Posts with «author_name|amrita khalid» label

FCC cracks down on robocalls originating from small carriers

Starting today, small phone carriers must implement a special caller ID authentication tool that will help identify robocallers, the Federal Communication Commission announced. Known as STIR/SHAKEN, major carriers such as AT&T and Verizon — due to an FCC rule adopted in 2020 — have had the same tool in place since last year. The agency initially gave small carriers a more generous deadline of June 2023 to adopt STIR/SHAKEN, but opted to fast-track adoption because it discovered "a subset of these small voice service providers were originating an increasing quantity of illegal robocalls."

But as a new report from the Electronic Privacy Information Center (EPIC) notes, merely flagging suspected robocalls is not enough to tackle the robocall industry. "The problem is that applying the STIR/SHAKEN methodology requires only that originating providers apply a certification indicating how confident they are that the caller ID displayed in the calls is correct," the report states. Presumably, this means calls can still be routed through gateway carriers from abroad where the FCC's rules don't apply. But as EPIC also mentions, implementing STIR/SHAKEN may help identify spam callers, but there aren't any real metrics in place by which to measure how effective carriers are at stopping the calls. "The FCC’s pending regulatory efforts would continue to require only that providers have procedures in place to mitigate illegal robocalls," the report points out, "with no meaningful and enforceable requirement that these procedures actually be effective."

OpenSea users' email addresses leaked in data breach

NFT marketplace OpenSea shared today that it’s the victim of another data breach — though this time the target is one of its vendors. An employee of its email delivery vendor, Customer.io, allegedly downloaded and shared stored email addresses associated with OpenSea accounts and newsletter subscriptions with an unknown third party. Any OpenSea account holder or newsletter subscriber should assume their email address was among those impacted, according to a blog post by the company’s head of security Cory Hardman. At this time it does not appear any passwords or other personal information was stolen.

The company is working with Customer.io to investigate the matter. “Please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email,” wrote Hardman.

Unlike a previous phishing attack on OpenSea in February that resulted in hundreds of NFTs being stolen, there appears to be no further reported damage beyond the leaked email addresses. Still, the number of people likely impacted by the breach is significant. Hackread noted that 1.8 million users made purchases through the Ethereum network on OpenSea, according to data from Dune Analytics.

Yesterday the company sent emails to OpenSea users who they suspected were involved, warning them to be on the lookout for phishing emails and other scams. Beyond standard advice such as not to download attachments or click on a link from an OpenSea email, users were also warned not to sign wallet transactions directly from an email or to share or confirm secret wallet phrases.

OpenSea data breach. pic.twitter.com/FEtDKsoHje

— eric.eth (@econoar) June 30, 2022

The identity of the third party who received the breached email addresses has not been revealed. A representative from Customer.io toldTechCrunch that the employee behind the breach had “role-specific” access to the OpenSea data that they abused. “We do not believe any other clients’ data has been compromised, but we are continuing to investigate. The employee in question has had all access removed and has been suspended pending the conclusion of our investigation.”

A swarm of Cruise robotaxis blocked San Francisco traffic for hours

A small fleet of Cruise robotaxis in San Francisco suddenly stopped operating on Tuesday night, effectively stopping traffic on a street in the city's Fillmore district for a couple of hours until employees were able to arrive. TechCrunch first noticed a Reddit post that featured a photo of the stalled driverless cabs at the corner of Gough and Fulton streets. Cruise — which is General Motor’s AV subsidiary — only launched its commercial robotaxi service in the city last week. The rides feature no human safety driver, are geo-restricted to certain streets and can only operate in the late evening hours.

Cruise apologized for the incident in a statement, but gave little explanation for what caused the mishap. “We had an issue earlier this week that caused some of our vehicles to cluster together,” a Cruise spokesperson said in a statement to TechCrunch. “While it was resolved and no passengers were impacted, we apologize to anyone who was inconvenienced.”

The GM-backed AV startup won the first driverless taxi permit in a major US city, and began offering San Francisco residents free rides in February. After launching its paid passenger service on June 24, early reviews from Cruise passengers came pouring in. One passenger noted that his Cruise car took an unusually long route to get to his home. Another passenger seemed to have a more positive experience, even leaving a cash tip for the driverless car.

I got to ride in a @Cruise car (named Falafel) as an early paying customer this week! Falafel was an excellent driver and the whole ride felt safe and smooth. I couldn’t find an option to tip Falafel so I just left some coins in the cup holder - hope that’s ok. pic.twitter.com/OYnyTyleYl

— Rob Zimmerman (@robmzimmerman) June 26, 2022

This week’s traffic jam appears to be Cruise’s first major stumbling block, at least for its commercial service. Back in April, police stopped a Cruise car for not having its headlights on. Officers appeared unsure of how to proceed after discovering there was no human behind the wheel.

The State of California requires AV companies to report any collision that involve property damage, bodily harm or death to the DMV, which publishes the data online. A total of 18 reports involving Cruise vehicles have been filed this year.

Almost a quarter of the ocean floor is now mapped

Roughly 25 percent (23.4 percent to be exact) of the Earth’s sea floor has been mapped, thanks to an international initiative known as Seabed 2030. Relying largely on voluntary contributions of bathymetric data (or ocean topography) by governments, companies and research institutions, the project is part of a larger UN-led initiative called The Ocean Decade. Seabed 2030 hopes to map 100 percent of the ocean floor by 2030, which researchers say will be possible thanks to advances in technology and corralling already available data. Over the past year alone, Seabed 2030 has added measurements for around 3.8 million square miles (roughly the size of Europe) primarily through newly opened archives, rather than active mapping efforts.

Scientists believe collecting more bathymetric data will help further our understanding of climate change and ocean preservation efforts. Ocean floor mapping also helps in the detection of tsunamis and other natural disasters. “A complete map of the ocean floor is the missing tool that will enable us to tackle some of the most pressing environmental challenges of our time, including climate change and marine pollution. It will enable us to safeguard the planet’s future,” said Mitsuyuki Unno, executive director of The Nippon Foundation in a press release

As the BBC notes, much of the data used in Seabed 2030 already existed. The group largely relies on contributions from governments and companies, though some of these entities are still reluctant to completely open up their archives for fear of spilling national or trade secrets. 

All the data that Seabed 2030 is collecting will be available to the public online on the GEBCO (General Bathymetric Chart of the Oceans) global grid. Prior to Seabed 2030, very little directly measured ocean floor data was available for public use. Most bathymetric measurements are estimated using satellite altimeter readings, which give a very rough idea of the shape of the sea floor surface. Some scientists believe a global effort to locate the crash of Malaysia Airlines flight MH370 would have been better informed by newer, more precise methods to chart the ocean floor.

Samsung Gaming Hub goes live today with Twitch, Xbox Game Pass and more

The Samsung Gaming Hub is live now on 2022 Samsung smart TVs and smart monitors, and it's adding two services from Amazon to its game-streaming lineup: Twitch and Luna. Twitch is available today, while Luna is coming soon. Gamers will also be able to access Xbox Game Pass now, as well as apps for NVIDIA GeForce NOW, Google Stadia and Utomik in the same designated area on their TVs. The company plans to release details about the gaming hub's rollout to earlier Samsung smart TV models at a later date, a Samsung spokesperson confirmed to Engadget. 

For those who are unfamiliar with the Samsung Gaming Hub, it essentially offers players a way to access major cloud gaming services on their smart TV using only their Bluetooth controller, no console needed. Apps for both Spotify and YouTube are also included in the gaming hub.

Samsung says it plans on delivering even more gaming-focused content in the future, including new partnerships. “With expanding partnerships across leading game streaming services and expert curated recommendations, players will be able to easily browse and discover games from the widest selection available, regardless of platform,” said Won-Jin Lee, president of Samsung’s Service Business Team.

Amazon’s Luna cloud gaming service has only been available to the general public since March, and is already available on Fire TVs. Its partnership with Samsung could give the nascent gaming service an easy way to reach people who have never used it in their homes. Twitch (which is owned by Amazon) once had an app for Samsung smart TVs, but it was retired in 2019. The platform’s return to the newest Samsung smart TVs will be happy news for streamers and their fans.

It seems natural for Samsung to further embrace the gaming community, given that smart TVs have become close to a necessity in gaming. Last year Microsoft announced that it would begin working with global TV manufacturers to directly integrate Xbox into smart TVs via an Xbox with Game Pass app. The idea of an “all-in-one” destination for all your cloud-based and console games is certainly convenient to some, and may help gamers avoid the time and hassle of switching between modes.

Amazon to limit purchases of Plan B and other emergency contraceptive pills

Amazon is limiting sales of Plan B and other emergency contraceptives to three units per customer in the wake of increased demand, the company confirmed to several media outlets. Last week’s US Supreme Court overturning of Roe v. Wade prompted a spike in sales of Plan B and other generic brands of levonorgestrel morning-after pills. 

Customers who order emergency contraception on Amazon still face a bit of a wait. Amazon’s main listing for Plan B (a popular name brand of levonorgestrel made by a company called Foundation Consumer Healthcare) displays an estimated delivery range of July 19 through August 6. MyChoice, a generic brand of levonorgestrel that is cheaper than Plan B displays a delivery date of July 28. Engadget has reached out to Amazon for an estimate on when it will remove its cap on sales, and will update if we hear back. 

Rite-Aid is also capping both online and in-person sales of emergency contraception to three per customer. Walmart has a more generous limit of 10 units of Plan B per customer, and Target limits online sales of Plan B to six orders per customer. Following a temporary cap on sales, both Walgreens and CVS have removed purchase limits on Plan B as of Tuesday evening.

"We continue to have ample supply of emergency contraceptives to meet customer needs," Matt Blanchette, CVS’s senior manager of retail communications toldCNN.

Those who don’t want to turn to Amazon or a major drugstore chain have other online options for Plan. Both Instacart and GoPuff also offer Plan B for same-day delivery. A number of telehealth startups such as Wisp, Nurx and Stix sell generic emergency contraceptive pills (though sales are restricted to certain states). Sales of emergency contraceptive products on Wisp spiked by 40 percent following a leak of the court’s decision back in May, Wisp confirmed to Engadget. Furthermore, sales were 25 times the daily average for May on Friday, the day of the court’s ruling.

“We have been able to meet the current surge in demand. We are not putting any restrictions on emergency contraceptive pills,” noted Wisp CEO Ahmad Bani in a statement to Engadget.

‘Axie Infinity’ relaunches following $625 million hack

After a massive $625 million hack, the cryptocurrency pay-to-earn game Axie Infinity is once again open for business. The hack took advantage of flaws in the Ronin network, an Ethereum sidechain the game's owner, Sky Mavis, propped up to facilitate faster transactions. Surprisingly, the news today is that Axie Infinity will... continue to use Ronin, which has been revived after a few audits. In a blog post, the company described a new “circuit-breaker” system designed to flag “large, suspicious withdrawals,” withdrawal limits and human reviewers. It also promised players that a new land staking feature — which claims to allow the game's owners of digital land to earn passive income — will be released later this week.

In March, a group of hackers pilfered nearly 173,600 Ethereum and nearly 26 million USDC (worth roughly $26 million) from the game’s network. US officials have since linked the North Korean-backed hacking group Lazarus to the heist. Last week Sky Mavis said it would begin reimbursing the victims of the hack — but didn't account for Ethereum’s drop in value over the past three months, which means that users would only recover about a third of their losses. In all, Sky Mavis is returning $216.5 million in funds to its users.

Moving forward, Axie Infinity players are warned not to send funds directly to Ronin Bridge’s smart contract address. “The Ronin Bridge should only be accessed and used for deposits/withdrawals through the Ronin Bridge UI. Any funds sent directly to the Ronin Bridge’s contract addresses will be permanently lost," wrote the company in its post.

Esports.net recently pointed out a flaw in Axie Infinity’s design — a drop in the number of players causes the value of its in-game currency to plummet. Bloomberg noted earlier this month that the game’s user base has declined by 40 percent since the hack. As of this writing, the value of AXS is at $15.30 (a drop from its high of $160.36 in July 2021) and the value of SLP is at 0.0039 (down from an all-time high of 0.364).

Hummer EV's obstacle-avoiding Extract Mode adds six inches of ride height

GMC Hummer EV owners will soon be able to raise their 9,000-pound vehicle nearly six additional inches in the air, all due to a simple software update. Over the new few weeks, GMC will be adding a new “Extract Mode” — which lets drivers elevate their vehicle to avert off-road obstacles — to all First Edition models of the all-electric pickup truck. Essentially, Extract Mode lets drivers elevate their vehicle so they can avert off-road obstacles. 

As fun as the feature sounds, drivers should take heed that the suspension mode can only be used at low speeds. Also, frequent use of the feature will result in your vehicle needing to cool off before being suspended again. In total, Extract Mode will allow for 15.9 inches of ground clearance for the vehicle, which will give it an edge over other off-road capable vehicles like the Rivian R1T, Ram TRX, F150 Raptor and Bronco Raptor. For a preview of Extract Mode in action, check out the video below.

Unfortunately, only a handful of GMC Hummer EV owners will be able to actually try out the feature. As Electreknotes, demand for the Hummer has far exceeded GMC’s expectations and the automaker is struggling to ramp up production. Only one Hummer EV was delivered last year, and the automaker has received over 65,000 reservations for its Hummer EV pickups and SUVs. If you’re in the market for a first edition pickup, you’re out of luck: reservations for the roughly $110,000 vehicle are full. And if you spring for a slightly cheaper model, you could be due for a two-year wait.

Court OKs lawsuit by woman who says she helped create Pinterest

Pinterest must now face a lawsuit from a former friend of one of its founders who claims she helped create the platform. Bloombergreported that Alameda County Superior Court Judge Richard Seabolt on Thursday denied the company’s motion to dismiss the lawsuit. Christine Martinez, the plaintiff, claims she was asked by co-founder Ben Silbermann to help revive the app. The digital market strategist claims to have developed features tied to Pinterest’s Boards and created a marketing plan to enlist bloggers to promote the platform, among other contributions. 

Martinez filed a lawsuit against the company in September, and Pinterest filed the motion to dismiss in December. The company argued that Martinez’s claims are too old to fall within the statute of limitations. Seabolt disagreed with this and said Martinez “sufficiently alleges” that she and the Pinterest founders agreed to deferred compensation. Pinterest went public in 2019, an event that Seabolt deemed “transformative” and in his view sealed the company's obligation to pay Martinez.

In a statement to Engadget, Pinterest's chief communications officer LeMia Jenkins Thompson noted that the court dismissed several of Martinez's claims. Thompson also stated that, "as the facts come out, we are confident the evidence will confirm that Plaintiff’s claims are meritless and that the rest of this baseless lawsuit should be dismissed." 

According to the New York Times, Martinez was never formally employed at nor did she ever sign a written contract with the San Francisco-based company. Instead, Martinez argues that the agreement was implied, based on her discussions with Sciarra and Silbermann.

Martinez, who is a former lifestyle blogger and founder of an eccomerce startup, told the Times she was eager to help friends. “[...The Pinterest co-founders] had no marketing background or expertise in creating a product for women.”

Bungie sues 'Destiny 2' YouTuber who issued almost 100 fake DMCA claims

In December of last year, a YouTuber by the name of Lord Nazo received copyright takedown notices from CSC Global — the brand protection vendor contracted by game creator Bungie — for uploading tracks from their game Destiny 2's original soundtrack. While some content creators might remove the offending material or appeal the copyright notice, Nazo, whose real name is Nicholas Minor, allegedly made the ill-fated decision to impersonate CSC Global and issue dozens of fake DMCA notices to his fellow creators. As first spotted by The Game Post, Bungie is now suing him for a whopping $7.6 million.

“Ninety-six times, Minor sent DMCA takedown notices purportedly on behalf of Bungie, identifying himself as Bungie’s 'Brand Protection' vendor in order to have YouTube instruct innocent creators to delete their Destiny 2 videos or face copyright strikes," the lawsuit claims, "disrupting Bungie’s community of players, streamers, and fans. And all the while, 'Lord Nazo' was taking part in the community discussion of 'Bungie’s' takedowns." Bungie is seeking “damages and injunctive relief” that include $150,000 for each fraudulent copyright claim: a total penalty of $7,650,000, not including attorney’s fees.

The game developer is also accusing Minor of using one of his fake email aliases to send harassing emails to the actual CSC Global with the subject lines such as “You’re in for it now” and “Better start running. The clock is ticking.” Minor also allegedly authored a "manifesto" that he sent to other members of the Destiny 2 community — again, under an email alias — in which he "took credit" for some of his activities. The recipients promptly forwarded the email to Bungie.

As detailed in the lawsuit, Minor appears to have done the bare minimum to cover his tracks: the first batch of fake DMCA notices used the same residential IP address he used to log-in to both his Destiny and Destiny 2 accounts, the latter of which shared the same Lord Nazo username as his YouTube, Twitter and Reddit accounts. He only switched to a VPN on March 27th — following media coverage of the fake DMCA notices. Meanwhile, Minor allegedly continued to log-in to his Destiny account under his original IP address until May.