Just another news site
Amazon eröffnet die Outdoor- und Camping-Saison mit einem Preissturz beim meistverkauften Zelt. Das Angebot ist befristet. (Technik/Hardware)
Amazon eröffnet die Outdoor- und Camping-Saison mit einem Preissturz beim meistverkauften Zelt. Das Angebot ist befristet. (Technik/Hardware) Late January, the U.S. Department of Commerce published a notice of proposed rulemaking for establishing new requirements for Infrastructure as a Service providers (IaaS) . The proposal boils down to a ‘Know Your Customer’ regime for companies operating cloud services, with the goal of countering the activities of “foreign malicious actors.” Yet, despite an overseas focus, Americans won’t be able to avoid the proposal’s requirements, which covers CDNs, virtual private servers, proxies, and domain name resolution services, among others.
From: TF, for the latest news on copyright battles, piracy and more.
It’s long been the case that access to certain services, whether on or offline, will only be granted when customers prove their identity.
Often linked to financial products but in many cases basic money/goods transactions carried out online, handing over a name, address, date of birth and similar details, can increase confidence that a deal will more likely than not go according to plan. In some cases, especially when buying restricted products, proving identity can be a condition of sale.
Yet, for many years, companies operating in the online space have been happy to do business with customers without knowing very much about them at all.
In some cases, where companies understand that a lack of friction is valuable to the customer, an email address has long been considered sufficient. If the credit or pre-payment card eventually used to pay for a product has enough credit and isn’t stolen, there seems very little to be concerned about. For many governments, however, any level of anonymity has the capacity to cause concern, and if that means unmasking everyone to identify a few bad actors, so be it.
Perceived and actual threats from shadowy overseas actors are something few countries can avoid. Whether in the West or the East, reports of relatively low-key meddling through to seriously malicious hacks, even attacks on key infrastructure, are becoming a fact of modern life.
After being under discussion for years, late January the U.S. Department of Commerce published a notice of proposed rulemaking hoping to reduce threats to the United States. If adopted, the proposal will establish a new set of requirements for Infrastructure as a Service providers (IaaS), often known as cloud infrastructure providers, to deny access to foreign adversaries.
The premise is relatively simple. By having a more rigorous sign-up procedure for platforms such as Amazon’s AWS, for example, the risk of malicious actors using U.S. cloud services to attack U.S. critical infrastructure, or undermine national security in other ways, can be reduced. The Bureau of Industry and Security noted the following in its announcement late January.
The proposed rule introduces potential regulations that require U.S. cloud infrastructure providers and their foreign resellers to implement and maintain Customer Identification Programs (CIPs), which would include the collection of “Know Your Customer” (KYC) information. Similar KYC requirements already exist in other industries and seek to assist service providers in identifying and addressing potential risks posed by providing services to certain customers. Such risks include fraud, theft, facilitation of terrorism, and other activities contrary to U.S. national security interests.
While supposedly aimed at external threats, only positive identification of all customers can eliminate the possibility that an ‘innocent’ domestic user isn’t actually a foreign threat actor. Or, according to the proposal, anyone (or all people) from a specified jurisdiction at the government’s discretion. Upon notification by IaaS providers, that could include foreign persons training large artificial intelligence models “with potential capabilities that could be used in malicious cyber-enabled activity.”
Under the proposed rule, Customer Identification Programs (CIPs) operated by IaaS providers must collect information from both existing and prospective customers, i.e. those at the application stage of opening an account. The bare minimum includes the following data: a customer’s name, address, the means and source of payment for each customer’s account, email addresses and telephone numbers, and IP addresses used for access or administration of the account.
What qualifies as an IaaS is surprisingly broad:
Any product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.
The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer.
And it doesn’t stop there. The term IaaS includes all ‘virtualized’ products and services where the computing resources of a physical machine are shared, such as Virtual Private Servers (VPS). It even covers ‘baremetal’ servers allocated to a single person. The definition also extends to any service where the consumer does not manage or control the underlying hardware but contracts with a third party for access.
“This definition would capture services such as content delivery networks, proxy services, and domain name resolution services,” the proposal reads.
The proposed rule, National Emergency with Respect to Significant Malicious Cyber-Enabled Activities, will stop accepting comments from interested parties on April 30, 2024.
Given the implications for regular citizens, many of whom are already hanging on to what remains of their privacy, the prospect of handing over highly sensitive information just to obtain a product trial is a real concern. The potential for leaks grows with each disclosure, as does the possibility of personal information ending up for sale on the dark web.
Which is where the threat actors will obtain other people’s credentials to masquerade as regular users when subjected to a Know Your Customer process. For IaaS services themselves, the largest will have few problems implementing customer identification programs and may even consider them useful. On one hand, they can help to stop threat actors and on the other, take the opportunity to build a database containing the personal details of every single customer.
From: TF, for the latest news on copyright battles, piracy and more.
Der Kongo beschuldigt Apple, in seinen Produkten Mineralien zu verwenden, die in den vom Krieg gezeichneten östlichen Regionen des Landes illegal abgebaut werden. (Apple, PC-Hardware)
Der Kongo beschuldigt Apple, in seinen Produkten Mineralien zu verwenden, die in den vom Krieg gezeichneten östlichen Regionen des Landes illegal abgebaut werden. (Apple, PC-Hardware) The new facilities are in addition to the previously announced EV hub in Ohio.
Enlarge / Honda is investing CAD$15 billion (US $11 billion) to expand EV manufacturing in North America with four sites in Ontario, Canada. (credit: Honda)
Honda announced today that it will spend $11 billion to expand its electric vehicle manufacturing presence in North America. The Japanese automaker already has a number of factories in the US, Mexico, and Canada, and it's this last one that will benefit from the expansion, with four EV-related plants planned for Ontario.
Honda says it has begun evaluating requirements for what it's calling an "innovative and environmentally responsible" EV factory and a standalone EV battery plant in Alliston, Ontario, which is already home to Honda's two existing Canadian manufacturing facilities.
Additionally, the automaker wants to set up another two sites as joint ventures. One will be a plant that processes cathode active materials and their precursors—the various elements like nickel and manganese that are combined with lithium in lithium-ion batteries—set up in a partnership with POSCO Future M, a South Korean battery material and chemical company. (POSCO is already working with General Motors on another joint venture battery precursor material facility in Betancour, Quebec, that is supposed to become operational in 2026.)
Die öffentlich-rechtlichen Sender haben ein Bekenntnis zu gemeinsamer Technik abgeliefert. Diese steht trotz förderativem Ansatz künftig im Zentrum bei ARD, aber auch beim ZDF und dem Deutschlandradio. (ARD, Politik)
Clients für Xbox Series X/S und PS5, Verbesserungen auf PC und auf der PS4: Der erste größere Patch für Fallout 4 seit 2017 ist da. (Fallout 4, Rollenspiel)
Clients für Xbox Series X/S und PS5, Verbesserungen auf PC und auf der PS4: Der erste größere Patch für Fallout 4 seit 2017 ist da. (Fallout 4, Rollenspiel) Police uncover plot to defame principal with AI-generated racist and antisemitic comments.
Enlarge (credit: Getty Images)
On Thursday, Baltimore County Police arrested Pikesville High School's former athletic director, Dazhon Darien, and charged him with using AI to impersonate Principal Eric Eiswert, according to a report by The Baltimore Banner. Police say Darien used AI voice synthesis software to simulate Eiswert's voice, leading the public to believe the principal made racist and antisemitic comments.
The audio clip, posted on a popular Instagram account, contained offensive remarks about "ungrateful Black kids" and their academic performance, as well as a threat to "join the other side" if the speaker received one more complaint from "one more Jew in this community." The recording also mentioned names of staff members, including Darien's nickname "DJ," suggesting they should not have been hired or should be removed "one way or another."
The comments led to significant uproar from students, faculty, and the wider community, many of whom initially believed the principal had actually made the comments. A Pikesville High School teacher named Shaena Ravenell reportedly played a large role in disseminating the audio. While she has not been charged, police indicated that she forwarded the controversial email to a student known for their ability to quickly spread information through social media. This student then escalated the audio's reach, which included sharing it with the media and the NAACP.
Coal to be hit hard, natural gas plants will have to capture carbon emissions.
Enlarge (credit: Jose A. Bernat Bacete)
Today, the US Environmental Protection Agency announced a suite of rules that target pollution from fossil fuel power plants. In addition to limits on carbon emissions and a tightening of existing regulations on mercury releases, additional rules target coal ash waste left over from power generation and contaminants in the water used during the operation of power plants. While some of these regulations will affect the operation of plants powered by natural gas, most directly target the use of coal and will likely be the final nail in the coffin for the already dying industry.
The decision to release all four rules at the same time goes beyond simply getting the pain over with at once. Rules governing carbon emissions are expected to influence the emissions of other pollutants like mercury, and vice versa. As a result, the EPA expects that creating a single plan for compliance with all the rules will be more cost-effective.
The regulations that target carbon dioxide emissions have been in the works for roughly a year. The rules came in response to a Supreme Court decision in West Virginia v. EPA, which ruled that Clean Air Act regulations had to target individual power plants rather than giving states flexibility regarding how to meet broader standards. As a result, the new rules target carbon dioxide the only way they can: Plants can either switch to burning non-fossil fuels such as green hydrogen, or they can capture their carbon emissions.
Flaggschiff zum Mittelklassepreis: Amazon hat das Samsung Galaxy S22 über 40 Prozent reduziert. Auch Modelle aus der A-Serie sind günstiger. (Samsung Galaxy, Smartphone)
Flaggschiff zum Mittelklassepreis: Amazon hat das Samsung Galaxy S22 über 40 Prozent reduziert. Auch Modelle aus der A-Serie sind günstiger. (Samsung Galaxy, Smartphone) Flaggschiff zum Mittelklassepreis: Amazon hat das Samsung Galaxy S22 über 40 Prozent reduziert. Auch Modelle aus der A-Serie sind günstiger. (Samsung Galaxy, Smartphone)
Flaggschiff zum Mittelklassepreis: Amazon hat das Samsung Galaxy S22 über 40 Prozent reduziert. Auch Modelle aus der A-Serie sind günstiger. (Samsung Galaxy, Smartphone) 
Die öffentlich-rechtlichen Sender haben ein Bekenntnis zu gemeinsamer Technik abgeliefert. Diese steht trotz förderativem Ansatz künftig im Zentrum bei ARD, aber auch beim ZDF und dem Deutschlandradio. (
You must be logged in to post a comment.