Schibsted innfører betaling for personvern – NRK

https://www.nrk.no/rogaland/kritisk-til-schibsteds-nye-_betal-eller-samtykk_-modell-1.17866076

No krev Schibsted betaling for at du skal sleppe at dataene dine blir brukte til målretta reklame. Datatilsynet fryktar at personvern er i ferd med å bli ei luksusvare.

– Personvern er ein menneskerett som ein ikkje skal betale for, seier direktør i Datatilsynet, Line Coll.

– Personvernforordninga krev at verksemder innhentar samtykke som skal givast frivillig. Datatilsynet set spørsmålsteikn ved om samtykket er reelt sett frivillig dersom alternativet er å betale, held ho fram.

Ho fryktar kva som skjer dersom alle nettstader og appar følgjer etter, og peiker særleg på kva dette har å seie for sårbare grupper.

– Datatilsynet er bekymra for at personvern på internett skal bli reservert for dei rike. Personvernet til andre grupper kan også bli pressa av denne typen løysingar, til dømes barn og unge, eller andre sårbare gruppe som ikkje har høve til å betale eller finne personvernvennlege alternativ, seier Coll.

– Etter vårt syn er denne typen løysingar i strid med krava i personopplysningslova. Dette er også bakgrunnen for at vi tidlegare har klaga inn Metas «Pay or OK»-løysing. Saka ligg framleis til behandling hos det irske datatilsynet, seier Myrstad i Forbrukarrådet.

Firefox-team finn og fiksar enorme mengdar sikkerheitshol med hjelp av Claude Mythons

https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148.

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.

[…] security to date has been offensively-dominant: the attack surface isn’t infinite, but it’s large enough to be difficult to defend comprehensively with the tools we’ve had available. This gives attackers an asymmetric advantage, since they only need to find one chink in the armor.

Elite security researchers find bugs that fuzzers can’t largely by reasoning through the source code. This is effective, but time-consuming and bottlenecked on scarce human expertise. Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable. So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t.

The defects are finite, and we are entering a world where we can finally find them all.

Crypto infrastructure company blames $290 million theft on North Korean hackers | The Record

https://therecord.media/crypto-north-korea-theft-kelp

A theft over the weekend of nearly $300 million worth of cryptocurrency has been attributed to hackers from North Korea, as the industry grapples with the fallout of a wide-ranging incident involving multiple prominent platforms.

The attack began on Saturday afternoon when blockchain security firms reported $290 million leaving the crypto platform Kelp. The company confirmed the incident and paused activity while an investigation was conducted.

Cyber sleuths traced the incident back to LayerZero, a cryptocurrency infrastructure developer behind a popular messaging tool allowing decentralized apps to communicate and transfer assets back and forth.

LayerZero said the attack was isolated to Kelp and blamed the incident on how Kelp is set up.

LayerZero went on to explain that the attackers were able to “manipulate or poison” downstream infrastructure by compromising systems the company relies on to verify transactions. The company said the attackers’ sophisticated tactics prevented security monitoring tools from noticing anomalies.

In order to complete the heist, the hackers also launched a distributed denial-of-service (DDoS) attack on backup systems that may have been able to stop the theft. The tools used to carry out the attack were built to self-destruct once the hackers had finished.

If confirmed, the $290 million theft would be yet another blockbuster cryptocurrency robbery launched by hackers from North Korea. Three weeks ago, alleged North Korean groups stole $290 million from the Drift crypto platform in another sophisticated operation involving fake companies, alleged actors and more.

North Korea has waged an unprecedented assault on the crypto industry for more than five years, stealing vast sums each year that U.S. officials say is used to fund Pyongyang’s military weapons program.

The country’s government stole more than $2 billion in similar attacks last year and brought in $3 billion from attacks between 2017 and 2023, according to United Nations investigators.

Tim Cook og Kina – Pixel Envy

https://pxlnv.com/linklog/that-was-tim/

The Tim Cook story at Apple is an almost poetic arc. Upon arrival, he fundamentally overhauled the way its products would be made, primarily by moving manufacturing to Japan, Taiwan, and China. This groundwork is what allowed him to transform the company when he arrived as CEO, growing it into a global behemoth and working within China to create the best and most precise electronics manufacturing chain anywhere. And that became a problem for him. The Chinese government was able to use that as leverage, and the tie-up became politically untenable in the United States, too. Cook’s precise supply chain management directly led to his appeasement of strongmen.

Sikkerhetshull avslørte Telia-kunders posisjon – NRK

https://www.nrk.no/norge/sikkerhetshull-avslorte-telia-kunders-posisjon-1.17842282

Mobilkunder hos Telia har siden 2023 vært sporbare via mobilen, inkludert sentrale politikere på Stortinget.

NRK har siden testet og innhentet mer dokumentasjon om hvem som er påvirket av feilen.

Undersøkelsene viser at:

  • Privatkunder og bedriftskunder med Telia-abonnement kunne spores, så fremt en av telefonene var tilknyttet bedriftsnettet.
  • Også bedriftskunder med Phonero, en merkevare av Telia, kunne spores.
  • Mobiltelefoner kunne spores selv når de var i utlandet.
  • Den oppringte trengte normalt ikke å ta telefonen for å bli sporet.

Å utnytte feilen involverte ikke noen form for datainnbrudd eller «hacking». Det holdt å lese av informasjon som ble sendt til mobiltelefonen ved et anrop.

Det krever en viss teknisk innsikt å utnytte feilen, men ingen spesialverktøy.

Det avslørte hvilke basestasjoner den oppringte var tilkoblet. I bynære strøk kan man med denne informasjonen anslå en mobilbrukers posisjon til mellom 100 og 200 meters nøyaktighet.

– Det som undersøkelsene viser nå, er at feilen oppsto ved en konfigurasjonsendring vi gjorde i 2023

Ruters egne tester viser: Oslos elbusser kan fjernstyres – NRK

https://www.nrk.no/stor-oslo/ruters-egne-tester-viser_-oslos-elbusser-kan-fjernstyres-1.17629321

Ruter tok bussene fra hverandre og undersøkte dem i et rom der signaler ble isolert.

Der fant de ut at de kinesiske elbussene kan tas kontroll over av produsenten.

Ifølge Ruter har produsenten fjerntilgang til dette på hver enkelt buss:

  • Pogramvareoppdatering
  • Diagnostikk
  • Styringssystem for batteri- og kraftforsyning

«I teorien kan bussen derfor stoppes eller gjøres ubrukelig av produsenten,» melder Ruter.

The AI Doomers Are Getting Doomier - The Atlantic

https://www.theatlantic.com/technology/archive/2025/08/ai-doomers-chatbots-resurgence/683952/

“We’re two years away from something we could lose control over,” Max Tegmark, an MIT professor and the president of the Future of Life Institute, told me, and AI companies “still have no plan” to stop it from happening. His institute recently gave every frontier AI lab a “D” or “F” grade for their preparations for preventing the most existential threats posed by AI.

…the underlying concerns that animate AI doomers have become harder to dismiss as chatbots seem to drive people into psychotic episodes and instruct users in self-mutilation. Even if generative-AI products are not closer to ending the world, they have already, in a sense, gone rogue.

Passenger Fatality Rates

Air travel fatality rates are near zero

Swedish PM’s private address revealed by Strava data shared by bodyguards | The Guardian

https://www.theguardian.com/world/2025/jul/08/swedish-pm-safety-strava-data-bodyguards-ulf-kristersson-running-cycling-routes

Data made public by Ulf Kristersson’s security revealed his location, routes and movements over several years

In 2023 a former Russian submarine commander was killed reportedly with the help of his open Strava profile and last year it was revealed bodyguards to several world leaders were sharing confidential information on the app.

In 2017, Strava was accused of giving away the location and staffing of military bases and spy outposts around the world by publishing a map that showed all of its users’ activity.

The race is on to build the world’s most complex machine

The Economist on how the most advanced chips are made:

asml’s most advanced machine is mind-boggling. It works by firing 50,000 droplets of molten tin into a vacuum chamber. Each droplet takes a double hit—first from a weak laser pulse that flattens it into a tiny pancake, then from a powerful laser that vaporises it. The process turns each droplet into hot plasma, reaching nearly 220,000°C, roughly 40 times hotter than the surface of the Sun, and emits light of extremely short wavelength (extreme ultraviolet, or euv). This light is then reflected by a series of mirrors so smooth that imperfections are measured in trillionths of a metre. The mirrors focus the light onto a mask or template that contains blueprints of the chip’s circuits. Finally the rays bounce from the mask onto a silicon wafer coated with light-sensitive chemicals, imprinting the design onto the chip.