their mission to provide access to materials. They put many of these in copyright exemptions for libraries in the Copyright Act itself.

The Copyright Office missed this critical difference completely when it said digital, temporary, or emergency libraries should “seek permission from authors or publishers prior” to the use. I think think this is flat-out wrong. And I have heard this in multiple settings over the last few months: somehow it has crept into our dialog that libraries should have always sought a license to lend books, even digital books, exactly like the vendors and publishers who sought permission first. Again, this is fundamentally wrong.

Let me make this clear: Libraries do not need a license to loan books. What libraries do (give access to their acquired collections of acquired books) is not illegal. And libraries generally do not need to license or contract before sharing these legally acquired works, digital or not. Additionally, libraries, and their users, can make (and do make) many uses of these works under the law including interlibrary loan, reserves, preservation, fair use, and more!

[…]

Source: Libraries Have Never Needed Permission To Lend Books, And The Move To Change That Is A Big Problem | Techdirt

Expedia Group CEO Peter Kern: ‘Google’s a problem for everyone who sells something online’ – yup, monopolies are bad

Posted on by

Expedia Group’s new CEO isn’t mincing words about one of the company’s biggest challenges: Google’s dual role as a rival in online travel, and a key source of customers through search traffic and paid advertising.

“I think Google’s a problem — it’s a problem for everyone who sells something online, and we all have to struggle with that,” Peter Kern said during an appearance on CNBC on Friday morning, following his first earnings report as the CEO of the Seattle-based online travel giant.

His comments come amid reports that U.S. antitrust regulators are preparing a case against the search giant, focusing on its dominance of digital ads.

This Google conundrum is a recurring topic for Expedia Group, but Kern appears to be taking a different approach than his predecessor Mark Okerstrom did before he was ousted from the role last fall. Appearing on CNBC this morning, Kern says Expedia needs to learn to rely less on performance marketing, a form of advertising in which the cost is based on a specific outcome such as a click or sales lead.

“We just haven’t been as good on some of the basic blocking and tackling things that allow you to rely less on Google. And so we’ve used Google and performance marketing as our primary lever of whether we could grow at a certain rate or not, but we haven’t been great at merchandising, we haven’t been great at understanding the customer. We never had data across all our brands to understand if a customer had been at another of our brands and moved to a different one. We often competed in performance marketing auctions, our own brands against themselves. So we have a lot of our own work to do and to my eye, that means we have a lot of upside that is fully not reliant on Google or performance marketing.”

Expedia also addressed the Google issue in its quarterly regulatory filing: “In addition to the growth of online travel agencies, we see increased interest in the online travel industry from search engine companies such as Google, evidenced by continued product enhancements, including new trip planning features for users and the integration of its various travel products into the Google Travel offering, as well as further prioritizing its own products in search results.”

Source: Expedia Group CEO Peter Kern: ‘Google’s a problem for everyone who sells something online’ – GeekWire

Here is my May 2019 video about why the tech giants need breaking up

It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims

Posted on by

Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline.

As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the hack until mid-May, though around 2,200 people whose credit card details were stolen during the cyber-raid were told of this in early April, months after the attack.

Today emails from the company began arriving with customers. One seen by The Register read:

Our investigation found that your name, email address, and travel details were accessed for the easyJet flights or easyJet holidays you booked between 17th October 2019 and 4th March 2020. Your passport and credit card details were not accessed, however information including where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking were accessed.

We are very sorry this has happened.

It also warned victims to be on their guard against phishing attacks by miscreants using the stolen records, especially if any “unsolicited communications” arrived appearing to be from Easyjet or its package holidays arm.

Perhaps to avoid spam filters triggered by too many links, the message mentioned, but did not link to, a blog post from the Information Commissioner’s Office titled, “Stay one step ahead of the scammers,” as well as one from the National Cyber Security Centre, published last year, headed: “Phishing attacks: dealing with suspicious emails and messages.”

There was no mention in the message to customers of compensation being paid as a result of the hack. Neither, when El Reg asked earlier this week, did Easyjet address the question of compo or credit monitoring services.

Source: It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims • The Register

‘Taste Display’ Brings Fake Flavors to Your Tongue

Posted on by

a researcher from Meiji University in Japan who’s invented what’s being described as a taste display that can artificially recreate any flavor by triggering the five different tastes on a user’s tongue.

Years ago it was thought that the tongue had different regions for tasting sweet, sour, salty, and bitter flavors, where higher concentrations of taste buds tuned to specific flavors were found. We now know that the distribution is more evenly spread out across the tongue, and that a fifth flavor, umami, plays a big part in our enjoyment of food. Our better understanding of how the tongue works is crucial to a new prototype device that its creator, Homei Miyashita, calls the Norimaki Synthesizer.

It was inspired by how easily our eyes can be tricked into seeing something that technically doesn’t exist. The screen you’re looking at uses microscopic pixels made up of red, green, and blue elements that combine in varying intensities to create full-color images. Miyashita wondered if a similar approach could be used to trick the tongue, which is why their Norimaki Synthesizer is also referred to as a taste display.

There have been many attempts to artificially simulate tastes on the tongue with and without the presence of food, but they tend to focus on a specific taste, or enhancing a single flavor, such as boosting how salty something tastes without actually having to add more salt. The Norimaki Synthesizer takes a more aggressive approach through the use of five gels that trigger the five different tastes when they make contact with the human tongue.

The color-coded gels, made from agar formed in the shape of long tubes, use glycine to create the taste of sweet, citric acid for acidic, sodium chloride for salty, magnesium chloride for bitter, and glutamic sodium for savory umami. When the device is pressed against the tongue, the user experiences all five tastes at the same time, but specific flavors are created by mixing those tastes in specific amounts and intensities, like the RGB pixels on a screen. To accomplish this, the prototype is wrapped in copper foil so that when it’s held in hand and touched to the surface of the tongue, it forms an electrical circuit through the human body, facilitating a technique known as electrophoresis.

Electrophoresis is a process that moves molecules in a gel when an electrical current is applied, allowing them to be sorted by size based on the size of pores in the gel. But here the process simply causes the ingredients in the agar tubes to move away from the end touching the tongue, which reduces the tongue’s ability to taste them. It’s a subtractive process that selectively removes tastes to create a specific flavor profile. In testing, the Norimaki Synthesizer has allowed users to experience the flavor of everything from gummy candy to sushi without having to place a single item of food in their mouths.

In its current form the prototype is a bit bulky, but it could be easily miniaturized to a device as compact as the vapes everyone is already carrying around and regularly using. But instead of simulating the experience and flavors of smoking, it could recreate the satisfying feeling of eating a piece of chocolate, or drinking a milkshake, without having to ingest a single calorie.

Source: ‘Taste Display’ Brings Fake Flavors to Your Tongue

NASA launches guide to Lunar etiquette now that private operators will share the Moon with governments after US power grab

Posted on by

NASA has laid out a new set of principles that it hopes will inform how states and private companies will interact on the Moon.

The new guidelines, called the Artemis Accords, seek “to create a safe and transparent environment which facilitates exploration, science, and commercial activities for the benefit of humanity”.

The purpose of the Accords appears to be establishing a rough agreement on how space agencies and private companies conduct themselves in space without having to make a formal treaty, which can take decades to come into effect.

“With numerous countries and private sector players conducting missions and operations in cislunar space, it’s critical to establish a common set of principles to govern the civil exploration and use of outer space,” the space agency said.

Some of what the US space agency proposes in the Accords is already covered in previously established frameworks. For example, the Outer Space Treaty of 1967 mandates that space be used for peaceful purposes and prohibits testing and placing weapons of mass destruction on the Moon and other celestial bodies.

The new agreement reiterates this: “International cooperation on Artemis is intended not only to bolster space exploration but to enhance peaceful relationships between nations. Therefore, at the core of the Artemis Accords is the requirement that all activities will be conducted for peaceful purposes, per the tenets of the Outer Space Treaty.”

But although the Outer Space Treaty says nations cannot claim or own property in space, it does not directly address newer space activities such as lunar and asteroid mining. Many states see the Moon as a key strategic asset in outer space, and several companies, including NASA, have proposed mining rocket fuel from planets and asteroids.

The Accords therefore clarify that space agencies can extract and use resources they find in space. “The ability to utilise resources on the Moon, Mars, and asteroids will be critical to support safe and sustainable space exploration and development,” the guideline reads.

The principle is consistent with an executive order that President Trump signed in April, signalling that the US would pursue a policy to “encourage international support for the public and private recovery and use of resources in outer space.”

The Accords also seek to establish so-called safety zones that would surround future moon bases and prevent “harmful interference” from rival countries or companies operating in close proximity. How the size of these safety zones will be determined was not explained.

Agencies that sign the agreement will be required to publicly share their scientific data and be transparent about their operations, “to ensure that the entire world can benefit from the Artemis journey of exploration and discovery.” They’ll also be required to manage their own orbital rubbish, such as end-of-life spacecrafts. Historic sites, such as the Apollo landing site, would also be protected under the agreement.

But not everybody is happy about the new provisions. Dmitry Rogozin, the head of Russia’s space agency has criticised Washington for excluding Russia from early discussions about the space explorations act. “The principle of invasion is the same, whether it be the Moon or Iraq,” he tweeted.

China, which is pursuing its own space program, told Reuters it was willing to cooperate with all parties on lunar exploration “to make a greater contribution in building a community with [a] shared future for mankind”.

The Artemis program aims to put the first woman and second man on the Moon by 2024. NASA is collaborating with several space agencies on the effort, including Elon Musk’s SpaceX and Jeff Bezos’s Blue Origin.

Source: NASA launches guide to Lunar etiquette now that private operators will share the Moon with governments • The Register

New Spectra attack breaks the separation between Wi-Fi and Bluetooth

Posted on by

Called Spectra, this attack works against “combo chips,” specialized chips that handle multiple types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, LTE, and others.

“Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access,” the research team said today in a short abstract detailing an upcoming Black Hat talk.

More particularly, the Spectra attack takes advantage of the coexistence mechanisms that chipset vendors include with their devices. Combo chips use these mechanisms to switch between wireless technologies at a rapid pace.

Researchers say that while these coexistence mechanisms increase performance, they also provide the opportunity to carry out side-channel attacks and allow an attacker to infer details from other wireless technologies the combo chip supports.

[…]

“We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series,” the two said.

[…]

“In general, denial-of-service on spectrum access is possible. The associated packet meta information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core,” Classen and Gringoli say.

“Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. This makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface.

Source: New Spectra attack breaks the separation between Wi-Fi and Bluetooth | ZDNet

Nextdoor Building Relationships With Law Enforcement whilst racially profiling

Posted on by

Community platform Nextdoor is courting police across the country, creating concerns among civil rights and privacy advocates who worry about possible conflicts of interest, over-reporting of crime, and the platform’s record of racial profiling, per a Thursday report by CityLab.

That effort included an all-expenses-paid meeting in San Francisco with members of Nextdoor’s Public Agencies Advisory Council, which includes community engagement staffers from eight police departments and mayor’s offices, according to CityLab. Other outreach has included enlisting current and former law enforcement officers to promote the app, as well as partnerships with local authorities that enable them to post geo-targeted messages to neighborhoods and receive unofficial reports of suspicious activity through the app. According to CityLab, attendees of the meeting in San Francisco had to sign nondisclosure agreements that could shield information on the partnerships from the public.

[…]

Nextdoor has “crime and safety” functions that allow locals to post unverified information about suspicious activity and suspected crimes, acting as a sort of loosely organized neighborhood self-surveillance system for users. That raises the possibility Nextdoor is facilitating racial profiling and over-policing, especially given its efforts to build relationships with authorities and its booming user base (reportedly past 10 million). During the ongoing coronavirus pandemic, Nextdoor has seen skyrocketing user engagement—an 80 percent increase, founder Prakash Janakiraman told Vanity Fair earlier this month.

“There are compelling reasons for transparency around the activities of public employees in general, but the need for transparency is at its height when it comes to law enforcement agencies,” ACLU Speech, Privacy, and Technology Project staff attorney Freed Wessler told CityLab. “It would be quite troubling to learn that police officers were investigating and arresting people using data from private companies with which they have signed an NDA.”

Nextdoor and its fellow security and safety apps, including Amazon’s Ring doorbell camera platform and the crime-reporting app Citizen, are also implicitly raising fears of widespread crime at a time when national statistics show crime rates have plummeted across the country, Secure Justice executive director and chair of Oakland’s Privacy Advisory Commission Brian Hofer told CityLab. Nextdoor marketing materials, for example, assert that Nextdoor played a role in crime reduction in Sacramento.

Source: Report: Nextdoor Building Relationships With Law Enforcement

Researchers Control Monkeys’ Decisions With Bursts of Ultrasonic Waves

Posted on by

New research published today in Science Advances suggests pulses of ultrasonic waves can be used to partially control decision-making in rhesus macaque monkeys. Specifically, the ultrasound treatments were shown to influence their decision to look either left or right at a target presented on a screen, despite prior training to prefer one target over the other.

The new study, co-authored by neuroscientist Jan Kubanek from the University of Utah, highlights the potential use of this non-invasive technique for treating certain disorders in humans, like addictions, without the need for surgery or medication. The procedure is also completely painless.

Scientists had previously shown that ultrasound can stimulate neurons in the brains of mice, including tightly packed neurons deep in the brain. By modulating neuronal activity in mice, researchers could trigger various muscle movements across their bodies. That said, other research has been less conclusive about this and whether high-frequency sound waves can trigger neuromodulatory effects in larger animals.

The new research suggests they can, at least in a pair of macaque monkeys.

Source: Researchers Control Monkeys’ Decisions With Bursts of Ultrasonic Waves

UK takes a step closer to domestic launches as Skyrora fires up Skylark-L

Posted on by

Blighty is preparing for take-off as Edinburgh-based rocket-botherer Skyrora test-fired its Skylark-L rocket from a location in the heart of the Scottish Highlands.

Those hoping to send a satellite to orbit from UK soil might have a while to wait, however. The Skylark-L is only capable of flinging a 60kg payload 100km up. The beefier Skyrora XL will be capable of carrying far greater payloads into Low Earth Orbit (LEO) by 2023.

The test, which occurred earlier this month at the Kildermorie Estate in North Scotland, saw the Skylark-L vehicle erected, fuelled and ignited. The rocket was held down while engineers checked systems were behaving as they should.

The team made much of the fact that it had built a mobile launch complex and tested a rocket within five days.

[… snarky bit …].

Skylark-L on mobile launch pad (pic: Skyrora)

Light the blue touchpaper, then stand well back Pic: Skyrora

Click to enlarge

A company representative told The Register that the five days also included digging the flame trench visible above.

[… more snarky stuff…]

the endeavour still represents the first complete ground rocket test in the UK since the glory days of the Black Arrow, some 50 years ago.Prior to the static firing, the 30kN engine had been through three hot fires before integration. It was fuelled by a combination of hydrogen peroxide and kerosene (to be replaced by the company’s own Ecosene, made from plastic waste). The Skylark-L itself was then mounted on a transporter-erector that was fixed to a trailer.

“It is very hard to oversell what we have achieved here,” said operations leader Dr Jack-James Marlow, before trying his hardest to do so: “The whole team has pulled through again to deliver another UK first. We have successfully static tested a fully integrated, sub-orbital Skylark L launch vehicle in flight configuration. This means we performed all actions of a launch but did not release the vehicle.”

While the test was indeed a complete success, and validated both the vehicle and its ground systems, there is still a while to wait before a Skylark-L is launched. The company put that first flight from a British spaceport as being “as early as spring 2021”. CEO Volodymyr Levykin added: “We are now in a full state of readiness for launch.”

Source: UK takes a step closer to domestic launches as Skyrora fires up Skylark-L • The Register

Good luck to them!

Hey Siri, are you still recording people’s conversations despite promising not to do so nine months ago?

Posted on by

Apple may still be recording and transcribing conversations captured by Siri on its phones, despite promising to put an end to the practice nine months ago, claims a former Apple contractor who was hired to listen into customer conversations.

In a letter [PDF] sent to data protection authorities in Europe, Thomas Le Bonniec expresses his frustration that, despite exposing in April 2019 that Apple has hired hundreds of people to analyze recordings that its users were unaware had been made, nothing appears to have changed.

Those recordings were captured by Apple’s Siri digital assistant, which constantly listens out for potential voice commands to obey. The audio was passed to human workers to transcribe, label, and analyze to improve Siri’s neural networks that process what people say. Any time Siri heard something it couldn’t understand – be it a command or someone’s private conversation or an intimate moment – it would send a copy of the audio to the mothership for processing so that it could be retrained to do better next time.

Le Bonniec worked for Apple subcontractor Globe Technical Services in Ireland for two months, performing this manual analysis of audio recorded by Siri, and witnessed what he says was a “massive violation of the privacy of millions of citizens.”

“All over the world, people had their private life recorded by Apple up to the most intimate and sensitive details,” he explained. “Enormous amounts of personal data were collected, stored and analyzed by Apple in an opaque way. These practices are clearly at odds with the company’s privacy-driven policies and should be urgently investigated by Data Protection Authorities and Privacy watchdogs.”

But despite the fact that Apple acknowledged it was in fact transcribing and tagging huge numbers of conversations that users were unaware had been recorded by their Macs and iOS devices, promised a “thorough review of our practices and policies,” and apologized that it hadn’t “been fully living up to our high ideals,” Le Bonniec says nothing has changed.

“Nothing has been done to verify if Apple actually stopped the programme. Some sources already confirmed to me that Apple has not,” he said.

“I believe that Apple’s statements merely aim to reassure their users and public authorities, and they do not care for their user’s consent, unless being forced to obtain it by law,” says the letter. “It is worrying that Apple (and undoubtedly not just Apple) keeps ignoring and violating fundamental rights and continues their massive collection of data.”

In effect, he argues, “big tech companies are basically wiretapping entire populations despite European citizens being told the EU has one of the strongest data protection laws in the world. Passing a law is not good enough: it needs to be enforced upon privacy offenders.”

Not good

How bad is the situation? According to Le Bonniec: “I listened to hundreds of recordings every day, from various Apple devices (e.g. iPhones, Apple Watches, or iPads). These recordings were often taken outside of any activation of Siri, e.g. in the context of an actual intention from the user to activate it for a request.

“These processings were made without users being aware of it, and were gathered into datasets to correct the transcription of the recording made by the device. The recordings were not limited to the users of Apple devices, but also involved relatives, children, friends, colleagues, and whoever could be recorded by the device.

“The system recorded everything: names, addresses, messages, searches, arguments, background noises, films, and conversations. I heard people talking about their cancer, referring to dead relatives, religion, sexuality, pornography, politics, school, relationships, or drugs with no intention to activate Siri whatsoever.”

So, pretty bad.

Source: Hey Siri, are you still recording people’s conversations despite promising not to do so nine months ago? • The Register

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

Posted on by

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim’s server. If you have an army of hacked PCs or devices – a botnet – at your command, and can find a DNS service that’s vulnerable, you can theoretically generate enough network traffic to overwhelm a victim’s system and knock it offline for all users.

Although denial-of-service attacks are a little 1990s, blasting a business off the web can lead to a loss of sales, reputation damage, and so on.

Lior Shafir and Yehuda Afek of Tel Aviv University, along with Anat Bremler-Barr of the Interdisciplinary Center, also in Israel, found the vulnerability which is illustrated below. APNIC, which oversees IP address allocation among other duties for the Asia-Pacific region, has a deep dive here.

How does it work?

Here’s a summary. You, as the attacker, need to set up a domain name like badperson.com. You want to take down victim.com‘s DNS servers. You connect to a recursive DNS server on the internet – such as one provided by your ISP or a cloud platform – and you ask it to resolve, say, i.am.a.badperson.com into an IP address. The recursive server contacts your DNS server for your dot.com for that information.

Your name server tells the recursive server it needs to look up another.victim.com, sad.victim.com, tragic.victim.com, fashion.victim.com, and so on, to get the answer it seeks. This message neglects to include any glue records containing IP addresses. So the recursive server – key word recursive – connects to the DNS server for victim.com and asks for the records on all those sub-domains, and the victim.com DNS server replies with error messages for the non-existent sub-domains.

As you can see, you’ve turned that one request into a small storm of data exchanged between the recursive and the victim.com name servers. If you get a botnet to do this many times a second or minute, you can flood both of those name servers with packets, preventing legit look-ups from getting through from netizens, and the systems will appear down. According to the academics, you can perform double amplification of network traffic by extending the attack recursively. If the servers start to cache their look ups, and do not send any further packets, simply specify new and unique sub-domains.

[…]

To mitigate the problem, the researchers suggest name servers implement an algorithm they devised dubbed Max1Fetch that reduces the storm of traffic between the DNS components involved.

The trio said they responsibly disclosed the hole well in advance of going public, and various DNS software makers have already patched, or are in the process of patching, the vulnerability – at least some of which using the Max1Fetch method. We’re told the following software suppliers and service providers have fixed up their vulnerable DNS server software:

ISC BIND (CVE-2020-8616), NLnet labs Unbound (CVE-2020-12662), PowerDNS (CVE-2020-10995), CZ.NIC Knot Resolver (CVE-2020-12667), Cloudflare, Google, Amazon, Microsoft, Oracle (DYN), Verisign, IBM Quad9, and ICANN.

You should check for updates for your DNS server installation, and install them to avoid being blown over by a distributed denial-of-service attack. “If you operate your own DNS resolver, no matter what brand it is, please upgrade to the latest version now,” APNIC urged

Source: DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline • The Register

Command and Conquer Tiberium Dawn and Red Alert Source code Released by EA

Posted on by

Remaster Update and Open Source / Mod Support
byu/EA_Jimtern incommandandconquer

Today we are proud to announce that alongside the launch of the Remastered Collection, Electronic Arts will be releasing the TiberianDawn.dll and RedAlert.dll and their corresponding source code under the GPL version 3.0 license. This is a key moment for Electronic Arts, the C&C community, and the gaming industry, as we believe this will be one of the first major RTS franchises to open source their source code under the GPL. It’s worth noting this initiative is the direct result of a collaboration between some of the community council members and our teams at EA. After discussing with the council members, we made the decision to go with the GPL license to ensure compatibility with projects like CnCNet and Open RA. Our goal was to deliver the source code in a way that would be truly beneficial for the community, and we hope this will enable amazing community projects for years to come.

So, what does it mean for Mod Support within the Remastered Collection? Along with the inclusion of a new Map Editor, these open-source DLLs should assist users to design maps, create custom units, replace art, alter gameplay logic, and edit data. The community council has already been playing with the source code and are posting some fun experiments in our Discord channel. But to showcase a tangible example of what you can do with the software, Petroglyph has actually created a new modded unit to play with. So we asked a fun question – “What would the Brotherhood of Nod do if they captured the Mammoth Tank?” Well, one guess is they’d replace the turret with a giant artillery cannon and have it fire tactical nukes! Thus the Nuke Tank was born. This is a unit which is fully playable in the game via a mod (seen in the screenshot above), and we hope to have it ready to play and serve as a learning example when the game launches.

Rogue ADT tech spied on hundreds of customers in their homes via CCTV – teen girls, young mums repeatedly watched

Posted on by

A technician at ADT remotely accessed hundreds of customers’ CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted.

At least one of the victims was a teenage girl, and another a young mother, according to court filings.

Last month, an ADT customer in Dallas, Texas, spotted and reported an unexpected email address listed as an admin user on their home security system. An internal investigation by ADT revealed it was the personal email of one of its employees, and he had seemingly used it to view the home’s camera system nearly a hundred times.

A probe found the same technician had made himself an admin on 220 customers’ accounts, meaning he could lock and unlock doors remotely, as well as access the live feed of cameras connected to the ADT network. His access is said to have stretched back seven years.

When ADT dug into the logs, it became clear their rogue insider had been regularly spying on customers, including, it is claimed, accessing the video feed from the bedroom of one teenage girl dozens of times. That teenager this week sued ADT for negligence and emotional distress, seeking a class-action lawsuit against the US corp, and naming the technician in question: it is alleged Telesforo Aviles was responsible.

ADT reassured them both that the security system was perfectly safe

The allegations are the stuff of nightmares: the lawsuit [PDF] details how the teenage daughter and her mother were initially uncomfortable about the idea of installing security cameras inside their house, though ADT “reassured them both that the security system was perfectly safe,” according to court filings, and a technician later fitted the kit.

But then, on April 24, “ADT called to explain that one of its technicians had gained access” to her mother’s account “and had been watching” the mother and daughter “on approximately 73 different occasions,” according to court filings.

Her lawsuit then alleges, “based upon the cameras’ wide-angle lens and placement, the ADT employee had an opportunity to watch at least” the teenager “nude, in various states of undress, getting ready for bed, and moments of physical intimacy.”

Fool me once

An almost identical [PDF] lawsuit has been filed by a second person – a young mother – whose security system installation “included an indoor security camera with a wide-angle view that provided a visual of a bathroom, entryway, family room and dining space, stairs, and into the master bedroom.”

To its credit, when ADT heard about the unauthorized access, it did the right thing: it fired the worker, reported him to the cops, and then contacted all those affected explaining the situation.

According to ADT, its unnamed technician abused a service mode function while physically present in customers’ homes in the Dallas area to add his personal email address – a feature that is “neither necessary nor permitted,” and which the company will remove in an upcoming software update. ADT technicians do not have remote access to that function, but once the technician included himself on the system while physically present, he could access the surveillance gear remotely.

Source: Rogue ADT tech spied on hundreds of customers in their homes via CCTV – including me, says teen girl • The Register

EasyJet admits data of nine million hacked

Posted on by

EasyJet has admitted that a “highly sophisticated cyber-attack” has affected approximately nine million customers.

It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit and debit card details “accessed”.

The firm has informed the UK’s Information Commissioner’s Office while it investigates the breach.

EasyJet first became aware of the attack in January.

It told the BBC that it was only able to notify customers whose credit card details were stolen in early April.

“This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted,” the airline told the BBC.

“We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals have been affected, then who had been impacted and what information had been accessed.”

Stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself.

Source: EasyJet admits data of nine million hacked – BBC News