X's struggles in Brazil got this update from the Guardian Wednesday: In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.
But Friday "After defying court orders in Brazil for three weeks, Mr. Musk's social network, X, has capitulated," writes the New York Times. "In a court filing on Friday night, the company's lawyers said that X had complied with orders from Brazil's Supreme Court in the hopes that the court would lift a block on its site."

"The company's lawyers said X had complied with the court's orders — blocking designated accounts, paying fines, and naming a new formal representative in the country," writes TechCrunch (citing reporting by the New York Times): In a filing of its own, the Supreme Court reportedly responded by telling X it had not provided the proper paperwork and giving it five days to do so....

X came back online in Brazil earlier this week, although Cloudflare CEO Matthew Prince told TechCrunch that the timing of the company's recent switch to Cloudflare infrastructure is just a "coincidence." During the ban, Brazilian users sought out social media alternatives, leading to dramatic growth at Bluesky and Tumblr.
The New York Times believes "The moment showed how, in the yearslong power struggle between tech giants and nation-states, governments have been able to keep the upper hand."

Although I'm curious about that missing paperwork...

An anonymous reader quotes a report from Bloomberg: Walmart customers will soon have the option to pay directly from their bank accounts with instant transfers for online purchases. The enhanced feature is a flash point in the escalating tensions between merchants and the card networks setting the fees for payment processing. The world's largest retailer has offered pay-by-bank through Walmart Pay since earlier this year. Until now, the transactions were akin to digital checks and took roughly three days to finalize when being processed through The Automated Clearing House, the same network often used for bill payments or paycheck deposits. Soon, customers opting for pay-by-bank transactions will see the purchase reflected in their bank account balance instantly -- and Walmart will receive the funds immediately. [...]

Walmart's upgraded pay-by-bank offering will be rolled out in 2025. The transactions will occur over bank technology provider Fiserv's NOW Network, which integrates with The Clearing House's Real Time Payments network and the Federal Reserve's FedNow. Until now, large retailers hesitated to launch real time payment options because many banks were not connected to an instant settlement system, meaning their customers would not be able to use the product. NOW Network aims to connect to as many banks as possible to reach 100% of deposit accounts by combining its own network with RTP and FedNow. The instant pay-by-bank product will be available for online checkout on Walmart.com. The Bentonville, Arkansas-based retailer already has customers set up a profile when they shop online. If they opt to add pay-by-bank as a payment option on their profile, they will enter their bank login credentials to connect their account. Fiserv's AllData platform connects with their bank clients and vendors including Plaid, MX, Akoya and Finicity to link and authenticate consumer accounts. With this instant pay-by-bank product, consumers will avoid stacked pending transactions, which can open them up to the risk of overdraft or non-sufficient fund fees from their bank. "When the transaction processes as a real time payment, customers get immediate access to see that payment come through, I see it hit my account and I can properly budget," said Jamie Henry, vice president of emerging payments at Walmart. "It's not as if I've got this phantom payment out there that's going to take place a couple days down the road."

Joe_Dragon shares a report: Four more large Internet service providers told the US Supreme Court this week that ISPs shouldn't be forced to aggressively police copyright infringement on broadband networks. While the ISPs worry about financial liability from lawsuits filed by major record labels and other copyright holders, they also argue that mass terminations of Internet users accused of piracy "would harm innocent people by depriving households, schools, hospitals, and businesses of Internet access."

The legal question presented by the case "is exceptionally important to the future of the Internet," they wrote in a brief filed with the Supreme Court on Monday. The amici curiae brief was filed by Altice USA (operator of the Optimum brand), Frontier Communications, Lumen (aka CenturyLink), and Verizon. The brief supports cable firm Cox Communications' attempt to overturn its loss in a copyright infringement lawsuit brought by Sony. Cox petitioned the Supreme Court to take up the case last month.

Sony and other music copyright holders sued Cox in 2018, claiming it didn't adequately fight piracy on its network and failed to terminate repeat infringers. A US District Court jury in the Eastern District of Virginia ruled in December 2019 that Cox must pay $1 billion in damages to the major record labels. Cox won a partial victory when the US Court of Appeals for the 4th Circuit vacated the $1 billion verdict, finding that Cox wasn't guilty of vicarious infringement because it did not profit directly from infringement committed by users of its cable broadband network. But the appeals court affirmed the jury's finding of willful contributory infringement and ordered a new damages trial.

Coming soon: Amazon sellers duking it out on TV to get their wares prime placement at the world's largest online retailer. Think "Shark Tank" meets Home Shopping Network. From a report: The e-commerce giant plans to introduce a new competition show next month in which entrepreneurs pitch their products to a studio audience as well as to judges including Amazon executives and celebrities like Goop founder Gwyneth Paltrow and designer Christian Siriano. Finalists will have their inventions sold in a new Amazon "Buy It Now" online store, and the winner of each episode will earn $20,000.

The show is the retailer's latest attempt to marry content and commerce. Persuading consumers to shop through Internet-enabled televisions has long been a goal of traditional entertainment companies, but getting viewers to scan the QR code can be difficult. By creating shows that highlight its sellers and their products, Amazon has a better shot at getting viewers to shop -- especially younger audiences who are already doing this on apps like TikTok, said Bernstein analyst Mark Shmulik. "This feels more elegant than QR codes," Shmulik said of Amazon's new game show. Over the past few years, Amazon has introduced ads with QR codes in about 100 shows and movies, including "The Summer I Turned Pretty," "The Boys" and, more recently, NFL football games.

Late last month, Brazilian Justice Alexandre de Moraes ordered X to suspend operations in Brazil after a months-long dispute with X owner Elon Musk. The conflict centered on Musk's refusal to appoint a legal representative in the country and his refusal to take down disinformation and far-right accounts. However, on Wednesday, X bypassed the court-ordered block by utilizing third-party cloud services, allowing many Brazilian users to access the platform without the need for a virtual private network (VPN). From a report: The number of Brazilians accessing X is unknown, according to [Abrint, the Brazilian Association of Internet and Telecommunications Providers]. "I believe the change was probably intentional. Why would X use a third-party service that ends up being slower than its own?" said Basilio Perez, a board member at Abrint.

Any revised order from Brazil's national telecommunications agency Anatel, which is responsible for implementing the court ruling, will need to be more specific, because blocking cloud access is complex and may jeopardize government agencies and financial services providers, Perez said.

Anatel has identified the problem and is working to first notify content delivery network providers, followed by telecom companies to block access again to X in Brazil, according to a person familiar with the situation. The same person said it is not clear how long it will take for the providers to comply with the order...

In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.

The Register's Jessica Lyons reports: Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer. It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft. It's worth noting the Feds have issued multiple security alerts this year about Beijing's spy crews including APT40 and Volt Typhoon, which has been accused of burrowing into American networks in preparation for destructive cyberattacks.

After discovering China's agents within its network in August, the manufacturer alerted local and federal law enforcement agencies and worked with government cybersecurity officials on attribution and mitigation, we're told. Binary Defense was also called in to investigate. Before being caught and subsequently booted off the network, the Chinese intruders uploaded a web shell and established persistent access, thus giving them full, remote access to the IT network -- putting the spies in a prime position for potential intellectual property theft and supply-chain manipulation. If a compromised component makes it out of the supply chain and into machinery in production, whoever is using that equipment or vehicle will end up feeling the brunt when that component fails, goes rogue, or goes awry.

"The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product -- whether it is the government, the US Department of the Defense, school systems â" assumes all of the risks of all the interconnected pieces of the supply chain," Dwyer told The Register. Plus, he added, adversarial nations are well aware of this, "and the attacks continually seem to be shifting left." That is to say, attempts to meddle with products are happening earlier and earlier in the supply-chain pipeline, thus affecting more and more victims and being more deep-rooted in systems. Breaking into a classified network to steal designs or cause trouble is not super easy. "But can I get into a piece of the supply chain at a manufacturing center that isn't beholden to the same standards and accomplish my goals and objectives?" Dwyer asked. The answer, of course, is yes. [...]

An anonymous reader shares a report: LinkedIn is using its users' data for improving the social network's generative AI products, but has not yet updated its terms of service to reflect this data processing, according to posts from various LinkedIn users and a statement from the company to 404 Media. Instead, the company says it will update its terms "shortly." The move is unusual in that LinkedIn appears to have gone ahead with training AI on its users' data, even creating a new option in its settings, without updating its terms of service, which is traditionally one of the main documents that can explain how users' data is collected or used.

An anonymous reader quotes a report from CBC News: Inside a bustling unit at St. Michael's Hospital in downtown Toronto, one of Shirley Bell's patients was suffering from a cat bite and a fever, but otherwise appeared fine -- until an alert from an AI-based early warning system showed he was sicker than he seemed. While the nursing team usually checked blood work around noon, the technology flagged incoming results several hours beforehand. That warning showed the patient's white blood cell count was "really, really high," recalled Bell, the clinical nurse educator for the hospital's general medicine program. The cause turned out to be cellulitis, a bacterial skin infection. Without prompt treatment, it can lead to extensive tissue damage, amputations and even death. Bell said the patient was given antibiotics quickly to avoid those worst-case scenarios, in large part thanks to the team's in-house AI technology, dubbed Chartwatch. "There's lots and lots of other scenarios where patients' conditions are flagged earlier, and the nurse is alerted earlier, and interventions are put in earlier," she said. "It's not replacing the nurse at the bedside; it's actually enhancing your nursing care."

A year-and-a-half-long study on Chartwatch, published Monday in the Canadian Medical Association Journal, found that use of the AI system led to a striking 26 percent drop in the number of unexpected deaths among hospitalized patients. The research team looked at more than 13,000 admissions to St. Michael's general internal medicine ward -- an 84-bed unit caring for some of the hospital's most complex patients -- to compare the impact of the tool among that patient population to thousands of admissions into other subspecialty units. "At the same time period in the other units in our hospital that were not using Chartwatch, we did not see a change in these unexpected deaths," said lead author Dr. Amol Verma, a clinician-scientist at St. Michael's, one of three Unity Health Toronto hospital network sites, and Temerty professor of AI research and education in medicine at University of Toronto. "That was a promising sign."

The Unity Health AI team started developing Chartwatch back in 2017, based on suggestions from staff that predicting deaths or serious illness could be key areas where machine learning could make a positive difference. The technology underwent several years of rigorous development and testing before it was deployed in October 2020, Verma said. Dr. Amol Verma, a clinician-scientist at St. Michael's Hospital who helped lead the creation and testing of CHARTwatch, stands at a computer. "Chartwatch measures about 100 inputs from [a patient's] medical record that are currently routinely gathered in the process of delivering care," he explained. "So a patient's vital signs, their heart rate, their blood pressure ... all of the lab test results that are done every day." Working in the background alongside clinical teams, the tool monitors any changes in someone's medical record "and makes a dynamic prediction every hour about whether that patient is likely to deteriorate in the future," Verma told CBC News.

An anonymous reader quotes a report from NBC News: Scientists in Brazil found microplastics in the brain tissue of cadavers, according to a new study published Monday in the journal JAMA Network Open. Mounting research over the last few years has found microplastics in nearly every organ in the body, as well as in the bloodstream and in plaque that clogs arteries. Whether these ubiquitous pollutants can reach the human brain has been a primary concern for scientists. The latest research looked at a part of the brain called the olfactory bulb, which processes information about smell. Humans have two olfactory bulbs, one above each nasal cavity. Connecting the olfactory bulb and the nasal cavity is the olfactory nerve.

Some researchers worry the olfactory pathway may also be an entry point for microplastics getting into the brain, beyond the olfactory bulb. "Previous studies in humans and animals have shown that air pollution reaches the brain, and that particles have been found in the olfactory bulb, which is why we think the olfactory bulb is probably one of the first points for microplastics to reach the brain," said lead study author Dr. Thais Mauad, an associate professor of pathology at the University of Sao Paulo Medical School in Brazil.

Mauad and her team took samples of olfactory bulb tissue from 15 cadavers of people who died between the ages of 33 and 100. Samples from eight of the cadavers contained microplastics -- tiny bits of plastic that ranged from 5.5 micrometers to 26.4 micrometers in size. In total, the researchers found 16 plastic fibers and particles in the tissues. The smallest were slimmer than the diameter of a human red blood cell, which measures about 8 micrometers. The most common type of plastic they found was polypropylene, followed by polyamide, nylon and polyethylene vinyl acetate. "The nose is a major point of defense to keep particles and dust out of the lungs," Campen wrote in an email. "So seeing some plastics in the olfactory system, especially given how they are being found everywhere else in the body, is completely expected." [...] "There is evidence that very small airborne particles can move to the brain via the olfactory bulb, but this is not known to be a major route of trafficking material to the brain," Campen said. Campen notes it's more likely that nanoplastics enter the brain through the bloodstream, which picks up plastic bits from the lungs or digestive tract, rather than the olfactory bulb. "However, it's extremely difficult for particles, even those in pharmaceuticals, to enter the brain through the blood," notes NBC News. "That's because the brain is surrounded by a semipermeable membrane called the blood-brain barrier."

IBM has acquired Kubecost, a FinOps startup that helps teams at companies like Allianz, Audi, Rakuten, and GitLab monitor and optimize their Kubernetes clusters with a focus on efficiency and, ultimately, cost. From a report: Tuesday's announcement follows IBM's $4.3 billion acquisition of Apptio in 2023, another company in the FinOps space. In previous years, we also saw IBM acquire companies like cloud app and network management firm Turbonomic and application performance management startup Instana. Now with the acquisition of KubeCost, IBM continues this effort to bolster its IT and FinOps capabilities as enterprises increasingly look to better manage their increasingly complex cloud and on-prem infrastructure.

Google's philanthropic arm is partially funding a new initiative that "aims to deploy more than 50 small satellites in low-Earth orbit to pinpoint flare-ups as small as a classroom anywhere in the world," reports Ars Technica. From the report: The FireSat constellation, managed by a nonprofit called Earth Fire Alliance (EFA), will be the first satellite fleet dedicated to detecting and tracking wildfires. Google announced a fresh investment of $13 million in the FireSat constellation Monday, building on the tech giant's previous contributions to support the development of custom infrared sensors for the FireSat satellites. Google's funding commitment will maintain the schedule for the launch of the first FireSat pathfinder satellite next year, EFA said. The first batch of satellites to form an operational constellation could launch in 2026.

The FireSat satellites will be built by Muon Space, a California-based satellite manufacturing startup. Each of the Muon Space-built microsatellites will have six-band multispectral infrared instruments, eyeing a swath of Earth some 900 miles (1,500 kilometers) wide, to pinpoint hotspots from wildfires. The satellites will have the sensitivity to find wildfires as small as 16 by 16 feet (5 by 5 meters). The network will use Google AI to rapidly compare observations ofany area of this size with previous imagery to determine if there is a fire, according to Google. AI will also take into account factors like nearby infrastructure and local weather in each fire assessment.

Google said it validated its detection model for smaller fires and established a baseline dataset for the AI by flying sensors over controlled burns. FireSat's partners announced the constellation in May after five years of development. The Environmental Defense Fund, the Moore Foundation, and the Minderoo Foundation also support the FireSat program. After detecting a wildfire, it's crucial for FireSat to quickly disseminate the location and size of a fire to emergency responders. With the first three satellites, the FireSat constellation will observe every point on Earth at least twice per day. "At full capability with 50+ satellites, the revisit times for most of the globe improve to 20 minutes, with the most wildfire-prone regions benefitting from sampling intervals as short as nine minutes," Muon Space said in a statement. "Today's announcement marks a significant milestone and step towards transforming the way we interact with fire," Earth Fire Alliance said in a statement. "As fires become more intense, and spread faster, we believe radical collaboration is key to driving much needed innovation in fire management and climate action."

An anonymous reader quotes a report from the Associated Press: The Postal Service's new delivery vehicles aren't going to win a beauty contest. They're tall and ungainly. The windshields are vast. Their hoods resemble a duck bill. Their bumpers are enormous. "You can tell that (the designers) didn't have appearance in mind," postal worker Avis Stonum said. Odd appearance aside, the first handful of Next Generation Delivery Vehicles that rolled onto postal routes in August in Athens, Georgia, are getting rave reviews from letter carriers accustomed to cantankerous older vehicles that lack modern safety features and are prone to breaking down -- and even catching fire.

Within a few years, the fleet will have expanded to 60,000, most of them electric models, serving as the Postal Service's primary delivery truck from Maine to Hawaii. Once fully deployed, they'll represent one of the most visible signs of the agency's 10-year, $40 billion transformation led by Postmaster General Louis DeJoy, who's also renovating aging facilities, overhauling the processing and transportation network, and instituting other changes. The current postal vehicles -- the Grumman Long Life Vehicle, dating to 1987 -- have made good on their name, outlasting their projected 25-year lifespan. But they're well overdue for replacement. Noisy and fuel-inefficient (9 mpg), the Grummans are costly to maintain. They're scalding hot in the summer, with only an old-school electric fan to circulate air. They have mirrors mounted on them that -- when perfectly aligned -- allow the driver to see around the vehicle, but the mirrors constantly get knocked out of alignment. Alarmingly, nearly 100 of the vehicles caught fire last year, imperiling carriers and mail alike.

The new trucks are being built with comfort, safety and utility in mind by Oshkosh Defense in South Carolina. Even tall postal carriers can stand up without bonking their heads and walk from front to back to retrieve packages. For safety, the vehicles have airbags, 360-degree cameras, blind-spot monitoring, collision sensors and anti-lock brakes -- all of which are missing on the Grummans. The new trucks also feature something common in most cars for more than six decades: air conditioning. And that's key for drivers in the Deep South, the desert Southwest and other areas with scorching summers. [...] Brian Renfroe, president of the National Letter Carriers Association, said union members are enthusiastic about the new vehicles, just as they were when the Grummans marked a leap forward from the previous old-school Jeeps. He credited DeJoy with bringing a sense of urgency to get them into production. "We're excited now to be at the point where they're starting to hit the streets," Renfroe said.

An EFF article calls out a "brazen attempt to privatize" a wireless frequency band (900 MHz) which America's FCC's left " as a commons for all... for use by amateur radio operators, unlicensed consumer devices, and industrial, scientific, and medical equipment." The spectrum has also become "a hotbed for new technologies and community-driven projects. Millions of consumer devices also rely on the range, including baby monitors, cordless phones, IoT devices, garage door openers." But NextNav would rather claim these frequencies, fence them off, and lease them out to mobile service providers. This is just another land-grab by a corporate rent-seeker dressed up as innovation. EFF and hundreds of others have called on the FCC to decisively reject this proposal and protect the open spectrum as a commons that serves all.

NextNav [which sells a geolocation service] wants the FCC to reconfigure the 902-928 MHz band to grant them exclusive rights to the majority of the spectrum... This proposal would not only give NextNav their own lane, but expanded operating region, increased broadcasting power, and more leeway for radio interference emanating from their portions of the band. All of this points to more power for NextNav at everyone else's expense.

This land-grab is purportedly to implement a Positioning, Navigation and Timing (PNT) network to serve as a US-specific backup of the Global Positioning System(GPS). This plan raises red flags off the bat. Dropping the "global" from GPS makes it far less useful for any alleged national security purposes, especially as it is likely susceptible to the same jamming and spoofing attacks as GPS. NextNav itself admits there is also little commercial demand for PNT. GPS works, is free, and is widely supported by manufacturers. If Nextnav has a grand plan to implement a new and improved standard, it was left out of their FCC proposal. What NextNav did include however is its intent to resell their exclusive bandwidth access to mobile 5G networks. This isn't about national security or innovation; it's about a rent-seeker monopolizing access to a public resource. If NextNav truly believes in their GPS backup vision, they should look to parts of the spectrum already allocated for 5G.

The open sections of the 900 MHz spectrum are vital for technologies that foster experimentation and grassroots innovation. Amateur radio operators, developers of new IoT devices, and small-scale operators rely on this band. One such project is Meshtastic, a decentralized communication tool that allows users to send messages across a network without a central server. This new approach to networking offers resilient communication that can endure emergencies where current networks fail. This is the type of innovation that actually addresses crises raised by Nextnav, and it's happening in the part of the spectrum allocated for unlicensed devices while empowering communities instead of a powerful intermediary. Yet, this proposal threatens to crush such grassroots projects, leaving them without a commons in which they can grow and improve.

This isn't just about a set of frequencies. We need an ecosystem which fosters grassroots collaboration, experimentation, and knowledge building. Not only do these commons empower communities, they avoid a technology monoculture unable to adapt to new threats and changing needs as technology progresses. Invention belongs to the public, not just to those with the deepest pockets. The FCC should ensure it remains that way.

NextNav's proposal is a direct threat to innovation, public safety, and community empowerment. While FCC comments on the proposal have closed, replies remain open to the public until September 20th. The FCC must reject this corporate land-grab and uphold the integrity of the 900 MHz band as a commons.

For 30 days, 17,000 AT&T workers in nine different states from the CWA union went on strike. As it began one North Carolina newspaper noted some AT&T customers "report prolonged internet outages." Last week an Emory University economist told NPR that "If it wasn't disruptive or it didn't have any kind of negative element towards customers, then AT&T, I suspect, wouldn't feel any kind of pressure to negotiate."

The 30-day strike was "the longest telecommunications strike in the region's history," according to the union — announcing today that they'd now negotiated "strong tentative contract agreements" and that workers would report to work for their scheduled shifts tomorrow. The new contract in the Southeast covers 17,000 workers technicians, customer service representatives and others who install, maintain and support AT&T's residential and business wireline telecommunications network in Alabama, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, South Carolina and Tennessee.

Wages and health care costs were key issues at the bargaining table, and the five-year agreement includes across the board wage increases of 19.33%, with additional 3% increases for Wire Technicians and Utility Operations. The health care agreement holds health care premiums steady in the first year and lowers them in the second and third years, with modest monthly increases in the final two years.
The statement adds that "CWA members and retirees from every region and sector of our union mobilized in support of our bargaining teams, including by distributing flyers with information about the strike at AT&T Wireless stores." CWA District 3 Vice President Richard Honeycutt added "We know that our customers have faced hardship during the strike as well. We are happy to be getting back to work keeping our communities safe and connected."

There's also a separate four-year agreement covering 8,500 AT&T West workers in California and Nevada. "Union members will meet to review the tentative agreements, before holding ratification votes in each region."

AT&T's chief operating officer said the Southeast agreement will "support our competitive position in the broadband industry where we can grow and win against our mostly non-union competitors."

An anonymous reader quotes a report from Wired: You can tell a lot about someone from their eyes. They can indicate how tired you are, the type of mood you're in, and potentially provide clues about health problems. But your eyes could also leak more secretive information: your passwords, PINs, and messages you type. Today, a group of six computer scientists are revealing a new attack against Apple's Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device's virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes. "Based on the direction of the eye movement, the hacker can determine which key the victim is now typing," says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.

To be clear, the researchers did not gain access to Apple's headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime. The researchers alerted Apple to the vulnerability in April, and the company issued a patch to stop the potential for data to leak at the end of July. It is the first attack to exploit people's "gaze" data in this way, the researchers say. The findings underline how people's biometric data -- information and measurements about your body -- can expose sensitive information and beused as part of the burgeoning surveillance industry.

The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people's avatars while they completed a variety of typing tasks. When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. "When we are typing our gaze will show some regular patterns," Zhan says. Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. "During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused," Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior.

The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they've made it. "The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected." Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn't have any knowledge of the victim's typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.

United Airlines said that it will outfit its entire fleet with Starlink internet service, aiming to keep fliers loyal by offering zippier, more reliable browsing and downloads that the carrier expects will mirror what travelers are used to on the ground. From a report: United's deal is a bet that Starlink's technology can propel it above rival carriers in offering fast, free Wi-Fi. The airline is in the midst of a broader effort to burnish its premium and business travel bona fides, which has included retrofitting planes with lots of power outlets and seat back screens.

The airline said it would begin testing the Starlink service early next year, with the first passenger flights likely equipped later in 2025. United said Starlink's service will be more reliable, particularly over oceans and other remote areas -- a key advantage for the airline's network of long-haul international flights that cross the Atlantic and Pacific oceans. It will allow passengers to access live TV and streaming, and to use several devices at once.

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. From a report: Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services.

Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download. The threat actor, known as "Fortibitch," claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay. In response to our questions about incident, Fortinet confirmed that customer data was stolen from a "third-party cloud-based shared file drive."

An anonymous reader shares a report: A giant unregulated currency is undermining America's fight against arms dealers, sanctions busters and scammers. Almost as much money flowed through its network last year as through Visa cards. And it has recently minted more profit than BlackRock, with a tiny fraction of the workforce. Its name: tether. The cryptocurrency has grown into an important cog in the global financial system, with as much as $190 billion changing hands daily. In essence, tether is a digital U.S. dollar -- though one privately controlled in the British Virgin Islands by a secretive crew of owners, with its activities largely hidden from governments.

Known as a stablecoin for its 1:1 peg to the dollar, tether gained early use among crypto aficionados. But it has spread deep into the financial underworld, enabling a parallel economy that operates beyond the reach of U.S. law enforcement. Wherever the U.S. government has restricted access to the dollar financial system -- Iran, Venezuela, Russia -- tether thrives as a sort of incognito dollar used to move money across borders. Russian oligarchs and weapons dealers shuttle tether abroad to buy property and pay suppliers for sanctioned goods. Venezuela's sanctioned state oil firm takes payment in tether for cargoes. Drug cartels, fraud rings and terrorist groups such as Hamas use it to launder income.

Yet in dysfunctional economies such as Argentina and Turkey, beset by hyperinflation and a shortage of hard currency, tether is also a lifeline for people who use it for quotidian payments and as a way to protect their savings. Tether is arguably the first successful real-world product to emerge from the cryptocurrency revolution that began over a decade ago. It has made its owners immensely rich. Tether has $120 billion in assets, mostly risk-free U.S. Treasury bills, along with positions in bitcoin and gold. Last year it generated $6.2 billion in profit, outearning BlackRock, the world's largest asset manager, by $700 million.

A month before its planned delivery after years of delay and cost growth, RTX's $7.6 billion ground network to control GPS satellites is still marred by problems that may further stall its acceptance by the US Space Force, congressional auditors said Monday. From a report: RTX's system of 17 ground stations for current and improved GPS satellites was supposed to be ready by October, when it would undergo a series of intense Space Force tests to assess whether it can be declared operational by December 2025. The system continues to draw the ire of lawmakers because it's running more than seven years late in a development phase that's about 73% costlier than initial projections.

Two rounds of testing by the company have been "marked by significant challenges that drove delays to the program's schedule," the Government Accountability Office said Monday in a broad review of the US military's GPS program, including improvements intended to block jamming by adversaries.

The Next Generation Operational Control System, known as OCX, is intended to provide improvements, including access to more secure, jam-resistant software for the military's use of the GPS navigation system, which is also depended on by civilians worldwide. "The program faces challenges from product deficiencies" that "create a risk of further delay," the Pentagon's Defense Contract Management Agency told the GAO, adding that it expects RTX at the earliest to deliver OCX by December.

The Wall Street Journal writes that Telegram "has become the premier internet platform to buy everything from hacked data and weapons to illicit drugs and child sexual abuse material, according to current and former law-enforcement officials and cybercrime researchers..."

And it's also being used by identity thieves: There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto... There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto.

In Russia, where Durov launched Telegram in 2013, it is also the go-to platform where middlemen arrange deals that get around U.S. sanctions, such as smuggling in weapons parts, the Journal previously reported. Several groups advertise the sale of drones and Starlinks — small antennas to access the satellite internet network run by Elon Musk's SpaceX — to Russian combat units in Ukraine. In February, Musk tweeted that no Starlinks had been directly or indirectly sold to Russia, to the best of the company's knowledge. "It's ground zero for every illicit activity you can think of," said Evan Kohlmann, founder of Cloudburst Technologies, which monitors cybercrime on Telegram and elsewhere, and a frequent adviser to U.S. agencies.