Feed aggregator

chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company "back door" access to deployed sets, The Security Ledger reports. Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is "reviewing entities such as the Chinese manufacturer TCL." "This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world," Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled "Homeland Security and the China Challenge." As reported last month, independent researchers John Jackson -- an application security engineer for Shutter Stock -- and a researcher using the handle Sick Codes identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself. In a statement to The Security Ledger, TCL disputed that account. By TCL's account, the patched vulnerability was linked to a feature called "Magic Connect" and an Android APK by the name of T-Cast, which allows users to "stream user content from a mobile device." T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was "updated to resolve this issue," the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability. In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader "business advisory" cautioning against using data services and equipment from firms linked to the People's Republic of China (PRC). This advisory will highlight "numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals," Wolf said. "DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result," he said.

Read more of this story at Slashdot.

France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris. The BBC reports: The Council of State said Paris police prefect Didier Lallement should halt "without delay" drone surveillance of gatherings on public roads. The ruling comes weeks after MPs backed a controversial security bill that includes police use of drones. Its main aim is to regulate how people share film or photos of police. Privacy rights group La Quadrature du Net (LQDN) has argued that the bill's main measures violate freedom of expression and that drones equipped with cameras cannot keep the peace but track individuals instead. The Council of State ruled there was "serious doubt over the legality" of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing "impossible proof" that it was absolutely necessary to maintain law and order. The decision is the second setback in months for Parisian authorities' drone plans. In May, the same court ruled that drones could not be used in the capital to track people in breach of France's strict lockdown rules.

Read more of this story at Slashdot.

oort99 writes: MIT Electrical Engineering graduate and California Secretary of State Alex Padilla has been selected by California governor Gavin Newsom to replace Kamala Harris. He will join Steve Daines and Martin Heinrich as one of three U.S. Senators with engineering credentials currently serving in the Senate. "Padilla, 47, the son of Mexican immigrants, will be the first Latino from the state to hold the position," notes NPR. "Padilla has been California's secretary of state since 2015. Previously, he was a state senator and Los Angeles city councilman." Since Harris was first elected in 2016, Padilla will fill the seat by appointment until 2022 when an election will be held for the next full six-year term.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Phys.Org: A team of scientists at Freie Universitat Berlin has developed an artificial intelligence (AI) method for calculating the ground state of the Schrodinger equation in quantum chemistry. The goal of quantum chemistry is to predict chemical and physical properties of molecules based solely on the arrangement of their atoms in space, avoiding the need for resource-intensive and time-consuming laboratory experiments. In principle, this can be achieved by solving the Schrodinger equation, but in practice this is extremely difficult. Up to now, it has been impossible to find an exact solution for arbitrary molecules that can be efficiently computed. But the team at Freie Universitat has developed a deep learning method that can achieve an unprecedented combination of accuracy and computational efficiency. The deep neural network designed by [the] team is a new way of representing the wave functions of electrons. "Instead of the standard approach of composing the wave function from relatively simple mathematical components, we designed an artificial neural network capable of learning the complex patterns of how electrons are located around the nuclei," [Professor Frank Noe, who led the team effort] explains. "One peculiar feature of electronic wave functions is their antisymmetry. When two electrons are exchanged, the wave function must change its sign. We had to build this property into the neural network architecture for the approach to work," adds [Dr. Jan Hermann of Freie Universitat Berlin, who designed the key features of the method in the study]. This feature, known as 'Pauli's exclusion principle,' is why the authors called their method 'PauliNet.' Besides the Pauli exclusion principle, electronic wave functions also have other fundamental physical properties, and much of the innovative success of PauliNet is that it integrates these properties into the deep neural network, rather than letting deep learning figure them out by just observing the data. "Building the fundamental physics into the AI is essential for its ability to make meaningful predictions in the field," says Noe. "This is really where scientists can make a substantial contribution to AI, and exactly what my group is focused on." The results were published in the journal Nature Chemistry.

Read more of this story at Slashdot.

On Tuesday, Tesla CEO Elon Musk tweeted that he considered selling his electric car company to Apple in recent years, but Apple CEO Tim Cook was not even interested in taking a meeting. CNBC reports: Specifically, Musk wrote in a tweet on December 22: "During the darkest days of the Model 3 program, I reached out to Tim Cook to discuss the possibility of Apple acquiring Tesla (for 1/10 of our current value). He refused to take the meeting." It was a rare admission from the mercurial CEO that he once considered giving up control of the company he helped build and take to a market value that's more than the top nine automakers combined. Tesla has not discussed a sale in any financial filing. On Tuesday, Musk also made remarks about lithium iron phosphate batteries that Apple is reportedly developing for use in vehicles, per a Reuters report on Monday. "Strange, if true," Musk wrote. "Tesla already uses iron-phosphate for medium range cars made in our Shanghai factory.- A monocell is electrochemically impossible, as max voltage is ~100X too low. Maybe they meant cells bonded together, like our structural battery pack?"

Read more of this story at Slashdot.

U.S. securities regulators on Tuesday sued cryptocurrency giant Ripple, and both its CEO and executive chairman, for allegedly selling over $1.3 billion in unregistered securities. Axios reports: Ripple on Monday had publicly disclosed that the lawsuit was to be filed imminently, and said it does not believe its tokens needed to be registered. XRP, the cryptocurrency created by Ripple in 2012, has the crypto industry's third-largest market cap at around $22 billion, behind only Bitcoin and Ether. In a separate article, Axios' Dan Primack writes that this lawsuit "could put a chill on some crypto industry investment, as Ripple has no interest in settling fast and moving on." He adds: "It also could mildly complicate the upcoming IPO for Coinbase, where XRP-to-dollar activity made up 15% of trading volume over the past 30 days (per Nomics)."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Dozens of email accounts at the U.S. Treasury Department were compromised by the powerful hackers responsible for a wide-ranging espionage campaign against U.S. government agencies, the office of U.S. Senator Ron Wyden said on Monday. In a written statement, Wyden's office said that Senate Finance Committee staff were briefed that the hack of the Treasury Department appears to have been a significant one, "the full depth of which isn't known." Wyden, the most senior Democrat on the committee, said that Microsoft notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury's Departmental Offices division, which is home to its top officials. "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen," the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected. A Wyden aide said the hackers were able to access the Treasury officials' Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury's "single sign on" infrastructure -- a service used in many organizations so that employees can access a variety of services with a single username and password. The aide quoted Treasury officials as saying Mnuchin's inbox was not among those affected. Wyden's statement contrasts Treasury Secretary Steven Mnuchin, who told CNBC earlier in the day that "the good news is there has been no damage, nor have we seen any large amounts of information displaced." He added: "I can assure you, we are completely on top of this."

Read more of this story at Slashdot.

An anonymous reader shares a report: Some diamonds were formed billions of years ago in space as the carbon-rich atmospheres of dying stars expanded and cooled. In our own planet's lifetime, high-temperatures and pressures in the mantle produced the diamonds that are familiar to us as gems. 5,000 years ago, a large meteorite that struck a carbon-rich sediment on Earth produced an impact diamond. Each of these diamonds differs from the others in both composition and genesis, but all are categorized as "diamond" by the authoritative guide to minerals -- the International Mineralogical Association's Commission on New Minerals, Nomenclature and Classification. For many physical scientists, this inconsistency poses no problem. But the IMA system leaves unanswered questions for planetary scientists, geobiologists, paleontologists and others who strive to understand minerals' historical context. So, Carnegie's Robert Hazen and Shaunna Morrison teamed up with CU Boulder philosophy of science professor Carol Cleland to propose that scientists address this shortcoming with a new "evolutionary system" of mineral classification -- one that includes historical data and reflects changes in the diversity and distribution of minerals through more than 4 billion years of Earth's history. Their work is published by the Proceedings of the National Academy of Sciences. "We came together from the very different fields of philosophy and planetary science to see if there was a rigorous way to bring the dimension of time into discussions about the solid materials that compose Earth," Hazen said.

Read more of this story at Slashdot.

The Justice Department sued Walmart on Tuesday for what it said was the company's role in fueling the nation's opioid crisis by allowing its network of pharmacies to fill millions of prescriptions for opioids, thousands of which authorities said were suspicious. From a report: The 160-page civil complaint alleges that the retail giant knew that its system for detecting illegitimate prescriptions was inadequate and details numerous instances when Walmart's own employees warned federal authorities and company managers about possibly suspicious prescriptions. "As one of the largest pharmacy chains and wholesale drug distributors in the country, Walmart had the responsibility and the means to help prevent the diversion of prescription opioids," Jeffrey Bossert Clark, acting assistant attorney general of the Justice Department's civil division, said in a statement. "Instead, for years, it did the opposite -- filling thousands of invalid prescriptions at its pharmacies and failing to report suspicious orders of opioids and other drugs placed by those pharmacies." In one instance, an employee identified only by his or her initials admitted to the Drug Enforcement Administration to filling prescriptions that the employee knew were not legitimate, the lawsuit alleges.

Read more of this story at Slashdot.

An internal Nintendo leak has revealed measures the company took when approaching a 3DS homebrew hacker. The measures are rather extreme and apparently include surveillance of the individual in question, as well as internal presentations and instructions on how to approach him. From a report: This comes courtesy of prominent Twitter Nintendo leaker Eclipse. According to documents unearthed by Eclipse -- which also include a Switch software development kit and console security documents, among other things -- the company conducted surveillance on Neimod, a hacker who cracked the 3DS, in 2013. Online Nintendo historian Forest of Illusion corroborates this with an internal document showing findings about Neimod's personal life including where he lived and his average work week. In addition to the surveillance, Nintendo also created detailed plans on how to approach Neimod in order to get him to back down from hacking the 3DS. In the documents, IRC chats involving Neimod are included, showing Nintendo covertly extracting information from Neimod and altering its response to the issue based on what he says. The details of Nintendo's plan to approach Neimod are remarkably detailed, with multiple stages and potential outcomes mapped out in a flowchart.

Read more of this story at Slashdot.

The Wall Street Journal: To keep customers happy, which Mr. Bezos has long said is Amazon's fixation and growth strategy, executives behind the scenes have methodically waged targeted campaigns against rivals and partners alike -- an approach that has changed little through the years, from diapers to footwear. No competitor is too small to draw Amazon's sights. It cloned a line of camera tripods that a small outside company sold on Amazon's site, hurting the vendor's sales so badly it is now a fraction of its original size, the little firm's owner said. Amazon said it didn't violate the company's intellectual-property rights. When Amazon decided to compete with furniture retailer Wayfair, Mr. Bezos's deputies created what they called the Wayfair Parity Team, which studied how Wayfair procured, sold and delivered bulky furniture, eventually replicating a majority of its offerings, said people who worked on the team. Amazon and Wayfair declined to comment on the matter. Amazon set its sights on Allbirds, the maker of popular shoes using natural and recycled materials, and last year launched a shoe called Galen that looks nearly identical to Allbirds' bestseller -- without the environmentally friendly materials and selling for less than half the price. "You can't help but look at a trillion-dollar company putting their muscle and their pockets and their machinations of their algorithms and reviewers and private-label machine all behind something that you've put your career against," said Allbirds Co-CEO Joey Zwillinger. "You have this giant machine creating all these headwinds for us." This year, Amazon has zeroed in on Shopify, a fast-growing Canadian company that helps small merchants create online shops. Amazon has established a secret team, "Project Santos," to replicate parts of Shopify's business model, said people familiar with the project. Amazon executives often initiated efforts like these on their own, though in some cases examined by The Wall Street Journal, Mr. Bezos himself was involved, according to former Amazon executives and internal emails. From its start as an online bookstore 26 years ago, Amazon has expanded into an online retailer with a presence in nearly every major category. It is also the leading provider of cloud-computing services, a gadget maker, a major entertainment player and a rival to United Parcel Service and FedEx. Mr. Bezos is the world's richest man, with a net worth Forbes estimates at $187 billion. He still exhorts employees to consider Amazon a startup. "It is always day one," he likes to say. Day two is "stasis, followed by irrelevance, followed by excruciating, painful decline, followed by death." Mr. Bezos originally considered calling his company Relentless, and www.relentless.com still redirects to Amazon's site.

Read more of this story at Slashdot.

Gov. Andrew M. Cuomo signed a bill Tuesday suspending the use of facial recognition and other kinds of biometric technology in schools in New York, also directing a study of whether its use is appropriate in schools. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the state Education Department commissioner authorizes its use. The rule applies to both public and private schools in New York. In a statement, ACLU said. "This is a victory for student privacy and students of color, who are disproportionately harmed by this flawed and biased technology. New York has led the way, and now other states should follow."

Read more of this story at Slashdot.

Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. From a report: The three services were active at insorg.org, safe-inet.com, and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday. The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year. According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.

Read more of this story at Slashdot.

Digital rights group Fight for the Future has unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware." From a report: As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio, offer technologies that claim to fight cheating by tracking head and eye movements, without any evidence that their algorithms do anything but make students anxious (and thus perform worse). Others rely on facial recognition technology, which is itself rife with racial bias, and have regularly failed to verify the identities of students of color at various points while taking state bar exams, forcing the test to end. Proctorio is one of a few companies that has come under scrutiny from privacy groups not only for invasive surveillance, but exhaustive data extraction that collects sensitive student data including biometrics. The company is perhaps unique in its attempts to silence critics of its surveillance programs. Proctorio has deployed lawsuits to silence critics, forcing one University of British Columbia learning technology specialist to exhaust his personal and emergency savings due to a lawsuit meant to silence his online criticisms of the company. Proctorio has also targeted students and abused Twitter's DMCA takedown process to further suppress valid criticisms of its proctoring software. Further reading: Proctoring Software Company Used DMCA To Take Down a Student's Critical Tweets; and Cheating-Detection Software Provokes 'School-Surveillance Revolt'.

Read more of this story at Slashdot.

Small advertisers that rely on Facebook to spread marketing messages are up in arms over the social network's automated ad systems, complaining that inflexible account blocking tools and a lack of customer assistance are hurting business. From a report: One digital marketer, Chris Raines, was setting up an advertising campaign on Facebook last week when his account abruptly stopped working. Raines uses his account to manage ads for clients' Facebook Pages. Without it, he couldn't do his job. The lockout was a nuisance, but then Raines noticed something more concerning: A $3,000-per-day ad campaign that he'd set up for a client before his account was locked continued to run even though he could no longer manage it. Raines was spending his client's money without any way to control how. Raines tried to confirm his identity using Facebook's automated systems, but received an error message. Eventually, he called the advertiser and asked if they would make his wife an administrator to the company-owned Facebook Page. Using her account, he was finally able to log in and manage the Facebook ads, which includes adjusting details like who sees the ad and how much to spend. "The actual injury, especially for advertisers and marketers, is immense," said Raines, who runs a digital media company called Bullhorn Media. "Had I not had that workaround, my business would have went away."

Read more of this story at Slashdot.

Seventy-three suspected cheaters, one critical mistake. Dozens of cadets at the U.S. Military Academy at West Point were caught cheating on a calculus final exam in May after they all made the same errors on the test, according to officials. From a report: Instructors at the Army's premier training ground for officers revealed the academic scandal on Monday, saying it's the worst they've seen since the 1970s. So far, 59 cadets out of a suspected 73 have admitted to taking part in the scam in which the students "shared answers and made the same mistakes," Lt. Col. Chris Ophardt, a West Point spokesman told NPR. The test was administered remotely due to the coronavirus pandemic. Four cadets have resigned and another eight, who say they're innocent of any wrongdoing, will face a full hearing led by seniors at the academy. The cases against two others initially implicated in the scheme have been dismissed for lack of evidence..

Read more of this story at Slashdot.

A group made up of 19 security firms, tech companies, and non-profits, headlined by big names such as Microsoft and McAfee, have announced on Monday plans to form a new coalition to deal with the rising threat of ransomware. From a report: Named the Ransomware Task Force (RTF), the new group will focus on assessing existing technical solutions that provide protections during a ransomware attack. The RTF will commission expert papers on the topic, engage stakeholders across industries, identify gaps in current solutions, and then work on a common roadmap to have issues addressed among all members. The end result should be a standardized framework for dealing with ransomware attacks across verticals, one based on an industry consensus rather than individual advice received from lone contractors.

Read more of this story at Slashdot.

Tech giants, including Microsoft and Google, have joined Facebook's legal battle against hacking company NSO, filing an amicus brief in federal court that warned the Israeli firm's tools were "powerful, and dangerous." From a report: The brief, filed before the U.S. Court of Appeals for the Ninth Circuit, opens up a new front in Facebook's lawsuit against NSO, which it filed last year after it was revealed that the cyber surveillance firm had exploited a bug in Facebook-owned instant messaging program WhatsApp to help surveil more than 1,400 people worldwide. NSO has argued that because it sells digital break-in tools to police and spy agencies, it should benefit from "sovereign immunity" -- a legal doctrine that generally insulates foreign governments from lawsuits. NSO lost that argument in the Northern District of California in July and has since appealed to the Ninth Circuit to have the ruling overturned. Microsoft, Alphabet-owned Google, Cisco, Dell Technologies-owned VMWare, and the Washington-based Internet Association joined forces with Facebook to argue against that, saying that awarding sovereign immunity to NSO would lead to a proliferation of hacking technology and "more foreign governments with powerful and dangerous cyber surveillance tools."

Read more of this story at Slashdot.

Facebook and Google agreed to "cooperate and assist one another" if they ever faced an investigation into their pact to work together in online advertising, according to an unredacted version of a lawsuit filed by 10 states against Google last week. From a report: The suit, as filed, cites internal company documents that were heavily redacted. The Wall Street Journal reviewed part of a recent draft version of the suit without redactions, which elaborated on findings and allegations in the court documents. Ten Republican attorneys general, led by Texas, are alleging that the two companies cut a deal in September 2018 in which Facebook agreed not to compete with Google's online advertising tools in return for special treatment when it used them. Google used language from "Star Wars" as a code name for the deal, according to the lawsuit, which redacted the actual name. The draft version of the suit says it was known as "Jedi Blue." The lawsuit itself said Google and Facebook were aware that their agreement could trigger antitrust investigations and discussed how to deal with them, in a passage that is followed by significant redactions. The draft version spells out some of the contract's provisions, which state that the companies will "cooperate and assist each other in responding to any Antitrust Action" and "promptly and fully inform the Other Party of any Governmental Communication Related to the Agreement." In the companies' contract, "the word [REDACTED] is mentioned no fewer than 20 times," the lawsuit says. The unredacted draft fills in the word: Antitrust.

Read more of this story at Slashdot.

An anonymous reader quotes a report from NBC News: Several European countries have banned flights from the U.K. over fears about a new coronavirus variant that has forced millions of people in Britain to cancel their Christmas plans. Germany, the Netherlands, Belgium, Austria and Italy all announced restrictions on U.K. travel. Others will likely follow suit as scientists warned that the new strain spreads more quickly than its predecessor. [...] U.K. health officials first identified the new variant, which British scientists have called "VUI -- 202012/01," in mid-September, Maria Van Kerkhove, the Covid-19 technical lead for the World Health Organization, told the BBC on Sunday. Chris Whitty, the chief medical officer for England, warned in a statement Saturday that it the virus considered to be spreading more quickly. But he said there was no evidence so far to suggest that the new strain is more potent in terms of severe illness or death. "Our working assumption from all the scientists is that the vaccine response should be adequate for this virus," Patrick Vallance, the U.K. government's chief scientific adviser, said at a news briefing Saturday. But Ravindra Gupta, a professor of clinical microbiology at the University of Cambridge, said he was concerned that the virus is on a pathway to become resistant to vaccines. "Whilst it may not be actually resistant, it may not take so many changes after this for it to get there," he said. However, Clarke said that different versions of flu vaccines are required every year and that he did not see why it could not be the same for the coronavirus. The report notes that the new variant "has so far been identified in Denmark, the Netherlands and Australia," adding that more sequencing that can be done will be helpful to determine if this variant is circulating elsewhere. Gupta said the new strain should be cause for concern in the U.S. and other countries. Warning that the virus could mutate again, he said, "people need to step up their surveillance."

Read more of this story at Slashdot.