Covert CIA Websites Could Have Been Found By an ‘Amateur,’ Research Finds

An anonymous reader quotes a report from the Guardian: The CIA used hundreds of websites for covert communications that were severely flawed and could have been identified by even an “amateur sleuth,” according to security researchers. The flaws reportedly led to the death of more than two dozen US sources in China in 2011 and 2012 and also reportedly led Iran to execute or imprison other CIA assets. The new research was conducted by security experts at the Citizen Lab at the University of Toronto, which started investigating the matter after it received a tip from reporter Joel Schectmann at Reuters.

The group said it was not publishing a full detailed technical report of its findings to avoid putting CIA assets or employees at risk. But its limited findings raise serious doubts about the intelligence agency’s handling of safety measures. Using just a single website and publicly available material, Citizen Lab said it identified a network of 885 websites that it attributed “with high confidence” as having been used by the CIA. It found that the websites purported to be concerned with news, weather, healthcare and other legitimate websites. “Knowing only one website, it is likely that while the websites were online, a motivated amateur sleuth could have mapped out the CIA network and attributed it to the US government,” Citizen Lab said in a statement.

The websites were active between 2004 and 2013 and were probably not used by the CIA recently, but Citizen Lab said a subset of the websites were sill linked to active intelligence employees or assets, including a foreign contractor and a current state department employee. Citizen Lab added: “The reckless construction of this infrastructure by the CIA reportedly led directly to the identification and execution of assets, and undoubtedly risked the lives of countless other individuals. Our hope is that this research and our limited disclosure process will lead to accountability for this reckless behavior.” CIA spokesperson Tammy Kupperman Thorp said: “CIA takes its obligations to protect the people who work with us extremely seriously and we know that many of them do so bravely, at great personal risk. The notion that CIA would not work as hard as possible to safeguard them is false.”

Read more of this story at Slashdot.

Stadia Controllers Could Become E-Waste Unless Google Issues Bluetooth Update

With Stadia coming to an abrupt halt, gamers want Google to issue a software update for the controllers that unlocks Bluetooth to allow them to work wirelessly with other game systems. It would also “avoid a lot of plastic and circuit board trash,” adds Ars. From the report: Stadia’s controllers were custom-made to connect directly to the Internet, reducing lag and allowing for instant firmware updates and (sometimes painful) connections to smart TVs. There’s Bluetooth inside the Stadia controller, but it’s only used when you’re setting up Stadia, either with a TV, a computer with the Chrome browser, or a Chromecast Ultra. The Google Store’s page for the Stadia controller states in a footnote: “Product contains Bluetooth Classic radio. No Bluetooth Classic functionality is enabled at this time. Bluetooth Classic may be implemented at a later date.” (Bluetooth Classic is a more traditional version of Bluetooth than modern low-energy or mesh versions.) That potential later date can’t get much later for fans of the Stadia controller. Many cite the controller’s hand feel and claim it as their favorite. They’d like to see Google unlock Bluetooth to make their favorite something more than a USB-only controller and avoid a lot of plastic and circuit board trash.

“Now if you’d just enable Bluetooth on the controller, we could help the environment by not letting them become electronic waste,” writes Roadrunner571 on one of many controller-related threads on the r/Stadia subreddit. “They created trash and they at least owe it to me to do their best within reason to prevent millions of otherwise perfectly good controllers from filling landfills,” another wrote. Many have called for Google, if they’re not going to push a firmware update themselves to unlock the functionality, to open up access to the devices themselves, so the community can do it for them. That’s often a tricky scenario for large companies relying on a series of sub-contracted manufacturers to produce hardware. Some have suggested that the full refunds give Google more leeway to ignore the limited function of their devices post-shutdown. It’s worth noting that you can still plug a Stadia controller into the USB port on a Smart TV, computer, or gaming console and use it as a controller through a standard HID (Human Interface Device) connection. But, currently, it’s not possible to connect the controllers wirelessly, unless you go through a lot of effort.

Read more of this story at Slashdot.

Intel’s Self-Driving Technology Mobileye Unit Files for IPO

Intel has filed for an initial public offering of its self-driving technology business, Mobileye Global, braving the worst market for new US listings since the financial crisis more than a decade ago. Bloomberg reports: The company didn’t disclose terms of the planned share sale in its filing Friday with the US Securities and Exchange Commission. Mobileye will continue to be controlled by Intel after the IPO, according to the filing. Intel expects the IPO to value Mobileye at as much as $30 billion, less than originally hoped, Bloomberg News reported this month. If the listing goes ahead this year, it would be one of the biggest US offerings of 2022. Currently, only two companies have raised $1 billion or more on New York exchanges since Jan. 1, compared with 45 in 2021. This year, the US share of IPOs has shrunk to less then a seventh of the global total from half in 2021.

Intel Chief Executive Officer Pat Gelsinger is trying to capitalize on Jerusalem-based Mobileye, acquired in 2017 for $15 billion, with a partial spinoff of its shares. Mobileye makes chips for cameras and drive-assistance features, and is seen as a prized asset as the car industry races toward fully automated vehicles. Now with about 3,100 employees, Mobileye has collected data from 8.6 billion miles on the road from eight testing sites globally, according to its filing. The company says its technology leads in the race to shift the automotive industry away from human drivers. It’s shipped 117 million units of its EyeQ product.

Mobileye has been a particularly bright spot for Intel and has consistently grown faster than its parent. As of July, it had $774 million of cash and cash equivalents. In the 12 months ended Dec. 25, it had a net loss of $75 million on revenue of $1.39 billion. The company said it plans to use proceeds from the IPO to pay down debt and for working capital and general corporate purposes.

Read more of this story at Slashdot.

Two-Year Internet Outage In Ethiopia Continues

Zecharias Zelalem writes via Reuters: Few have been spared the effects of a nearly two-year internet and phone shutdown in Ethiopia’s northern Tigray region, which has been cut off since fighting erupted between Tigrayan rebels and government forces in November 2020. The conflict resumed last month after a months-long humanitarian truce, dashing hopes for communications to be restored. Even the head of the World Health Organization (WHO) Tedros Adhanom Ghebreyesus, who hails from Tigray, said he had been unable to reach his relatives back home, or send them money. “I don’t know even who is dead or who is alive,” Tedros told a recent news conference in London.

As fighting continues in Tigray and elsewhere in Ethiopia, the government of Prime Minister Abiy Ahmed says shutdowns are needed to curb violence, but critics accuse authorities of using the internet as a weapon of war. “Access to communications and other basic services, and most importantly humanitarian assistance, is explicitly used as a bargaining chip by the Ethiopian government,” said Goitom Gebreluel, a political analyst specialising in Horn of Africa affairs. “It is used as leverage against both Tigray and the international community.” In Ethiopia, sporadic internet and phone blackouts have been used as “a weapon to control and censor information,” the group said, making it difficult for journalists and activists to document alleged rights crimes, and for aid to be delivered.

In Tigray’s regional capital, Mekelle, emergency workarounds such as satellite phones have become a vital tool for aid agency operations. The International Committee of the Red Cross (ICRC) also maintains a satellite phone service for local residents — giving them a way to get a message to loved ones. So far this year, the ICRC has facilitated some 116,000 phone calls and oral messages “between family members separated by conflict and violence,” said spokesperson Alyona Synenko. With almost half of the region’s six million people in severe need of food, the shutdown as well as road blockades have hampered humanitarian aid deliveries, according to the U.N. World Food Program. The lack of mobile phone networks has also “crippled both the emergency and regular health monitoring systems,” a WHO spokesperson said in emailed remarks. The only way to communicate is “via paper reports that need to be delivered by hand. All meetings have to be held in person.”

Read more of this story at Slashdot.

SF To Feds: Cruise Driverless Cars Keep Blocking Our Roads

After years of lobbying the state to increase regulations on autonomous vehicles, San Francisco officials are taking their case to the feds. San Francisco Examiner reports: The directors of The City’s two main transportation agencies outlined their concerns about Cruise’s driverless cars in a letter to the National Highway Traffic Safety Administration regarding Cruise’s application to deploy a custom-built autonomous vehicle. In it, San Francisco Metropolitan Transportation Authority Director Jeffrey Tumlin and San Francisco County Transportation Authority Director Tilly Chang provide a comprehensive overview of disruptive and unsafe incidents that they say Cruise cars precipitated. The letter, sent on Sept. 21, comes as Cruise’s driverless cars continue to stop in the middle of San Francisco’s streets for extended periods of time, often in groups, blocking traffic until they can be remotely restarted or manually retrieved by Cruise staff. Over the past week, there were at least four such incidents, including one that delayed a couple of KRON4 reporters.

The City’s letter to NHTSA provides specific data on these incidents. Between May 29 and Sept. 5 of this year, 28 incidents of stopped Cruise cars blocking traffic were reported to 911. The City identified an additional 20 such incidents reported on social media over that time period, which does not include the events of the past week. The City estimates that these figures represent “a fraction of actual travel lane road failures,” since most of these events take place late at night, when Cruise offers its driverless ride-hailing service, and when few other people are on the streets. In light of these concerns, The City requests several new regulations on autonomous vehicles from NHTSA.

San Francisco’s letter is in response to a petition by General Motors, Cruise’s parent company, to manufacture and commercially deploy a custom-built autonomous vehicle called the Cruise Origin. It would be roughly the size of an SUV, but with no obvious front and back and no driver’s seat or steering wheel. In their letter on behalf of the entire city government, Tumlin and Chang stress that they “neither support nor oppose the Petition, but document safety hazards and street capacity issues raised by the operation of the Cruise AV on San Francisco streets.” They go on to call for several specific regulations they would like to see imposed on Cruise and Ford’s Argo AI, another company seeking to build and deploy a fully autonomous vehicle. Those recommendations include stringent data reporting requirements and incident reports, limiting the geographic area and the number of vehicles that can be deployed in San Francisco, and enabling first responders to manually turn off the vehicles. “Safety is the guiding principle of everything we do,” Cruise said in a statement regarding these incidents. “That means if our cars encounter a situation where they aren’t able to safely proceed they turn on their hazard lights and we either get them operating again or pick them up as quickly as possible. This could be because of a mechanical issue like a flat tire, a road condition, or a technical problem. We’re working to minimize how often this happens, and apologize to any other impacted drivers.”

Read more of this story at Slashdot.

Elon Musk Unveils Prototype of Humanoid Optimus Robot

Tesla CEO Elon Musk revealed a prototype of a humanoid robot that he said utilizes the company’s AI software, as well as the sensors that power its advanced driver assist features. The Verge reports: The robot was showcased at Tesla’s AI Day, and reps said it features the same technology used to enable the Full Self-Driving beta in Tesla’s cars. According to Musk, it can do more than what has been shown, but “the first time it walked without a tether was tonight on stage.” Musk said they’re targeting a price of “probably less than $20,000.” The back doors of the stage open to reveal a deconstructed Optimus that walked forward and did a “raise the roof” dance move. Musk would admit after the motion that they wanted to keep it safe and not make too many moves on stage and have it “fall flat on its face.” “It’ll be a fundamental transformation for civilization as we know it.” said Musk.

Afterward, the company showed a few video clips of the robot doing other tasks like picking up boxes. Then Tesla’s team brought out another prototype that has its body fully assembled but not fully functional. […] Future applications could include cooking, gardening, or even “catgirl” sex partners, Musk has said, while also claiming that production could start as soon as next year. Musk says the robot is “the most important product development we’re doing this year,” predicting that it will have the potential to be “more significant than the vehicle business over time.”

Musk first announced the “Tesla Bot” at last year’s AI Day.

Read more of this story at Slashdot.

Gmail Launches Pilot To Keep Campaign Emails Out of Spam

Google is launching a pilot program to keep emails from political campaigns from going to users’ spam folders this week, the company told Axios. From the report: Google asked the Federal Election Commission in June if a program that would let campaigns emails bypass spam filters, instead giving users the option to move them to spam first, would be legal under campaign finance laws. Despite hundreds of negative comments submitted to the FEC arguing against it, the FEC approved the program in August. Eligible committees, abiding by security requirements and best practices as outlined by Google, can now register to participate.

Google has come under fire that its algorithms unfairly target conservative content across its services, and that its Gmail service filters more Republican fundraising and campaign emails to spam. This is partly based on a study from North Carolina State University, though its authors say it has been misconstrued. “We expect to begin the pilot with a small number of campaigns from both parties and will test whether these changes improve the user experience, and provide more certainty for senders during this election period,” Jose Castaneda, a Google spokesperson, told Axios. “We will continue to listen and respond to feedback as the pilot progresses.” He added: “During the pilot, users will be in control through a more prominent unsubscribe button.”

Read more of this story at Slashdot.

Kindle Scribe Brings Writing To Amazon’s Popular E-Reader

[T]he Scribe brings something altogether new to the line: writing. For the first time since the first Kindle was introduced in late-2007, Amazon’s added the ability to write on-device with a stylus. TechCrunch reports: Amazon’s entry in the space has a 10.2-inch screen and a design partially reminiscent of the premium Kindle Oasis, include a large side bezel (no page turn buttons, unfortunately) you can hold onto while reading. It has a battery the company rates at “weeks,” keeping in line with its fellow readers. At 433 grams, it’s (predictably) the heaviest Kindle, which could put a bit of a crimp in those bedtime reading marathons. The device ships with its own stylus, which magnetically snaps on the side — similar to what you see on a lot of tablets. The stylus doesn’t requiring charging, and instead relies on EMR (electro-magnetic resistance) — that means, among other things, that other styli will likely work with the Scribe, though the company cautions against that (naturally), stating that their own is tuned specifically for work on the Kindle.

A more premium model will also be made available with a built-in button for quick actions. These styli allow for a variety of different line styles, though the tips are permanent, so that’s happening through the on-board software accessible via a software toolbar. The company says it specifically designed the display/stylus combo to mimic the feel of a pen on paper. […] Strangely, handwriting recognition will be missing at launch, though the feature is almost certainly on the company’s roadmap. It will, however, have a newly Streamlined software offering, allowing files to be shared off the device through the Kindle app, a web browser or email. The company also says it has updated the notoriously outdated Send to Kindle feature to help remove some of the friction from the process. Meanwhile, a deal with Microsoft will bring Word functionality to the product at some point early next year. […] Preorders for the $340 device start today, with shipping expected before the holidays (think November). Amazon announced more than ten new products at their event, including four new Echo devices, a new TV, and sleep tracker. CNBC highlights the biggest announcements in their report.

Read more of this story at Slashdot.

EU Proposes Rules Making It Easier To Sue Drone Makers, AI Systems

The European Commission on Wednesday proposed rules making it easier for individuals and companies to sue makers of drones, robots and other products equipped with artificial intelligence software for compensation for harm caused by them. Reuters reports: The AI Liability Directive aims to address the increasing use of AI-enabled products and services and the patchwork of national rules across the 27-country European Union. Under the draft rules, victims can seek compensation for harm to their life, property, health and privacy due to the fault or omission of a provider, developer or user of AI technology, or for discrimination in a recruitment process using AI.

The rules lighten the burden of proof on victims with a “presumption of causality”, which means victims only need to show that a manufacturer or user’s failure to comply with certain requirements caused the harm and then link this to the AI technology in their lawsuit. Under a “right of access to evidence,” victims can ask a court to order companies and suppliers to provide information about high-risk AI systems so that they can identify the liable person and the fault that caused the damage.

The Commission also announced an update to the Product Liability Directive that means manufacturers will be liable for all unsafe products, tangible and intangible, including software and digital services, and also after the products are sold. Users can sue for compensation when software updates render their smart-home products unsafe or when manufacturers fail to fix cybersecurity gaps. Those with unsafe non-EU products will be able to sue the manufacturer’s EU representative for compensation. The AI Liability Directive will need to be agreed with EU countries and EU lawmakers before it can become law.

Read more of this story at Slashdot.