An anonymous reader shares a report: You know that you're supposed to wipe your smartphone or laptop before you resell it or give it to your cousin. After all, there's a lot of valuable personal data on there that should stay in your control. Businesses and other institutions need to take the same approach, deleting their information from PCs, servers, and network equipment so it doesn't fall into the wrong hands. At the RSA security conference in San Francisco next week, though, researchers from the security firm ESET will present findings showing that more than half of secondhand enterprise routers they bought for testing had been left completely intact by their previous owners. And the devices were brimming with network information, credentials, and confidential data about the institutions they had belonged to. The researchers bought 18 used routers in different models made by three mainstream vendors: Cisco, Fortinet, and Juniper Networks. Of those, nine were just as their owners had left them and fully accessible, while only five had been properly wiped. Two were encrypted, one was dead, and one was a mirror copy of another device.

All nine of the unprotected devices contained credentials for the organization's VPN, credentials for another secure network communication service, or hashed root administrator passwords. And all of them included enough identifying data to determine who the previous owner or operator of the router had been. Eight of the nine unprotected devices included router-to-router authentication keys and information about how the router connected to specific applications used by the previous owner. Four devices exposed credentials for connecting to the networks of other organizations -- like trusted partners, collaborators, or other third parties. Three contained information about how an entity could connect as a third party to the previous owner's network. And two directly contained customer data.

The FBI, Interpol and the UK's National Crime Agency have accused Meta of making a "purposeful" decision to increase end-to-end encryption in a way that in effect "blindfolds" them to child sex abuse. From a report: The Virtual Global Taskforce, made up of 15 law enforcement agencies, issued a joint statement saying that plans by Facebook and Instagram-parent Meta to expand the use of end-to-end encryption on its platforms were "a purposeful design choice that degrades safety systems," including with regards to protecting children. The law enforcement agencies also warned technology companies more broadly about the need to balance safeguarding children online with protecting users' privacy. "The VGT calls for all industry partners to fully appreciate the impact of implementing system design decisions that result in blindfolding themselves to CSA [child sexual abuse] occurring on their platforms or reduces their capacity to identify CSA and keep children safe," the statement said.

Alphabet's Google on Tuesday convinced a U.S. appeals court to cancel three anti-malware patents at the heart of a Texas jury's $20 million infringement verdict against the company. Reuters reports: The U.S. Court of Appeals for the Federal Circuit said (PDF) that Alfonso Cioffi and Allen Rozman's patents were invalid because they contained inventions that were not included in an earlier version of the patent. Cioffi and the late Rozman's daughters sued Google in East Texas federal court in 2013, alleging anti-malware functions in Google's Chrome web browser infringed their patents for technology that prevents malware from accessing critical files on a computer.

A jury decided in 2017 that Google infringed the patents and awarded the plaintiffs $20 million plus ongoing royalties, which their attorney said at the time were expected to total about $7 million per year for the next nine years. But the Federal Circuit said Tuesday that all of the patents were invalid. The three patents were reissued from an earlier anti-malware patent, and federal law required the new patents to cover the same invention as the first, the unanimous three-judge panel concluded. The appeals court said the new patents outlined technology specific to web browsers that the first patent did not mention.

An anonymous reader quotes a report from TorrentFreak: Last year, a U.S. federal court handed a 40-month prison sentence to Gary Bowser. The Canadian pleaded guilty to being part of the Nintendo hacking group "Team Xecuter" and has now served his time. In part due to his good behavior, Bowser got an early release from federal prison. [...] In a recent video interview with Nick Moses, Bowser explains that he was released from federal prison on March 28th. He is currently in processing at the Northwest Detention Center in Tacoma, Washington, to prepare for his return to Canada.

What his life will look like in Canada remains uncertain. However, in federal prison, Bowser has shown that he doesn't shy away from putting in work and helping other people in need. Aside from his prison job, he spent several nightly hours on suicide watch. The prison job brought in some meager income, a large part of which went to pay for the outstanding restitution he has to pay, which is $14.5 million in total. Thus far, less than $200 has been paid off. "I've been making payments of $25 per month, which they've been taking from my income because I had a job in federal prison. So far I paid $175," Bowser tells Nick Moses.

If Bowser manages to find a stable source of income in Canada, Nintendo will get a chunk of that as well. As part of a consent judgment, he agreed to pay $10 million to Nintendo, which is the main restitution priority. "The agreement with them is that the maximum they can take is 25 to 30 percent of your gross monthly income. And I have up to six months before I have to start making payments," Bowser notes. At that rate, it is unlikely that Nintendo will ever see the full amount. Or put differently, Bowser will carry the financial consequences of his Team-Xecuter involvement for the rest of his life.

Netflix is planning a "broad rollout" of the password sharing crackdown that it began implementing in 2022, the company said today in its Q1 2023 earnings report (PDF). MacRumors reports: The "paid sharing" plan that Netflix has been testing in a limited number of countries will expand to additional countries in the second quarter, including the United States. Netflix said that it was "pleased with the results" of the password sharing restrictions that it implemented in Canada, New Zealand, Spain, and Portugal earlier this year. Netflix initially planned to start eliminating password sharing in the United States in the first quarter of the year, but the company said that it had learned from its tests and "found opportunities to improve the experience for members." There is a "cancel reaction" expected in each market where paid sharing is implemented, but increased revenue comes later as borrowers activate their own Netflix accounts and existing members add "extra member" accounts.

In Canada, paid sharing resulted in a larger Netflix membership base and an acceleration in revenue growth, which has given Netflix the confidence to expand it to the United States. When Netflix brings its paid sharing rules to the United States, multi-household account use will no longer be permitted. Netflix subscribers who share an account with those who do not live with them will need to pay for an additional member. In Canada, Netflix charges $7.99 CAD for an extra member, which is around $6. [...] Netflix claims that more than 100 million households are sharing accounts, which is impacting its ability to "invest in and improve Netflix" for paying members.

Bruce66423 shares a report from the Guardian: Two police forces have been reprimanded by Britain's data watchdog after officers unlawfully recorded more than 200,000 phone conversations using an app originally intended for hostage negotiators. The automatic recordings, made over several years, included 'highly sensitive' conversations with victims, witnesses and perpetrators of suspected crimes, according to the Information Commissioner's Office (ICO). The app, called Another Call Recorder (ACR), recorded all incoming and outgoing calls and was originally intended for use by a small number of officers at Surrey and Sussex forces. However, it was downloaded on to the work phones of more than 1,000 staff members.

It has now been withdrawn from use and the recordings, other than those considered to be evidential material, have been destroyed, according to the ICO. The watchdog said it considered issuing a million euro fine to both forces but opted for the reprimand to reduce the impact on public services. Police officers that downloaded the app were unaware all calls would be recorded, the watchdog said, and people were not informed their conversations were being taped.

Leaders of the U.S. Federal Trade Commission said on Tuesday the agency would pursue companies who misuse artificial intelligence to violate laws against discrimination or be deceptive. Reuters reports: In a congressional hearing, FTC Chair Lina Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya were asked about concerns that recent innovation in artificial intelligence, which can be used to produce high quality deep fakes, could be used to make more effective scams or otherwise violate laws. Bedoya said companies using algorithms or artificial intelligence were not allowed to violate civil rights laws or break rules against unfair and deceptive acts. "It's not okay to say that your algorithm is a black box" and you can't explain it, he said.

Khan agreed the newest versions of AI could be used to turbocharge fraud and scams and any wrongdoing would "should put them on the hook for FTC action." Slaughter noted that the agency had throughout its 100 year history had to adapt to changing technologies and indicated that adapting to ChatGPT and other artificial intelligence tools were no different. The commission is organized to have five members but currently has three, all of whom are Democrats.

An anonymous reader quotes a report from Reuters: The European Union on Tuesday agreed a 43 billion euro ($47 billion) plan for its semiconductor industry in an attempt to catch up with the United States and Asia and start a green industrial revolution. The EU Chips Act, proposed by the European Commission last year and confirmed by Internal Market Commissioner Thierry Breton, aims to double the bloc's share of global chip output to 20% by 2030 and follows the U.S. CHIPS for America Act.

"We need chips to power digital and green transitions or healthcare systems," Commission Vice-President Margrethe Vestager said in a tweet. Since the announcement of its chips subsidies plan last year, the EU has already attracted more than 100 billion euros in public and private investments, an EU official said. "The critical piece of the equation which the EU will need to get right, as for the U.S., is how much of the supply chains supporting the industry can be moved to the EU and at what cost," said [Paul Triolo, a China and tech expert at the Washington-based Center for Strategic & International Studies]. While the Commission had originally proposed funding only cutting-edge chip plants, EU governments and lawmakers have widened the scope to cover the whole value chain, including older chips and research and design facilities.

An anonymous reader quotes a report from the U.S. Department of Justice: Two criminal complaints filed by the U.S. Attorney's Office for the Eastern District of New York were unsealed today in federal court in Brooklyn charging 44 defendants with various crimes related to efforts by the national police of the People's Republic of China (PRC) -- the Ministry of Public Security (MPS) -- to harass Chinese nationals residing in the New York metropolitan area and elsewhere in the United States. The defendants, including 40 MPS officers and two officials in the Cyberspace Administration of China (CAC), allegedly perpetrated transnational repression schemes targeting U.S. residents whose political views and actions are disfavored by the PRC government, such as advocating for democracy in the PRC. In the two schemes, the defendants created and used fake social media accounts to harass and intimidate PRC dissidents residing abroad and sought to suppress the dissidents' free speech on the platform of a U.S. telecommunications company (Company-1). The defendants charged in these schemes are believed to reside in the PRC or elsewhere in Asia and remain at large.

The two-count complaint charges 34 MPS officers with conspiracy to transmit interstate threats and conspiracy to commit interstate harassment. All the defendants are believed to reside in the PRC, and they remain at large. As alleged, the officers worked with Beijing's MPS bureau and are or were assigned to an elite task force called the "912 Special Project Working Group" (the Group). The purpose of the Group is to target Chinese dissidents located throughout the world, including in the United States. [...] The complaint alleges how members of the Group created thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats. These online personas also disseminated official PRC government propaganda and narratives to counter the pro-democracy speech of the Chinese dissidents. As alleged, for example, Group members created and maintained the fake social media accounts through temporary email addresses, posted official PRC government content, and interacted with other online users to avoid the appearance that the Group accounts were "flooding" a given social media platform. The Group tracks the performances of members in fulfilling their online responsibilities and rewards Group members who successfully operate multiple online personas without detection by the social media companies who host the platforms or by other users of the platforms.

The investigation also uncovered official MPS taskings to Group members to compose articles and videos based on certain themes targeting, for example, the activities of Chinese dissidents located abroad or the policies of the U.S. government. As alleged, the defendants also attempted to recruit U.S. persons to act as unwitting agents of the PRC government by disseminating propaganda or narratives of the PRC government. On several occasions, the defendants used online personas to contact individuals assessed to be sympathetic and supportive of the PRC government's narratives and asked these individuals to disseminate Group content. In addition, Group members took repeated affirmative actions to have Chinese dissidents and their meetings removed from the platform of Company-1. For example, Group members disrupted a dissident's efforts to commemorate the Tiananmen Square Massacre through a videoconference by posting threats against the participants through the platform's chat function. In another Company-1 videoconference on the topic of countering communism organized by a PRC dissident, Group members flooded the videoconference and drowned out the meeting with loud music and vulgar screams and threats directed at the pro-democracy participants. "These cases demonstrate the lengths the PRC government will go to silence and harass U.S. persons who exercise their fundamental rights to speak out against PRC oppression, including by unlawfully exploiting a U.S.-based technology company," said Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division. "These actions violate our laws and are an affront to our democratic values and basic human rights."

The Asia Internet Coalition, an influential industry organization representing technology giants such as Facebook, Google, Apple, and Amazon, has voiced concerns over a recent amendment to India's IT rules, saying the changes grant the local government expansive content removal authority without implementing adequate procedural safeguards. From a report: India recently updated its IT rules, barring social media platforms such as Facebook and Twitter from disseminating false or misleading information about the government's business affairs. Under the new regulations, these firms must rely on New Delhi's own fact-checking unit to verify claims. The amendments lack the "sufficient procedural safeguards" to protect people's fundamental rights to access information, said Jeff Paine, Managing Director of AIC in a statement Monday.

"The Russian government has become far more successful at manipulating social media and search engine rankings than previously known," reports the Washington Post, "boosting lies about Ukraine's military and the side effects of vaccines with hundreds of thousands of fake online accounts, according to documents recently leaked on the chat app Discord.

"The Russian operators of those accounts boast that they are detected by social networks only about 1 percent of the time, one document says." That claim, described here for the first time, drew alarm from former government officials and experts inside and outside social media companies contacted for this article. "Google and Meta and others are trying to stop this, and Russia is trying to get better. The figure that you are citing suggests that Russia is winning," said Thomas Rid, a disinformation scholar and professor at Johns Hopkins University's School of Advanced International Studies. He added that the 1 percent claim was likely exaggerated or misleading.

The undated analysis of Russia's effectiveness at boosting propaganda on Twitter, YouTube, TikTok, Telegram and other social media platforms cites activity in late 2022 and was apparently presented to U.S. military leaders in recent months. It is part of a trove of documents circulated in a Discord chatroom and obtained by The Washington Post. Air National Guard technician Jack Teixeira was charged Friday with taking and transmitting the classified papers, charges for which he faces 15 years in prison...

Many of the 10 current and former intelligence and tech safety specialists interviewed for this article cautioned that the Russian agency whose claims helped form the basis for the leaked document may have exaggerated its success rate.
The leaked document was apparently prepared by the Joint Chiefs of Staff, U.S. Cyber Command and Europe Command, which directs American military activities in Europe. "It refers to signals intelligence, which includes eavesdropping, but does not cite sources for its conclusions," the Post reports, describing the document as offering "a rare candid assessment by U.S. intelligence of Russian disinformation operations."

The assessment concludes that foreign bots "view, 'like,' subscribe and repost content and manipulate view counts to move content up in search results and recommendation lists." And the document says a Russian center's disinformation network — working directly for Russia's presidential administration — was still working on improvements as recently as late 2022 and expected to improve its ability to "promote pro-Russian narratives abroad." After Russia's 2016 efforts to interfere in the U.S. presidential election, social media companies stepped up their attempts to verify users, including through phone numbers. Russia responded, in at least one case, by buying SIM cards in bulk, which worked until companies spotted the pattern, employees said. The Russians have now turned to front companies that can acquire less detectable phone numbers, the document says.

A separate top-secret document from the same Discord trove summarized six specific influence campaigns that were operational or planned for later this year by a new Russian organization, the Center for Special Operations in Cyberspace. The new group is mainly targeting Ukraine's regional allies, that document said. Those campaigns included one designed to spread the idea that U.S. officials were hiding vaccine side effects, intended to stoke divisions in the West.

In March U.S. President Joe Biden "signed an executive order that limits U.S. government agencies from using commercially available spyware," writes EFF senior policy analyst Matthew Guariglia.

"But that doesn't mean there will be no government use of spyware in the United States...." The executive order arrived only days before revelations that the United States, which was previously thought to have steered clear of some of the most infamous foreign spyware products, actually had a contract to test and deploy the notorious Pegasus created by Israeli company NSO Group. The contract was signed under a fake name on November 8, 2021 between an organization that acts as a front for the U.S. government and an American affiliate of NSO group. Only five days before, on November 3, 2021, the U.S. Commerce Department added NSO Group and other foreign spyware companies to a blacklist — the "Entity List for engaging in activities that are contrary to the national security or foreign policy interests of the United States." So the signing of this straw contract was in apparent breach of this ban. NSO Group is just one of the companies that should be covered by the new executive order....

Though the NSO Group's Pegasus spyware has garnered particular attention for its widespread use against human rights advocates, journalists, and politicians, the executive order did not name any company specifically, keeping the policy broad. This may lead some government agencies to think that their purchase of foreign spyware might fly under the radar if it comes from another, smaller vendor, or the vendor can plausibly deny that it is really spyware that they are selling. We urge the Biden administration to publish a non-exhaustive list of spyware companies included as part of this ban. That would send a clear message to agencies who wish to exploit any ambiguity in order to skirt the law.
The EFF applauds the U.S. order for specyfing ways in which spyware is not to be used — including a ban on its use against journalists, activists, political figures, and any U.S. person "without proper legal authorization, safeguards, and oversight." And the EFF also notes positive signs of progress towards stopping government misuse of spyware:
Building upon the U.S. executive order, a global coalition of eleven countries, including Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States, are working towards a common goal of countering the misuse of commercial spyware. This alliance is committed to establishing robust guardrails and procedures that uphold fundamental human rights, civil liberties, and the rule of law, within each of their respective systems.
But the EFF also points out the biggest concern of the U.S. government appears to be with the dangers in spyware that's foreign made. "While this signals discomfort with foreign-made spyware, no one should take this as an indication that the U.S. government is averse to using similar technologies developed internally, or indeed acquiring foreign spyware companies for domestic use.

"Given the government's long history of using and abusing incredibly invasive techniques, people in the United States should push for robust human rights safeguards to ensure the government won't proceed with only the minor restrictions of this executive order to rein them in."

Several government cybersecurity agencies united to urge secure-by-design and secure-by-default software. Releasing "joint guidance" for software manufactuers were two U.S. security agencies — the FBI and the NSA — joined with the U.S. Cybersecurity and Infrastructure Security Agency and the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, Netherlands, and New Zealand. "To create a future where technology and associated products are safe for customers," they wrote in a joint statement, "the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers."

The Washington Post reports: Software manufacturers should put an end to default passwords, write in safer programming languages and establish vulnerability disclosure programs for reporting flaws, a collection of U.S. and international government agencies said in new guidelines Thursday. [The guidelines also urge rigorous code reviews.]

The "principles and approaches" document, which isn't mandatory but lays out the agencies' views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. It's part of a potentially contentious multiyear effort that aims to shift the way software makers secure their products. It was a key feature of the administration's national cybersecurity strategy, which was released last month and emphasized shifting the burden of security from consumers — who have to manage frequent software updates — to the companies that make often insecure products... The administration has also raised the prospect of legislation on secure-by-design and secure-by-default, but officials have said it could be years away....

The [international affairs think tank] Atlantic Council's Cyber Statecraft Initiative has praised the Biden administration's desire to address economic incentives for insecurity. Right now, the costs of cyberattacks fall on users more than they do tech providers, according to many policymakers. "They're on a righteous mission," Trey Herr, director of the Atlantic Council initiative, told me. If today's guidelines are the beginning of the discussion on secure-by-design and secure-by-default, Herr said, "this is a really strong start, and an important one."

"It really takes aim at security features as a profit center," which for some companies has led to a lot of financial growth, Herr said. "I do think that's going to rub people the wrong way and quick, but that's good. That's a good fight."
In the statement CISA's director says consumers also have a role to play in this transition. "As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else."

Among other things, the new guidelines say that manufacturers "are encouraged make hard tradeoffs and investments, including those that will be 'invisible' to the customers, such as migrating to programming languages that eliminate widespread vulnerabilities."

The Python Software Foundation is "concerned that proposed EU cybersecurity laws will leave open source organizations and individuals unfairly liable for distributing incorrect code," according to the Register. The PSF reviewed the EU's proposed "Cyber Resilience Act" and "Product Liability Act" and reports "issues that put the mission of our organization and the health of the open-source software community at risk."

From the Register's report: "If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product," the PSF said in a statement shared on Tuesday by executive director Deb Nicholson. "The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users...."

The PSF argues the EU lawmakers should provide clear exemptions for public software repositories that serve the public good and for organizations and developers hosting packages on public repositories. "We need it to be crystal clear who is on the hook for both the assurances and the accountability that software consumers deserve," the PSF concludes. The PSF is asking anyone who shares its concerns to convey that sentiment to an appropriate EU Member of Parliament by April 26, while amendments focused on protecting open source software are being considered.

Bradley Kuhn, policy fellow at the Software Freedom Conservancy, told The Register that the free and open source (FOSS) community should think carefully about the scope of the exemptions being sought. "I'm worried that many in FOSS are falling into a trap that for-profit companies have been trying to lay for us on this issue," he said. "While it seems on the surface that a blanket exception for FOSS would be a good thing for FOSS, in fact, this an attempt for companies to get the FOSS community to help them skirt their ordinary product liability. For profit companies that deploy FOSS should have the same obligations for security and certainty for their users as proprietary software companies do."
The article points out that numerous tech organizations are urging clarifications in the proposed regulations, including NLnet Labs and the Eclipse Foundation.

The Washington Post found a new tranche of "top-secret intelligence documents" on Discord, and based on them reported Friday that U.S. intelligence agencies were aware of at least two additional Chinese spy balloons.

Based on the classified documents, the Post also reports that "questions lingered about the true capabilities of the one that flew over the continental United States in January and February." The Chinese spy balloon that flew over the United States this year, called Killeen-23 by U.S. intelligence agencies, carried a raft of sensors and antennas the U.S. government still had not identified more than a week after shooting it down, according to a document allegedly leaked to a Discord chatroom by Jack Teixeira, a member of the Massachusetts Air National Guard.

Another balloon flew over a U.S. carrier strike group in a previously unreported incident, and a third crashed in the South China Sea, a second top-secret document stated, though it did not provide specific information for launch dates.... [Chinese spy balloon] Bulger-21 carried sophisticated surveillance equipment and circumnavigated the globe from December 2021 until May 2022, the NGA document states. Accardo-21 carried similar equipment as well as a "foil-lined gimbaled" sensor, it says....

Annotating what appear to be detailed photos of the balloon that flew over the United States, presumably taken from a U-2 spy plane, intelligence analysts assessed that it could generate enough power to operate "any" surveillance and reconnaissance technology, including a type of radar that can see at night and through clouds and thin materials [including tarps].... China's military has operated a vast surveillance balloon project for several years, partly out of Hainan province off China's south coast, U.S. officials have previously told The Post.

But the NGA document is notable as much for what it doesn't say, reflecting the government's possible lack of insight, at least in mid-February, into the balloons' capabilities... The lack of detailed conclusions about the balloon's surveillance capabilities raises questions about the decision to let it fly over the United States before shooting it down, an action the Defense Department justified at the time as an opportunity to collect additional intelligence.
The Post also reports that another leaked document (relying on intercepted communications) assessed that within the Chinese military the balloon surveillance program lacked "strong leadership" oversight.

An anonymous reader shares a report from KrebsOnSecurity: KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.

The term juice jacking crept into the collective paranoia of gadget geeks in the summer of 2011, thanks to the headline for a story here about researchers at the DEFCON hacker convention in Vegas who'd set up a mobile charging station designed to educate the unwary to the reality that many mobile devices were set up to connect to a computer and immediately sync data by default. Since then, Apple, Google and other mobile device makers have changed the way their hardware and software works so that their devices no longer automatically sync data when one plugs them into a computer with a USB charging cable. Instead, users are presented with a prompt asking if they wish to trust a connected computer before any data transfer can take place. On the other hand, the technology needed to conduct a sneaky juice jacking attack has become far more miniaturized, accessible and cheap. And there are now several products anyone can buy that are custom-built to enable juice jacking attacks. [...]

How seriously should we take the recent FBI warning? An investigation by the myth-busting site Snopes suggests the FBI tweet was just a public service announcement based on a dated advisory. Snopes reached out to both the FBI and the FCC to request data about how widespread the threat of juice jacking is in 2023. "The FBI replied that its tweet was a 'standard PSA-type post' that stemmed from the FCC warning," Snopes reported. "An FCC spokesperson told Snopes that the commission wanted to make sure that their advisory on "juice-jacking," first issued in 2019 and later updated in 2021, was up-to-date so as to ensure 'the consumers have the most up-to-date information.' The official, who requested anonymity, added that they had not seen any rise in instances of consumer complaints about juice-jacking." The best way to protect yourself from juice jacking is by using your own gear to charge and transfer data from your device(s) to another.

"Juice jacking isn't possible if a device is charged via a trusted AC adapter, battery backup device, or through a USB cable with only power wires and no data wires present," says security researcher Brian Krebs. "If you lack these things in a bind and still need to use a public charging kiosk or random computer, at least power your device off before plugging it in."

The official in charge of a secretive Pentagon effort to investigate unexplained aerial incursions has co-authored an academic paper that presents an out-of-this-world theory: Recent objects could actually be alien probes from a mothership sent to study Earth. Politico reports: In a draft paper dated March 7 (PDF), Sean Kirkpatrick, head of the Pentagon's All-domain Anomaly Resolution Office, and Harvard professor Avi Loeb teamed up to write that the objects, which appear to defy all physics, could be "probes" from an extraterrestrial "parent craft." It's unusual for government officials, especially those involved in the nascent effort to collect intelligence on recent sightings, to discuss the possibility of extraterrestrial life, although top agency officials don't rule it out when asked. After Loeb posted it online, the paper gained notoriety from a post on Military Times and has also circulated among science-focused news outlets.

More than half of the five-page paper is devoted to discussing the possibility that the unexplained objects DoD is studying could be the "probes" in the mothership scenario, including most of the page-long introduction. One section is titled: "The Extraterrestrial Possibility" and another "Propulsion Methods." Kirkpatrick's involvement in the academic paper demonstrates that the Pentagon is open to scientific debate of the origins of UFOs, an important signal to send to the academic world, experts said. But they add that his decision to attach his name to a theory considered in most academic circles to be highly unsubstantiated also raises questions about AARO's credibility.

The paper explains that interstellar objects such as the cigar-shaped "Oumuamua" that scientists spotted flying through the galaxy in 2017 "could potentially be a parent craft that releases many small probes during its close passage to Earth." The paper goes on to compare the probes to "dandelion seeds" that could be separated from the parent craft by the sun's gravitational force. It examines the physics of how the smaller craft could move through the Earth's atmosphere to reach the surface, where they could be spotted by humans. The paper notes that the "probes" could use starlight to "charge their batteries" and the Earth's water as fuel. It also speculates on the motive for aliens to send exploratory probes to Earth. "What would be the overarching purpose of the journey? In analogy with actual dandelion seeds, the probes could propagate the blueprint of their senders," the authors write. "As with biological seeds, the raw materials on the planet's surface could also be used by them as nutrients for self-replication or simply scientific exploration."

A proposed Indian government unit to fact-check news on social media is not about censoring journalism nor will it have any impact on media reportage, a federal minister said on Friday. Reuters reports: Recently amended IT regulation requires online platforms like Meta's Facebook and Twitter to "make reasonable efforts" to not "publish, share or host" any information relating to the government that is "fake, false or misleading." Rajeev Chandrasekhar, India minister of state for IT, said in an online discussion it was "not true" that the government-appointed unit, which press freedom advocates strongly oppose, was aimed at "censoring journalism." The Editors Guild of India last week described the move as draconian and akin to censorship.

Alphabet's Google received a mixed ruling on Thursday from a San Francisco federal judge in a patent lawsuit brought by Sonos over wireless audio technology, failing to invalidate all of the patents before a trial but narrowing Sonos' claims. Reuters reports: The case, set for trial May 8, is part of a contentious intellectual property dispute between the former business partners over their smart speakers that includes lawsuits in the United States, Canada, France, Germany and the Netherlands. Sonos won a limited import ban on some Google devices from the U.S. International Trade Commission (ITC) last year, while Google has sued Sonos for patent infringement at the ITC and in California. [...]

Sonos accused Google in the San Francisco case of infringing four patents related to multi-room wireless speaker technology. U.S. District Judge William Alsup previously invalidated one of the patents and determined Google infringed another. Alsup found Thursday that a second Sonos patent was also invalid, but rejected Google's request to cancel the remaining two patents before trial. The judge also said Google did not infringe one of the surviving patents willfully, reducing Sonos' potential damages. Alsup also said he would hold a separate bench trial after the jury trial to determine whether Google's redesigned speakers infringe Sonos' patents.

The "right to repair" movement has made considerable inroads over the past five years, partially due to support from the Biden FTC. State-level legislation aimed at dismantling repair monopolies has made progress, despite industry lobbying efforts to weaken the proposals (e.g., Kathy Hochul in New York State). Federal legislation, however, faces challenges in a troubled Congress. In response, a bipartisan group of 28 state attorneys general has penned a letter to key congressional committee leaders, urging them to advance stalled right to repair bills. From the letter: "The Right-to-Repair is a bipartisan issue that impacts every consumer, household, and farm in a time of increasing inflation. It is about ensuring that consumers have choices as to who, where, when and at what cost their vehicles can be repaired. It is about ensuring that farmers can repair their tractors for a reasonable price and quickly enough to harvest their crops."