The Linkielist

Linking ideas with the world

The Linkielist

Hasbro will 3D-print your face onto its iconic action figures

Posted on by

Have you ever wanted to see your own face on the body of a Power Ranger or a Ghostbuster? Thanks to an ingenious partnership between Hasbro and 3D-printing specialists Formlabs, now you can. The Hasbro Selfie Series will let would-be heroes take a scan of their face with their phone and have a custom-made, look-a-like action figure delivered at some point afterward. In this initial blast, you can opt to become an X-Wing Pilot, Ghostbuster, Power Ranger or Snake Eyes from GI Joe, amongst others.

It’s part of Formlabs’ growing project to turn 3D printing into a technological cul-de-sac into a viable way of making customized, mass-market products. The company has already teamed up with Sennheiser to make 3D-printed earbuds, and has branched out into making jewelry moulds, ventilator parts and false teeth. It also teamed up with Gillette to create customized razor handles which were manufactured using Formlabs’ industrial printers.

Hasbro’s Brian Chapman explained that, a few years ago, the company ran a competition at a comic-con to make custom action figures for five winners. They found the interest in the promo was so enormous that the company has always had an eye on developments in the 3D printing market.

Unfortunately, while it’s been announced today, the Hasbro Selfie Series won’t actually let you start scanning your head for a little while. In order to start, you’ll need to download Hasbro Pulse, the company’s dedicated mobile app, and get your face ready to be immortalized. Scans will open up closer to the expected ship date in the Fall, after which point you’ll be asked to pony up $60 (plus taxes) and wait for your six-inch, “collector-grade” figure to arrive. Unfortunately, for now, the offering is only available to customers in the US, but hopefully over time, we’ll see this make its way across the world.

Source: Hasbro will 3D-print your face onto its iconic action figures | Engadget

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

Posted on by

[…] CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server’s Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren’t relying on your xorg-server running as root.

Fixes for these XKB vulnerabilities have been patched in X.Org Server Git and xorg-server 21.1.4 point release is expected soon with these fixes. Both vulnerabilities were discovered by Trend Micro’s Zero Day Initiative.

More details in today’s X.Org Security Advisory.

Update: X.Org Server 21.1.4 is now available. In addition to these security fixes there is also a large number of XQuartz fixes from Apple, a GCC 12 build fix in the render code, a possible crash fix in the PRESENT code, and various other small fixes.

Source: X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities – Phoronix

Supremes ‘doxxed’ after overturning Roe v Wade

Posted on by

The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill.

As expected, the fallout from the controversial ruling, which reversed the court’s 1973 decision that federally protected access to abortion, has been immense, creating deep ripples across the cybersphere where data privacy concerns abound.

[…]

In a twist on using personal data for questionable purposes, it appears some hacktivists are taking matters into their own hands and seemingly leaked private information about five conservative Supremes: Justices Samuel Alito, Clarence Thomas, Neil Gorsuch, Brett Kavanaugh and Amy Coney Barrett, according to research published today by Cybersixgill’s security research lead Dov Lerner.

Although Chief Justice John Roberts voted with the majority, the doxxers didn’t expose his personal data.

Lerner, who told The Register he found the doxes on “various dark web forums,” said the “most notable” dox happened on June 30, and alleges to include physical addresses, IP addresses, and credit card information, including CVV (which the doxers called “little funny 3 numbers on the back”) and expiration date.

[…]

Source: Supremes ‘doxxed’ after overturning Roe v Wade • The Register

Maybe this is an expression of the right to bear arms.

Amazon Ring Tells Sen. Markey It Won’t Enhance Doorbell Privacy, will listen in to long range conversations

Posted on by

Ring is rejecting the request of a U.S. senator to introduce privacy-enhancing changes to its flagship doorbell video camera after product testing showed the device capable of recording conversations well beyond the doorsteps of its many millions of customers. Security and privacy experts expressed alarm at the quality of the distant recordings, raising concerns about the potential for blackmail, stalking, and other forms of invasion

In a letter to the company last month, Sen. Ed Markey, a Democrat of Massachusetts, said Ring was capturing “significant amounts of audio on private and public property adjacent to dwellings with Ring doorbells,” putting the right to “assemble, move, and converse without being tracked” at risk.

Markey did not asked the company to adjust the range of the device, but adjust the doorbell’s settings so audio wouldn’t be recorded by default. Ring, which was acquired by retail giant Amazon in 2018, rejected the idea, arguing that doing so would be a “negative experience” for customers, who might easily get confused by the settings “in an emergency situation.” What’s more, Ring appeared to reject a request never to link the devices to voice recognition software, offering only that it hasn’t done so thus far.

Experts such as Matthew Guariglia, a policy analyst at the Electronic Frontier Foundation, have said the device is particularly harmful to the privacy of individuals who live in close quarters — think apartment buildings and condos — where they may be unknowingly recorded the moment they open their doors.

[…]

Source: Amazon Ring Tells Sen. Markey It Won’t Enhance Doorbell Privacy

Google files a lawsuit that could kick Tinder out of the Play Store because Match refuses to pay illegally forced fees

Posted on by

Google has counter-sued Match seeking monetary damages and a judgement that would let it kick Tinder and the group’s other dating apps out of the Play Store, Bloomberg has reported. Earlier this year, Match sued Google alleging antitrust violations over a decision requiring all Android developers to process “digital goods and services” payments through the Play Store billing system.

Following the initial lawsuit in May, Google and Match reached a temporary agreement allowing Match to remain on the Play Store and use its own payments system. Google also agreed to make a “good faith” effort to address Match’s billing concerns. Match, in turn, was to make an effort to offer Google’s billing system as an alternative.

However, Google parent Alphabet claims that Match Group now wants to avoid paying “nothing at all” to Google, including its 15 to 30 percent Play Store fees, according to a court filing. “Match Group never intended to comply with the contractual terms to which it agreed… it would also place Match Group in an advantaged position relative to other app developers,” the document states.

Match group said that Google’s Play Store policies violate federal and state laws. “Google doesn’t want anyone else to sue them so their counterclaims are designed as a warning shot,” Match told Bloomberg in a statement. “We are confident that our suit, alongside other developers, the US Department of Justice and 37 state attorneys general making similar claims, will be resolved in our favor early next year.”

Match is referring to an antitrust action launched last year by States and the federal government probing Google’s Play Store fees. Shortly before that, Google dropped its fee on app developer revenue to 15 percent on the first $1 million, and 30 percent after that. At the same time, it announced it would enforce a policy requiring all developers to process payments through the Play Store’s billing system. Earlier this year, a Senate bill moved forward targeting in-app payments in both Google and Apple’s stores.

Source: Google files a lawsuit that could kick Tinder out of the Play Store | Engadget

Greedy bastards at Google – nope, you can’t force a marketplace on people and you can’t force these fees on them either.

A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia

Posted on by

Posing as a scholar, a Chinese woman spent years writing alternative accounts of medieval Russian history on Chinese Wikipedia, conjuring imaginary states, battles, and aristocrats in one of the largest hoaxes on the open-source platform.

The scam was exposed last month by Chinese novelist Yifan, who was researching for a book when he came upon an article on the Kashin silver mine.

Discovered by Russian peasants in 1344, the Wikipedia entry goes, the mine engaged more than 40,000 slaves and freedmen, providing a remarkable source of wealth for the Russian principality of Tver in the 14th and 15th centuries as well as subsequent regimes. The geological composition of the soil, the structure of the mine, and even the refining process were fleshed out in detail in the entry.

Yifan thought he’d found interesting material for a novel. Little did he know he’d stumbled upon an entire fictitious world constructed by a user known as Zhemao. It was one of 206 articles she has written on Chinese Wikipedia since 2019, weaving facts into fiction in an elaborate scheme that went uncaught for years and tested the limits of crowdsourced platforms’ ability to verify information and fend off bad actors.

[…]

Yifan was tipped off when he ran the silver mine story by Russian speakers and fact-checked Zhemao’s references, only to find that the pages or versions of the books she cited did not exist. People he consulted also called out her lengthy entries on ancient conflicts between Slavic states, which could not be found in Russian historical records. “They were so rich in details they put English and Russian Wikipedia to shame,” Yifan wrote on Zhihu, a Chinese site similar to Quora, where he shared his discovery last month and caused a stir.

The scale of the scam came to light after a group of volunteer editors and other Wikipedians, such as Yip, combed through her past contributions to nearly 300 articles.

One of her longest articles was almost the length of “The Great Gatsby.” With the formal, authoritative tone of an encyclopedia, it detailed three Tartar uprisings in the 17th century that left a lasting impact on Russia, complete with a map she made. In another entry, she shared rare images of ancient coins, which she claimed to have obtained from a Russian archaeological team.

[…]

Source: A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia

Brilliant – and she’s not the only one!

Joshua Schulte: Former CIA hacker convicted of Vault 7 data leak

Posted on by

[…]

Joshua Schulte was convicted of sending the CIA’s “Vault 7” cyber-warfare tools to the whistle-blowing platform. He had denied the allegations.

The 2017 leak of some 8,761 documents revealed how intelligence officers hacked smartphones overseas and turned them into listening devices.

Prosecutors said the leak was one of the most “brazen” in US history.

Damian Williams, the US attorney for the Southern District of New York, said Mr Schulte’s actions had “a devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm”.

Mr Schulte, who represented himself at the trial in Manhattan federal court, now faces decades in prison. He also faces a separate trial on charges of possessing images and videos of child abuse, to which he has pleaded not guilty.

After joining the CIA in 2010, Mr Schulte soon achieved the organisation’s highest security clearance. He went on to work at the agency’s headquarters in Langley, Virginia, designing a suite of programmes used to hack computers, iPhones and Android phones and even smart TVs.

Prosecutors alleged in 2016 that he transmitted the stolen information to Wikileaks and then lied to FBI agents about his role in the leak.

They added that he was seemingly motivated by anger over a workplace dispute in which his employer ignored his complaints. The software engineer had been struggling to meet deadlines and Assistant US Attorney Michael Lockard said one of his projects was so far behind schedule that he had earned the nickname “Drifting Deadline”.

The prosecutors said he wanted to punish those he perceived to have wronged him and said in “carrying out that revenge, he caused enormous damage to this country’s national security”.

But Mr Schulte said the government had no evidence that he was motivated by revenge and called the argument “pure fantasy”. In his closing argument, he claimed that “hundreds of people had access” to the leaked files and that “hundreds of people could have stolen it”.

“The government’s case is riddled with reasonable doubt,” he added.

[…]

Source: Joshua Schulte: Former CIA hacker convicted of ‘brazen’ data leak – BBC News

Amazon’s Ring gave a record amount of doorbell footage to the US government in 2021

Posted on by

Ring, the maker of internet-connected video doorbells and security cameras, said in its latest transparency report that it turned over a record amount of doorbell footage and other information to U.S. authorities last year.

The Amazon-owned company said in two biannual reports covering 2021 that it received 3,147 legal demands, an increase of about 65% on the year earlier, up from about 1,900 legal demands in 2020.

More than 85% of the legal demands processed were by way of court-issued search warrants, allowing Ring to turn over both information about a Ring user and video footage from those accounts. Ring said it turned over user content in response to about four out of 10 demands it received during the year.

Transparency reports allow U.S. companies to disclose the number of legal law orders they are given over a particular time period, often six-months or a year. But Ring has been criticized for having unusually cozy relationships with about 2,200 police departments around the United States, latest figures show, allowing police to request video doorbell camera footage from homeowners.

Ring said it also notified 648 users during the year that their user information had been requested by law enforcement. According to its law enforcement guidelines, Ring notifies users before disclosing their user information, such as name, address, email address and billing information, unless it is prohibited by way of a secrecy order.

In a new breakout, Ring also revealed it received 2,774 preservation orders, which allow police departments and law enforcement agencies to ask Amazon — not demand — to preserve a user’s account for up to six months to allow the requesting agency to gather enough information to a court-issued order, such as a search warrant.

Amazon executive Brian Huseman told lawmakers in a letter published Wednesday that Ring shared doorbell footage at least 11 times with U.S. authorities so far in 2022 without the consent of the device’s owner, reports Politico. According to the letter, Amazon said it “made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay.” Under emergency disclosure orders, companies can respond with data when a requesting agency doesn’t have the time to obtain a court order.

Ring has not yet revealed how many times it has disclosed user data under emergency circumstances in previous years, including its most recent transparency report.

Source: Amazon’s Ring gave a record amount of doorbell footage to the government in 2021 | TechCrunch

BMW Heated Seats Subscription Is Real And It Costs $18 Per Month. Also heated steering wheel, paid separately. In a car you own and paid for the heated seats and wheel.

Posted on by

[…]

On its ConnectedDrive Store in South Korea, BMW owners can pay a monthly fee to have a creature comfort such as heated seats. It costs ₩24,000 or approximately $18 at current exchange rates. Alternatively, you can get a one-year plan for $176 or a three-year subscription for $283.

The BMW ConnectedDrive Store is a portal used by existing owners to download a variety of apps. It’s all done over the air, without having to visit a dealer to have the new software installed. With heated seats, the German luxury brand is kind enough to provide a one-month test period free of charge. Should you want the feature permanently, that’ll set you back $406.

A similar subscription plan is offered for a heated steering wheel and it costs $10 per month, $92 annually, and $161 for three years. You can also buy it outright for $222. Do you want wireless Apple CarPlay? That’ll be $305. The store also allows BMW customers to upgrade the headlights to include a high-beam assistant, additional safety systems, and the camera-based Driver Recorder.

One of the most unusual items found in the BMW ConnectedDrive Store is called IconicSounds Sport. It essentially plays fake engine noises through the car’s speakers should you be willing to pay $138 to have the feature permanently. There are no monthly or yearly subscription plans available for this “feature.”

[…]

We can already imagine a smartphone-like jailbreak to unlock these goodies without having to pay the automaker. Doing so will likely result in voiding the warranty after taking down the automaker’s paywall. Even if someone is willing to wait until the warranty expires, chances are that person will hack the car the very next day to “download” all the available features.

Of course, this isn’t something new as upgrades through the OBD port have been around for many years, especially for VAG products.

Source: BMW Heated Seats Subscription Is Real And It Costs $18 Per Month

Wait, so you actually already paid for these features when you bought the car but to use them you have to keep paying?

As for the hacks, you can change the actual sound output here: Engine Sound Setting Coding Tutorial w/ Bimmercode

You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store

Posted on by

We have done many, many posts explaining how, unfortunately, it seems the idea of a person owning the things they’ve bought has become rather passe. While in the age of antiquity, which existed entire tens of years ago, you used to be able to own things, these days you merely license them under Ts and Cs that are either largely ignored and clicked through or that are indecipherable, written in the otherwise lost language known as “Lawyer-ese”. The end result is a public that buys things, thinks they retain ownership over them, only to find out that the provider of the things alters them, limits their use, or simply erases them from being.

Take anyone who bought a movie distributed by StudioCanal in Germany and Austria through Sony’s Playstation store, for instance. Sony previously had a deal to make those movie titles available in its store, but declined to continue offering movies and shows in 2021, stating that streaming services had made the deal un-competitive.

Sony’s PlayStation group stopped offering movie and TV show purchases and rentals, as of Aug. 31, 2021, citing the rise of streaming-video services. At the time, Sony assured customers that they “can still access movie and TV content they have purchased through PlayStation Store for on-demand playback on their PS4, PS5 and mobile devices.

And when Sony said that, it apparently forgot to add two very important words to its statement: “for now.” Instead, Sony decided to drop the bomb with yet another statement regarding StudioCanal content in Germany and Austria. It essentially amounts to: hey fuckers, that shit you bought is about to disappear, mmkay bye.

“As of August 31, 2022, due to our evolving licensing agreements with content providers, you will no longer be able to view your previously purchased Studio Canal content and it will be removed from your video library,” the notices read. “We greatly appreciate your continued support.”

Poof, it’s gone! That remark about appreciating the public’s “continued support” seems more like begging than acknowledging reality. Especially once you start asking the questions that immediately leap to mind.

For example: will customers get a refund for the movies that they bought and now can’t access? As per the source article “it’s unclear”, which likely means “hahahahaha nope.” How many movies were delisted? Literally hundreds. Are these just small-time movies? Nope, they include AAA titles like The Hunger Games and John Wick.

And so a whole bunch of people are going to find out that they didn’t buy anything, they rented some movies for a previously indefinite period of time that just became definite, long after the purchase was made. It’s hard to imagine something more anti-consumer than that.

Source: You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store | Techdirt

Leaked Uber files reveal extensive use of ‘kill switch’, Lobbying partners including Macron, tax haven use, etc

Posted on by

A data leak from ride-sharing app Uber revealed activities allegedly geared to avoid regulation and law enforcement – including a “kill switch” that would remotely cut computer access to servers at its headquarters in San Francisco in case of a raid – according to weekend media.

The leak was provided to The Guardian and shared with the nonprofit International Consortium of Investigative Journalists (ICIJ) which helped work though the 124,000 records, which include 83,000 emails, iMessages and WhatsApp exchanges.

The records detail internal conversations within Uber, plus interactions between Uber executives and government officials. The trove contains documents detailing interactions with 30 countries and cover the period 2013 to 2017, when Uber was on the rise and confronting pushback from both regulators and the taxi industry.

The 18.7GB cache reveals that the kill switch used to block authorities from probing Uber’s IT systems – which was already known to a lesser extent – was actually deployed at least 12 times in France, the Netherlands, Belgium, India, Hungary and Romania.

The first instances known of the kill switch being used were in late 2014 in France during two separate raids. A November raid took only 13 minutes between email instructing the action to an IT engineer in Denmark and access being cut.

Emails show the kill switch was used at the command of top-level executives, including none other than former CEO Travis Kalanick, as well as legal staff. Both execs and legal staff were often copied in to emails instructing access cuts.

The kill switch, known internally as Ripley, was used in conjunction with a remote-control program called Casper that cut network access after devices were confiscated by authorities. Because Uber was fond of these justice-obstructing programs and their code names, there was also of course Greyball, revealed in 2017, which blocked cops from booking cabs, lest they were interested in busting unregulated drivers.

Uber learned to predict and prepare for raids, and even issued a manual to employees containing 66 bullet points on how to respond. Titled “Dawn Raid Manual”, it instructed employees to stall by escorting regulators to meeting rooms without files and never to leave them alone.

Employees were also advised to “play dumb” as systems severed their connections to the company’s main IT systems whenever police searched their equipment, as documented in a text exchange between former EMEA head of public policy Mark McGann and current global head of sustainability Thibaud Simphal.

The trove of files goes beyond the technical systems in place to stymie investigations. It also details lobbying efforts, close relationships between execs and public officials including France’s then-economy minister Emmanuel Macron, use of Bermuda as a tax haven, public relations efforts to use violence against its drivers to garner public sympathy, and more.

[…]

Source: Leaked Uber files reveal extensive use of ‘kill switch’ • The Register

Rolling pwn hack opens Honda cars by listening to keyfob 100 feet away

Posted on by

Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner’s key fob. Dubbed “Rolling Pwn,” the attack allows any individual to “eavesdrop” on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future without owner’s knowledge.

Despite Honda’s dispute that the technology in its key fobs “would not allow the vulnerability,” The Drive has independently confirmed the validity of the attack with its own demonstration.

Older vehicles used static codes for keyless entry. These static codes are inherently vulnerable, as any individual can capture and replay them at will to lock and unlock a vehicle. Manufacturers later introduced rolling codes to improve vehicle security. Rolling codes work by using a Pseudorandom Number Generator (PRNG). When a lock or unlock button is pressed on a paired key fob, the fob sends a unique code wirelessly to the vehicle encapsulated within the message. The vehicle then checks the code sent to it against its internal database of valid PRNG-generated codes, and if the code is valid, the car grants the request to lock, unlock, or start the vehicle.

The database contains several allowed codes, as a key fob may not be in range of a vehicle when a button is pressed and may transmit a different code than what the vehicle is expecting to be next chronologically. This series of codes is also known as a “window,” When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks.

This attack works by eavesdropping on a paired keyfob and capturing several codes sent by the fob. The attacker can later replay a sequence of valid codes and re-sync the PRNG. This allows the attacker to re-use older codes that would normally be invalid, even months after the codes have been captured.

A similar vulnerability was discovered late last year and added to the Common Vulnerabilities and Exposures database (CVE-2021-46145), and again this year for other Honda-branded vehicles (CVE-2022-27254). However, Honda has yet to address the issue publicly, or with any of the security researchers who have reported it. In fact, when the security researchers responsible for the latest vulnerability reached out to Honda to disclose the bug, they said they were instead told to call customer service rather than submit a bug report through an official channel.

[…]

Source: I Tried the Honda Key Fob Hack on My Own Car. It Totally Worked

First Laser Weapon For A Fighter Delivered To The Air Force

Posted on by

[…] A report today from Breaking Defense confirmed that Lockheed Martin delivered its LANCE high-energy laser weapon to the Air Force in February this year. In this context, LANCE stands for “Laser Advancements for Next-generation Compact Environments.” The recipient for the new weapon is the Air Force Research Laboratory, or AFRL, which is charged with developing and integrating new technologies in the air, space, and cyberspace realms.

Tyler Griffin, a Lockheed executive, had previously told reporters that LANCE “is the smallest, lightest, high-energy laser of its power class that Lockheed Martin has built to date.”

Indeed, Griffin added that LANCE is “one-sixth the size” of a previous directed-energy weapon that Lockheed produced for the Army. That earlier laser was part of the Robust Electric Laser Initiative program and had an output in the 60-kilowatt class. We don’t yet know what kind of power LANCE can produce although there have been suggestions it will likely be below 100 kilowatts.

For LANCE, Lockheed has been drawing from its previous experience in ground-based lasers, like this concept for a Future Mobile Tactical Vehicle armed with a directed-energy weapon. Lockheed Martin

As well as being notably small and light, LANCE has reduced power requirements compared to other previous weapons, a key consideration for a fighter-based laser, especially one that can be mounted within the confines of a pod.

If successful in its defensive mission, it’s feasible that LANCE could go on to inform the development of more offensive-oriented laser weapons, including ones that could engage enemy aircraft and drones at longer ranges than would be the case when targeting a fast-approaching anti-aircraft missile, whether launched from the ground or from an enemy aircraft.

LANCE has been developed under a November 2017 contract that’s part of the Air Force’s wider Self-protect High Energy Laser Demonstrator, or SHiELD, program, something that we have written about in the past.

SHiELD is a collaborative effort that brings together Lockheed Martin, Boeing, and Northrop Grumman. While Lockheed Martin provides the actual laser weapon, in the form of LANCE, Boeing produces the pod that carries it, and Northrop Grumman is responsible for the beam control system that puts the laser onto its target — and then keeps it there.

An engineer looks at a directed-energy system turret in the four-foot transonic wind tunnel at Arnold Air Force Base, Tennessee, in March 2021. U.S. Air Force/Jill Pickett

Kent Wood, acting director of AFRL’s directed energy directorate, told Breaking Defense that the various SHiELD subsystems “represent the most compact and capable laser weapon technologies delivered to date.”

Wood’s statement also indicated that actual test work by AFRL is still at an early stage, referring to “mission utility analyses and wargaming studies” that are being undertaken currently. “Specific targets for future tests and demonstrations will be determined by the results of these studies as well,” he said.

Meanwhile, Lockheed’s Tyler Griffin added that the next stage in the program would see LANCE integrated with a thermal system to manage heating and cooling.

At his stage, we don’t know exactly what aircraft LANCE is intended to equip, once it progresses to flight tests and, hopefully, airborne firing trials. However, Griffin said that “a variety of potential applications and platforms are being considered for potential demonstrations and tests.”

Previous Lockheed Martin concept art has shown the pod carried by an F-16 fighter jet. And, while SHiELD is initially concerned with proving the potential for active defense of fighter jets in high-risk environments, officials have also talked of the possibility of adapting the same technology for larger, slower-moving combat and combat support aircraft, too.

Boeing flew a pre-prototype pod shape — without its internal subsystems — aboard an Air Force F-15 fighter in 2019. During ground tests, meanwhile, a representative laser, known as the Demonstrator Laser Weapon System (DLWS), has already successfully shot down multiple air-launched missiles over White Sands Missile Range in New Mexico, also in 2019.

A decision on the initial test platform for the complete SHiELD system will likely follow once a flight demonstration has been funded, which is currently not the case. Similarly, there is not yet a formal transition plan for how LANCE and SHiELD could evolve into an actual program of record.

[…]

Source: First Laser Weapon For A Fighter Delivered To The Air Force

Microsoft Office 2021 for only $40 before 14 july 2022

Posted on by

Despite the increasing number of more economical options (read also: free) on the market, many people still prefer Microsoft Office over the alternatives available. With millions of users worldwide, the office suite packs programs with powerful functions that enable students, business owners, and professionals to reach peak productivity. From document formatting to presentation building to number crunching, there’s nearly nothing it can’t do in terms of executing digital tasks.

The only setback? A license can be expensive, especially if you’re the one shouldering the fees instead of your company. If you wish to have access to the suite for personal use, you either have to pay recurring fees for a subscription or cough up hundreds in one go for an annual license. If none of these options appeal to you, maybe this Microsoft Office Home and Business: Lifetime License deal can. For our Deals Day sale, you can grab it on sale for only $39.99 — no coupon needed.

This bundle is designed for families, students, and small businesses who want unlimited access to MS Office apps and email without breaking the bank. The license package includes programs you already likely use on the regular, including Word, Excel, PowerPoint, Outlook, Teams, and OneNote. And with a one-time purchase, you can install it on one Mac computer for lifetime Microsoft Office use at home or work.

Upon purchase, you get access to your software license keys and download links instantly. You also get free updates for life across all programs, along with free customer service that offers the best support in case any of the apps run into trouble. The best part? You only have to pay once and you’re set for life.

The Microsoft Office Home and Business: Lifetime License normally goes for $349, but from today until July 14, you can get it for only $39.99 thanks to the special Deals Day event. Click here for Mac and here for Windows.

Source: Get lifetime access to Microsoft Office for only $40 thanks to this limited-time only deal | Popular Science

FBI and MI5 bosses speak out together: China hacks and steals at massive scale

Posted on by

The directors of the UK Military Intelligence, Section 5 (MI5) and the US Federal Bureau of Investigation on Wednesday shared a public platform for the first time and warned of China’s increased espionage activity on UK and US intellectual property.

Speaking to an audience of business and academic leaders, MI5 director general Ken McCallum and FBI director Chris Wray argued that Beijing’s Made in China 2025 program and other self-sufficiency tech goals can’t be achieved without a boost from illicit activities.

“This means standing on your shoulders to get ahead of you. It means that if you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the Chinese Communist Party,” said McCallum.

“And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think,” he added.

The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale

McCallum described China’s efforts to acquire Western expertise, technology, research as a planned and professional “coordinated campaign on a grand scale” that has been strategically executed across decades.

China’s efforts have stepped up significantly, McCallum said, with MI5 running seven times as many investigations against Chinese activity today than in 2018.

“The most game-changing challenge we face comes from the Chinese Communist Party. It’s covertly applying pressure across the globe,” said McCallum. Threats MI5 is working to counter include covert theft of trade secrets, patient cultivation of contacts, and establishing a “debt of obligation.” Advanced persistent threats are deployed when needed, too.

The MI5 director also warned that China was working to change attitudes to suit the Chinese Communist Party’s interests and support it dominating the international order – and playing the long game to normalize mass theft as “the cost of doing business these days.”

Wray added that in the US, China’s efforts spare none and are visible in both big cities and small towns, Fortune 500s and startups, and across everything from aviation, to AI, to pharma.

The FBI director then referred to China’s hacking program as “lavishly resourced” and “bigger than that of every other major country combined.”

“The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale,” said Wray.

Wray said the efforts were not just big, they were effective, offering the following insight on cyber attacks:

Over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure.

And Chinese hackers are consistently evolving and adapting their tactics to bypass defenses. They even monitor network defender accounts and then modify their campaign as needed to remain undetected.

They merge their customized hacking toolset with publicly available tools native to the network environment—to obscure their activity by blending into the ‘noise’ and normal activity of a network.

However, he warned, it’s not just through hacking that the Chinese state-backed threats act, but “by making investments and creating partnerships that position their proxies to steal valuable technology.”

Wray described all Chinese companies as beholden to the Chinese Communist Party (CCP) in some form, with the government disguising its intent to obtain influence.

Efforts include creating elaborate shell games to outsmart government investment-screening programs, passing statutes like the 2015 critical infrastructure law that requires companies to store data domestically and convenient for government access. He cited a 2020 law that required malware-laden Chinese software be used by foreign companies filing taxes – forcing the companies into installing their own backdoors – as another example of the CCP at work.

On the same day as the two spook bosses issued their warnings, the US National Counterintelligence and Security Center issued a bulletin [PDF] offering more detail of China’s efforts by detailing tactics used by Beijing to infiltrate US business and government for the purpose of exerting influence.

Know your foe

The FBI, NCSC, and MI5 all warned against confusing the Chinese diaspora with the CCP and Beijing.

“If my remarks today elicit accusations of Sinophobia, from an authoritarian CCP, I trust you’ll see the irony,” said Wray.

Liu Pengyu, spokesperson for China’s embassy in Washington, responded on Wednesday denying interference, accusing the US of cyberattacks itself and characterizing criticism as “US politicians who have been tarnishing China’s image and painting China as a threat with false accusations.”

China’s foreign minister Wang Yi and US secretary of state Antony Blinken are scheduled to meet at the G20 Foreign Ministers’ meeting this week. The agenda, according to Chinese state-sponsored media is “to exchange views on current China-US relations and major international and regional issues.”

Source: FBI and MI5 bosses: China cheats and steals at massive scale • The Register

EU will require all new cars to include anti-speeding tech ISA by 2024

Posted on by

Every new car sold in the European Union will soon include anti-speeding technology known as intelligent speed assistance, or ISA. The EU regulation (part of the broader General Vehicle Safety Regulation) goes into effect today, and states that all new models and types of cars introduced to the European market must include an ISA system. The policy doesn’t apply to any new cars that are in showrooms today — at least, not yet. By July 2024, every new car sold in the EU must have a built-in anti-speeding system.

“The roll out of ISA is a huge step forward for road safety and has the potential to dramatically reduce road traffic injuries and fatalities. Car manufacturers now have the opportunity to maximise the potential ISA presents for creating safer roads for all,” said the European Commission in a press release.

For those unfamiliar with ISA, the term describes a whole raft of systems that can detect road speed limits via front-mounted cameras, GPS data or both. Depending on the specific ISA and how it’s configured by the driver, the technology can provide reminder feedback about the speed limit, automatically adjust cruise control to match the road’s speed or even reduce power to the motor to slow speeding vehicles.

Many drivers in Europe are already using ISA-equipped vehicles, and major automakers such as Honda, Ford, Jeep and Mercedes-Benz sell certain models with these systems in the European market. According to a projection by the EU-funded PROSPER, a scenario such as this one, where ISA becomes mandated, could result in between 26 and 50 percent fewer fatalities.

As Autocar notes, ISA technology still isn’t perfect. During one test, the ISA system was occasionally “slow to respond” and at one point set the speed limit at 60 mph while driving through a quiet English village.

Source: EU will require all new cars to include anti-speeding tech by 2024 | Engadget

So… can you disable ISA easily then? At least it looks like the tech is contained in the car, hopefully not feeding your driving data and location to 3rd parties where it can be sold on and get lost.

Marriott Hotels confirms yet another data breach

Posted on by

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.

The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel in Maryland into giving them access to their computer.

[…]

Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.

The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.

However, Marriott told TechCrunch that its investigation determined that the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”

The company said that it is preparing to notify 300-400 individuals regarding the incident, and has already notified relevant law enforcement agencies.

This isn’t the first time Marriott has suffered a significant data breach. Hackers breached the hotel chain in 2014 to access almost 340 million guest records worldwide — an incident that went undetected until September 2018 and led to a £14.4 million ($24 million) fine from the U.K.’s Information Commissioner’s Office. In January 2020, Marriott was hacked again in a separate incident that affected around 5.2 million guests.

[…]

Source: Hotel giant Marriott confirms yet another data breach | TechCrunch

Amazon offers to share data, boost rivals to dodge EU antitrust fines

Posted on by

Amazon (AMZN.O) has offered to share marketplace data with sellers and boost the visibility of rival products on its platform, trying to persuade EU antitrust regulators to close their investigations without a fine by the end of the year, people familiar with the matter said.

The world’s largest online retailer is hoping its concessions will stave off a potential European Union fine that could be as much as 10% of its global turnover, Reuters reported last year. read more

The European Commission in 2020 charged Amazon with using its size, power and data to push its own products and gain an unfair advantage over rival merchants that sell on its online platform.

It also launched an investigation into Amazon’s possible preferential treatment of its own retail offers and those of marketplace sellers that use its logistics and delivery services.

Amazon’s process for choosing which retailer appears in the “buy box” on its website and which generates the bulk of its sales also came under the spotlight.

Amazon has now proposed to allow sellers access to some marketplace data while its commercial arm will not be able to use seller data collected by its retail unit, the people said.

The company will also create a second buy box for rival products in the event an Amazon product appears in the first buy box, the people said.

[…]

Source: Amazon offers to share data, boost rivals to dodge EU antitrust fines | Reuters

No way that this is enough. A marketplace owner has no business offering products on their own marketplace at all. That’s always going to be unfair competition. It also fails to address many of the other monopoly problems, like forcing sellers to exclusively use Amazon or downgrading their search results, forcing sellers to use the Amazon delivery options as well as forcing other delivery parties out of business by delivering under cost price.

China’s cyberspace regulator details data export rules

Posted on by

[…]

The Cyberspace Administration of China’s (CAC) policy was first floated in October 2021 and requires businesses that transfer data offshore to conduct a security review. The requirements kick in when an organization transfers data describing more than 100,000 individuals, or information about critical infrastructure – including that related to communications, finance and transportation. Sensitive data such as fingerprints also trigger the requirement, at a threshold of 10,000 sets of prints.

A Thursday announcement added a detail to the policy: the cutoff date after which the CAC will start counting towards the 100,000 and 10,000 thresholds. Oddly, that date is January 1 … of 2021.

A state official explained in Chinese state-owned media on Thursday that the efforts were necessary due to the digital economy expanding cross-border data activities, and that differences in international legal systems have increased data export security risks, thereby affecting national security and social interest.

The official detailed that the security review should occur prior to signing a contract that includes exporting data overseas. Any approved data export will be valid for two years, at which point the entity must apply again.

[…]

Source: China’s cyberspace regulator details data export rules • The Register

Turkey’s Newfound Cache of Rare Earths Could Supply the World’s EVs and More

Posted on by

Turkey announced last week it discovered a massive rare earth reserve almost as big as the world’s largest in China. The find is reportedly so large that it could on its own satisfy global demand for decades.

According to the Turkish Ministry of Energy and Natural Resources, the country found a supply of 694 million metric tons (765 million short tons) of rare earth minerals in Beylikova, Eskişehir. That reportedly makes Turkey’s rare earths reserve the world’s second-largest behind China, which has 800 million tons according to AA Energy. Deposits reportedly include 10 of the 17 rare earth elements and are close to the surface, which would simplify extraction.

Fatih Dönmez, the country’s Minister for Energy and Natural Resources said the construction of processing infrastructure will begin later this year after R&D concludes. When the mining and refinement industries are up and running, Turkey anticipates it’ll have the capability to process 570,000 metric tons of rare earths annually. That’s nearly double the 315,000 metric tons that The Conversation reports will be demanded globally in 2030.

[…]

Source: Turkey’s Newfound Cache of Rare Earths Could Supply the World’s EVs and More

European Union passes landmark laws to rein in big tech, but worres about enforcement

Posted on by

[…]

the European Union has passed a pair of landmark bills designed to rein in Big Tech’s power. The Digital Markets Act and Digital Services Act are intended to promote fairer competition, improve privacy protection, as well as banning both the use of some of the more egregious forms of targeted advertising and misleading practices.

The Digital Services Act, for instance, focuses on online platforms like Facebook, Amazon and Google. They will be tasked with being more proactive both with content moderation and also to prevent the sale of illegal or unsafe goods being sold on their platforms. Users will also be able to learn how and why an algorithm recommended them a certain piece of content, and to challenge any moderation decision that was made algorithmically. Finally, companies will no longer be able to use sensitive personal data for ad-targeting, sell ads to children, or use dark patterns — deceptive page design that can manipulate you into saying yes to something even when you’d much rather say no, such as joining a service or preventing you from leaving one you no longer wish to use.

These obligations operate on a sliding scale, and so the largest platforms will have the greatest obligations placed upon them. Platforms with 45 million or more monthly users will be subject to independent auditing to ensure they are preventing fake news and illegal content. Those platforms will also have to open up their algorithms and data to (approved) researchers to enable them to study the effects, and potential harm, the systems can cause.

The Digital Markets Act, meanwhile, is more focused on preventing dominant platform holders, like Google, Microsoft and Apple, from abusing their scale. This includes offering better interoperability with smaller, rival services, ensuring files can be sent between systems. There is also a large carve-out for app storefronts, with developers now entitled to contact their customers about deals without going via the platform holder in question. And platform holders will no longer be able to give their systems favorable treatment, such as when Google promoted its own shopping service over that of rivals.

The EU has given both bills plenty of teeth, and can dole out a maximum penalty of 10 percent of its total worldwide turnover from the previous year, should regulators find non-compliance. This figure will, however, jump to 20 percent of worldwide turnover if officials find “repeated non-compliance.” That’s a hefty figure big enough that not even Apple would be able to stomach losing on a regular basis. Although, as with GDPR regulation, the EU still has questions to answer about how much effort, time and money it’s prepared to put behind a body to monitor big tech.

Now that they have been passed, the Digital Services Act will come into force by 1st January 2024 (unless some procedural stuff delays it) while the Digital Markets Act will come into force at some point soon after, and major platforms — dubbed “Gatekeepers” will have a further six months to get their houses in order before the new rules apply to them.

Source: European Union passes landmark laws to rein in big tech | Engadget

The European Commission has set up a taskforce, with about 80 officials expected to join up, which critics say is inadequate. Last month it put out a 12 million euro ($12.3 million) tender for experts to help in investigations and compliance enforcement over a four-year period.

EU industry chief Thierry Breton sought to address enforcement concerns, saying various teams would focus on different issues such as risk assessments, interoperability of messenger services and data access during implementation of the rules.

Regulators will also set up a European Centre for Algorithmic Transparency to attract data science and algorithm scientists to help with enforcement.

“We have started to gear the internal organisation to this new role, including by shifting existing resources, and we also expect to ramp up recruitment next year and in 2024 to staff the dedicated DG CONNECT team with over 100 full time staff,” Breton said in a blogpost.

[…]

“We raised the alarm last week with other civil society groups that if the Commission does not hire the experts it needs to monitor Big Tech’s practices in the market, the legislation could be hamstrung by ineffective enforcement,” BEUC Deputy Director General Ursula Pachl said in a statement.

The DMA is set to force changes in companies’ businesses, requiring them to make their messaging services interoperable and provide business users access to their data.

Business users would be able to promote competing products and services on a platform and reach deals with customers off the platforms.

Companies will not be allow to favour their own services over rivals’ or prevent users from removing pre-installed software or apps, two rules that will hit Google and Apple hard.

The DSA bans targeted advertising aimed at children or based on sensitive data such as religion, gender, race and political opinions. Dark patterns, which are tactics that mislead people into giving personal data to companies online, will also be prohibited

Source: EU lawmakers pass landmark tech rules, but enforcement a worry

Finnish ‘Sand battery’ built in Tampere

Posted on by

Finnish researchers have installed the world’s first fully working “sand battery” which can store green power for months at a time.

Using low-grade sand, the device is charged up with heat made from cheap electricity from solar or wind.

The sand stores the heat at around 500C, which can then warm homes in winter when energy is more expensive.

[…]

Right now, most batteries are made with lithium and are expensive with a large, physical footprint, and can only cope with a limited amount of excess power.

But in the town of Kankaanpää, a team of young Finnish engineers have completed the first commercial installation of a battery made from sand that they believe can solve the storage problem in a low-cost, low impact way.

“Whenever there’s like this high surge of available green electricity, we want to be able to get it into the storage really quickly,” said Markku Ylönen, one of the two founders of Polar Night Energy who have developed the product.

The device has been installed in the Vatajankoski power plant which runs the district heating system for the area.

Low-cost electricity warms the sand up to 500C by resistive heating (the same process that makes electric fires work).

This generates hot air which is circulated in the sand by means of a heat exchanger.

Sand is a very effective medium for storing heat and loses little over time. The developers say that their device could keep sand at 500C for several months.

So when energy prices are higher, the battery discharges the hot air which warms water for the district heating system which is then pumped around homes, offices and even the local swimming pool.

[…]

The idea for the sand battery was first developed at a former pulp mill in the city of Tampere, with the council donating the work space and providing funding to get it off the ground.

[…]

One of the big challenges now is whether the technology can be scaled up to really make a difference – and will the developers be able to use it to get electricity out as well as heat?

The efficiency falls dramatically when the sand is used to just return power to the electricity grid.

But storing green energy as heat for the longer term is also a huge opportunity for industry, where most of the process heat that’s used in food and drink, textiles or pharmaceuticals comes from the burning of fossil fuels.

[…]

Source: Climate change: ‘Sand battery’ could solve green energy’s big problem – BBC News

Enjoy Digital Ownership And Public Libraries While You Still Can – the rental model is coming for you

Posted on by

Michael E. Karpeles, Program Lead on OpenLibrary.org at the Internet Archive, spotted an interesting blog post by Michael Kozlowski, the editor-in-chief of Good e-Reader. It concerns Amazon and its audiobook division, Audible:

Amazon owned Audible ceased selling individual audiobooks through their Android app from Google Play a couple of weeks ago. This will prevent anyone from buying audio titles individually. However, Audible still sells subscriptions through the app (…)

Karpeles points out that this is yet another straw in the wind indicating that the ownership of digital goods is being replaced with a rental model. He wrote a post last year exploring the broader implications, using Netflix as an example:

What content landlords like Netflix are trying to do now is eliminate our “purchase” option entirely. Without it, renting become the only option and they are thus free to arbitrarily hike up rental fees , which we have to pay over and over again without us getting any of these aforementioned rights and freedoms. It’s a classic example of getting less for more.

He goes on to underline four extremely serious consequences of this shift. One is the end of “forever access”. If the company adopting the rental model goes out of business, customers lose access to everything they were paying for. With the ownership of goods, even if the supplier goes bankrupt, you still have the product they sold to you.

Secondly, the rental model effectively means the end of the public domain for material offered in that way. In theory, books, music, films and the rest that are under copyright should enter the public domain after a certain time – typically around a century after they first appeared. But when these digital goods are offered using the rental model, they usually come wrapped up in digital locks – digital rights management (DRM) – to prevent people exiting from the rental model by making a personal copy. That means that even if the company offering the digital goods is still around when the copyright expires, this content will remain locked-away even when it enters the public domain because it is illegal under copyright laws like the US DMCA and EU Information Society Directive to circumvent those locks.

Thirdly, Karpeles notes, the rental model means the end of personal digital freedom in this sphere. Since you access everything through the service provider, the latter knows what you are doing with the rented material and when. How much it chooses to spy on you will depend on the company, but you probably won’t know unless you live somewhere like the EU where you can make a request to the company for the personal data that it holds about you.

Finally, and perhaps least obviously, it means the end of the library model that has served us so well for hundreds of years. Increasingly, libraries are unable to buy copies of ebooks outright, but must rent them. This means that they must follow the strict licensing conditions imposed by publishers on how those ebooks are lent out by the library. For example, some publishers license ebooks for a set period of time – typically a year or two – with no guarantee that renewal will be possible at the end of that time. Others have adopted a metered approach that counts how many times an ebook is lent out, and blocks access after a preset number. Karpeles writes:

Looking to the future, as more books become only available for lease as eBooks, I see no clear option which allows libraries to sustainably serve their important roles as reliable, long-term public access repositories of cultural heritage and human knowledge. It used to be the case that a library would purchase a book once and it would serve the public for decades. Instead, now at the end of each year, a library’s eBooks simply vanish unless libraries are able to find enough quarters to re-feed the meter.

The option to own new digital goods or to access the digital holdings of public libraries may not be available much longer – enjoy them while you can.

Source: Enjoy Digital Ownership And Public Libraries While You Still Can | Techdirt