American Phone-Tracking Firm Demo’d Surveillance Powers By Spying On CIA and NSA

Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button. Reader BeerFartMoron shares a report: In the months leading up to Russia’s invasion of Ukraine, two obscure American startups met to discuss a potential surveillance partnership that would merge the ability to track the movements of billions of people via their phones with a constant stream of data purchased directly from Twitter. According to Brendon Clark of Anomaly Six — or “A6” — the combination of its cellphone location-tracking technology with the social media surveillance provided by Zignal Labs would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines. To prove that the technology worked, Clark pointed A6’s powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.

Virginia-based Anomaly Six was founded in 2018 by two ex-military intelligence officers and maintains a public presence that is scant to the point of mysterious, its website disclosing nothing about what the firm actually does. But there’s a good chance that A6 knows an immense amount about you. The company is one of many that purchases vast reams of location data, tracking hundreds of millions of people around the world by exploiting a poorly understood fact: Countless common smartphone apps are constantly harvesting your location and relaying it to advertisers, typically without your knowledge or informed consent, relying on disclosures buried in the legalese of the sprawling terms of service that the companies involved count on you never reading.

Read more of this story at Slashdot.

Ebook Services Are Bringing Unhinged Conspiracy Books into Public Libraries

Librarians say Holocaust deniers, antivaxxers, and other conspiracy theorists are being featured in the catalogs of a popular ebook lending service. From a report: In February, a group of librarians in Massachusetts identified a number of Holocaust denial and anti-Semitic books on Hoopla, including titles like “Debating The Holocaust” and “A New Nobility of Blood and Soil” — the latter referring to the infamous Nazi slogan for nationalist racial purity. After public outcry from library and information professionals, Hoopla removed a handful of titles from its digital collection.

In an email obtained by the Library Freedom Project last month, Hoopla CEO Jeff Jankowski explained that the titles came from the company’s network of more than 18,000 publishers: “[The titles] were added within the most recent twelve months and, unfortunately, they made it through our protocols that include both human and system-driven reviews and screening.” However, quick Hoopla keyword searches for ebooks about “homosexuality” and “abortion” turn up dozens of top results that contain largely self-published religious texts categorized as “nonfiction,” including several titles like “Can Homosexuality Be Healed” which promote conversion therapy and anti-LGBTQ+ rhetoric. This prompted a group of librarians to start asking how these titles are appearing in public library catalogs and why they are ranked so high.

Read more of this story at Slashdot.

Binance Recovers Stolen, Disguised Crypto Loot From Mega Hack

More than a week after the U.S. tied one of the biggest heists in crypto to a North Korean hacking group, digital-asset exchange Binance said it was able to recover about $5.8 million worth of the stolen loot that had made its way onto its platform in disguised form. From a report: The details of how it achieved this serve as notice for those who attempt to cash out ill-gotten cryptocurrency gains: It may only get harder. The U.S. Treasury Department last week tied the North Korean hacking group Lazarus to the theft of more than $600 million in cryptocurrency from the Ronin software bridge, which is used by players of Axie Infinity to transfer crypto. The department identified an Ethereum wallet address tied to the group, adding it to its sanction list. Binance was able to trace stolen funds that were initially moved from the hackers’ wallet to Tornado Cash — a service that allows for anonymous token transfers on the Ethereum blockchain — and then to its exchange by working with external firms.

Read more of this story at Slashdot.

Brazil Judge Says Apple Selling iPhone Without Power Adapter Is ‘Abusive and Illegal’

Obama Says Social Media Falsehoods Spur Skepticism on Politics

Former U.S. President Barack Obama warned that the way Americans communicate on social media networks has weakened democracy. Bloomberg: Obama, who owns the podcasting and film company Higher Ground, warned that “citizens no longer know what to believe” thanks to false information spreading online. This is leading to political skepticism among citizens, he added. “The very design of these platforms is tilting us in the wrong direction,” he said Thursday during a conference at Stanford University’s Cyber Policy Center. Hate speech, vaccine misinformation and state-sponsored amplification of fake news are feeding people’s desire to read sensational content, the former president said. While Obama acknowledged that some of the most odious content, such as racism, white supremacy and conspiracy theories, existed “long before the first tweet was sent,” he argued that “solving the disinformation problem” on social media networks could help build trust and solidarity among citizens.

Read more of this story at Slashdot.

Microsoft Is Disabling SMB1 File-Sharing Protocol in Windows 11 Home

joshuark shares a report: Microsoft’s Windows 10 operating system already disables by default SMB (Server Message Block) version 1, the 30-year-old file-sharing protocol. Now the company is doing the same with Windows 11 Home Dev Channel test builds, announced officials on April 19. SMB1 is considered outdated and not secure. However, some users with very old equipment may be in for a surprise if their Windows 11 laptops can’t connect to an old networked hard drive, as officials said in a blog post about the SMB1 phase out plan. “There is no edition of Windows 11 Insider that has any part of SMB1 enabled by default anymore. At the next major release of Windows 11, that will be the default behavior as well,” said Ned Pyle, Principal Program Manager. “Like always, this doesn’t affect in-place upgrades of machines where you were already using SMB1. SMB1 is not gone here, an admin can still intentionally reinstall it,” Pyle added.

Read more of this story at Slashdot.

Hackers Can Infect Over 100 Lenovo Models With Unremovable Malware

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect. Ars Technica reports: Three vulnerabilities affecting more than 1 million laptops can give hackers the ability to modify a computer’s UEFI. Short for Unified Extensible Firmware Interface, the UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of software to run when virtually any modern machine is turned on, it’s the initial link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and even harder to remove.

Two of the vulnerabilities — tracked as CVE-2021-3971 and CVE-2021-3972 — reside in UEFI firmware drivers intended for use only during the manufacturing process of Lenovo consumer notebooks. Lenovo engineers inadvertently included the drivers in the production BIOS images without being properly deactivated. Hackers can exploit these buggy drivers to disable protections, including UEFI secure boot, BIOS control register bits, and protected range register, which are baked into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the firmware it runs. After discovering and analyzing the vulnerabilities, researchers from security firm ESET found a third vulnerability, CVE-2021-3970. It allows hackers to run malicious firmware when a machine is put into system management mode, a high-privilege operating mode typically used by hardware manufacturers for low-level system management. “All three of the Lenovo vulnerabilities discovered by ESET require local access, meaning that the attacker must already have control over the vulnerable machine with unfettered privileges,” notes Ars Technica’s Dan Goodin. “The bar for that kind of access is high and would likely require exploiting one or more critical other vulnerabilities elsewhere that would already put a user at considerable risk.”

Still, it’s worth looking to see if you have an affected model and, if so, patch your computer as soon as possible.

Read more of this story at Slashdot.

Volla Phone 22 Runs Ubuntu Touch Or a Privacy-Focused Android Fork Or Both

The Volla Phone 22, a new smartphone available for preorder via a Kickstarter campaign, is unlike any other smartphone on the market today in that it ships with a choice of the Android-based Volla OS or the Ubuntu Touch mobile Linux distribution. “It also supports multi-boot functionality, allowing you to install more than one operating system and choose which to run at startup,” writes Liliputing’s Brad Linder. Some of the hardware specs include a 6.3-inch FHD+ display, a MediaTek Helio G85 processor, 4GB of RAM, 128GB storage, 3.5mm audio jack and a microSD card reader. There’s also a 48-megapixel main camera sensor and replaceable 4,500mAh battery. From the report: While Volla works with the folks at UBPorts to ensure its phones are compatible with Ubuntu Touch, the company develops the Android-based Volla OS in-house. It’s based on Google’s Android Open Source Project code, but includes a custom launcher, user interface, and set of apps with an emphasis on privacy. The Google Play Store is not included, as this is a phone aimed at folks who want to minimize tracking from big tech companies. Other Google apps and services like the Chrome web browser, Google Maps, Google Drive, and Gmail are also omitted. The upshot is that no user data is collected or stored by Volla, Google, or other companies unless you decide to install apps that track your data. Of course, that could make using the phone a little less convenient if you’ve come to rely on those apps, so the Volla Phone might not be the best choice for everyone.

Volla OS also has a built-in user-customizable firewall, an App Locker feature for disabling and hiding apps, and optional support for using the Hide.me VPN for anonymous internet usage. The source code for Volla OS is also available for anyone that wants to inspect the code. The operating system also has a custom user interface including a Springboard that allows you to quickly launch frequently-used apps by pressing a red dot for a list, or by starting to type in a search box for automatic suggestions such as placing a phone call, sending a text message, or opening a web page. You can also create notes or calendar events from the Springboard or send an encrypted message with Signal. The phone is expected to ship in June at an early bird price of about $408.

Read more of this story at Slashdot.

Rolls-Royce Expects UK Approval For Small Nuclear Reactors By Mid-2024

Rolls-Royce is to start building parts for its small modular nuclear reactors in anticipation of receiving regulatory approval from the British government by 2024, one of its directors has said. The Guardian reports: Paul Stein, the chairman of Rolls-Royce SMR, a subsidiary of the FTSE 100 engineering company, said he hoped to be providing power to the UK’s national grid by 2029. Speaking to Reuters in an interview conducted virtually, Stein said the regulatory “process has been kicked off, and will likely be complete in the middle of 2024. We are trying to work with the UK government, and others to get going now placing orders, so we can get power on grid by 2029.”

Small modular reactors (SMRs) are seen by their proponents as a way to build nuclear power plants in factories, a method that could be cheaper and quicker than traditional designs. The technology, based on the reactors used in nuclear submarines, is seen by Rolls-Royce as a potential earner far beyond any previous business such as jet engines or diesel motors. The government under Boris Johnson put nuclear power at the centre of its energy strategy announced earlier this month, in response to climate concerns and a desire to ditch Russian gas. SMRs are expected to play an important role in an expansion of nuclear to supply a quarter of the UK’s energy needs. Lower costs would be crucial in justifying the nuclear push, given that onshore wind is seen as much cheaper and quicker to install.

Read more of this story at Slashdot.