Slashdot

News for nerds, stuff that matters

Russia Hacks Doorbell Cameras To Spy On NATO Bases

Dutch intelligence agencies say Russian hackers have been hijacking unsecured internet-connected cameras, including likely doorbell and security cameras, to spy on NATO military bases and transport routes used to move weapons to Ukraine. "Organisations with IP [internet protocol] cameras on these routes have now been warned so that they could take action," said the AIVD domestic security and MIVD military intelligence agencies. Targeted NATO member states include the Netherlands and Ukraine. The Telegraph reports: While the intelligence agencies did not specify the type of cameras hacked, the doorbell systems are frequently used by people to monitor their property from mobile phones. Hackers then use readily available apps to scan for devices that might be accessible. The Dutch investigation found that many of the cameras were unsecured, and "often have standard passwords, outdated firmware and standard configurations." They said: "When the IP camera is identified, the malicious party can attempt to access the IP camera via the internet. This is often relatively easy, because many IP cameras connected to the internet are insufficiently secure."

[...] The practice is now considered easier and cheaper than using drones and satellites to gather intelligence. It also aids operational surprise because most camera owners are blissfully unaware their devices have been penetrated by hackers. Ground-based cameras offer a unique perspective on the terrain, which isn't the case with conventional aerial-based spy kit.

Read more of this story at Slashdot.

Feds Demand Autonomous Vehicle Companies Stop Interfering With First Responders

NHTSA is ordering autonomous vehicle developers to explain by the end of the month how they will stop driverless cars from interfering with police, firefighters, and paramedics. TechCrunch reports: [NHTSA Administrator Jonathan Morrison] noted in the letter (PDF) that the agency has "identified a clear pattern of driverless AVs interfering with law enforcement and other first responders," citing instances in which these vehicles drove into active emergency scenes, blocked the paths of ambulances and firefighters, or failed to recognize and respond to basic safety conditions like flashing lights, flares, smoke, fire, and traffic cones. The agency has demanded that AV developers present their "solutions" to this problem by the end of the month.

"Let me be clear: the inability to detect and appropriately respond to such situations represents a functional insufficiency," Morrison's letter reads. "Emergency scenes are not rare or extreme 'edge cases.' As such, NHTSA is today issuing a call to action for AV developers and operators to immediately focus their resources on fixing this issue." The agency doesn't explicitly call out any particular company in the letter; however, the details suggest it is directed at robotaxi operators like Waymo.

[...] The agency's letter to AV developers doesn't say what the consequences would be if the request is ignored. Nor does it outline what the acceptable solutions would be. But the agency does imply it would hold companies accountable, just as it does human drivers who impede law enforcement. "Every second matters when law enforcement officers, firefighters, or paramedics are answering a call because lives are on the line," the letter states. "That is why human drivers who impede these operations are subject to fines and even jail time."

The agency also noted in a press release accompanying the letter that it's making progress on updating Federal Motor Vehicle Safety Standards (FMVSS) requirements, which govern vehicle design and equipment requirements. These proposed changes could help autonomous vehicle companies like Tesla and Zoox, which are developing vehicles without steering wheels, pedals, or other features required on human-driven cars. The agency has already proposed rules that would eliminate the need for windshield wipers, sun visors, defogging systems, and tire placards. The agency released a new 2026 Regulatory Plan and Unified Agenda last week, outlining its proposals.

Read more of this story at Slashdot.

NYC To Become First In US To Ban Deceptive Subscription Practices

On October 1st, New York City will become the first U.S. city to ban deceptive subscription practices, requiring companies to offer simple cancellation options or face fines of $525 per user subscription, back fees, and additional penalties. The Mamdani administration is also proposing a junk-fee rule requiring sellers, landlords, hotels, and other businesses to "advertise the total price for any good or service, including all mandatory additional charges and fees, up front." The Guardian reports: "People shouldn't have to wait on hold for half an hour or send a certified letter or show up to a store in person in order to cancel" a subscription, said Samuel AA Levine, the city's commissioner of consumer and worker protection, in an interview. The new measures are expected to be announced in a press conference on Friday morning.

The proposed fee rule could have an especially wide impact, sending ripples through New York's expensive housing market, where about 70% of residents rent. Apartment renters in the US face a rising tide of add-on fees such as "boiler management" and "lifestyle" charges from management companies, which make true rental costs hundreds of dollars higher than the price stated on real-estate company websites.

If the proposed renters rule passes after public comment and hearing, any mandatory fees, including annual ones, would need to be included in the stated monthly rental price, Levine said. The current situation creates "a scenario where rather than competing on price, companies are competing on their ability to hide the true price. That's the worst kind of incentive" -- and one that deeply distorts the market, Levine said.

Read more of this story at Slashdot.

Disable Autoplay and Infinite Scroll Or Risk Massive Fines, EU Tells Meta

An anonymous reader quotes a report from Ars Technica: The European Union is ramping up pressure on Meta to make big changes to Facebook and Instagram after the European Commission preliminarily found that features like autoplay, infinite scroll, and highly personalized content recommendations were addictive. On Thursday, the EC said its investigation indicated that "Meta did not adequately assess the risks of its addictive design on the physical and mental wellbeing of users, including minors and vulnerable adults." "These features fuel the user's urge to keep scrolling and shift the brain into 'autopilot mode,' contributing to unhealthy habits and compulsive use," the commission said. Over the next few months, Meta will have an opportunity to dispute the claims, and it has already taken a defensive stance. Meta's spokesperson, Ben Walters, told Reuters that Meta disagrees with the commission's preliminary findings, which supposedly "don't accurately take into account the significant steps we've taken to protect teens."

"Since this investigation began, we rolled out Teen Accounts that automatically protect teens and put parents in control -- allowing them to block access to Instagram at night and cap daily screen time at just 15 minutes," Walters said. However, the EC emphasized that Meta's current mitigation efforts, including time management tools activated by default for teens, "failed to effectively tackle the risks stemming from its addictive design." Additionally, parental controls were deemed "only effective if parents and guardians possess adequate technical expertise" and dedicated "effort and time to understand them effectively." "This undermines the efficiency of such measures in addressing the inherent risks posed by Instagram and Facebook's addictive design," the EC said, particularly for minors.

At this stage, the EC recommended that Meta consider "disabling key addictive features such as 'autoplay' and 'infinite scroll' by default, implementing effective 'screen time breaks,' and adapting its recommender system to make it less engagement-oriented." If Meta fails to make changes to comply with the EU's Digital Services Act, the company risks fines up to 6 percent of its global annual turnover when the EC makes its final decision in the coming months. "Our starting point is that, based on our findings, this design is too addictive and changes need to be made," Henna Virkkunen, the EU's tech chief, told Reuters. "The next step is either that Meta changes its design or a non-compliance decision will follow," she said, noting in the press release that the EU's priority is "protecting the physical and mental health of Europeans." "The Digital Services Act provides a clear framework to hold platforms accountable for the addictive design and effects of their services," Virkkunen said. "We are fully committed to enforcing our legislation in Europe."

The report also notes that the EC will share findings from experts on Monday that "could help pave the way for a Europe-wide social media ban for teenagers." It's not looking much better for Meta in the U.S., either. The company faces a lawsuit from 29 states that claim Meta's platforms addict kids. "That trial begins in August, and states may seek up to $1.4 trillion in penalties if Meta is found guilty," reports Ars.

Read more of this story at Slashdot.

Spanje op valreep langs België door fout invalkeeper Senne Lammens

De gouden generatie van België blijft zonder grote prijs. Mikel Moreno profiteerde in de 88ste minuut van een fout van de ingevallen keeper Senne Lammens en schoot Spanje daarmee naar de halve finale.

Friday Squid Blogging: “Squidbleed” Vulnerability

In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Oak Alley Plantation

Thomas Hawk posted a photo:

Oak Alley Plantation

As You Take to the Wind

Thomas Hawk posted a photo:

As You Take to the Wind

Women's March Oakland 2019

Thomas Hawk posted a photo:

Women's March Oakland 2019

Juneau, Alaska

Thomas Hawk posted a photo:

Juneau, Alaska