https://www.bleepingcomputer.com/ne...chargers-to-inject-voice-commands-fry-phones/
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones

https://arxiv.org/pdf/2402.11423.pdf

 

https://www.bleepingcomputer.com/ne...chargers-to-inject-voice-commands-fry-phones/
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones

https://arxiv.org/pdf/2402.11423.pdf

just WOW ... the creativity of human evil knows no boundaries ...

 

just WOW ... the creativity of human evil knows no boundaries ...

SImple physics, entropy.
It's much easier to destroy than to create.

 

It's much easier to destroy than to create.

Except when you're creating destruction ...

 

Except when you're creating destruction ...

You laugh.

But what do you think cryptocurrency is?

 

Except when you're creating destruction ...

Burn them with fire! Easy and fun.

The most destructive weapons today are just advanced fire and rocks.

 

https://arstechnica.com/tech-policy...cret-face-image-database-of-college-students/
Vending machine error reveals secret face image database of college students
Facial-recognition data is typically used to prompt more vending machine sales.

 

https://www.techradar.com/computing/cyber-security/iran-outlaws-unauthorized-vpn-usage
Iran outlaws "unauthorized" VPN usage

The ruling has been imposed by a new resolution issued by the country's National Virtual Space Center on Tuesday, February 20, 2024, and signed off by Supreme Leader Ali Khamenei.


The new ban adds to an already precarious situation on the open internet in Iran as citizens battle against growing government-imposed online censorship, speed throttling, and surveillance.

 

https://arstechnica.com/tech-policy...cret-face-image-database-of-college-students/
Vending machine error reveals secret face image database of college students
Facial-recognition data is typically used to prompt more vending machine sales.

The article was very short on details -- no surprise there.

Given the subtitle, it would have been nice had the article talked about how facial-recognition data was typically being used to prompt more vending machine sales. The only item that seemed related was a statement that some sales brochure promised that "the machines are capable of sending estimated ages and genders" of customers to the vendor. IF that is the extent, then I don't see a problem -- not unless we deem it unacceptable for a store owner to take note of the demographics of people buying various products so as to better tailor the marketing of those products.

The article didn't talk about what level of facial recognition was being used. We tend to think of it in terms of how the evil government three-letter agencies use it in all the stuff Hollywood force feeds us, namely taking an image of a face and recognizing the identity of whose face it is. But a much more common use of facial recognition, which we see all the time when we take pictures with many of today's cameras, is a more literal interpretation of the phrase -- namely analyzing an image and recognizing if, and where, faces are present in the image. This information serves a useful purpose -- the camera software can preferentially focus the camera and control motion stability on where it thinks a face is, sense that is the part of the image that people looking at the resulting picture are most likely to be displeased with if it isn't focused well.

But what is the reason it's useful in a vending machine? While that would be consistent with the claim that it is being used to detect when a human approaches the machine in order to activate the interface, it's still not a very convincing claim. Why does the purchase interface need to be inactive if a human isn't in front of the machine? Simply keeping it active 100% of the time likely would consume no more power than keeping the camera and facial recognition active 100% of the time in order to know when to activate the interface. Why wouldn't a simple motion detector work?

I don't know about the details of the GDPR regulations, but I suspect that IF it is ONLY recognizing faces to the point of providing an estimate of age and gender, it may likely be compliant. But how do we KNOW that that's ALL it is doing? Even if they convinced the regulators that they only collect and convey that level of data, that was done under the conditions of the compliance testing. How do we know that that's what the machines do in practice (diesel engine emissions, anyone?).

While I am all for exposing/fighting the always-expanding surveillance state we are subjected to, I'm under no illusion that it isn't ultimately a lost battle.

 

sometimes you can be such a wet blanket ...

Sorry.

https://arstechnica.com/gadgets/202...eak-still-images-and-allow-for-easy-takeover/
$30 doorbell cameras can be easily hijacked, says Consumer Reports
Models still widely available on e-commerce sites after issues reported.

Video doorbell cameras have been commoditized to the point where they're available for $30–$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however.

Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities."

"Ah, the regular reminder that the S in IoT stands for security."

 

https://www.yahoo.com/news/turbotax-wants-tax-return-show-174616882.html
TurboTax wants to use your tax return to show you ads. You can say no.

“We just need your OK on a couple of things,” TurboTax says as you prepare your tax return.

Alarm bells should be ringing in your head at the innocuous tone.

This is where America’s most popular tax-prep website asks you to sign away the ironclad privacy protections of your tax return, including the details of your income, home mortgage and student loan payments.

With your permission to blab your money secrets, the company earns extra income from showing you advertisements for the next three years for things like credit cards and mortgage offers targeted to your financial situation.

"It's not like Dawn hasn't grown up in this house knowing all the rules. Especially the biggie, Numero Uno: Do not invite blood-sucking dead people into our home!"

 

https://www.yahoo.com/news/turbotax-wants-tax-return-show-174616882.html
TurboTax wants to use your tax return to show you ads. You can say no.


View attachment 316717

"It's not like Dawn hasn't grown up in this house knowing all the rules. Especially the biggie, Numero Uno: Do not invite blood-sucking dead people into our home!"

For the most part, I don't ask for government to protect me from my own stupidity. If I give my information to xyz company without bothering to look at their privacy policy where they say they will sell my information, that's on me.

But there are categories that I believe should have stronger barriers, and companies that are going to have access to your personal financial and medical information are pretty much at the top of that list.

I shouldn't have to worry that my bank is going to sell my name and bank balances to someone, that should just be outright illegal for them to do so.

I shouldn't have to worry that the company that I bought my continuous glucose monitor is going to use my readings history to someone, that should just be outright illegal - (I mention that, specifically, because my CGM has, in their Privacy Policy, terms that give them that right, which is why I won't use their logging or sharing tools).

I think these kinds of relationships are, to some degree, on par with lawyer/client or doctor/patient relationships, though not quite to that degree. They should be prohibited from disclosing or sharing information with anyone that is not absolutely required to have it to provide the services you are paying them for, and they should have to maintain records of what they gave to who and when and have to make that available to you. But I don't have a problem with them providing that information where required by law or by a subpoena.

Just imagine what would happen if a law firm were to treat their client information this way, "in order to bring to your attention other offers and services that you might be interested in".

 

Well, it looks like I'm sticking to used cars for the rest of my life...

https://dnyuz.com/2024/03/11/automa...rs-driving-behavior-with-insurance-companies/

 

Well, it looks like I'm sticking to used cars for the rest of my life...

https://dnyuz.com/2024/03/11/automa...rs-driving-behavior-with-insurance-companies/

The driver assistant apps like android auto/automotive collect similar data. You can bet there are deals to make money on it

 

 

Like he said, nobody should be shocked by this news.

You can track just about anything on road, if you have a nose for that sort of thing.

 

https://www.ftc.gov/news-events/new...charges-they-deceived-consumers-buying-repair
Tech Support Firms Will Pay $26 Million to Settle FTC Charges That They Deceived Consumers into Buying Repair Services
FTC says firms bilked consumers, including older consumers, by falsely claiming consumers’ computers had security and performance problems

https://www.ftc.gov/system/files/ftc_gov/pdf/2-1StipulatedOrderproposed.pdf

 

https://www.tomshardware.com/pc-com...m1-m2-m3-processors-cant-be-fixed-in-hardware
New chip flaw hits Apple Silicon and steals cryptographic keys from system cache — 'GoFetch' vulnerability attacks Apple M1, M2, M3 processors, can't be fixed in hardware

This is a serious vulnerability that affects all kinds of encryption algorithms, including 2,048-bit keys that are hardened to fend off attacks from quantum computers. Unfortunately, there is no way to patch the vulnerability in silicon. The only way forward is software-based mitigations that will slow down M1, M2, and M3's encryption and decryption performance. Technically, developers can force their encryption software to run only on the E-cores, which do not have this prefetcher, however, this comes at an obvious performance cost too.

We worry so much about safe software and languages while the real threat is bad hardware.

 

https://www.bleepingcomputer.com/ne...n-let-hackers-unlock-millions-of-hotel-doors/

Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by forging a pair of keycards.

Not just cloning a keycard, it is a lock vulnerability.

One more reason not to trust hotel door locks.

 

https://www.freep.com/story/money/c.../03/22/gm-data-firms-lexis-nexis/73057931007/

General Motors said Friday it is severing ties with two data brokers following a lawsuit that connected the automaker to sharing driver data that resulted in higher auto insurance rates for that plaintiff.

In a lawsuit filed March 13, Romeo Chicco of Florida claims GM, its connected-services subsidiary OnStar and data and analytics company LexisNexis Risk Solutions violated privacy and consumer protection laws.

Chicco alleges GM captured and shared his driving data — which included information about his speeding, braking and acceleration — with LexisNexis, which then shared it with insurers. The complaint, filed in the U.S. District Court Southern District of Florida, seeks class-action status.