Jennifer Pattison Tuohy reports via The Verge: The Chamberlain Group -- owners of the MyQ smart garage door controller tech -- has announced it's shut off all "unauthorized access" to its APIs. The move breaks the smart home integrations of thousands of users who relied on platforms such as Homebridge and Home Assistant to do things like shut the garage door when they lock their front door or flash a light if they leave their door open for 10 minutes, or whatever other control or automation they wanted to do with the device they bought and paid for.

The move comes a year after Chamberlain discontinued its official Apple HomeKit integration and a few months after it finally killed support for Google Assistant. It's sadly another example of how the company continues to be hostile to the interoperable smart home. Last week, in a blog post, Dan Phillips, chief technology officer of Chamberlain, explained the reasons behind its latest move: "Chamberlain Group recently made the decision to prevent unauthorized usage of our myQ ecosystem through third-party apps. This decision was made so that we can continue to provide the best possible experience for our 10 million+ users, as well as our authorized partners who put their trust in us. We understand that this impacts a small percentage of users, but ultimately this will improve the performance and reliability of myQ, benefiting all of our users." When asked what customers that relied on these now-defunct integrations do, a spokesperson for the company said: "We have a number of authorized partners that we will be happy for people to use," pointing to its partner webpage.

"However, those partners are primarily smart security companies with monthly subscriptions (such as Alarm.com and Vivint) and car manufacturers," notes The Verge. Some alternatives to a MyQ smart garage controller are mentioned in the report, such as Tailwind's $90 iQ3 Pro smart garage controller, Meross' $60 Smart Wi-Fi Garage Door Opener, iSmartgate's $40 iSmartgate Mini, and Ratgdo's $30 Wi-Fi control board.

The moral for smart home users, as summed up by Home Assistant founder Paulus Schoutsen, is: "Buy products that work locally and won't stop functioning when management wants an additional revenue stream."

According to the Wall Street Journal, Intel may receive billions in U.S. government funding to build secret facilities that produce microchips for the military. SiliconANGLE reports: The facilities, which have not yet been disclosed, would be designated as a "secure enclave" to reduce the military's dependence on chips imported from East Asia, particularly Taiwan, which is at risk of a future invasion from China. The funding for the new facilities would come from the $52.7 billion allocated under the Chips Act, signed into law by President Biden in August 2022. The Chips Act, which had bipartisan support, promotes chipmaking and scientific research through funding and tax credits. The law is aimed at encouraging domestic manufacturing of semiconductors and helping U.S. companies compete with China in developing cutting-edge technologies.

The new Intel facilities, presuming they go ahead, could reside partly at Intel's Arizona factory complex, according to sources referenced in the Journal report. The exact amount of funding that will be made available is not yet known, but "people familiar with the situation" tell the Journal that they could cost about $3 billion to $4 billion, which would come from the $39 billion set aside in the Chips Act for manufacturing grants. Officials from the Commerce Department, the Office of the Director of National Intelligence and the Defense Department are said to be negotiating the project with Intel but have not yet made a final decision.

The first manufacturing grants under the Chip Act are expected to be announced in the coming weeks. The program was reported to have had more than 500 entities express interest and more than 130 have submitted applications or pre-applications for funding.

Tech groups have called on ministers to clarify the extent of proposed powers that they fear would allow the UK government to intervene and block the rollout of new privacy features for messaging apps. FT: The Investigatory Powers Amendment Bill, which was set out in the King's Speech on Tuesday, would oblige companies to inform the Home Office in advance about any security or privacy features they want to add to their platforms, including encryption. At present, the government has the power to force telecoms companies and messaging platforms to supply data on national security grounds and to help with criminal investigations.

The new legislation was designed to "recalibrate" those powers to respond to risks posed to public safety by multinational tech companies rolling out new services that "preclude lawful access to data," the government said. But Meredith Whittaker, president of private messaging group Signal, urged ministers to provide more clarity on what she described as a "bellicose" proposal amid fears that, if enacted, the new legislation would allow ministers and officials to veto the introduction of new safety features. "We will need to see the details, but what is being described suggests an astonishing level of technically confused government over-reach that will make it nearly impossible for any service, homegrown or foreign, to operate with integrity in the UK," she told the Financial Times.

Mark Tyson reports via Tom's Hardware: A commercial smartphone or Linux computer can be used to crack RSA-2048 encryption, according to a prominent research scientist. Dr Ed Gerck is preparing a research paper with the details but couldn't hold off from bragging about his incredible quantum computing achievement (if true) on his LinkedIn profile. Let us be clear: the claims seem spurious, but it should be recognized that the world isn't ready for an off-the-shelf system that can crack RSA-2048, as major firms, organizations, and governments haven't yet transitioned to encryption tech that is secured for the post-quantum era.

In his social media post, Gerck states that a humble device like a smartphone can crack the strongest RSA encryption keys in use today due to a mathematical technique that "has been hidden for about 2,500 years -- since Pythagoras." He went on to make clear that no cryogenics or special materials were used in the RSA-2048 key-cracking feat. BankInfoSecurity reached out to Gerck in search of some more detailed information about his claimed RSA-2048 breakthrough and in the hope of some evidence that what is claimed is possible and practical. Gerck shared an abstract of his upcoming paper. This appears to show that instead of using Shor's algorithm to crack the keys, a system based on quantum mechanics was used, and it can run on a smartphone or PC.

In some ways, it is good that the claimed breakthrough doesn't claim to use Shor's algorithm. Alan Woodward, a professor of computer science at the University of Surrey, told BankInfoSecurity that no quantum computer in existence has enough gates to implement Shor's algorithm and break RSA-2048. So at least this part of Gerck's explanation checks out. However, the abstract of Gerck's paper looks like it is "all theory proving various conjectures - and those proofs are definitely in question," according to Woodward. The BankInfoSecurity report on Gerck's "QC Algorithms: Faster Calculation of Prime Numbers" paper quotes other skeptics, most of whom are waiting for more information and proofs before they organize a standing ovation for Gerck.

Jacob Knutson reports via Axios: Sensitive, highly detailed personal data for thousands of active-duty and veteran U.S. military members can be purchased for as little as one cent per name through data broker websites, according to a new study (PDF) published on Monday by Duke University researchers. [...] The data about military personnel purchased as part of the study included full names, physical and email addresses, health and financial information and details about their ethnicity, religious practices and political affiliation. In some cases, the information also included whether the person owned or rented a home, was married or had children. The children's ages and sexes were accessible, too.

The researchers bought data on up to around 45,000 military personnel for between $0.12 to $0.32 per record. They also bought data belonging to 5,000 friends and family members of military personnel. Larger data purchases of over 1.5 million service members were available for as little as $0.01 per record from at least one broker the researchers contacted. The researchers called on Congress to pass a comprehensive privacy law and for regulatory agencies like the Federal Trade Commission to develop rules to govern military personnel data purchases.

The city of Washington D.C. is planning to give residents Apple AirTags to help officers track down stolen vehicles. PCMag reports: "Last week, we introduced legislation to address recent crime trends; this week, we are equipping residents with technology that will allow MPD to address these crimes, recover vehicles, and hold people accountable," D.C. Mayor Muriel Bowser said in a statement. "We have had success with similar programs where we make it easier for the community and MPD to work together -- from our Private Security Camera Incentive Program to the wheel lock distribution program -- and we will continue to use all the tools we have, and add new tools, to keep our city safe."

At launch, the AirTags will be available to residents in specific areas of the city that have recently seen the largest increase in vehicle thefts. To obtain the tags, residents will have to attend one of three scheduled distribution events next week where officers will install the device on the resident's cars and help them set up the tracking tag on their mobile devices. The program is currently available for residents who live in Police Service Areas 106, 501, 502, 603, 605, and 606. Check where you live on the MPD's website.

China's presence is growing in cybersecurity technology, with companies such as Huawei and Tencent accounting for six of the top 10 global patent holdings in the sector as of August. From a report: Chinese companies have made headway in technological fields that affect economic security, according to industry insiders, as they focus on fostering their own tech amid the growing standoff between the U.S. and China. The rankings, compiled by Nikkei in cooperation with U.S. information services provider LexisNexis, are based on patents registered in 95 countries and regions, including Japan, the U.S., China and the European Union. Patent registrations were screened for the cybersecurity field using such factors as the international patent classification, with filings of the same patent in multiple countries counted as a single patent.

As of August, IBM led the rankings with 6,363 patents. Huawei Technologies came in second with 5,735 patents and Tencent Holdings placed third with 4,803. Other Chinese companies in the top 10 included financial services provider Ant Group in sixth with 3,922 patents, followed by power transmission company State Grid Corp. of China with 3,696, Alibaba Group Holding with 3,122 and sovereign wealth fund China Investment with 3,042. Patent applications filed by Chinese companies have increased since around 2018, when the U.S. began to impose full-scale export controls on Chinese high-tech companies. Compared with 10 years ago, IBM's patent holdings increased by a factor of 1.5. In contrast, holdings for Huawei and Tencent were 2.3 times and 13 times higher, respectively.

Epic Games, the maker of the popular game "Fortnite," has launched a battle against Google in federal court in a closely watched antitrust showdown that could reshape how smartphone users get Android apps and pay for in-app content. From a report: Epic's lawsuit in the US District Court in California's Northern District targets the Google Play Store, focusing on Google's fees for in-app subscriptions and one-off transactions, along with other terms that app developers such as Epic say helped Google maintain an illegal monopoly in app distribution.

The legal battle follows a years-long debate about whether app store operators such as Google and Apple foster an open, competitive app ecosystem. The two companies argue their app stores help unlock billions in revenue for small businesses, while ensuring that Android and iOS users benefit from security oversight that the technology giants provide. The jury may hear high-profile witnesses testify from both sides, including Google CEO Sundar Pichai and Epic CEO Tim Sweeney.

The court fight traces back to 2020, when Epic launched Project Liberty, a plan to circumvent Apple and Google's app store terms. That move by Epic forced a confrontation with the tech giants. Epic updated the Fortnite app to encourage players to pay for in-app content directly through Epic's own website -- rather than through Apple and Google's in-app payment systems. That gambit triggered a violation of the app stores' developer terms. The move also prompted both app stores to remove the Fortnite app from their platforms.

In Raleigh, North Carolina — the home of Red Hat — local newspaper the News & Observer takes an in-depth look at the "announcement that split the open source software community." (Alternate URL here.) [M]any saw Red Hat's decision to essentially paywall Red Hat Enterprise Linux, or RHEL, as sacrilegious... Red Hat employees were also conflicted about the new policy, [Red Hat Vice President Mike] McGrath acknowledged. "I think a lot of even internal associates didn't fully understand what we had announced and why," he said...

At issue, he wrote, were emerging competitors who copied Red Hat Enterprise Linux, down to even the code's mistakes, and then offered these Red Hat-replicas to customers for free. These weren't community members adding value, he contended, but undercutting rivals. And in a year when Red Hat laid off 4% of its total workforce, McGrath said, the company could not justify allowing this to continue. "I feel that while this was a difficult decision between community and business, we're still on the right side of it," he told the News & Observer. Not everyone agrees...

McGrath offered little consolation to customers who were relying on one-for-one versions of RHEL. They could stay with the downstream distributions, find another provider, or pay for Red Hat. "I think (people) were just so used to the way things work," he said. "There's a vocal group of people that probably need Red Hat's level of support, but simply don't want to pay for it. And I don't really have... there's not much we can tell them."

Since its RHEL decision, Red Hat has secured several prominent partnerships. In September, the cloud-based software company Salesforce moved 200,000 of its systems from the free CentOS Linux to Red Hat Enterprise Linux. The same month, Red Hat announced RHEL would begin to support Oracle's cloud infrastructure. Oracle was one of the few major companies this summer to publicly criticize Red Hat for essentially paywalling its most popular code. On Oct. 24, Red Hat notched another win when the data security firm Cohesity said it would also ditch CentOS Linux for RHEL.
The article delves into the history of Red Hat — and of Linux — before culminating with this quote from McGrath. "I think long gone are the times of that sort of romantic view of hobbyists working in their spare time to build open source. I think there's still room for that — we still have that — but quite a lot of open source is now built from people that are paid full time."

Red Hat likes to point out that 90% of Fortune 500 companies use its services, according to the article. But it also quotes Jonathan Wright, infrastructure team lead at the nonprofit AlmaLinux, as saying that Red Hat played "fast and loose" with the GPL. The newspaper then adds that "For many open source believers, such a threat to its hallowed text isn't forgivable."

"xAI, Elon Musk's new AI venture, launched its first AI chatbot technology named Grok," reports CNBC.

Two months into its "early beta" training phase, it's "only available to a select group of users before a wider release" — though users can sign up for a waitlist. Elon Musk posted that the chatbot "will be provided as part of X Premium+, so I recommend signing up for that. Just $16/month via web."

More details from CNBC: Grok, the company said, is modeled on "The Hitchhiker's Guide to the Galaxy." It is supposed to have "a bit of wit," "a rebellious streak" and it should answer the "spicy questions" that other AI might dodge, according to a Saturday statement from xAI... Grok also has access to data from X, which xAI said will give it a leg-up. Musk, on Sunday, posted a side-by-side comparison of Grok answering a question versus another AI bot, which he said had less current information.

Still, xAI hedged in its statement, as with any Large Language Model, or LLM, Grok "can still generate false or contradictory information...." On an initial round of tests based on middle school math problems and Python coding tasks, the company said that Grok surpassed "all other models in its compute class, including ChatGPT-3.5 and Inflection-1." It was outperformed by bots with larger data troves...

Musk has previously said that he believes today's AI makers are bending too far toward "politically correct" systems. xAI's mission, it said, is to create AI for people of all backgrounds and political views. Grok is said to be a means of testing that AI approach "in public."
SpaceX security engineer Christopher Stanley shared some interesting results. After reading Grok's explanation for why scaling API requests is difficult, Stanley added the prompt "be more vulgar" — then posted his reaction on X. "Today I learned scaling API requests is like trying to keep up with a never-ending orgy."

Reacting to Stanley's experiment, Elon Musk posted, "Oh this is gonna be fun."

"Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations," reports Bleeping Computer, citing disclosures Thursday from Trend Micro's Zero Day Initiative, who reported them to Microsoft on September 7th and 8th, 2023.

In an email to the site, a Microsoft spokesperson said customers who applied the August Security Updates are already protected from the first vulnerability, while the other three require attackers to have prior access to email credentials. (And for two of them no evidence was presented that it can be leveraged to gain elevation of privilege.)

"We've reviewed these reports and have found that they have either already been addressed, or do not meet the bar for immediate servicing under our severity classification guidelines and we will evaluate addressing them in future product versions and updates as appropriate."

From Bleeping Computer's report: ZDI disagreed with this response and decided to publish the flaws under its own tracking IDs to warn Exchange admins about the security risks... All these vulnerabilities require authentication for exploitation, which reduces their severity CVSS rating to between 7.1 and 7.5... It should be noted, though, that cybercriminals have many ways to obtain Exchange credentials, including brute-forcing weak passwords, performing phishing attacks, purchasing them, or acquiring them from info-stealer logs...

ZDI suggests that the only salient mitigation strategy is to restrict interaction with Exchange apps. However, this can be unacceptably disruptive for many businesses and organizations using the product. We also suggest implementing multi-factor authentication to prevent cybercriminals from accessing Exchange instances even when account credentials have been compromised.

Mozilla has some news for users of Debian-based Linux distributions (such as Debian, Ubuntu, Linux Mint, and others): installing, updating, and testing the latest Firefox Nightly builds just got a lot easier. We've set up a new APT repository for you to install Firefox Nightly as a .deb package... These packages are compatible with the same Debian and Ubuntu versions as our traditional binaries. If you've previously used our traditional binaries (distributed as .tar.bz2 archives), switching to Mozilla's APT repository allows Firefox to be installed and updated like any other application... You will not have to restart Firefox after updating the package with APT...

For those of you who would like to use Firefox Nightly in a different language than American English, we have also created .deb packages containing the Firefox language packs.
Some context from 9to5Linux: Back in April, I reported that Mozilla was offering a DEB package of the Firefox 113 release during the beta testing phase. Unfortunately, that was the only time a DEB package was available for download and, of course, it didn't make it into the final release of Firefox 113, nor future releases. It would appear that Mozilla needed more time to work on the DEB package for Debian and Ubuntu-based distributions, and it looks like it will finally become a thing starting with an upcoming Firefox release, like Firefox 121 or later...

Using the DEB package over Snap or the official binary package offers some benefits like better performance due to advanced compiler-based optimizations, hardened binaries with all security flags enabled, access to the latest Firefox releases as fast as possible [because the .deb is integrated into Firefox's release process], and you won't have to create your own .desktop file anymore.

Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. From a report: "From September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta's customer support system associated with 134 Okta customers, or less than 1% of Okta customers," Okta revealed. "Some of these files were HAR files that contained session tokens which could in turn be used for session hijacking attacks. The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers, 3 of whom have shared their own response to this event." The three Okta customers that already disclosed they were targeted due to the company's October security breach are 1Password, BeyondTrust, and Cloudflare. They all notified Okta of suspicious activity after detecting unauthorized attempts to log into in-house Okta administrator accounts.

An anonymous reader quotes a report from 404 Media: Spread across four computer monitors arranged in a grid, a blue and green interface shows the location of more than 50 different surveillance cameras. Ordinarily, these cameras and others like them might be disparate, their feeds only available to their respective owners: a business, a government building, a resident and their doorbell camera. But the screens, overlooking a pair of long conference tables, bring them all together at once, allowing law enforcement to tap into cameras owned by different entities around the entire town all at once. This is a demonstration of Fusus, an AI-powered system that is rapidly springing up across small town America and major cities alike. Fusus' product not only funnels live feeds from usually siloed cameras into one central location, but also adds the ability to scan for people wearing certain clothes, carrying a particular bag, or look for a certain vehicle.

404 Media has obtained a cache of internal emails, presentations, memos, photos, and more which provide insight into how Fusus teams up with police departments to sell its surveillance technology. All around the country, city councils are debating whether they want to have a system that qualitatively changes what surveillance cameras mean for a town's residents and public agencies. While many have adopted Fusus, others have pushed back, and refused to have the hardware and software installed in their neighborhoods. In some ways, Fusus is deploying smart camera technology that historically has been used in places like South Africa, where experts warned about it creating an ever present blanket of surveillance. Now, tech with some of the same capabilities is being used across small town America.

Rather than selling cameras themselves, Fusus' hardware and software latches onto existing installations, which can include government-owned surveillance cameras as well as privately owned cameras at businesses and homes. It turns dumb cameras into smart ones. "In essence, the Fusus solution puts a brain into every camera connected with the system," one memorandum obtained by 404 Media reads. In addition to integrating with existing surveillance installations, Fusus' hardware, called SmartCORE, can turn cameras into automatic license plate readers (ALPRs). It can reportedly offer facial recognition features, too, although Fusus hasn't provided clear clarification on this matter.

The report says the system has been adopted by numerous police departments across the United States, with approximately 150 jurisdictions using Fusus. Orland Park police have called it a "game-changer." It's also being used internationally, launching in the United Kingdom.

Here's what Beryl Lipton, investigative researcher at the Electronic Frontier Foundation (EFF), had to say about it: "The lack of transparency and community conversation around Fusus exacerbates concerns around police access of the system, AI analysis of video, and analytics involving surveillance and crime data, which can influence officer patrols and priorities. In the absence of clear policies, auditable access logs, and community transparency about the capabilities and costs of Fusus, any community in which this technology is adopted should be concerned about its use and abuse."

David Shepardson reports via Reuters: The top members of a U.S. House committee on China are introducing a bill that seeks to ban the U.S. government from buying Chinese drones. Mike Gallagher, the Republican chair of the committee, and Raja Krishnamoorthi, the ranking Democrat, are introducing the "American Security Drone Act" on Wednesday, the lawmakers said in a statement to Reuters. "This bill would prohibit the federal government from using American taxpayer dollars to purchase this equipment from countries like China," Gallagher said. "It is imperative that Congress pass this bipartisan bill to protect U.S. interests and our national security supply chain."

The bill would also bar local and state governments from purchasing Chinese drones using federal grants and require a federal report detailing the amount of foreign commercial off-the-shelf drones and covered unmanned aircraft systems procured by federal departments and agencies from China. Krishnamoorthi said the bill "helps protect against any vulnerabilities posed by our government agencies' reliance on foreign-manufactured drone technology and will encourage growth in the U.S. drone industry."

Separately, the U.S. Senate on Tuesday unanimously approved an amendment proposed by Republican Senator Marsha Blackburn and Democrat Mark Warner that would prohibit the Federal Aviation Administration (FAA) from operating or providing federal funds for drones produced in China, Russia, Iran, North Korea, Venezuela or Cuba. "Taxpayer dollars should never fund drones manufactured in regions that are hostile toward our nation," Blackburn said. China recently announced export controls on some drones and drone-related equipment, saying it wanted to safeguard "national security and interests." The U.S. Commerce Department in 2020 added dozens of Chinese companies to a trade blacklist, including the country's top chipmaker SMIC and Chinese drone giant DJI.

The Brave browser is rolling out a privacy-focused AI assistant named Leo, which the company claims provides "unparalleled privacy" compared to AI chatbot services likes Bing Chat, ChatGPT, Google Bard and others. The Verge reports: Following several months of testing, Leo is now available to use for free by all Brave desktop users running version 1.60 of the web browser. Leo is rolling out "in phases over the next few days" and will be available on Android and iOS "in the coming months."

The core features of Leo aren't too dissimilar from other AI chatbots like Bing Chat and Google Bard: it can translate, answer questions, summarize webpages, and generate new content. Brave says the benefits of Leo over those offerings are that it aligns with the company's focus on privacy -- conversations with the chatbot are not recorded or used to train AI models, and no login information is required to use it. As with other AI chatbots, however, Brave claims Leo's outputs should be "treated with care for potential inaccuracies or errors."

The standard version of Leo utilizes Meta's Llama 2 large language model and is free to use by default. For users who prefer to access a different AI language model, Brave is also introducing Leo Premium, a $15 monthly subscription that features Anthropic's AI assistant, Claude Instant -- a faster and cheaper version of Anthropic's Claude 2 large language model. Brave says that additional models will be available to Leo Premium users alongside access to higher-quality conversations, priority queuing during peak usage, higher rate limits, and early access to new features.

An anonymous reader quotes a report from TechCrunch: A relatively new venture founded by Navneet Dalal, an ex-Google research scientist, Matic, formerly known as Matician, is developing robots that can navigate homes to clean "more like a human," as Dalal puts it. Matic today revealed that it has raised $29.5 million, inclusive of a $24 million Series A led by a who's who of tech luminaries, including GitHub co-founder Nat Friedman, Stripe co-founders John and Patrick Collison, Quora CEO Adam D'Angelo and Twitter co-founder and Block CEO Jack Dorsey.

Dalal co-founded Matic in 2017 with Mehul Nariyawala, previously a lead product manager at Nest, where he oversaw Nest's security camera portfolio. [...] Early on, Matic focused on building robot vacuums -- but not because Dalal, who serves as the company's CEO, saw Matic competing with the iRobots and Ecovacs of the world. Rather, floor-cleaning robots provided a convenient means to thoroughly map indoor spaces, he and Nariyawala believed. "Robot vacuums became our initial focus due to their need to cover every inch of indoor surfaces, making them ideal for mapping," Dalal said. "Moreover, the floor-cleaning robot market was ripe for innovation." [...] "Matic was inspired by busy working parents who want to live in a tidy home, but don't want to spend their limited free time cleaning," Dalal said. "It's the first fully autonomous floor cleaning robot that continuously learns and adapts to users' cleaning preferences without ever compromising their privacy."

There are a lot of bold claims in that statement. But on the subject of privacy, Matic does indeed -- or at least claims to -- ensure data doesn't leave a customer's home. All processing happens on the robot (on hardware "equivalent to an iPhone 6," Dalal says), and mapping and telemetry data is saved locally, not in the cloud, unless users opt in to sharing. Matic doesn't even require an internet connection to get up and running -- only a smartphone paired over a local Wi-Fi network. The Matic vacuum understands an array of voice commands and gestures for fine-grained control. And -- unlike some robot vacuums in the market -- it can pick up cleaning tasks where it left off in the event that it's interrupted (say, by a wayward pet). Dalal says that Matic can also prioritize areas to clean depending on factors like the time of day and nearby rooms and furniture. Dalal insists that all this navigational lifting can be accomplished with cameras alone. "In order to run all the necessary algorithms, from 3D depth to semantics to ... controls and navigation, on the robot, we had to vertically integrate and hyper-optimize the entire codebase," Dalal said, "from the modifying kernel to building a first-of-its-kind iOS app with live 3D mapping. This enables us to deliver an affordable robot to our customers that solves a real problem with full autonomy."

The robot won't be cheap. It starts at $1,795 but will be available for a limited time at a discounted price of $1,495.

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations. From a report: The complete list of services whose functionality is wholly or partially impacted includes the Cloudflare dashboard, the Cloudflare API, Logpush, WARP / Zero Trust device posture, Stream API, Workers API, and the Alert Notification System. "This issue is impacting all services that rely on our API infrastructure including Alerts, Dashboard functionality, Zero Trust, WARP, Cloudflared, Waiting Room, Gateway, Stream, Magic WAN, API Shield, Pages, Workers," Cloudflare said. "Customers using the Dashboard / Cloudflare APIs are impacted as requests might fail and/or errors may be displayed."

Customers currently have issues when attempting to log into their accounts and are seeing 'Code: 10000' authentication errors and internal server errors when trying to access the Cloudflare dashboard. Cloudflare says the service issues don't affect the cached file delivery via the Cloudflare CDN or Cloudflare Edge security features.

An anonymous reader shares a report: Microsoft has had a rough few years of cybersecurity incidents. It found itself at the center of the SolarWinds attack nearly three years ago, one of the most sophisticated cybersecurity attacks we've ever seen. Then, 30,000 organizations' email servers were hacked in 2021 thanks to a Microsoft Exchange Server flaw. If that weren't enough already, Chinese hackers breached US government emails via a Microsoft cloud exploit earlier this year. Something had to give.

Microsoft is now announcing a huge cybersecurity effort, dubbed the Secure Future Initiative (SFI). This new approach is designed to change the way Microsoft designs, builds, tests, and operates its software and services today. It's the biggest change to security efforts inside Microsoft since the company announced its Security Development Lifecycle (SDL) in 2004 after Windows XP fell victim to a huge Blaster worm attack that knocked PCs offline in 2003. That push came just two years after co-founder Bill Gates had called on a trustworthy computing initiative in an internal memo.

Microsoft now plans to use automation and AI during software development to improve the security of its cloud services, cut the time it takes to fix cloud vulnerabilities, enable better security settings out of the box, and harden its infrastructure to protect against encryption keys falling into the wrong hands. In an internal memo to Microsoft's engineering teams today, the company's leadership has outlined its new cybersecurity approach. It comes just months after Microsoft was accused of "blatantly negligent" cybersecurity practices related to a major breach that targeted its Azure platform. Microsoft has faced mounting criticism of its handling of a variety of cybersecurity issues in recent years.

Thomas Claburn reports via The Register: For a period of two years between September 2019 and September 2021, two Americans and two Russians allegedly compromised the taxi dispatch system at John F. Kennedy International Airport in New York to sell cabbies a place at the front of the dispatch line. The two Russian nationals, Aleksandr Derebenetc and Kirill Shipulin, were indicted by a grand jury for conspiring to commit computer intrusions, the US Justice Department said on Tuesday. They remain at large. In early October, the two American nationals, Daniel Abayev and Peter Leyman, who were indicted last year, pleaded guilty, each to one count of conspiring to commit computer intrusions.

The scheme represented an attempt to monetize the demand among taxi drivers for lucrative airport fares -- the current flat rate for JFK to Manhattan is $70 plus additional charges. As described in the indictment (PDF), taxi drivers are required to wait in a holding lot at JFK, often for several hours, before being dispatched in the order of their arrival to airport terminals. And because time spent waiting in line is not paid, drivers have a financial incentive to avoid waiting in line. The conspirators allegedly developed a plan to hack the dispatch system around September 2019. The indictment describes several approaches that were tried, "including bribing someone to insert a flash drive containing malware into computers connected to the dispatch system, obtaining unauthorized access to the dispatch system via a Wi-Fi connect, and stealing computer tablets connected to the dispatch system."

The government's filing suggests that the group gained and lost access to the dispatch system several times. When they did have access, the alleged conspirators offered to move drivers to the front of the dispatch queue for a $10 fee, and waived the fee for those who found other drivers willing to pay to play. Many drivers took advantage of the service. According to the Justice Department, the group booked 2,463 queue cuts in a single week around December 2019. The scheme allegedly enabled as many as 1,000 trips per day that skipped the queue at JFK. The American conspirators are said to have collected the money from participating drivers and to have sent payments to the alleged Russian conspirators, describing the money transfers as "payment for software development" or "payment for services rendered." The indictment indicates that the Russians received more than $100,000 for their work. If apprehended -- which appears unlikely given current US relations with Russia -- the Russians face charges that carry a maximum sentence of ten years in prison. Abayev and Leyman each face up to five years in prison. They're scheduled to be sentenced early next year.