https://www.forbes.com/sites/alexandralevine/2023/05/30/tiktok-creators-data-security-china/
TikTok has stored the most sensitive financial data of its biggest stars — including those in its “Creator Fund” — on servers in China. Earlier this year, CEO Shou Chew told Congress “American data has always been stored in Virginia and Singapore.”
A former executive at TikTok’s parent company, ByteDance, has alleged that the Chinese Communist party accessed user data from the social video app belonging to Hong Kong protesters and civil rights activists.
Yintao Yu, a former head of engineering at ByteDance’s US operation, claimed in a legal filing that a committee of Communist party members accessed TikTok data that included the users’ network information, Sim card identifications and IP addresses in a bid to identify the individuals and their locations.
The claims, in a wrongful dismissal lawsuit brought by Yu in a California court and reported by the Wall Street Journal, also allege the party accessed TikTok users’ communications, monitored Hong Kong users who uploaded protest-related content and that Beijing-based ByteDance maintained a “backdoor channel” for the party to access US user data.
Yu alleges in the filing that members of a Communist party committee inside ByteDance had access to a “superuser” credential which was also called a “God credential” and allowed them to view all data collected by ByteDance.
Hundreds of tech leaders call for world to treat AI as danger on par with pandemics and nuclear war
Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.
Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks.
…
The attacker needs physical access to the target device to launch a BrutePrint attack
Tesla has failed to adequately protect data from customers, employees and business partners and has received thousands of customer complaints regarding the carmaker’s driver assistance system, Germany’s Handelsblatt has reported, citing 100 gigabytes of confidential data leaked by a whistleblower.
The Handelsblatt report said customer data could be found “in abundance” in a data set labelled “Tesla Files”.
Observer investigation reveals Meta Pixel tool passed on private details of web browsing on medical sites
https://simonwillison.net/2023/May/27/lawyer-chatgpt/
A lawyer asked ChatGPT for examples of cases that supported an argument they were trying to make.
ChatGPT, as it often does, hallucinated wildly—it invented several supporting cases out of thin air.
When the lawyer was asked to provide copies of the cases in question, they turned to ChatGPT for help again—and it invented full details of those cases, which they duly screenshotted and copied into their legal filings.
At some point, they asked ChatGPT to confirm that the cases were real… and ChatGPT said that they were. They included screenshots of this in another filing.
The judge is furious. Many of the parties involved are about to have a very bad time.
https://jalopnik.com/car-thieves-hack-can-bus-headlight-wire-bluetooth-1850307214
Hackers can inject malicious code into a car’s electronic network via headlight or taillight wires, fooling the car into thinking the key is present.
https://softwarecrisis.dev/letters/the-poisoning-of-chatgpt/
Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT. Their secrecy means we don’t know if ChatGPT has been safely managed.
Hackers who broke into the Minneapolis Public Schools earlier this year have circulated an enormous cache of files that appear to include highly sensitive documents on schoolchildren and teachers, including allegations of teacher abuse and students’ psychological reports.
According to a new study published on Thursday in the science journal Nature Chemical Biology, a group of scientists from McMaster University and the Massachusetts Institute of Technology have discovered a new antibiotic that can be used to kill a deadly hospital superbug.
The superbug in question is Acinetobacter baumannii, which the World Health Organization has classified as a “critical” threat among its “priority pathogens” – a group of bacteria families that pose the “greatest threat” to human health.
https://www.vice.com/en/article/jg5qy8/reddit-moderators-brace-for-a-chatgpt-spam-apocalypse
Reddit moderators say they already see an increase in spam and that the future will “require a lot of human labor.”
https://gizmodo.com/nso-group-exploited-new-zero-click-vulnerabilities-in-i-1850347936
Citizen Lab identified three new exploits that targeted iOS users worldwide in 2022. Apple’s Lockdown Mode reportedly worked as promised.
https://www.vice.com/en/article/dy3vxy/sony-world-photography-awards-ai-generated
“I applied as a cheeky monkey, to find out if the competitions are prepared for AI images to enter. They are not,” he wrote. “We, the photo world, need an open discussion. A discussion about what we want to consider photography and what not. Is the umbrella of photography large enough to invite AI images to enter—or would this be a mistake? With my refusal of the award I hope to speed up this debate.”
https://news.yahoo.com/hyundai-kia-thefts-keep-rising-144034139.html
Nearly three months ago, Hyundai and Kia unveiled software that was designed to thwart an epidemic of thefts of their vehicles, caused by a security flaw that was exposed on TikTok and other social media sites.
So far, it hasn’t solved the problem. Across the country, thieves are still driving off with the vehicles at an alarming rate.
…
The companies’ affected cars, many of them lower-cost models from the 2011 to early 2022 model years, were not equipped with a theft immobilizer. Such a device contains a computer chip in the key that must be recognized by another chip in the steering column before the engines will start.
Though most automakers have had the chips for years, Hyundai and Kia have lagged behind the industry as a whole in installing them on many models, thereby allowing thieves to exploit the security gap.
… scientists showed that hibernation can be artificially triggered in rodents using ultrasonic pulses.
The advance is seen as significant because the technique was effective in rats – animals that do not naturally hibernate. This raises the prospect that humans may also retain a vestigial hibernation circuit in the brain that could be artificially reactivated.
“If this proves feasible in humans, we could envision astronauts wearing a helmet-like device designed to target the hypothalamus region for inducing a hypothermia and hypometabolism state,” said Hong Chen, an associate professor at Washington University in St Louis, who led the work.
Decision by Ireland’s privacy regulator will set record for breach of EU’s data protection rules
https://www.nrk.no/kultur/europeisk-forbrukernettverk-advarer-mot-a-bruke-klarna-1.16401582
Forbruker Europa er Forbrukertilsynets avdeling for handel på tvers av landegrensene i EU. De hjelper norske forbrukere som handler fra andre EU-land hvis noe går galt.
I fjor og hittil i år har de sett en økning av klager mot betalingstjenesten Klarna og nå advarer de mot å bruke tjenesten.