Ian Freeman, a New Hampshire man in his 40s, has been sentenced to eight years in prison for running an unlicensed bitcoin exchange business. He will also be fined at least $40,000, although the exact amount still has to be determined in a hearing. The Associated Press reports: Ian Freeman was taken away in handcuffs following his sentencing in U.S. District Court in Concord. Prosecutors said Freeman, a libertarian activist and radio show host, created a business that catered to fraudsters who targeted elderly women with romance scams, serving as "the final step in permanently separating the victims from their money." Freeman, who is in his 40s, said in court he did not believe he broke the law. He said he was trying to get people to adopt bitcoin. He said there were times he detected fraud and protected many potential scam victims. He apologized for not being able to help them all. "I don't want people to be taken advantage of," said Freeman, who said he cooperated with law enforcement to help some people get their money back.

Freeman said he devised a series of questions for customers, including whether a third party was putting them up to their transactions or if they were under duress. Some victims lied about their circumstances, he said. Freeman also said he didn't learn about scam victims until he saw their stories in the news. "It didn't matter how strict I was or how many questions I asked," he said. After a two-week trial, he was convicted of eight charges in December, although his conviction on a money laundering charge was later overturned by the judge. The prosecution is appealing it to the 1st Circuit Court of Appeals.

Freeman was sentenced on the remaining charges, which include operating an unlicensed money transmitting business and conspiracy to commit money laundering and wire fraud. Freeman's lawyers said they planned to appeal and asked that he remain free on bail for now, but U.S. District Court Judge Joseph LaPlante didn't allow it. The sentencing guidelines called for much longer term, ranging from about 17 years to nearly 22 years in prison.

dcblogs writes: The U.S. Supreme Court declined to hear a challenge against the Optional Practical Training (OPT) program, which allows STEM graduates to work in the U.S. for up to three years on a student F-1 visa. John Miano, the attorney representing WashTech, the labor group that brought the appeal, called the decision "staggering." He said it "strips Congress of the ability to control nonimmigrant programs," such as OPT, the H-1B program, and other programs designed to provide temporary guest workers. In the most extreme example of what the decision may allow, Miano said it theoretically enables the White House to let people on tourist visas work. The decision "gives more authority to the federal government to do what it wants," he said.

The OPT program permits STEM (Science, Technology, Engineering, and Math) graduates to work for up to three years under a student F-1 visa. Critics of the program said it brought unfair competition to the U.S. labor market. Ron Hira, an associate professor of Public Policy at Howard University, said the U.S. administration of the OPT program is so poor that "the program has effectively no controls, accountability, or worker protections."

A group of Senate Republicans, including U.S. Sen. Ted Cruz, argued in briefs filed with the court that the federal government was using the OPT program to sidestep the annual H-1B visa cap. More than 30 Republican House members also filed a brief in support.

An anonymous reader quotes a report from The Guardian: Britain's passport database could be used to catch shoplifters, burglars and other criminals under urgent plans to curb crime, the policing minister has said. Chris Philp said he planned to integrate data from the police national database (PND), the Passport Office and other national databases to help police find a match with the "click of one button." But civil liberty campaigners have warned the plans would be an "Orwellian nightmare" that amount to a "gross violation of British privacy principles".

Foreign nationals who are not on the passport database could also be found via the immigration and asylum biometrics system, which will be part of an amalgamated system to help catch thieves. The measures have been deemed controversial by campaigners as the technology could get a match even if images are blurred or partially obscured. Speaking at a fringe event of the Conservative party conference hosted by the Policy Exchange thinktank, Philp said: "I'm going to be asking police forces to search all of those databases -- the police national database, which has custody images, but also other databases like the passport database -- not just for shoplifting but for crime generally to get those matches, because the technology is now so good that you can get a blurred image and get a match for it.

"Operationally, I'm asking them to do it now. In the medium term, by which I mean the next two years, we're going to try and create a new data platform so you can press one button [and it] lets you search it all in one go. Until the new platform is created, he said police forces should search each database separately. [...] Philp said he has already ordered police forces that have access to the passport database to start searching it alongside the police national database, which stores custody images. Officers will be able to compare those facial images against CCTV, dashcam and doorbell technology to help find a match for criminals as prosecution rates are at record lows. He later added: "I would also just remind everyone that the wider public, including shop staff and security guards, do have the power of citizen's arrest and where it's safe to do so I would encourage that to be used. Because if you do just let people walk in and take stuff and walk out without proper challenge, including potentially a physical challenge, then it will just escalate."

Bill Omar Carrasquillo, better known by his YouTube name Omi In a Hellcat, has been arrested after the feds found Carrasquillo had amassed a $30 million fortune with a large-scale piracy scheme in which he was buying and reselling copyrighted material from cable TV. Jalopnik reports: He was sentenced to five years in prison for "piracy of cable TV, access device fraud, wire fraud, money laundering, and hundreds of thousands of dollars of copyright infringement," along with having to forfeit his millions and pay $15 million in restitution. Those millions helped pay for the car collection now going up for auction.

[Road & Track reports Omi In A Hellcat's entire 57 vehicle collection is up for auction.] As of this writing, the auction features 32 cars and 25 bikes and off road vehicles. Despite his crimes, the man had decent taste in cars. There's good stuff to be had like.

This week America's Department of Energy announced $264 million for 29 projects as part of its Energy Earthshots Initiative "to advance clean energy technologies within the decade."

The funding will support 11 new research centers — along with 18 university research teams — studying things like industrial decarbonization, carbon storage, and offshore wind energy. The ultimate goal is a clean-energy revolution that will "accelerate innovations toward more abundant, affordable, and reliable clean energy solutions."

One ambitious example: The Department of Energy's Oak Ridge National Laboratory has been selected to lead an Energy Earthshot Research Center focused on developing chemical processes that use sustainable methods instead of burning fossil fuels to radically reduce industrial greenhouse gas emissions to stem climate change and limit the crisis of a rapidly warming planet... The ORNL-led Non-Equilibrium Energy Transfer for Efficient Reactions center, or NEETER, will coordinate a research team from across the nation focused on replacing bulk heating for chemical processes with electrified means, providing a new way to do chemistry, and decarbonizing large-scale processes in the chemical industry. DOE has committed $19 million over four years for the center...

The scientists, in addition to using their own laboratories, will use Department of Energy Office of Science user facilities, including ORNL's Oak Ridge Leadership Computing Facility, Spallation Neutron Source, High Flux Isotope Reactor, and Center for Nanophase Materials Sciences. They will also include the beam line at Stanford's SLAC National Accelerator Laboratory. NEETER's proposed research is a radical departure from traditional chemistry and holds promise for transformational breakthroughs in energy-related chemical reactions. The NEETER EERC addresses the Department of Energy's Industrial Heat Shot announced in 2022, which aims to develop cost-competitive industrial heat decarbonization technologies with at least 85% lower greenhouse gas emissions by 2035. This EERC will employ new kinds of chemical catalysis as one pathway toward electrifying the delivery of process heat.
The projects include:

• Investigating hydrogen arc plasmas for carbon-free steelmaking

• Using exascale computer simulations and observations to produce more resilient clean energy systems.

• The University of Florida has reportedly teamed with Switzerland-based Synhelion to "research the production of green hydrogen, aiming for a lower cost to produce."

• The Center for Understanding Subsurface Signals and Permeability will attempt research to "advance enhanced geothermal systems with the goal of making them a widely accessible and reliable source of renewable energy"

• Another research center (also lead by the Pacific Northwest National Laboratory) will research effort to "make floating offshore wind a long-term viable energy source."

"Our Energy Earthshots are game-changing endeavors to unleash the technologies of the clean energy transition and make them accessible, affordable, and abundant," said U.S. Secretary of Energy Jennifer M. Granholm. "The Energy Earthshot Research Centers and the related work happening on college campuses around the country will be instrumental in developing the clean energy and decarbonization solutions we need to establish a 100% clean grid and beat climate change."

America's Department of Justice "has finally posted what judge Amit Mehta described at the Google search antitrust trial as an 'embarrassing' exhibit that Google tried to hide from the public," reports Ars Technica: The document in question contains meeting notes that Google's vice president for finance, Michael Roszak, "created for a course on communications," Bloomberg reported. In his notes, Roszak wrote that Google's search advertising "is one of the world's greatest business models ever created" with economics that only certain "illicit businesses" selling "cigarettes or drugs" "could rival."

At trial, Roszak told the court that he didn't recall if he ever gave the presentation. He said that the course required that he tell students "things I don't believe as part of the presentation." He also claimed that the notes were "full of hyperbole and exaggeration" and did not reflect his true beliefs, "because there was no business purpose associated with it." According to Bloomberg, Google repeatedly objected to the document being shared in court, claiming it was irrelevant to the DOJ's case. Then, after Mehta allowed the DOJ to present the document as evidence, Google tried to seal off Roszak's testimony on the document...

Beyond likening Google's search advertising business to illicit drug markets, Roszak's notes also said that because users got hooked on Google's search engine, Google was able to "mostly ignore the demand side" of "fundamental laws of economics" and "only focus on the supply side of advertisers, ad formats, and sales." This was likely the bit that actually interested the DOJ. "We could essentially tear the economics textbook in half," Roszak's notes said. Part of the DOJ's case argues that because Google has a monopoly over search, it's less incentivized to innovate products that protect consumers from harm like invasive data collection.

A Google spokesman told Bloomberg that Roszak's statements "don't reflect the company's opinion" and "were drafted for a public speaking class in which the instructions were to say something hyperbolic and attention-grabbing." The spokesman also noted that Roszak "testified he didn't believe the statements to be true."

"San Francisco's downtown has lost roughly 150,000 daily workers since the pandemic," reports the San Francisco Chronicle.

But on the bright side, "Some of San Francisco's empty office buildings are one step closer to being converted into residential units," reports SFGate: The owners of eight San Francisco office buildings responded to a request from the city for landlords interested in converting their properties into condos or apartments, the San Francisco Chronicle reported... The properties would yield about 1,100 units if they were to all be converted, according to the Chronicle. All of the buildings are located in neighborhoods downtown, including the Civic Center area and the Financial District...

Converting offices to housing is a notably difficult process, especially in San Francisco, where the city's tedious permitting and approvals process has deterred many landlords from pursuing the process entirely. However, that could soon change: The request for interest put forth by the city was part of an initiative intended to jump-start office-to-housing conversions that was announced in June. In March, Mayor London Breed and the Board of Supervisors introduced legislation that would facilitate these conversions by exempting certain downtown buildings from housing requirements that are more difficult to apply to former offices, like rear yard space and a variety of unit types.
Or, as the Chronicle puts it, "The much-discussed push to revive downtown San Francisco by converting empty office buildings to housing is starting to gather real-world momentum, with property owners looking to take advantage of a political climate in which the mayor and Board of Supervisors are desperate to activate the city's struggling central neighborhoods." While converting eight commercial buildings totaling less than 1 million square feet would not put much of a dent in the historic 33.9% office vacancy — more than 30 million square feet of space — the interest is indicative that an increasing number of landlords are accepting the reality that the pandemic and remote work has rendered some buildings obsolete. "We were pleased with the responses — it was more than we had expected, and there was a good variety of buildings," said Anne Taupier, director of development for the city's Office of Economic and Workforce Development. "We think there is a chance to see some game-changing activation...."

Taupier said that all of the property owners said that recent legislation streamlining and lowering affordable housing requirements would be key to making conversions possible. Most of them would be candidates for Mills Act tax credits, which allow cities to reduce taxes for 10 years or more to owners of historic properties.
One of the biggest applications came from Mark Shkolnikov's Group I. "The support from the city has just been remarkable," Shkolnikov said. "They have been frequently checking in to see what they can do to help move this along.

Anyone who has used H&R Block's tax return preparation services since 2015 "may have unintentionally helped line Meta and Google's pocket," reports Gizmodo: That's according to a new class action lawsuit which alleges the three companies "jointly schemed" to install trackers on the H&R Block site to scan and transmit tax data back to the tech companies which then used elements of the data to engage in targeted advertising.

Attorneys bringing the case forward claim the three companies' conduct amounts to a "pattern of racketeering activity" covered under the Racketeer Influenced and Corrupt Organizations Act (RICO), a tool typically reserved for organized crime. "H&R Block, Google, and Meta ignored data privacy laws, and passed information about people's financial lives around like candy," Brent Wisner, one of the attorneys bringing forward the complaint said.

The lawsuit, filed in the Northern District of California this week, stems from a bombshell Congressional report released earlier this year detailing the way multiple tax preparation firms, including H&R Block, "recklessly" shared the sensitive tax data of tens of millions of Americans without proper safeguards. At issue are the tax preparation firms' use of tracking "pixels" placed on their websites. These trackers, which the lawsuit refers to as "spy cams" would allegedly scan tax documents and reveal a variety of personal tax information, including a filer's name, filing status, federal taxes owed, address, and number of dependents. That data was then anonymized and used for targeted advertising and to train Meta's AI algorithms, the congressional report notes.
The attorneys argue that H&R Block, Meta, and Google "explicitly and intentionally" entered into an agreement to violate taxpayers' privacy rights for financial gain, according to the article. The suit seeks refunds and punitive damages.

Kotaku reports: A newly unsealed FBI indictment accuses a former analyst at Goldman Sachs of insider trading, including allegedly using an Xbox to pass tips onto his close friends. The friend group earned over $400,000 in ill-gotten gains as a result, federal prosecutors claim. "There's no tracing [Xbox 360 chat]," the analyst allegedly told his friend who was worried they might be discovered.

He appears to have made a grave miscalculation.

The FBI arrested Anthony Viggiano and alleged co-conspirator Christopher Salamone, charging them with securities fraud on September 28. Viggiano is accused of using his previous position at Goldman Sachs to share trading tips with Salamone and others. Salamone has already pleaded guilty. Bloomberg reports that this is the fifth incident in recent years of a person associated with the investment bank allegedly using their position to do crimes...

Probably best to keep the crime talk on Xbox to a minimum either way, especially now that Microsoft is using AI to monitor communications for illicit and toxic activities.
In a statement an FBI official said "This indictment is yet another example of individuals believing they can get away with benefiting from trading on material non-public information.

The Associated Press reports: The National Security Agency is starting an artificial intelligence security center -- a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems, the agency's outgoing director announced Thursday. Army Gen. Paul Nakasone said the center would be incorporated into the NSA's Cybersecurity Collaboration Center, where it works with private industry and international partners to harden the U.S. defense-industrial base against threats from adversaries led by China and Russia.

Nakasone was asked about using AI to automate the analysis of threat vectors and red-flag alerts -- and he reminded the audience that U.S. intelligence and defense agencies already use AI. "AI helps us, But our decisions are made by humans. And that's an important distinction," Nakasone said. "We do see assistance from artificial intelligence. But at the end of the day, decisions will be made by humans and humans in the loop."

Nakasone said it would become "NSA's focal point for leveraging foreign intelligence insights, contributing to the development of best practices guidelines, principles, evaluation, methodology and risk frameworks" for both AI security and the goal of promoting the secure development and adoption of AI within "our national security systems and our defense industrial base." He said it would work closely with U.S. industry, national labs, academia and the Department of Defense as well as international partners.

An anonymous reader quotes a report from the BBC: What I felt was fear," says Claudia Duarte Agostinho as she remembers the extreme heatwave and fires that ripped through Portugal in 2017 and killed more than 100 people. "The wildfires made me really anxious about what sort of future I would have." Claudia, 24, her brother Martim, 20, and her sister Mariana, 11, are among six young Portuguese people who have filed a lawsuit against 32 governments, including all EU member states, the UK, Norway, Russia, Switzerland and Turkey. They accuse the countries of insufficient action over climate change and failing to reduce their greenhouse gas emissions enough to hit the Paris Agreement target of limiting global warming to 1.5C. The case is the first of its kind to be filed at the European Court of Human Rights (ECHR) in Strasbourg. If it is successful, it could have legally-binding consequences for the governments involved. The first hearing in the case is being held on Wednesday.

Aged from 11 to 24, the six claimants argue that the forest fires that have occurred in Portugal each year since 2017 are a direct result of global warming. They claim that their fundamental human rights -- including the right to life, privacy, family life and to be free from discrimination -- are being violated due to governments' reluctance to fight climate change. They say they have already been experiencing significant impacts, especially because of extreme temperatures in Portugal forcing them to spend time indoors and restricting their ability to sleep, concentrate or exercise. Some also suffer from eco-anxiety, allergies and respiratory conditions including asthma. None of the young applicants is seeking financial compensation.

Lawyers representing the six young claimants are expected to argue in court that the 32 governments' current policies are putting the world on course for 3C of global warming by the end of the century. [...] In separate and joint responses to the case, the governments argue that the claimants have not sufficiently established that they have suffered as a direct consequence of climate change or the Portuguese wildfires. They claim there is no evidence to show climate change poses an immediate risk to human life or health, and also argue that climate policy is beyond the scope of the European Court of Human Rights jurisdiction. "These six young people from Portugal, who are ordinary individuals concerned about their future, will be facing 32 legal teams, hundreds of lawyers representing governments whose inaction is already harming them," says Gearoid O Cuinn, director of Global Legal Action Network (GLAN).

"So this is a real David vs Goliath case that is seeking a structural change to put us on a much better track in terms of our future."

An anonymous reader quotes a report from the Associated Press: The Supreme Court agreed Friday to decide whether state laws that seek to regulate Facebook, TikTok, X and other social media platforms violate the Constitution. The justices will review laws enacted by Republican-dominated legislatures and signed by Republican governors in Florida and Texas. While the details vary, both laws aim to prevent the social media companies from censoring users based on their viewpoints. The court's announcement, three days before the start of its new term, comes as the justices continue to grapple with how laws written at the dawn of the digital age, or earlier, apply to the online world.

The justices had already agreed to decide whether public officials can block critics from commenting on their social media accounts [...]. Separately, the high court also could consider a lower-court order limiting executive branch officials' communications with social media companies about controversial online posts. The new social media cases follow conflicting rulings by two appeals courts, one of which upheld the Texas law, while the other struck down Florida's statute. By a 5-4 vote, the justices kept the Texas law on hold while litigation over it continues.

Slash_Account_Dot writes: I recently got my hands on an ordinary-looking iPhone-to-HDMI adapter that mimics Apple's branding and, when plugged in, runs a program that implores you to "Scan QR code for use." That QR code takes you to an ad-riddled website that asks you to download an app that asks for your location data, access to your photos and videos, runs a bizarre web browser, installs tracking cookies, takes "sensor data," and uses that data to target you with ads. The adapter's app also kindly informed me that it's sending all of my data to China.

The cord was discovered by friend of 404 Media John Bumstead, an electronics refurbisher and artist who buys devices in bulk from electronics recyclers. Bumstead tweeted about the cord and was kind enough to send me one so I could try it myself. Joseph has written about malicious lightning cables and USB cables made by hackers that can be used for keystroke logging and spying. While those malicious lightning cables are products marketed for spying, the HDMI adapter Bumstead has been found in the wild and is just another crappy knockoff cable sold on Amazon's increasingly difficult to navigate website. This HDMI adapter is designed to look exactly like Apple's same adapter.

Three Arrows Capital co-founder Su Zhu was apprehended in Singapore while trying to leave the country on Friday. From a report: Teneo, which is liquidating the defunct firm's estate, said it received a committal order against Zhu after he failed to comply with an earlier Singapore court order compelling him to cooperate with the liquidation investigation. The order sentenced Zhu to four months in prison, according to a statement by Teneo. Zhu was apprehended at Singapore's Changi Airport on Friday afternoon, Teneo said, adding that the Sept. 25 order also saw Zhu's co-founder Kyle Davies receive the same sentence. Zhu didn't immediately respond to a request for comment.

An anonymous reader quotes a report from the Associated Press: New York state banned the use of facial recognition technology in schools Wednesday, following a report that concluded the risks to student privacy and civil rights outweigh potential security benefits. Education Commissioner Betty Rosa's order leaves decisions on digital fingerprinting and other biometric technology up to local districts. The state has had a moratorium on facial recognition since parents filed a court challenge to its adoption by an upstate district.

[A]n analysis by the Office of Information Technology Services issued last month "acknowledges that the risks of the use of (facial recognition technology) in an educational setting may outweigh the benefits." The report, sought by the Legislature, noted "the potentially higher rate of false positives for people of color, non-binary and transgender people, women, the elderly, and children." It also cited research from the nonprofit Violence Project that found that 70% of school shooters from 1980 to 2019 were current students. The technology, the report said, "may only offer the appearance of safer schools."

Biotechnology would not stop a student from entering a school "unless an administrator or staff member first noticed that the student was in crisis, had made some sort of threat, or indicated in some other way that they could be a threat to school security," the report said. The state report found that the use of digital fingerprinting was less risky and could be beneficial for school lunch payments and accessing electronic tablets and other devices. Schools may use that technology after seeking parental input, Rosa said. "Schools should be safe places to learn and grow, not spaces where they are constantly scanned and monitored, with their most sensitive information at risk," said Stefanie Coyle, deputy director of the NYCLU's Education Policy Center.

An anonymous reader quotes a report from the Japan Times: From Oct. 1, a new tax regulation decades in the making will go into effect -- and hundreds of thousands of workers in Japan are angry. The Qualified Invoicing System, which requires taxable businesses to issue invoices containing tax information for transactions, has generated a full-fledged movement against it. A petition on Change.org to halt the regulation has received nearly 450,000 signatures. The social movement [...] has held regular demonstrations and conferences advocating against the law, alongside significant protest from the world of pop culture: Animators, filmmakers, voice actors, manga artists and V-tubers of all stripes have joined together against it.

While the law is complex, the reason it's hated is not: It's effectively a tax increase. While the system was created to ensure that businesses will properly pay consumption tax, for many freelancers and small businesses the result will amount to a 10% increase in taxes -- a high enough jump to potentially devastate creatives who already make a living by the narrowest of margins. [...] Those who have already registered as taxable businesses or sole proprietors with sales of over 10 million yen are required to register for the system. Small freelancers and tax-exempt businesses, however, will need to consider carefully what to do. "Tax compliance will be the biggest issue for freelancers," [says Fumiko Mizoguchi, indirect tax service country leader at Deloitte]. "If freelancers agree to issue qualified invoices, they should offer the counter-suggestion that their prices will increase 10% as a result."

Meanwhile, the protest movement is steady on the ground in Tokyo. Voiction, which has been meeting with legislators to try to halt the law, plans on continuing to fight through the rest of the year and beyond. [Voice actress Yuhko Kaida] explains that the government could still decide to allow small businesses to not file 2023's consumption tax in March 2024, when taxes are due. "If we have the willpower, we can stop this law," Kaida says. "Then we can reduce the damage to people's lives."

samleecole writes: A food delivery robot company that delivers for Uber Eats in Los Angeles provided video filmed by one of its robots to the Los Angeles Police Department as part of a criminal investigation, 404 Media has learned. The incident highlights the fact that delivery robots that are being deployed to sidewalks all around the country are essentially always filming, and that their footage can and has been used as evidence in criminal trials. Emails obtained by 404 Media also show that the robot food delivery company wanted to work more closely with the LAPD, which jumped at the opportunity.

Apple said it has asked the US Supreme Court to review a judge's ruling from two years ago that could diminish the billions of dollars in revenue its App Store generates by letting app developers direct users to alternative payment methods. From a report: Apple's request to the high court on Thursday is its latest salvo in a drawn-out battle with Epic Games over how the iPhone maker runs its app marketplace. App Store revenue is lucrative for Apple, with developers charged a commission of as much as 30% for sales of digital goods and services -- a fee that the maker of the popular Fortnite game is trying to avoid paying. At the same time, years of complaints from app developers and scrutiny from governments globally have already forced Apple to rewrite some of the rules protecting its dominance in the $160 billion app distribution marketplace.

Apple's request comes a day after Epic petitioned the Supreme Court to review a separate part of the ruling, that App Store policies don't violate federal antitrust laws. Apple's filing couldn't immediately be confirmed in court records. The Supreme Court, per its regular schedule, could decide by the end of the year or early next year whether it will take up either or both of the petitions. In a mixed ruling in September 2021 following a trial, a federal judge in Oakland, California, largely rejected Epic's claims that Apple's online marketplace policies violated federal law by barring third-party app marketplaces on its operating system. But she also found that Apple flouted California state law by blocking developers from letting consumers know about alternative payment methods. The 9th US Circuit Court of Appeals affirmed the trial judge's decision in April.

The U.S. government on Wednesday sued eBay, accusing the online platform of violating the Clean Air Act and other environmental laws by allowing the sale of several harmful products, including devices that defeat automobile pollution controls. From a report: EBay could face billions of dollars in penalties, including up to $5,580 for each Clean Air Act violation, according to the government's complaint filed in the federal court in Brooklyn, New York. The Department of Justice said eBay illegally allowed the sale of at least 343,011 aftermarket "defeat" devices that help vehicles generate more power and get better fuel economy by evading emissions controls.

EBay was also accused of allowing the sale of at least 23,000 unregistered, misbranded or restricted-use pesticides, violating a 2020 "stop sale" order from the U.S. Environmental Protection Agency. The San Jose, California-based company also allegedly distributed 5,614 paint and coating removal products containing methylene chloride, a potentially lethal chemical linked to brain and liver cancer and non-Hodgkin lymphoma. "EBay has the power, the authority, and the resources to stop the sale of these illegal, harmful products on its website," the complaint said. "It has chosen not to; instead, it has chosen to engage in these illegal transactions."

An anonymous reader quotes a report from Ars Technica: GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper (PDF) published Tuesday. The cross-origin attack allows a malicious website from one domain -- say, example.com -- to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. [...]

GPU.zip works only when the malicious attacker website is loaded into Chrome or Edge. The reason: For the attack to work, the browser must:

1. allow cross-origin iframes to be loaded with cookies
2. allow rendering SVG filters on iframes and
3. delegate rendering tasks to the GPU

For now, GPU.zip is more of a curiosity than a real threat, but that assumes that Web developers properly restrict sensitive pages from being embedded by cross-origin websites. End users who want to check if a page has such restrictions in place should look for the X-Frame-Options or Content-Security-Policy headers in the source. "This is impactful research on how hardware works," a Google representative said in a statement. "Widely adopted headers can prevent sites from being embedded, which prevents this attack, and sites using the default SameSite=Lax cookie behavior receive significant mitigation against personalized data being leaked. These protections, along with the difficulty and time required to exploit this behavior, significantly mitigate the threat to everyday users. We are in communication and are actively engaging with the reporting researchers. We are always looking to further improve protections for Chrome users."

An Intel representative, meanwhile, said that the chipmaker has "assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third-party software." A Qualcomm representative said "the issue isn't in our threat model as it more directly affects the browser and can be resolved by the browser application if warranted, so no changes are currently planned." Apple, Nvidia, AMD, and ARM didn't comment on the findings.

An informational write-up of the findings can be found here.