Month: March 2022

Enlarge (credit: Bungie)

Bungie slammed YouTube’s Digital Millennium Copyright Act (DMCA) process in a lawsuit against 10 John Doe defendants accused of sending fraudulent takedown notices against Destiny 2 videos.

“Doe Defendants were able to do this because of a hole in YouTube’s DMCA-process security, which allows any person to claim to be representing any rights holder in the world for purposes of issuing a DMCA takedown,” Bungie wrote in a complaint filed Friday in US District Court for the Western District of Washington. Bungie continued:

In other words, as far as YouTube is concerned, any person, anywhere in the world, can issue takedown notices on behalf of any rights holder, anywhere. A disgruntled infringer or a competitive content producer, for example, can issue takedown notices purportedly on behalf of Disney, or Fox, or Universal—or even Google itself. All they need to do is: (1) fill out the video removal form… (2) have a Google account—including, upon information and belief, one created that same day and with fake information; and (3) fill out information and click verification buttons fraudulently certifying that they have the right to submit the takedown request, with no verification done by YouTube.

While YouTube and its owner Google were not named as defendants, they feature heavily throughout Bungie’s complaint. The 10 Doe defendants haven’t been identified yet because of “the Byzantine procedural labyrinth Google required before it would address the fraud its users were committing, let alone identify who its fraudsters were,” Bungie wrote.

Enlarge / Activists from the environmental organization Greenpeace demonstrate in the Baltic Sea in front of a ship carrying Russian oil on March 23, 2022. (credit: Frank Molter/picture alliance)

First there was the Russian oligarch jet tracker; then there was the Russian oligarch yacht tracker; now there’s the Russian oil tanker tracker.

The new tool comes from data scientists at Greenpeace UK, who created an automated bot that draws from public data to tweet about the movements of oil and gas tankers leaving Russian ports. The goal, Greenpeace says, is to cut off one of Russia’s main revenue sources that’s helping fuel President Vladimir Putin’s war in Ukraine.

Russia draws considerable revenue from oil and gas—about 40 percent of its federal budget relies on fossil fuel royalties—which means that tankers fulfilling contracts are essentially contributing to Russia’s war machine. By tweeting the origin, identity, and destination of tankers that have docked at Russian ports, Greenpeace is hoping to shame companies and countries into shunning oil and gas purchases from the country.

Enlarge / Samsung is selling the monitor in (clockwise from top left): Sunset Pink, Warm White, Spring Green, and Daylight Blue. (credit: Samsung)

Samsung’s M8 monitor, announced on Monday, is being positioned to replace your USB webcam and smart TV. The 32-inch 4K smart monitor has a wireless webcam that you can remove and attach via magnets. The TV also features built-in apps, including Netflix and Hulu, that work without a PC connection.

The M8’s 1080p webcam attaches to a holster in the camera via a four-pin connector, a Samsung rep told Ars Technica. The holster is connected to a port on the monitor, giving the camera power and connecting it to the PC. As such, it appears the camera won’t work with another monitor. Once in place, you can tilt the camera or remove it for privacy when it’s not in use.

This differs from a magnetic, wireless webcam prototype Dell showed us in December. Dell’s concept cam detached from the monitor so you could place it in the ideal location, such as the center of the monitor, for the perfect angle. Samsung’s magnetic webcam attempts to help you find the perfect angle through face tracking and auto-zoom.

Enlarge (credit: Getty Images)

Multifactor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key, or one-time password—before they can access an account. Nothing in this article should be construed as saying MFA isn’t anything other than essential.

That said, some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.

Enter MFA prompt bombing

The strongest forms of MFA are based on a framework called FIDO2, which was developed by a consortium of companies balancing the needs of both security and simplicity of use. It gives users the option of using fingerprint readers or cameras built into the devices or dedicated security keys to confirm they are authorized to access an account. FIDO2 forms of MFA are relatively new, so many services for both consumers and large organizations have yet to adopt them.