Security

Fintech Giant Finastra Investigating Data Breach (krebsonsecurity.com) 8

An anonymous reader quotes a report from KrebsOnSecurity: The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra's day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra's internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems. "On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform," reads Finastra's disclosure, a copy of which was shared by a source at one of the customer firms. "There is no direct impact on customer operations, our customers' systems, or Finastra's ability to serve our customers currently," the notice continued. "We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing." But its notice to customers does indicate the intruder managed to extract or "exfiltrate" an unspecified volume of customer data.

United States

US Agency Votes To Launch Review, Update Undersea Telecommunications Cable Rules (usnews.com) 21

The Federal Communications Commission voted on Thursday to propose new rules governing undersea internet cables in the face of growing security concerns, as part of a review of regulations on the links that handle nearly all the world's online traffic. From a report: The FCC voted 5-0 on proposed updates to address the national security concerns over the global network of more than 400 subsea cables that handle more than 98% of international internet traffic. [...]

Baltic nations said this week they are investigating whether the cutting of two fiber-optic undersea telecommunication cables in the Baltic Sea was sabotage. Rosenworcel noted that in 2023 Taiwan accused two Chinese vessels of cutting the only two cables that support internet access on the Matsu Islands and Houthi attacks in the Red Sea may have been responsible for the cutting of three cables providing internet service to Europe and Asia.

AI

Inside the Booming 'AI Pimping' Industry (404media.co) 101

An anonymous reader quotes a report from 404 Media: Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps. The practice, first reported by 404 Media in April, has since exploded in popularity, showing that Instagram is unable or unwilling to stop the flood of AI-generated content on its platform and protect the human creators on Instagram who say they are now competing with AI content in a way that is impacting their ability to make a living.

According to our review of more than 1,000 AI-generated Instagram accounts, Discord channels where the people who make this content share tips and discuss strategy, and several guides that explain how to make money by "AI pimping," it is now trivially easy to make these accounts and monetize them using an assortment of off-the-shelf AI tools and apps. Some of these apps are hosted on the Apple App and Google Play Stores. Our investigation shows that what was once a niche problem on the platform has industrialized in scale, and it shows what social media may become in the near future: a space where AI-generated content eclipses that of humans. [...]

Out of more than 1,000 AI-generated Instagram influencer accounts we reviewed, 100 included at least some deepfake content which took existing videos, usually from models and adult entertainment performers, and replaced their face with an AI-generated face to make those videos seem like new, original content consistent with the other AI-generated images and videos shared by the AI-generated influencer. The other 900 accounts shared images that in some cases were trained on real photographs and in some cases made to look like celebrities, but were entirely AI-generated, not edited photographs or videos. Out of those 100 accounts that shared deepfake or face-swapped videos, 60 self-identify as being AI-generated, writing in their bios that they are a "virtual model & influencer" or stating "all photos crafted with AI and apps." The other 40 do not include any disclaimer stating that they are AI-generated.
Adult content creators like Elaina St James say they're now directly competing with these AI rip-off accounts that often use stolen content. Since the explosion of AI-generated influencer accounts on Instagram, St James said her "reach went down tremendously," from a typical 1 million to 5 million views a month to not surpassing a million in the last 10 months, and sometimes coming in under 500,000 views. While she said changes to Instagram's algorithm could also be at play, these AI-generated influencer accounts are "probably one of the reasons my views are going down," St James told 404 Media. "It's because I'm competing with something that's unnatural."

Alexios Mantzarlis, the director of the security, trust, and safety initiative at Cornell Tech and formerly principal of trust and safety intelligence at Google, started researching the problem to see where AI-generated content is taking social media and the internet. "It felt like a possible sign of what social media is going to look like in five years," said Mantzarlis. "Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram. This is probably a sign that it's going to be pretty bad."
Security

Ubuntu Linux Impacted By Decade-Old 'needrestart' Flaw That Gives Root (bleepingcomputer.com) 87

Five local privilege escalation (LPE) vulnerabilities in the Linux utility "needrestart" -- widely used on Ubuntu to manage service updates -- allow attackers with local access to escalate privileges to root. The flaws were discovered by Qualys in needrestart version 0.8, and fixed in version 3.8. BleepingComputer reports: Complete information about the flaws was made available in a separate text file, but a summary can be found below:

- CVE-2024-48990: Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library.
- CVE-2024-48992: The Ruby interpreter used by needrestart is vulnerable when processing an attacker-controlled RUBYLIB environment variable. This allows local attackers to execute arbitrary Ruby code as root by injecting malicious libraries into the process.
- CVE-2024-48991: A race condition in needrestart allows a local attacker to replace the Python interpreter binary being validated with a malicious executable. By timing the replacement carefully, they can trick needrestart into running their code as root.
- CVE-2024-10224: Perl's ScanDeps module, used by needrestart, improperly handles filenames provided by the attacker. An attacker can craft filenames resembling shell commands (e.g., command|) to execute arbitrary commands as root when the file is opened.
- CVE-2024-11003: Needrestart's reliance on Perl's ScanDeps module exposes it to vulnerabilities in ScanDeps itself, where insecure use of eval() functions can lead to arbitrary code execution when processing attacker-controlled input.
The report notes that attackers would need to have local access to the operation system through malware or a compromised account in order to exploit these flaws. "Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited," adds BleepingComputer.
Security

D-Link Tells Users To Trash Old VPN Routers Over Bug Too Dangerous To Identify (theregister.com) 144

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability. From a report: Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn't assigned it a CVE identifier or really said much about it at all other than that it's a buffer overflow bug that leads to unauthenticated RCE.

Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk. Previous bugs in similar products from other vendors have carried warnings that attackers could exploit them to install rootkits and use that persistent access to surveil an organization's web traffic, potentially stealing data such as credentials.
Further reading: D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices.
Security

Apple Says Mac Users Targeted in Zero-Day Cyberattacks (techcrunch.com) 9

Apple has pushed out security updates that it says are "recommended for all users," after fixing a pair of security bugs used in active cyberattacks targeting Mac users. From a report: In a security advisory on its website, Apple said it was aware of two vulnerabilities that "may have been actively exploited on Intel-based Mac systems." The bugs are considered "zero day" vulnerabilities because they were unknown to Apple at the time they were exploited.

[...] The vulnerabilities were reported by security researchers at Google's Threat Analysis Group, which investigates government-backed hacking and cyberattacks, suggesting that a government actor may be involved in the attacks.

Microsoft

Microsoft Rolls Out Recovery Tools After CrowdStrike Incident 60

Microsoft has announced sweeping changes to Windows security architecture, including new recovery capabilities designed to prevent system-wide outages following July's CrowdStrike incident that disabled 8.5 million Windows devices.

The Windows Resiliency Initiative introduces Quick Machine Recovery, allowing IT administrators to remotely fix unbootable systems through an enhanced Windows Recovery Environment. Microsoft is also mandating stricter testing and deployment practices for security vendors under its Microsoft Virus Initiative, including gradual rollouts and monitoring procedures.

The company is also developing a framework to move antivirus processing outside the Windows kernel, with a preview planned for security partners in July 2025.
AI

The US Patent and Trademark Office Banned Staff From Using Generative AI 33

An anonymous reader shares a report: The US Patent and Trademark Office banned the use of generative artificial intelligence for any purpose last year, citing security concerns with the technology as well as the propensity of some tools to exhibit "bias, unpredictability, and malicious behavior," according to an April 2023 internal guidance memo obtained by WIRED through a public records request. Jamie Holcombe, the chief information officer of the USPTO, wrote that the office is "committed to pursuing innovation within our agency" but are still "working to bring these capabilities to the office in a responsible way."

Paul Fucito, press secretary for the USPTO, clarified to WIRED that employees can use "state-of-the-art generative AI models" at work -- but only inside the agency's internal testing environment. "Innovators from across the USPTO are now using the AI Lab to better understand generative AI's capabilities and limitations and to prototype AI-powered solutions to critical business needs," Fucito wrote in an email.
Security

Court Documents: Spyware Group NSO's Pegasus Targeted Up To 'Tens of Thousands' 19

WhatsApp's newly unsealed court documents have exposed the extensive reach of NSO Group's Pegasus spyware operation, which targeted "between hundreds and tens of thousands" of devices, according to testimony from the company's head of research and development. The Israeli surveillance firm charged government customers up to $6.8 million for one-year licenses, generating at least $31 million in revenue in 2019 alone, TechCrunch first reported.

The documents detail previously unknown hacking tools named "Hummingbird," "Eden," and "Heaven," developed specifically to compromise WhatsApp users' devices. The revelations emerge from WhatsApp's ongoing 2019 lawsuit against NSO Group for alleged violations of U.S. anti-hacking laws.

Further reading: NSO, Not Government Clients, Operates Its Spyware.
Television

Could an Upcoming Apple Smart-Home Tablet Lead to Mobile Robots - and Maybe Even a TV Set? (bloomberg.com) 25

"Here's how Apple's next major product will work," writes Bloomberg's Mark Gurman: The company has been developing a smart home command center that will rival products like the Amazon Echo Hub and Google Nest Hub... The product will run many of Apple's core apps, like Safari, Notes and Calendar, but the interface will be centered on a customizable home screen with iOS-like widgets and smart home controls... The device looks like a low-end iPad and will include a built-in battery, speakers and a FaceTime camera oriented for a horizontal landscape view. The square device, which includes a roughly 6-inch screen, has sensors that let it change the interface depending on how far a user is from the screen. It will also have attachments for walls, plus a base with additional speakers so it can be placed on a table, nightstand or desk.

Apple envisions customers using the device as an intercom, with people FaceTiming each other from different rooms. They'll also be able to pull up home security footage, control their lights, and videoconference with family while cooking in the kitchen. And it will control music throughout the home on HomePod speakers. The device will work with hundreds of HomeKit-compatible items, a lineup that includes third-party switches, lights, fans and other accessories. But the company doesn't plan to roll out a dedicated app store for the product. Given the lack of success with app marketplaces for the Vision Pro, Apple Watch and Apple TV, that's not too surprising.

Looking ahead, the article concludes "The success of this device is still far from assured. Apple's recent track record pushing into new categories has been spotty, and its previous home products haven't been major hits."

But Gurman shares the most interesting part on X.com: If the product does catch on, it will help set the stage for more home devices. Apple is working on a high-end AI companion with a [$1,000] robotic arm and large display that could serve as a follow-up. The company could also put more resources into developing mobile robots, privacy-focused home cameras and speakers. It may even revisit the idea of making an Apple-branded TV set, something it's evaluating. But if the first device fails, Apple may have to rethink its smart home ambitions once again.
Gurman also writes that Apple is also working on a new AirTag with more range and improved privacy features (including "making it more difficult for someone to remove the speaker.")
Google

What Happened After Google Retrofitted Memory Safety Onto Its C++ Codebase? (googleblog.com) 140

Google's transistion to Safe Coding and memory-safe languages "will take multiple years," according to a post on Google's security blog. So "we're also retrofitting secure-by-design principles to our existing C++ codebase wherever possible," a process which includes "working towards bringing spatial memory safety into as many of our C++ codebases as possible, including Chrome and the monolithic codebase powering our services." We've begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs. While C++ will not become fully memory-safe, these improvements reduce risk as discussed in more detail in our perspective on memory safety, leading to more reliable and secure software... It's also worth noting that similar hardening is available in other C++ standard libraries, such as libstdc++. Building on the successful deployment of hardened libc++ in Chrome in 2022, we've now made it default across our server-side production systems. This improves spatial memory safety across our services, including key performance-critical components of products like Search, Gmail, Drive, YouTube, and Maps... The performance impact of these changes was surprisingly low, despite Google's modern C++ codebase making heavy use of libc++. Hardening libc++ resulted in an average 0.30% performance impact across our services (yes, only a third of a percent) ...

In just a few months since enabling hardened libc++ by default, we've already seen benefits. Hardened libc++ has already disrupted an internal red team exercise and would have prevented another one that happened before we enabled hardening, demonstrating its effectiveness in thwarting exploits. The safety checks have uncovered over 1,000 bugs, and would prevent 1,000 to 2,000 new bugs yearly at our current rate of C++ development...

The process of identifying and fixing bugs uncovered by hardened libc++ led to a 30% reduction in our baseline segmentation fault rate across production, indicating improved code reliability and quality. Beyond crashes, the checks also caught errors that would have otherwise manifested as unpredictable behavior or data corruption... Hardened libc++ enabled us to identify and fix multiple bugs that had been lurking in our code for more than a decade. The checks transform many difficult-to-diagnose memory corruptions into immediate and easily debuggable errors, saving developers valuable time and effort.

The post notes that they're also working on "making it easier to interoperate with memory-safe languages. Migrating our C++ to Safe Buffers shrinks the gap between the languages, which simplifies interoperability and potentially even an eventual automated translation."
Government

New Pentagon Report on UFOs: Hundreds of New Incidents, No Evidence of Aliens (apnews.com) 66

"The Pentagon's latest report on UFOs has revealed hundreds of new reports of unidentified and unexplained aerial phenomena," reports the Associated Press, "but no indications suggesting an extraterrestrial origin.

"The review includes hundreds of cases of misidentified balloons, birds and satellites as well as some that defy easy explanation, such as a near-miss between a commercial airliner and a mysterious object off the coast of New York." Federal efforts to study and identify UAPs have focused on potential threats to national security or air safety and not their science fiction aspects. Officials at the Pentagon office created in 2022 to track UAPs, known as the All-Domain Anomaly Resolution Office, or AARO, have said there's no indication any of the cases they looked into have unearthly origins. "It is important to underscore that, to date, the All-Domain Anomaly Resolution Office has discovered no evidence of extraterrestrial beings, activity, or technology," the authors of the report wrote... Reporting witnesses included commercial and military pilots as well as ground-based observers. Investigators found explanations for nearly 300 of the incidents. In many cases, the unknown objects were found to be balloons, birds, aircraft, drones or satellites. According to the report, Elon Musk's Starlink satellite system is one increasingly common source as people mistake chains of satellites for UFOs. Hundreds of other cases remain unexplained, though the report's authors stressed that is often because there isn't enough information to draw firm conclusions.

No injuries or crashes were reported in any of the incidents, though a commercial flight crew reported one near miss with a "cylindrical object" while flying over the Atlantic Ocean off the coast of New York. That incident remains under investigation. In three other cases, military air crews reported being followed or shadowed by unidentified aircraft, though investigators could find no evidence to link the activity to a foreign power.

The article points out that the report's publication comes "a day after House lawmakers called for greater government transparency during a hearing on unidentified anomalous phenomena." And it concludes with this quote from Republican Represenative Andy Ogles of Tennessee. "There is something out there. The question is: Is it ours, is it someone else's, or is it otherworldly?"
Power

Small Modular Nuclear Reactor Partnership Announced between America and Ukraine (kyivindependent.com) 124

An anonymous reader shared this report from the Kyiv Independent: The United States will partner with Ukraine to transition Ukraine's coal-fired plants to small modular nuclear reactors, and to use them to help decarbonize its steel industry, the countries announced on November 16 at the U.N. Climate Change Conference in Baku, Azerbaijan...

The partnership will build a roadmap and provide technical support to "rebuild, modernize, and decarbonize Ukraine's steel industry with small modular reactors," according to a statement from the U.S. State Department... It will also "facilitate the transition of Ukraine's coal-fired power plants to secure and safe SMR nuclear power plants utilizing existing infrastructure and retraining the workforce," the statement read.

Another project announced at the conference, known as COP29, will build a pilot plant in Ukraine to demonstrate production of clean hydrogen and ammonia using simulated small modular reactor technology.

That clean hydrogen/ammonia project involves a multinational public-private consortium which also includes Japan and South Korea, according to the U.S. State Department. Their announcement says the three projects "will help position Ukraine to take a leadership role on secure and safe nuclear energy" (as well as industrial decarbonization).

Three years ago the U.S. State Department launched a program to help countries develop nuclear energy programs "to support clean energy goals under the highest international standards for nuclear safety, security, and nonproliferation." That program will send $30 million for these three projects...
Privacy

T-Mobile Hacked In Massive Chinese Breach of Telecom Networks 25

Chinese hackers, reportedly linked to a Chinese intelligence agency, breached T-Mobile as part of a broader cyber-espionage campaign targeting telecom companies to spy on high-value intelligence targets. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a company spokesperson told the Wall Street Journal. Reuters reports: It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the report. On Wednesday, The Federal Bureau of Investigation (FBI) and the U.S. cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies. Further reading: U.S. Wiretap Systems Targeted in China-Linked Hack
United States

FTC Reports 50% Drop in Unwanted Call Complaints Since 2021 50

The Federal Trade Commission reported Friday that the number of consumer complaints about unwanted telemarketing phone calls has dropped over 50% since 2021, continuing a trend that started three years ago. From a report: This year, the FTC has received 1.1 million reports regarding robocalls, down from 1.2 million one year before 2023 and from more than 3.4 million in 2021. According to this year's National Do Not Call Registry Data Book -- which provides the most recent data on robocall complaints together with a complete state-by-state analysis -- the highest number of consumer complaints targeted unwanted calls about medical and prescription issues, with more than 170,000 reports (most of them robocalls) received until September 30, 2024.
Google

Google Rolls Out Call Screening AI To Thwart Phone Fraudsters (googleblog.com) 37

Google is rolling out AI-powered scam call detection for Android phones, aiming to protect users from increasingly sophisticated phone fraud schemes. The new feature, available in beta for Pixel 6 and newer devices, analyzes conversation patterns in real-time to identify potential scams. When suspicious patterns emerge, such as urgently requesting fund transfers, the system alerts users through audio, haptic, and visual warnings.

The detection system operates entirely on-device using Google's machine learning models, with no call audio or transcripts stored or transmitted externally. While Pixel 9 devices utilize Google's advanced Gemini Nano AI model, earlier Pixel phones use the standard machine learning for detection, the company said. The feature, which is opt-in and can be disabled at any time, is currently limited to English-speaking Phone by Google beta users in the United States. Google plans to expand availability to additional Android devices in the future.
Sci-Fi

Experts Testify US Is Running Secret UAP Programs (npr.org) 177

During a public joint hearing today titled "Unidentified Anomalous Phenomena: Exposing the Truth," four experts testified that the U.S. is running secret UAP programs, including crash retrieval and reverse-engineering programs for advanced nonhuman technology. Although the Pentagon maintains there's no evidence of alien spacecraft, witnesses like Luis Elizondo and Michael Gold argue that UAPs represent an intelligence enigma and call for open, stigma-free study to address potential security concerns and unknown scientific possibilities. NPR reports: Tim Gallaudet, retired rear admiral, U.S. Navy; CEO of Ocean STL Consulting, LLC
"Confirmation that UAPs are interacting with humanity came for me in January 2015," Gallaudet said in his written testimony (PDF). He describes being part of a pre-deployment naval exercise off the U.S. East Coast that culminated in the famous "Go Fast" video, in which a Navy F/A-18 jet's sensors recorded "an unidentified object exhibiting flight and structural characteristics unlike anything in our arsenal." He was among a group of commanders involved in the exercise who received an email containing the video, which was sent by the operations officer of Fleet Forces Command, Gallaudet said. "The very next day, the email disappeared from my account and those of the other recipients without explanation," he said.

Luis Elizondo, author and former Department of Defense official
Elizondo's written testimony (PDF) was brief and alleged that a secretive arms race is playing out on the global stage. "Let me be clear: UAP are real," he wrote. "Advanced technologies not made by our Government -- or any other government -- are monitoring sensitive military installations around the globe. Furthermore, the U.S. is in possession of UAP technologies, as are some of our adversaries." Elizondo is a former intelligence officer who later "managed a highly sensitive Special Access Program on behalf of the White House and the National Security Council," according to his official bio (PDF). "By 2012, [Elizondo] was the senior ranking person of the DOD's Advanced Aerospace Threat Identification Program, a secretive Pentagon unit that studied unidentified anomalous phenomena," his bio states, adding that he resigned in 2017.

Michael Gold, former NASA associate administrator of space policy and partnerships; member of NASA UAP Independent Study Team
Gold's written testimony (PDF) stressed the need for government agencies and academics to "overcome the pernicious stigma that continues to impede scientific dialogue and open discussions" about unexplained phenomena. "As the saying goes, the truth is out there," Gold said, "we just need to be bold enough and brave enough to face it."

Michael Shellenberger, founder of Public, a news outlet on the Substack platform
Shellenberger's testimony (PDF) ran to some 214 pages, including a lengthy timeline of UAP reports from 1947 to 2023. Shellenberger pressed the White House and Congress to act, calling for the adoption of UAP transparency legislation and cutting funds for any related programs that aren't disclosed to lawmakers. "UAP transparency is bi-partisan and critical to our national security," his written testimony stated.
You can watch the proceeding here.
Security

How Italy Became an Unexpected Spyware Hub (therecord.media) 13

Italy has emerged as a major global spyware hub alongside Israel and India, with at least six major vendors operating in the country with limited oversight, The Record reported this week, citing researchers and Italian experts. Companies like RCS Labs, which has operated since 1992, sell surveillance tools to both domestic law enforcement and foreign governments including Kazakhstan, Syria, and several Asian nations.

Italian authorities can rent spyware for $160 per day without large acquisition costs, leading to thousands of domestic surveillance operations in recent years. While new regulations taking effect in February 2024 will require judges to evaluate specific reasons for spyware use, critics cited in the story say the reform package won't address core issues like the lack of centralized oversight. The country's competitive marketplace and relatively lax export controls have also enabled Italian vendors to expand their overseas sales.
Sci-Fi

Congress To Hold Another UFO/UAP Hearing (space.com) 137

Longtime Slashdot reader thephydes writes: The hearing will go ahead on November 13 at 11:30 ET (16:30 GMT). Apparently, it will "further pull back the curtain on secret UAP research programs conducted by the U.S. government, and undisclosed findings they have yielded," according to a House statement. It's driven by two republicans, Nancy Mace (R-S.C.) and Glenn Grothman (R-Wis.), who say: "Americans deserve to understand what the government has learned about UAP sightings, and the nature of any potential threats these phenomena pose. We can only ensure that understanding by providing consistent, systemic transparency. We look forward to hearing from expert witnesses on ways to shed more light and bring greater accountability to this issue." "Expert witnesses in the hearing will include Luis Elizondo, a decorated former counterintelligence officer who has claimed for years that the U.S. government is hiding knowledge of UAP, including materials recovered from crashed flying saucers," reports Space.com. "The House hearing will also include Tim Gallaudet, a retired U.S. Navy Rear Admiral who observed unidentified submersible objects, arguing that 'these underwater anomalies jeopardize US maritime security.'"

"Other speakers at the hearing include journalist Michael Shellenberger, who has also claimed the U.S. government is hiding UFO crash retrieval programs, and former NASA Associate Administrator of Space Policy and Partnerships Michael Gold, who is a member of NASA's independent UAP study team."
Privacy

Open Source Project DeFlock Is Mapping License Plate Surveillance Cameras All Over the World (404media.co) 35

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Slashdot Top Deals