Toyota ‘Reviewing’ Key Fob Remote Start Subscription Plan After Massive Blowback

An anonymous reader shares a report: Earlier this month, we broke a story about Toyota locking its key fob remote start function behind a monthly subscription. If owners of certain models aren’t actively enrolled in a larger Toyota connected services plan, the proximity remote start function on the fob — that is, when you press the lock button three times to start the car while outside of it — will not work even though it sends the signal directly to the car. Obviously, this sent people into a frenzy whether they own a Toyota or not, because it was seen as a dark harbinger of the perils of fully-connected cars. Automakers now have the ability to nickel and dime people to death by charging ongoing subscription fees for functions that used to be a one-and-done purchase, and it looked like Toyota was hopping on the bandwagon.

At the time, Toyota declined to give us a detailed answer on why it chose to take a feature that doesn’t need an internet connection to function and moved it behind a paywall. Today, we’ve got answers. Toyota now claims it never intended to market the key fob remote start as a real feature, and it also says the subscription requirement was an inadvertent result of a relatively small technical decision related to the way its new vehicles are architectured. Finally, Toyota has heard the outrage over the last week — a spokesperson told us the company was caught off guard by the blowback — and its executive team is currently examining whether it’s possible to reverse course and drop the subscription requirement for key fob remote start.

Read more of this story at Slashdot.

Public Agencies Are Buying Up AI-Driven Hiring Tools and ‘Bossware’

Through public records requests, The Markup found more than 20 public agencies using the sometimes-controversial software. From the report: In 2020, the FDA’s Center for Drug Evaluation and Research (CDER) faced a daunting task: It needed to fill more than 900 job vacancies — and fast. The center, which does things like inspect pharmaceutical manufacturing facilities, was in the process of modernizing the FDA’s New Drugs Regulatory Program just as the pandemic started. It faced “a surge in work,” along with new constraints that have affected everyone during the pandemic, including travel limitations and lockdowns. So they decided to turn to an artificial intelligence tool to speed up the hiring, according to records obtained by The Markup. The center, along with the Office of Management and the Division of Management Services, the background section of a statement of work said, were developing a “recruitment plan to leverage artificial intelligence (AI) to assist in the time to hire process.”

The agency ultimately chose to use HireVue, an online platform that allows employers to review asynchronously recorded video interviews and have recruits play video games as part of their application process. Over the years the platform has also offered a variety of AI features to automatically score candidates. HireVue, controversially, used to offer facial analysis to predict whether an applicant would be a good fit for an open job. In recent years, research has shown that facial recognition software is racially biased. In 2019, the company’s continued use of the technique led one member of its scientific advisory board to resign. It has since stopped using facial recognition. The Markup used GovSpend, a database of procurement records for U.S. agencies at the state, local, and federal levels, to identify agencies that use HireVue. We also searched for agencies using Teramind and ActivTrak, both another kind of controversial software that allows employers to remotely monitor their workers’ browsing activities through screenshots and logs. The Markup contacted and filed public records requests with those 24 agencies to understand how they were using the software. Eleven public agencies, including the FDA, replied to The Markup with documents or confirmations that they had bought HireVue at some point since 2017. Of the six public agencies that replied to The Markup’s questions confirming that they actually used the software, all but one — Lake Travis Independent School District in Texas — confirmed they did not make use of the AI scoring features of the software. Documents and responses from 13 agencies confirmed that they purchased Teramind or ActivTrak at some point during the same time frame.

Read more of this story at Slashdot.

Virtual Guns in Videogames Could Soon Be Worth Real Money

Game makers are increasingly selling virtual weapons and gear as NFTs, extending the trendy digital deeds’ reach but rankling some players. From a report: More videogame makers are selling virtual guns, helmets and other gear in the form of NFTs, a move that is increasingly pushing the trendy digital deeds into the average household. Players have been paying for virtual goods in games like “Grand Theft Auto Online” and “World of Warcraft” for years, but turning those items into nonfungible tokens would let gamers trade and resell them, making them into potentially valuable assets. The change also could mean that players who buy an NFT in one game could use it later in other games, on social media and in other corners of the internet — an important step in developing an economy for the so-called metaverse. “FarmVille” maker Zynga and “Assassin’s Creed” creator Ubisoft Entertainment are among the first big, publicly traded gaming companies to say they are experimenting with the strategy. Electronic Arts, Playtika and others are also looking into NFTs’ potential use for engaging players.

“We’re doing this because this may be part of the future of gaming,” said Matt Wolf, Zynga’s new vice president of blockchain gaming. “This is all about community building.” Nonfungible tokens are essentially digital deeds that verify the authenticity of the items they represent as unique. They are the latest internet-based collecting craze, and so far they have come in forms ranging from digital artwork and trading cards to virtual real estate and sneakers, as well as concert tickets and even sports highlights. The tokens are stored on a blockchain, a digital ledger that shows when they were purchased and for how much, and ensures NFTs can’t be duplicated or changed. Amid all that activity, NFTs’ advent in videogames holds particular significance because gamers spend so much time in virtual worlds. That makes them potential early adopters in the metaverse — a virtual realm where proponents say people will work, play and shop and where technology experts say the ability to buy and sell NFTs will be key.

Read more of this story at Slashdot.

Second Ransomware Family Exploiting Log4j Spotted In US, Europe

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe. VentureBeat reports: A number of researchers, including at cybersecurity giant Sophos, have now said they’ve observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family — which has been revived following the discovery of the vulnerability in the widely used Log4j logging software. TellYouThePass is the second family of ransomware that’s been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

While previous reports indicated that TellYouThePass was mainly being directed against targets in China, researchers at Sophos told VentureBeat that they’ve observed the attempted delivery of TellYouThePass ransomware both inside and outside of China — including in the U.S. and Europe. “Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe,” said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday. Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said. TellYouThePass has versions that run on either Linux or Windows, “and has a history of exploiting high-profile vulnerabilities like EternalBlue,” said Andrew Brandt, a threat researcher at Sophos, in an email. The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence. In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability “in the wild to target both Windows and Linux systems.” TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

Read more of this story at Slashdot.

New Policing System Will Send Drones To the Source of Gunshots

A new policing system is being developed that will send autonomous drones equipped with shot-locating technology to the source of gunshots. “By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they’re heading into,” reports New Atlas. From the report: Already in use in over 120 cities in the US, South Africa and the Caribbean, the American ShotSpotter system utilizes a network of microphones within a neighborhood to detect “loud, impulsive sounds.” Whenever such a sound is detected, its geographical originating point can be triangulated by analyzing the millisecond differences in the times at which it was picked up by the different microphones — the closer a mic was to the gun, the earlier it will have detected the sound of that gun firing. That said, a combination of AI software and human staff (at a control center) is used to determine if the sound is indeed gunfire.

In the existing version of the system, police are quickly dispatched to the location. If they’re using ground transportation, however, it may take a while for them to get there. And even if the police department has a helicopter, performing pre-flight checks, etc will still take some time — assuming the aircraft isn’t already in the air on patrol, that is. With these potential limitations in mind, Israeli drone manufacturer Airobotics has teamed up with ShotSpotter to add autonomous drones to the mix. In the new version of the setup, police will still be dispatched, but so will the closest system-specific drone. That aircraft will be in the air within seconds, immediately flying to the source of the gunshots. By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they’re heading into.

Read more of this story at Slashdot.

Twitch Co-Founder Gets Discord Hacked, $150,000 Stolen From Users In NFT Scam

Luke Plunkett writes via Kotaku: Justin Kan, a co-founder of Twitch and the dude Justin.TV was named for, last week decided to launch a site called Fractal. It was to be a ‘marketplace’ where in-game items could be bought and sold as NFTs. Later, in Fractal’s Discord server, a link appeared advertising a drop of 3,333 NFTs. You may have guessed what happened next. As Twitch reporter Zach Bussey has detailed, the message, which appeared legit since it was coming from inside the house, had actually been posted by someone gaining access to Fractal’s Discord bot, pointing towards ‘Fractai’, not Fractal. The scammers managed to “sell” 3,294 NFTs before the plug was pulled. There were of course no actual NFTs being sold at all, just money being straight up stolen — over $150,000 — though you’d be forgiven for wondering what the difference is.

In response, the Fractal team issued a statement acknowledging the breach, along with a promise they are “going to make this right.” […] ractal say they are “planning to fully compensate these 373 victims,” before adding the extraordinary warning, “We must use our best judgement as there’s no ‘undo button’ in crypto,” making the entire post read like a textbook example of showcasing why this is such a shitty space. Meanwhile, Kan issued a short video statement of his own, alongside warnings that this Discord scam had been perpetrated on other NFT communities as well.

Read more of this story at Slashdot.

What Apple’s AR/VR Headset Could Look Like

Render creator Ian Zelbo has shared a trio of high-quality product renders of Apple’s upcoming AR/VR headset that’s expected to arrive in the fourth quarter of 2022. “The renders are based on earlier reporting from The Information and showcase the device in crisp 8K images,” reports Screen Rant. “Zelbo’s previously done renders for AirTag, iPhone 13, and other Apple gadgets leading up to their release — all of which have been incredibly representative of the final product.” From the report: Assuming Apple’s headset actually looks like this, it could be one of the best-designed gadgets in the niche so far. The front of the headset is taken up entirely by curved glass, with the frame touting a sleek (likely aluminum) construction. Behind that glass is a mesh fabric cushion — not unlike the cushions used for the earcups on AirPods Max. That AirPods Max inspiration is also seen with the oval button on top of the headset.

Moving to the headset’s strap, there’s clear inspiration taken from the Apple Watch’s sport band. It appears to have the same silicon design, loops, and metal clasp. The back of the headband also bears a resemblance to Apple’s AirTag Loop accessory thanks to its open design. Not only does the whole package look good, but it should also result in a very comfortable wearing experience. If the face cushion and head strap are even half as comfortable as the products they’re inspired by, that’s worth getting excited for.

Read more of this story at Slashdot.

US Returns $154 Million In Bitcoins Stolen By Sony Employee

The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. BleepingComputer reports: “According to the government’s complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. (“Sony Life”) in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts,” the Justice Dept said today. “Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California.”

According to court documents, Ishii switched the transfer address for a Sony Life transaction to use a Silvergate Bank account under his control. Ishii later converted the stolen funds into more than 3879 bitcoins via A Coinbase set up to automatically transfer all added funds to an offline cryptocurrency cold wallet […]. After converting the money to cryptocurrency, Ishii also tried persuading his supervisor and several Sony Life executives not to help investigators by emailing them a ransom note typed in English and Japanese. “If you accept the settlement, we will return the funds back. If you are going to file criminal charges, it will be impossible to recover the funds,” the note read. “We might go down behind all of this, but one thing is for sure, you are going to be right there next to us. We strongly recommend to stop communicate (sic) with any third parties including law enforcement.”

However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet. […] Tokyo’s Metropolitan Police Department arrested the 32-year-old Ishii the same day and criminally charged him on suspicion of obtaining $154 million dollars following fraudulent money transfers from mid-May.

Read more of this story at Slashdot.

Florida Manatees Facing Starvation to Be Fed in Trial Program

Wildlife officials in Florida are preparing to feed manatees in the wild, an unprecedented response to the animals’ mass starvation caused by the loss of seagrasses they normally eat. From a report: So far this year, 1,056 manatees have died in Florida, nearly double the average for the same period of the past five years, according to state data. While the record tally includes those killed by watercraft and other causes, malnourishment is the main reason propelling the increase, researchers say. The state’s total manatee population numbered at least 5,733 in 2019, the most recent year in which officials conducted a count. The U.S. Fish and Wildlife Service declared an “unusual mortality event” along Florida’s Atlantic coast this year — a designation indicating a significant die-off that demands an immediate response. The problem can worsen in the winter when the animals congregate in warmer waters that have become devoid of food, researchers say.

“The status of manatees going into this winter is so poor that without this supplemental feeding to help get them through, we’re going to have hundreds and hundreds of [them] dying,” said Patrick Rose, executive director of the advocacy group Save the Manatee Club. Seagrasses are disappearing because of deteriorating water quality caused by improperly treated sewage, leaking septic tanks and runoff containing fertilizer used for lawns and agriculture, researchers say. It’s part of a broader threat to other marine species, they say, and to Florida’s economy, which relies heavily on visitors drawn to the state’s coastline.

Read more of this story at Slashdot.