| Russia Targets Ukraine With New Android Backdoor, Intel Agencies Say Sep 1st 2023, 03:30, by BeauHD An anonymous reader quotes a report from Ars Technica: Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). "The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military." Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that's resolved using a request to dns.google. Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn't say how the malware gets installed. In the advisory Ukraine's security service issued earlier this month (PDF), officials said that Russian personnel had "captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system." It's unclear if this was the vector.   Read more of this story at Slashdot. | | US Officials Look To Move Marijuana To Lower-Risk Drug Category Sep 1st 2023, 02:02, by BeauHD The U.S. Department of Health and Human Services (HHS) has recommended easing restrictions on marijuana, a department spokesperson said on Wednesday, following a review request from the Biden Administration last year. Reuters reports: The scheduling recommendation for marijuana was provided to the Drug Enforcement Agency (DEA) on Tuesday as part of President Biden's directive to HHS, the spokesperson said. "As part of this process, HHS conducted a scientific and medical evaluation for consideration by DEA. DEA has the final authority to schedule or reschedule a drug under the Controlled Substances Act. DEA will now initiate its review," a DEA spokesperson said. Marijuana is currently classified as a schedule I drug under the Controlled Substances Act, meaning it has a high potential for abuse and no accepted medical use, along with drugs like heroin and LSD. HHS is recommending reclassifying marijuana to say it has a moderate to low potential for dependence and a lower abuse potential, which would put it in a class with ketamine and testosterone. "If marijuana classification were to ease at the federal level, that could allow major stock exchanges to list businesses that are in the cannabis trade, and potentially allow foreign companies to begin selling their products in the United States," notes Reuters. While marijuana remains illegal on the federal level, nearly 40 U.S. states have legalized it in some form. According to a survey last year from the Pew Research Center, "an overwhelming share of U.S. adults (88%) say either that marijuana should be legal for medical and recreational use by adults (59%) or that it should be legal for medical use only (30%)." Read more of this story at Slashdot. | | Saints Row Developer Volition Has Been Shut Down Sep 1st 2023, 01:25, by BeauHD After 30 years of operations, the developer behind 2001's Red Faction and Saints Row, Volition, is being shut down. Its parent company Embracer broke the news on LinkedIn, attributing the decision to a "restructuring program." Game Developer reports: Founded in June 1993 by Mike Kulas and Matt Toschlog, Volition was originally known as Parallax Software. Its debut title was 1995's Descent, which was followed by a sequel the following year. Starting with 1998's Descent: Freespace -- The Great War, the studio would go by its current name. Volition's "big break" game came in the form of 2001's Red Faction. That game spawned multiple sequels (ending with 2011's Red Faction: Armageddon) and a movie spinoff. Its other big franchise, Saints Row, began in 2006 and enjoyed the longer tenure: with several sequels, a soft reboot (2017's Agents of Mayhem), and 2022's full-on reboot, simply titled Saints Row. Other titles developed by the studio include 2002's Summoner 2 and The Punisher from 2004. During the 2010s, Volition was a key developer from THQ that survived the transition over to Deep Silver. That company later rebranded to Plaion (formerly Koch Media) and itself had a "small restructure" as of 2022. Saints Row 2022, the final game from Volition, will be available on PlayStation Plus' Extra tier starting September 6. Read more of this story at Slashdot. | | Apple Experimenting With 3D Printing To Create Devices Sep 1st 2023, 00:45, by BeauHD According to Bloombeg's Mark Gurman (paywalled), Apple is experimenting with a new 3D-printing manufacturing process for some device production, starting with the upcoming Apple Watch Series 9 models. MacRumors reports: The new manufacturing process that Apple is testing would use less material than the large slabs of metal that are needed for traditional CNC manufacturing, plus it would cut down on the time that it takes to make new devices. With a technique called "binder jetting," Apple is able to print a device's outline at close to its actual shape using a powdered substance. A second process uses heat and pressure to squeeze the material into a substance that feels like steel, and it is then refined with milling. Gurman's information echoes what we've already heard from Apple analyst Ming-Chi Kuo. Back in July, Kuo said that the upcoming second-generation Apple Watch Ultra will include 3D printed mechanical parts. Specifically, he claimed that Apple is "actively adopting 3D printing technology," and that some of the titanium components in the new Apple Watch Ultra would be 3D printed. Gurman claims that Apple plans to use this new 3D printing method for the chassis of the stainless steel Apple Watch Series 9 models rather than components for the Ultra but either way, it sounds like Apple is more actively testing this manufacturing method as of 2023. Gurman says that Apple plans to 3D print titanium devices in 2024. The report notes that the shift to 3D printing would also "allow Apple to improve manufacturing times and potentially cut down on costs." Read more of this story at Slashdot. | | Magic Leap AR Headset Will 'Cease To Function' In 2025 Sep 1st 2023, 00:02, by BeauHD An anonymous reader quotes a report from UploadVR: Magic Leap 1 AR headsets will 'cease to function' from December 31, 2024, the company announced. Magic Leap 1 launched in mid 2018 as the first transparent AR headset marketed and sold to consumers. The headset is powered by a tethered waist-mounted compute pack and came with a single tracked controller, though it got hand tracking support too. Content for the device included avatar chat, a floating web browser, a Wayfair app for seeing how furniture might look in your room, two games made by Insomniac Games, and a Spotify background app. But Magic Leap 1's eye-watering $2300 price and the limitations of transparent optics (even today) meant it reportedly fell significantly short of sales expectations. Transparent AR currently provides a much smaller field of view than the opaque display systems of VR-style headsets, despite costing significantly more. And Magic Leap 1's form factor wasn't suitable for outdoor use, so it didn't provide the out-of-home functionality AR glasses promise to one day like on-foot navigation, translation, and contextual information. The Information reported that Magic Leap's founder, the CEO at the time, originally expected it to sell over one million units in the first year. In reality it reportedly sold just 6000 units in the first six months. Read more of this story at Slashdot. | | AI Quadcopter 'Swift' Beats Top Human Drone Racers Aug 31st 2023, 23:20, by BeauHD An autonomous, artificial-intelligence-powered drone called Swift has beaten humanity's best drone racers. "The AI-equipped drone, developed by researchers at the University of Zurich, came out on top in 15 out of 25 races and recorded the single fastest lap time," reports Gizmodo. The findings have been published in the journal Nature. From the report: Swift beat the humans in the niche but growing sport of first-person view drone racing. Human competitors navigate using a headset connected to a camera on their drones to pilot a quadcopter through complex obstacle courses at extreme speeds, with the goal of finishing the race with the fastest time and avoiding taking too much damage in the process. Drones in these races can top 50 miles per hour when they're really buzzing. The [video here] shows Swift battling it out against the human-controlled drones. Swift emerged victorious in 15 out of the 25 total head-to-head races against the human pilots and clocked the fastest overall lap time at 17.47 seconds. That brisk lap time was nearly half a second better than the best human. The three human competitors, Alex Vanover, Thomas Bitmatta, and Marvin Schaepper, have each won drone racing championships in the past. In this case, the human competitors had a week to learn the new course and train for the race. During that same time, Swift was training as well but in a digitally simulated environment meant to resemble the course. Swift, according to the paper, used deep reinforcement learning while in the simulation along with additional data collected from the outside world. During the actual race, Swift would take in video collected by its camera and send that to a neural network capable of identifying the gates it had to fly through. A combination of onboard sensors are then used to aid the drone with positioning, speed, and orientation. All of this happened autonomously, at extreme speeds. The researchers noticed some interesting differences in the ways Swift approached the course as opposed to its human competitors. The autonomous system, they noted, was more consistent across laps and appeared to take tighter turns. Those tight turns can add up and give a drone an edge in a race by repeatedly shaving off fractions of a second from lap times. Read more of this story at Slashdot. | | Wireless Carriers Are Messing With Your Autopay Discount Aug 31st 2023, 22:40, by BeauHD According to a new report by The Wall Street Journal, mobile carriers including Verizon, AT&T and T-Mobile are all requiring customers to switch to a debit card or bank account withdrawal in order to receive an autopay discount on their plan. Verizon has included this requirement for years, but in the past few months the other two carriers have quietly added it too. The Verge reports: The new rule goes into effect for AT&T customers on October 2nd, and as a gesture of goodwill, the company will only reduce your discount if you continue to pay with a credit card. Those who register for autopay with a bank or debit card will receive $10 off; a credit card will only get you $5. T-Mobile's change went into effect in July, also eliminating Apple Pay and Google Pay as methods eligible for the $5 discount. Oh, and technically, you can qualify for Verizon's autopay discount with a credit card -- it just has to be a Verizon Visa card. AT&T and T-Mobile aren't just making this a requirement for new customers -- the change is being applied to all postpaid accounts. Even if you've been receiving the discount for years with a credit card, you'll have to make the switch in order to keep your discount. And it adds up -- the discounts are applied for each line on your plan, so if your whole family is on the same plan, it's a significant amount of money. Read more of this story at Slashdot. | | Texas Law Requiring Age Verification On Porn Sites Ruled Unconstitutional Aug 31st 2023, 22:00, by BeauHD An anonymous reader quotes a report from Ars Technica: The day before a Texas antiporn law that requires age verification to access adult websites was set to take effect, the state's attorney general, Angela Colmenero, has been at least temporarily blocked from enforcing the law. US District Judge David Alan Ezra granted a preliminary injunction temporarily blocking enforcement after the Free Speech Coalition (FSC) joined adult performers and sites like Pornhub in a lawsuit opposing the law. Today, they convinced Ezra that Texas' law violates the First Amendment and would have "a chilling effect on legally-protected speech," FSC said in a press release. "This is a huge and important victory against the rising tide of censorship online," Alison Boden, FSC's executive director, said. "From the beginning, we have argued that the Texas law, and those like it, are both dangerous and unconstitutional. We're pleased that the court agreed with our view that [the law's] true purpose is not to protect young people, but to prevent Texans from enjoying First Amendment protected expression. The state's defense of the law was not based in science or technology, but ideology and politics." Now, Texas will have to wait until this lawsuit is litigated to enforce the law. [...] According to FSC, in addition to free speech concerns, the law needed to be blocked because it would have exposed consumers to "significant privacy risks" by forcing adult-website visitors to show digital IDs. A spokesperson for Pornhub's parent company Aylo told Ars: "We are pleased with the court's decision today, which reaffirms our position that the age verification law implemented in Texas is unconstitutional. We have publicly supported mandatory age verification of viewers of adult content for years, but any method of age verification must preserve user privacy and safety." "The only solution that makes the Internet safer, preserves user privacy, and stands to prevent children from accessing age-inappropriate content is performing age verification at the device level," Aylo's spokesperson said. "We are pleased that the court recognizes the severity of compelled speech and its presence in this law that Texas has implemented. We are proud to fight for our industry and the performers that use it to legally earn a living, and we are glad to see the court recognize that this law is unconstitutional and would have required adult entertainers to falsely imply that their content poses health risks." A similar age verification initiative in Australia was halted yesterday, citing concerns around privacy and security of the technology. Read more of this story at Slashdot. | | UK Government Seeks Expanded Use of AI-based Facial Recognition By Police Aug 31st 2023, 21:20, by msmash UK's Home Office is looking to increase its use of controversial facial recognition technologies to track and find criminals within policing and other security agencies. From a report: In a document released on Wednesday, the government outlined its ambitions to potentially deploy new biometric systems nationally over the next 12 to 18 months. The move comes after privacy campaigners and independent academics criticised the technology for being inaccurate and biased, particularly against darker-skinned people. MPs have previously called for a moratorium on its use on the general population until clear laws are established by parliament. The government is calling for submissions from companies for technologies that "can resolve identity using facial features and landmarks," including for live facial recognition which involves screening the general public for specific individuals on police watch lists. In particular, the Home Office is highlighting its interest in novel artificial intelligence technologies that could process facial data efficiently to identify individuals, and software that could be integrated with existing technologies deployed by the department and with CCTV cameras. Facial recognition software has been used by South Wales Police and London's Metropolitan Police over the past five years across multiple trials in public spaces including shopping centres, during events such as the Notting Hill Carnival and, more recently, during the coronation. Read more of this story at Slashdot. | | Google Removes 'Pirate' URLs From Users' Privately Saved Links Aug 31st 2023, 20:40, by msmash To date, Google has processed more than seven billion copyright takedown requests for its search engine. The majority of the reported links are purged from Google's search index, as required by the DMCA. Recently, however, Google appears to gone a step further, using search takedowns to "moderate" users' privately saved links collections. TorrentFreak: A few hours ago, Eddie Roosenmaallen shared an email from Google, notifying him that a link had been removed from his Google Saved collection because it violates Google's policy. The reason cited for the removal is the "downstream impact," as the URL in question is "blocked by Google Search." "The following saved item in one of your collections was determined to violate Google's policy. As a result, the item will be moderated..," Google writes, pointing out a defunct KickassTorrents domain as the problem. Initially, it was suggested that this removal impacted Google's synched Chrome bookmarks but further research reveals that's not the case. Instead, the removals apply to Google's saved feature. This Google service allows users to save and organize links, similar to what Pinterest does. These link collections can be private or shared with third parties. Read more of this story at Slashdot. | | US Copyright Office Wants To Hear What People Think About AI and Copyright Aug 31st 2023, 20:01, by msmash The US Copyright Office is opening a public comment period around AI and copyright issues beginning August 30th as the agency figures out how to approach the subject. From a report: As announced [PDF] in the Federal Register, the agency wants to answer three main questions: how AI models should use copyrighted data in training; whether AI-generated material can be copyrighted even without a human involved; and how copyright liability would work with AI. It also wants comments around AI possibly violating publicity rights but noted these are not technically copyright issues. The Copyright Office said if AI does mimic voices, likenesses, or art styles, it may impact state-mandated rules around publicity and unfair competition laws. Written comments are due on October 18th, and replies must be submitted to the Copyright Office by November 15th. The copyright status of AI training data and the output of generative AI tools has become a hot topic for politicians, artists, authors, and even civil rights groups, making it a potential testing ground for coming AI regulation. The Copyright Office says that "over the past several years, the Office has begun to receive applications to register works containing AI-generated material." It may use the comments to inform how it decides to grant copyright in the future. The Copyright Office was involved in a lawsuit last year after it refused to grant Stephen Thaler rights to an image created by an AI platform. Earlier this month, a Washington, DC, court sided with the US Copyright Office in the case, stating copyright has never been handed to any work without a human involved. Read more of this story at Slashdot. | | Starfield's 1,000 Planets May Be One Giant Leap for Game Design Aug 31st 2023, 19:22, by msmash The stakes are high for Bethesda's newest role-playing game. Microsoft needs an Xbox hit, and players are hungry for an expansive and satisfying space adventure. From a report: Starfield almost immediately nudges its players to the edges of the cosmos. In the opening hours of the role-playing video game, it's possible to land your spaceship on Earth's moon or zip 16 light-years to Alpha Centauri. When you open your map and zoom out from a planet, you can behold its surrounding solar system; zoom out again, and you're scrolling past luminous stars and the mysterious worlds that orbit them. That sprawling celestial journey within Starfield, developed by Bethesda Game Studios, reveals both the tremendous potential and the monumental challenge of an open-world space adventure. Bethesda has hyped an expansive single-player campaign with 1,000 explorable planets. And expectations around the game, officially releasing on Sept. 6 after a 10-month delay, are nearly as vast. It's the first new universe in 25 years for Bethesda, known for the Elder Scrolls and Fallout series. It's also a high-stakes moment for Microsoft, which makes the Xbox and has long faced criticism that it produces fewer hit games than its console rivals, Sony and Nintendo. To compete, Microsoft went on a spending spree, acquiring Bethesda's parent company in 2020 and agreeing to purchase Activision Blizzard in 2022, a $69 billion bet that is being challenged by regulators. Now Bethesda must deliver. Known for letting players navigate competing factions and undertake eccentric quests, the studio hopes Starfield will dazzle those clamoring for engaging encounters with alien life-forms or space mercenaries as well as a sense of boundless exploration. Read more of this story at Slashdot. | | With Version 117, Firefox Finally Speaks Chrome's Translation Language Aug 31st 2023, 18:44, by msmash The latest version of the flagship FOSS browser is out, and it's picked up one of the main features for which we keep Chrome around. From a report: The Firefox version 117 feature list might not look all that impressive, but it does have a big-ticket feature that may tempt people back: automatic translation. The snag is it's disabled by default in the release version, and you'll have to manually enable it. Although it was enabled in the betas, Mozilla has decided to go for a staged rollout and not enable it for everyone until Firefox 118 in six weeks or so. The new feature is integrated, privacy-respecting machine translation between multiple languages. This was already possible in older versions, but it needed an extension, and that had two side effects. One is that the extension hooked deep into the core of the browser in ways that Mozilla wasn't comfortable about, and the other is that once your text had been sent out to a third-party website, it could be snooped upon -- but the victims of any snooping would blame the browser, even if it wasn't the browser's fault. To enable it, go to the configuration page (enter about:config in the address bar), and search for a setting called browser.translations.enable. Read more of this story at Slashdot. | | Google Removes Fake Signal and Telegram Apps Hosted on Play Aug 31st 2023, 18:01, by msmash Researchers say they have found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms. The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions. ArsTechnica: An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store. Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. The Trojan has been linked to a China-aligned hacking group tracked as GREF. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family. Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device. Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user. Read more of this story at Slashdot. | | Scientologists Ask Federal Government To Restrict Right To Repair Aug 31st 2023, 17:23, by msmash The organization that represents the literary works of Scientology founder L. Ron Hubbard has filed a petition with the Federal Government, asking it to make it illegal to circumvent software locks for the repair of a highly specific set of electronic devices, according to a letter reviewed by 404 Media. From the report: The letter doesn't refer to any single device, but experts say the petition covers Scientology's "E-Meter," a "religious artifact" and electronic that is core to Scientology. Author Services Inc., a group "representing the literary, theatrical, and musical works of L. Ron Hubbard," told the U.S. Copyright Office that it opposes the renewal of an exemption to Section 1201 of the Digital Millennium Copyright Act that makes it legal for consumers to hack their personal electronics for the purposes of repair. This exemption to copyright law is needed because many electronics manufacturers put arbitrary software locks, Digital Rights Management systems, or other technological prevention measures that stop consumers from diagnosing or repairing devices unless they are authorized to do so. Special exemptions to copyright law make it legal for farmers to hack past John Deere's DRM to fix their tractors, consumers to use software tools to help them repair certain parts of game consoles, or use third-party software to circumvent repair locks on printers, air conditioners, laptops, etc. Read more of this story at Slashdot. | |
Comments
Post a Comment