Tag Archives: author_name|Danny Gallagher

Turns out Redbox’s derelict kiosks are a big red security risk

Posted on by

It’s only been three months since the implosion of Redbox, but the company’s familiar red kiosks could become a security nightmare as they’re sold to the highest bidders.

Gizmodo reports at least one owner of a defunct DVD and Blu-ray dispenser found a way to obtain customers’ private information from an encrypted file on the machine, which contained more than just one person’s penchant for the Trolls franchise. The database also contained sensitive data like personal emails and home addresses.

On Mastodon, programmer Foone Turing, a self-described collector of weird things, said she cracked the encrypted files from a Redbox machine and matched the information she found to a real person.

The file she obtained came from a Redbox machine that had operated in Morganton, North Carolina. The information she pulled from the file showed a customer’s name, ZIP code and usage history. If you’re curious, they rented a copy of The Giver and The Maze Runner. I’ll bet that person is thankful they decided not to take out a copy of Disney’s Lone Ranger reboot.

Turing told Lowpass she was even able to obtain part of some customers’ credit card information. Even though there wasn’t an entire log, she noticed it still had “the first six and the last 4 [digits] of each credit card used, plus some lower-level transaction details.”

It also didn’t take a lot of hacking know-how to crack the machines. The code Redbox used to program the machines is “the kind of code you get when hire 20 new grads who technically know C# but none of them has [sic] written any software before,” Turing wrote on Mastodon.

Now here’s the kicker. It’s clear that Redbox’s parent company, Chicken Soup for the Soul, didn’t do a great job of wiping the machines before selling them off like old shoes at a garage sale. There are over 24,000 kiosks and some people are even buying them from the store and taking the things home. Suddenly, paying a couple of extra bucks for Netflix doesn’t sound as bad right now.

We’ve reached out to Chicken Soup for the Soul for comment.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/turns-out-redboxs-derelict-kiosks-are-a-big-red-security-risk-192246034.html?src=rss

Sam Altman’s Worldcoin startup is dropping the coin and doubling down on Orbs

Posted on by

Sam Altman’s Worldcoin is going to need some new business cards printed up because it’s dropping the “coin” in its name. The OpenAI CEO’s startup is shifting from cryptocurrency to focus more on its identification technology and it just unveiled a new version of its signature gadget.

Bloomberg reported that the new company called (wait for it) World will focus its eye scanning tech on confirming identities, something that could come in handy in a world of deep fake videos popping up all over the internet.

Co-founder and CEO Alex Blania introduced the World’s newest device called Orb, a biometric eye scanner used to confirm human identities through an identity service called Deep Face.

The latest model of the Orb, which uses NVIDIA’s Jetson chipset, will roll out to customers as the need arises. Chief Device Officer Rich Heley said at the San Francisco event that access to the Orb will be on demand and delivered the same way that people order pizza. A company statement says, “These advancements make it possible to offer new ways of providing World ID’s proof of human verification in more places around the world.”

According to the company’s website, almost 7 million people have been scanned by World Orbs to date. Everyone in attendance at the San Francisco launch event received a free Orb for their human identifying needs.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/sam-altmans-worldcoin-startup-is-dropping-the-coin-and-doubling-down-on-orbs-232105287.html?src=rss

A new trailer for the Dune: Prophecy series just dropped

Posted on by

A new trailer dropped on the opening day of the New York Comic Con for the new six-episode spinoff series Dune: Prophecy, a prequel to the recent films directed by Denis Villeneuve.

The new series will premiere November 17 at 9PM on HBO. Each episode will be available to stream on Max on Sundays following its TV broadcast.

The Dune prequel is based on the novel Sisterhood of Dune by Kevin J. Anderson and Brian Herbert, the son of Dune creator and science fiction writer Frank Herbert. The new HBO series takes place 10,000 years before the rise of Paul Atreides when the Bene Gesserit begins its ascension to power.

It tells the story of two Harkonnen sisters Valya and Tula, played by Emily Watson and Olivia Williams, who create the sisterhood that will inevitably become the Bene Gesserit, the social, spiritual and political order of powerful women seeking to control and shape the universe. Other members of the cast include Travis Fimmel, Jodhi May and Mark Strong.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/a-new-trailer-for-the-dune-prophecy-series-just-dropped-212154554.html?src=rss

ESPN faces $146K fine for using emergency alert tones in NBA ads

Posted on by

The Federal Communications Commission (FCC) could go all the way with a proposed fine against ESPN.

The proposal calls for a penalty of $146,976 against ESPN for violating the Emergency Alert System (EAS) rules when the network aired ads to promote the 2023-2024 NBA season. The FCC said the tones were used “in the absence of an actual emergency.”

The offending ads contained the unauthorized EAS tune and were aired six times from October 20 to 24, 2023. Several complaints were filed on October 20 about the TV spots. The cable network admitted in response to a letter of inquiry that it used the EAS attention signals in the ads.

ESPN will have an opportunity to respond to the proposed fine. The Commission will examine all the evidence and legal arguments surrounding the alleged illegal tone use before making a final decision on the matter.

This is the third time the network misused an emergency tone on air. The FCC issued a $1.12 million fine as part of a forfeiture order in 2015 when ESPN used EAS tones a total of 13 times across three of its cable networks. ESPN violated EAS tone usage rules a second time during an airing of one of its 30 for 30 documentaries Roll Tide/War Eagle, leading to a $20,000 fine in 2021.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/espn-faces-146k-fine-for-using-emergency-alert-tones-in-nba-ads-200054993.html?src=rss

AAAAAAH! Phasmophobia haunts consoles this month

Posted on by

Phasmophobia was one of the chief reasons a lot of gamers lost so much sleep during the pandemic. Now it’s finally headed to consoles after four years of frightening the hell out of us.

Kinetic Games’ ghost hunting game is heading to PlayStation 5, PS VR2 and Xbox Series X/S on October 29. Players on consoles and PCs through Steam can explore haunted places together in online sessions and discover the highest octave their voices can hit. Kinetic announced the game’s console release last year but unforeseen delays forced the studio to push back the date.

Since the game is launching on consoles just before Halloween, Kinetic Games is also holding a special in-game event. Teams will receive a special Halloween goal in which all teams playing on all platforms will work together to “permanently unlock the Blood Moon weather.” The achievement comes with a special badge and trophy and more reasons to scream your head off in future matches.

Phasmophobia is an addictive and horrifying four-player exploration game that came to life on PCs in 2020. As part of a team of ghost hunters, you’re dispatched to a haunted location to investigate and determine what type of horrifying soul is dispatching the living to the realm of the dead. Each team member uses various pieces of ghost hunting equipment and ethereal artifacts to determine the type of spirit doing the haunting and other required criteria about the entity, capture evidence of its presence and sometimes even make contact with the entity.

These ghosts and otherworldly creatures don’t just make doors slam shut and yell “Boo!” before scurrying off into the shadows. There are 20 different types of entities like banshees, demons wraiths and revenants that can call out your name in the darkness, drive down your sanity and even kill your ghost hunter if you're not careful.

This article originally appeared on Engadget at https://www.engadget.com/gaming/aaaaaah-phsamophobia-haunts-consoles-this-month-182546124.html?src=rss

Two Sudanese brothers accused of launching a dangerous series of DDoS attacks

Posted on by

Newly unsealed grand jury documents revealed that two Sudanese nationals allegedly attempted to launch thousands of distributed denial of services (DDoS) attacks on systems across the world. The documents allege that these hacks aimed to cause serious financial and technical harm to government entities and companies and even physical harm in some cases.

The US Department of Justice (DoJ) unsealed charges against Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer that resulted in federal grand jury indictments. The two are allegedly connected to more than 35,000 DDoS attacks against hundreds of organizations, websites and networks as part of a “hacktivism” scheme as part of the cybercrime group Anonymous Sudan and a for-profit cyberattack service.

Even though Anonymous Sudan claimed to be an activist group, the pair also held some companies and entity’s systems for ransom for rates as high as $1,700 per month.

Both face indictments for their role in the coordinated cyberattacks including one count each of conspiracy to damage protected computers. Ahmed also faces three additional counts of damaging protected computers and could receive a statutory maximum sentence of life in federal prison, according to court records filed last June in the US Central District Court of California.

The brothers’ activities date back to early 2023. The two used a distributed cloud attack tool (DCAT) referred to as “Skynet Botnet” in order to “conduct destructive DDoS attacks and publicly claim credit for them,” according to a DoJ statement. Ahmed posted a message on Anonymous Sudan’s Telegram channel, “The United States must be prepared, it will be a very big attack, like what we did in Israel, we will do in the United States ‘soon.’”

One of the indictments listed 145 “overt acts” on organizations and entities in the US, the European Union, Israel, Sudan and the United Arab Emirates (UAE). The Skynet Botnet attacks attempted to disrupt services and networks in airports, software networks and companies including Cloudflare, X, Paypal and Microsoft that caused outages for Outlook and OneDrive in June of last year. The attacks also targeted state and federal government agencies and websites including the Federal Bureau of Investigation (FBI), the Pentagon and the DoJ and even hospitals including one major attack on Cedars-Sinai Hospital in Los Angeles causing a slowdown of health care services as patients were diverted to other hospitals. The hospital attack led to the hacking charges against Ahmed that carry potential life sentences.

“3 hours+ and still holding,” Ahmed posted on Telegram in February, “they're trying desperately to fix it but to no avail Bomb our hospitals in Gaza, we shut down yours too, eye for eye...”

FBI special agents gathered evidence of the pair’s illegal activities including logs showing that they sold access to Skynet Botnet to more than 100 customers to carry out attacks against various victims who worked with investigators including Cloudflare, Crowdstrike, Digital Ocean, Google, PayPal and others.

Several Amazon Web Services (AWS) clients were among Anonymous Sudan’s victims as part of the hacking-for-hire scheme, according to court records and an AWS statement. AWS security teams worked with FBI cybercrime investigators to track the attacks back to “an array of cloud-based servers," many of which were based in the US. The discovery helped the FBI determine that the Skynet Botnet attacks were coming from a DCAT instead of a botnet that forwarded the DDoS to its victims through cloud-based servers and open proxy resolvers.

Perhaps the group’s most brazen and dangerous attack took place in April of 2023 that targeted Israel’s rocket alert system called Red Alert. The mobile app provides real time updates for missile attacks and security threats. The DDoS attacks attempted to infiltrate some of Red Alert’s Internet domains. Ahmed claimed responsibility for the Red Alert attacks on Telegram along with similar DDoS strikes on Israeli utilities and the Jerusalem Post news website.

“This group’s attacks were callous and brazen — the defendants went so far as to attack hospitals providing emergency and urgent care to patients,” US Attorney Martin Estrada said in a released statement. “My office is committed to safeguarding our nation’s infrastructure and the people who use it, and we will hold cyber criminals accountable for the grave harm they cause.”

Update, October 16, 7:25PM ET: This article was modified after publish to make clear that AWS clients, rather than AWS, were the target of Anonymous Sudan.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/two-sudanese-brothers-accused-of-launching-a-dangerous-series-of-ddos-attacks-215638291.html?src=rss

Google Flights now has a ‘Cheapest’ tab

Posted on by

Airline travel can get expensive and sometimes you don’t wanna wade through various options to find the lowest price. You just need the cheapest flight available and you don’t care who’s offering it.

Google added the tab to its Flights search engine that will cut your flight schedule search to the chase and just show you the “cheapest” options available, according to the official blog. So instead of wading through various fees and features, you can just view the cheapest options available from airlines and third-party airline booking sites.

The new feature is available starting today for US flights. Google will roll out the “cheapest” tab globally over the next few weeks.

The cheapest options for flights often involve what Google calls “creative itineraries” like longer than usual layovers and self-transfers from flight to flight. What we call them can’t be reprinted here. These inconveniences that make flights cheaper will now be listed under one tab.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/google-flights-now-has-a-cheapest-tab-190035611.html?src=rss

This underwater dog robot comes with its own horror soundtrack

Posted on by

The dog-esque robots created by the likes of Boston Dynamics and MAB Robotics are already horrifying thanks to a mix of the “Metalhead” episode of Black Mirror and humanity’s natural apprehension for an uncertain future. This one highlighted by TechCrunch really got under my skin in an unnatural way.

MAB’s Honey Badger Legged Robot can walk underwater and they took it on a test run for its YouTube channel. The steps it takes on the bottom of the pool create this weird ringing noise that’s just alarming as all hell. It’s like the engineering team hired John Carpenter to write a score for its robot.

It’s even scarier when the robot walks towards the camera like it’s hunting me down just before asphyxiation sets in and I drown. It sounds like they took a cue from the Skinamarink soundtrack. Someone make the horror in my head stop.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/this-underwater-dog-robot-comes-with-its-own-horror-soundtrack-215325892.html?src=rss

Nissan Ariya drivers will soon be able to use Tesla Superchargers

Posted on by

Nissan is the latest carmaker to join Tesla’s network of charging stations. The company announced that Nissan Ariya drivers can use the MyNissan app to find charging stations with plans to make the North American Charging Standard (NACS) adapter available to Ariya drivers.

The move to Tesla’s grid of Superchargers will expand Nissan’s charging network to 90,000 stations across the US. Nissan’s energy network also includes the Shell Recharge, ChargePoint and EVgo networks with plans to expand other networks as well. Nissan will begin offering EVs with NACS ports in the US and Canada sometime next year.

Nissan Leaf drivers won’t be able to use the new charging stations. Instead, they can still find NissanConnect EV and Services through the app.

Tesla may not be winning the EV battle when it comes to its embittered Cybertruck that’s now under its fifth recall, but it’s ahead in the charging battle. Stellantis announced that EVs for brands like Dodge, Fiat and Alfa Romeo will use Tesla’s NACS. General Motors started selling Tesla’s NACS adapter last month after a 15-month wait. Hyundai just started adapting its EVs including its Ioniq lineup to Tesla’s NACS system. At this point, nearly every major automaker has pledged to support the system, making Nissan one of the last holdouts.

This article originally appeared on Engadget at https://www.engadget.com/transportation/evs/nissan-ariya-drivers-will-soon-be-able-to-use-tesla-superchargers-195026448.html?src=rss

The New York Times tells Perplexity to stop using its content

Posted on by

One of the nation’s largest newspapers is targeting another AI firm for reusing its content without its permission. The Wall Street Journal reported that the New York Times sent a cease and desist letter to Perplexity, the AI startup funded by Amazon founder Jeff Bezos. The letter states that Perplexity’s use of the New York Times’ content to create answers and summaries with its AI portal violates copyright law. The letter states that Perplexity and its backers “have been unjustly enriched by using, without authorizations, The Times’ expressive, carefully written and researched, and edited journalism without a license” and gave the startup until October 30 to respond before taking legal action.

Perplexity CEO Aravind Srinivas told the Journal that they aren’t ignoring the notice. He added they are “very much interested in working with every single publisher, including the New York Times.”

This isn’t the first time an AI company has earned the wrath of the New York Times’ legal team. The newspaper took OpenAI and Microsoft to court over claims that both used articles from its pages to train its AI software. The suit alleges both companies used more than 66 million records across its archives to train its AI modes representing “almost a century’s worth of copyrighted content.”

Amazon Web Services’ cloud division also started an investigation over the summer into Perplexity AI. Wired reported that a machine hosted on Amazon Web Services and operated by Perplexity visited hundreds of Condé Nast publications and properties hundreds of times to scan for content to use in its response and data collections.

This article originally appeared on Engadget at https://www.engadget.com/ai/the-new-york-times-tells-perplexity-to-stop-using-its-content-175853131.html?src=rss