On Monday, Apple expanded its DIY repair program to include MacBook Air and MacBook Pro laptops equipped with M1 chips (including the Pro and Max). At least, in theory. The repairability experts at iFixit, who regularly dissect Apple's gadgets, have taken a look at the new program, and their outlook is...mixed. iFixit's Sam Goldheart writes that the new MacBook Pro guides "threw us for a loop." The issue: the documentation "makes MacBook Pros seem less repairable" than they have been in the past. From a report: The repair manual for replacing the 14-inch MacBook Pro's battery, for example, is a whole 162 pages long. (One of the first steps, of course, is "Read the entire manual first.") The reason the guide is so long, it turns out, is that replacing these batteries isn't just a matter of popping the battery out. A user needs to replace the entire top case and keyboard in order to replace the battery. Needless to say, it is unusual for a laptop battery replacement to require a full-computer teardown.

And then, as Goldheart points out, there's the matter of the money. The "top case with battery" part that you'll need to purchase for the 2020 and 2021 MacBook Pro models is not cheap -- after rooting around Apple's store, Verge editor Sean Hollister found that you can expect to pay well upwards of $400 for the top case with battery after the repair credit. "Apple is presenting DIY repairers with a excruciating gauntlet of hurdles: read 162 pages of documentation without getting intimidated and decide to do the repair anyway, pay an exorbitant amount of money for an overkill replacement part, decide whether you want to drop another 50 bucks on the tools they recommend, and do the repair yourself within 14 days, including completing the System Configuration to pair your part with your device," Goldheart writes in summary. "Which makes us wonder, does Apple even want better repairability?"

Streaming media platform Plex sent out an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords. Although there is no sign that the encrypted passwords were exposed, Plex nevertheless is advising all users to change their passwords immediately. From a report: Plex is one of the largest media server apps available, used by around 20 million people to stream video, audio, and photos they upload themselves in addition to an increasing variety of content the service provides to paid subscribers. The email states, "yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords." There is no confirmation that other personal account information has been compromised, and there's no mention of private media libraries (which may or may not include pirated content, private nudes, and other sensitive content) having been accessed in the breach.

After years of revelations about strange lights in the sky, first hand reports from Navy pilots about UFOs, and governmental investigations, Congress seems to have admitted something startling in print: it doesn't believe all UFOs are "man-made." Motherboard reports: Buried deep in a report that's an addendum to the Intelligence Authorization Act for Fiscal Year 2023, a budget that governs America's clandestine services, Congress made two startling claims. The first is that "cross-domain transmedium threats to the United States national security are expanding exponentially." The second is that it wants to distinguish between UFOs that are human in origin and those that are not: "Temporary nonattributed objects, or those that are positively identified as man-made after analysis, will be passed to appropriate offices and should not be considered under the definition as unidentified aerospace-undersea phenomena," the document states.

The admission is stunning chiefly because, as more information about the U.S. government's study of UFOs has become public, many politicians have stopped just short of claiming the unidentified objects were extraterrestrial or extradimensional in origin. The standard line is typically that, if UFOs exist, then they're likely advanced -- although human-made -- vehicles. Obama refused to confirm the existence of aliens but did say that people have seen a lot of strange stuff in the sky lately when asked directly on The Late Show with James Corden, for example. But now Congress seems to want to specifically distinguish between objects that are "man-made" and those that are not. The admission is stunning chiefly because, as more information about the U.S. government's study of UFOs has become public, many politicians have stopped just short of claiming the unidentified objects were extraterrestrial or extradimensional in origin.

A large question, of course, is why Congress is seemingly admitting this now, in public. After all, lawmakers are privy to classified information that the general public isn't. "It strains credulity to believe that lawmakers would include such extraordinary language in public legislation without compelling evidence," Marik von Rennenkampff, an Obama-era DoD official, said in an op-ed in The Hill about the budget. According to the op-ed, the comments were first noticed by UFO researcher Douglas Johnson. "This implies that members of the Senate Intelligence Committee believe (on a unanimous, bipartisan basis) that some UFOs have non-human origins," von Rennenkampff continued. "After all, why would Congress establish and task a powerful new office with investigating non-'man-made' UFOs if such objects did not exist?" "Make no mistake: One branch of the American government implying that UFOs have non-human origins is an explosive development."

The end-to-end encryption email service, Tutanota, says they are receiving reports that Crunchyroll is not allowing the use of their email addresses when signing up for their service. After contacting their team requiring that their domains be unblocked, they received the following response: "The ban of your domains is because we encountered a lot of hackers that used your domains emails to hack our accounts." From a report: In other words, Crunchyroll believes that many hackers used Tutanota domain emails to hack their accounts, which is why they banned Tutanota from their list. Moreover, they recommend users to use email accounts powered by "Big Tech" companies for hassle-free sign up to their services. This is not entirely a new phenomenon, notes It's FOSS. "DeviantArt actively blocked Proton Mail in the past because spammers used the platform to create accounts. Now, they have unblocked them."

Tutanota recently called out Microsoft for blocking Tutanota users from registering an account with its cloud-based collaboration platform, Teams.

Xiaolang Zhang, a former Apple employee who was accused of stealing computer files with trade secrets about Apple's secretive car division, pleaded guilty in federal court in San Jose on Monday. CNBC reports: Zhang's plea agreement with the U.S. government is under seal, according to court filings on Monday. Zhang faces as much as 10 years in prison and a $250,000 fine after pleading guilty to a felony charge of theft of trade secrets. Sentencing is scheduled for November. Zhang was accused of downloading internal Apple files about the company's car project -- specifically, a 25-page document including engineering schematics of a circuit board for an autonomous vehicle. Zhang was also accused of taking reference manuals and PDFs describing Apple's prototypes and prototype requirements.

Zhang was arrested by federal agents in July 2018 at the San Jose airport, where he planned to fly to China. He had previously worked for Apple since 2015, most recently as a hardware engineer on Apple's autonomous vehicle team, according to charging documents from the FBI and U.S. attorney's office. The charges gave a peek into a secretive side of Apple that the company even years later still doesn't often acknowledge: its division developing autonomous electric vehicles.

An Ohio judge has ruled that a Cleveland State University's virtual scan of a student's room prior to an online test was unconstitutional. The ruling marks a victory for digital privacy advocates around the country, who have spoken loudly against the practices of online test proctoring for many years. From a report: Chemistry student Aaron Ogletree sat for an online test in the spring 2021 semester. Ogletree was asked to show the virtual proctor his bedroom through his webcam prior to the beginning of the test. A recording of the room scan as well as the testing process that followed was retained by Honorlock, the university's third-party vendor. Ogletree sued the university on the grounds that the practice violated his rights under the Fourth Amendment, which protects US citizens against "unreasonable searches and seizures." The university, in defense, argues that "room scans are 'standard industry wide practice,'" and that "students frequently acquiesce in their use." Federal Judge J. Philip Calabrese sided with Ogletree yesterday, determining that the university's room scan did constitute an unreasonable search. "Mr. Ogletree's subjective expectation of privacy at issue is one that society views as reasonable and that lies at the core of the Fourth Amendment's protections against governmental intrusion," Calabrese wrote in the decision.

A new privacy class action claim (PDF) in the U.S. alleges Oracle's "worldwide surveillance machine" has amassed detailed dossiers on some five billion people, "accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth," reports TechCrunch. From the report: The suit has three class representatives: Dr Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL); Michael Katz-Lacabe, director of research at The Center for Human Rights and Privacy; and Dr Jennifer Golbeck, a professor of computer science at the University of Maryland -- who say they are "acting on behalf of worldwide Internet users who have been subject to Oracle's privacy violations." The litigants are represented by the San Francisco-headquartered law firm, Lieff Cabraser, which they note has run significant privacy cases against Big Tech. The key point here is there is no comprehensive federal privacy law in the U.S. -- so the litigation is certainly facing a hostile environment to make a privacy case -- hence the complaint references multiple federal, constitutional, tort and state laws, alleging violations of the Federal Electronic Communications Privacy Act, the Constitution of the State of California, the California Invasion of Privacy Act, as well as competition law, and the common law.

It remains to be seen whether this "patchwork" approach to a tricky legal environment will prevail -- for an expert snap analysis of the complaint and some key challenges this whole thread is highly recommended. But the substance of the complaint hinges on allegations that Oracle collects vast amounts of data from unwitting Internet users, i.e. without their consent, and uses this surveillance intelligence to profile individuals, further enriching profiles via its data marketplace and threatening people's privacy on a vast scale -- including, per the allegations, by the use of proxies for sensitive data to circumvent privacy controls.

An anonymous reader quotes a report from CNET: Elon Musk's lawyers subpoenaed former Twitter CEO Jack Dorsey on Monday as the billionaire continues to battle a lawsuit that could force him to complete a $44 billion purchase of the social media company. Both Twitter and Musk have issued subpoenas ahead of a five-day trial that's scheduled to take place in October. [...] Dorsey, a Twitter co-founder who stepped down as CEO of the company last year, has expressed support for Musk's attempt to take over Twitter. In April, he tweeted that he didn't believe anyone should own or run Twitter but taking it back from Wall Street is the "correct first step."

"Solving for the problem of it being a company however, Elon is the singular solution I trust," Dorsey tweeted. "I trust his mission to extend the light of consciousness." Dorsey also had a discussion with Musk about social media's future and open social protocols in late March before Musk made a bid in April to purchase Twitter for $54.20 per share, a filing with the US Securities and Exchange Commission says. Twitter shareholders are expected to vote on the deal on Sept. 13.

A consumer rights advocacy group has filed a class action lawsuit against Sony, claiming they are "ripping people off" by charging a 30 percent commission fee on all digital purchases made through the UK PlayStation Store. Kotaku reports: "Sony dominates the digital distribution of PlayStation games and in-game content," said one of the lawyers leading the lawsuit. "It has deployed an anti-competitive strategy which has resulted in excessive prices to customers that are out of all proportion to the costs of Sony providing its services."

The argument here is that Sony has a "near-monopoly" on the sale of digital games, particularly PlayStation games, and so it shouldn't be using that power to enforce unreasonable prices on consumers. Sony is not the only platform that enforces a 30 percent take (most major storefronts do, with the notable exception of the Epic Games Store). We'll have to wait and see whether or not the courts uphold that the PlayStation ecosystem is a monopoly, and whether or not that will have an impact on other walled gardens like app stores or Steam. Kotaku reached out to the legal team about what it considers to be a reasonable commission fee, but did not get a comment by the time of publication.

The plaintiffs point out that gaming is the biggest entertainment industry in the UK, and Sony is hurting consumers who can't afford their games. "We're in the midst of a cost of living crisis and the consumer purse is being squeezed like never before," said Alex Neill, a consumer rights advocate who filed the lawsuit. While I'm sympathetic to how inflation makes it difficult for players to afford more games, I'm not sure if I would lump gaming together with a cost of living crisis. Paying rent is a necessity. Playing God of War Ragnarok on launch is not.

Facebook's parent company Meta is heading into another political battle over the planned introduction of end-to-end encryption (E2EE) in its Messenger chat platform. From a report: The UK's home secretary, Priti Patel, makes this clear in an op-ed for Tory mouthpiece The Telegraph this week, saying it would be a "grotesque betrayal" if the company didn't consider issues of child safety while introducing E2EE. Similar arguments are likely to be raised in the US, too. Meta has been working on adding E2EE to Messenger for years, and recently confirmed that it aims to encrypt all chats and calls on the platform by default next year. (It currently only offers default E2EE on its other big chat platform, WhatsApp, though users can opt-in to E2EE on Messenger on a chat-by-chat basis.)

The move is reigniting decades-old debates in politics and tech about the right way to balance user privacy and safety. In the US, these arguments have been heightened by the potential for police to issues search warrants for user chats in order to enforce new abortion laws after the overturn of Roe v. Wade. In the UK, arguments over encryption tend to focus on child safety and the dissemination of of child sexual abuse material, or CSAM. "A great many child predators use social media platforms such as Facebook to discover, target and sexually abuse children," writes Patel in her op-ed. "It is vital that law enforcement have access to the information they need to identify the children in these images and safeguard them from vile predators."

Apple said on Monday it would offer customers tools and know-how to repair and service their MacBook laptops at home, months after launching the service for iPhones. From a report: Apple said genuine parts and service tools will be available starting Aug. 23. Customers can buy the repair kits or rent it for one-time use for $49. Self repairs are possible only on MacBook Air and MacBook Pro models with the M1 chips. In April, Apple launched self-repair services for select iPhones models in the United States, with plans to expand the service to Europe this year.

"The nurse said to send photos so the doctor could review them in advance," the New York Times reports, decribing how an ordeal began in February of 2021 for a software engineer named Mark who had a sick son: Mark's wife grabbed her husband's phone and texted a few high-quality close-ups of their son's groin area to her iPhone so she could upload them to the health care provider's messaging system. In one, Mark's hand was visible, helping to better display the swelling. Mark and his wife gave no thought to the tech giants that made this quick capture and exchange of digital data possible, or what those giants might think of the images. With help from the photos, the doctor diagnosed the issue and prescribed antibiotics, which quickly cleared it up....

Two days after taking the photos of his son, Mark's phone made a blooping notification noise: His account had been disabled because of "harmful content" that was "a severe violation of Google's policies and might be illegal." A "learn more" link led to a list of possible reasons, including "child sexual abuse & exploitation...." He filled out a form requesting a review of Google's decision, explaining his son's infection. At the same time, he discovered the domino effect of Google's rejection. Not only did he lose emails, contact information for friends and former colleagues, and documentation of his son's first years of life, his Google Fi account shut down, meaning he had to get a new phone number with another carrier. Without access to his old phone number and email address, he couldn't get the security codes he needed to sign in to other internet accounts, locking him out of much of his digital life....

A few days after Mark filed the appeal, Google responded that it would not reinstate the account, with no further explanation. Mark didn't know it, but Google's review team had also flagged a video he made and the San Francisco Police Department had already started to investigate him.... In December 2021, Mark received a manila envelope in the mail from the San Francisco Police Department. It contained a letter informing him that he had been investigated as well as copies of the search warrants served on Google and his internet service provider. An investigator, whose contact information was provided, had asked for everything in Mark's Google account: his internet searches, his location history, his messages and any document, photo and video he'd stored with the company. The search, related to "child exploitation videos," had taken place in February, within a week of his taking the photos of his son.

Mark called the investigator, Nicholas Hillard, who said the case was closed. Mr. Hillard had tried to get in touch with Mark but his phone number and email address hadn't worked....

Mark appealed his case to Google again, providing the police report, but to no avail.... A Google spokeswoman said the company stands by its decisions...
"The day after Mark's troubles started, the same scenario was playing out in Texas," the Times notes, quoting a technologist at the EFF who speculates other people experiencing the same thing may not want to publicize it. "There could be tens, hundreds, thousands more of these."

Reached for a comment on the incident, Google told the newspaper that "Child sexual abuse material is abhorrent and we're committed to preventing the spread of it on our platforms."

Senior White House officials say even more action is coming on climate change. They're telling the New York Times that U.S. President Joe Biden plans "a series of executive actions to further reduce greenhouse gas emissions and help keep the planet from warming to dangerous temperatures."

Biden is on track to deploy a series of measures, including new regulations on emissions from vehicle tailpipes, power plants and oil and gas wells, the officials said.

In pushing more executive action, Mr. Biden is trying to make up for the compromises his party made on climate measures to pass the Inflation Reduction Act, which includes the largest single American investment to slow global warming. Democrats had to scale back some of their loftiest ambitions, including by agreeing to fossil fuel and drilling provisions, as concessions to Senator Joe Manchin III, Democrat of West Virginia, a holdout from a conservative state that is heavily dependent on coal and gas. Gina McCarthy, the White House climate adviser, said that regulatory moves, combined with the new legislation and action from states, could help Mr. Biden meet his promise to cut greenhouse gas emissions by 50 percent, compared to 2005 levels, by the end of the decade. The climate bill, she said, was "a starting point."

"The president has not chosen to just look at Congress, he's chosen to recognize that he has presidential authorities and responsibilities under the law to keep moving this forward," she said. "And he's going to continue to use those." [...] Ms. McCarthy noted the E.P.A. still has "broad authority" to regulate emissions from electricity generation. She also said the government is forging ahead with new regulations on soot and other traditional air pollutants, which will have the side benefit of cutting carbon emissions.... Mr. Biden has the executive authority to issue regulations through federal agencies, and under the Clean Air Act of 1970 can establish rules to address air pollution.

An anonymous reader quotes a report from NBC News: An Apple AirTag led to the arrest of an airline subcontractor accused of stealing thousands of dollars' worth of items from luggage at a Florida airport. Giovanni De Luca, 19, was charged with two counts of grand theft after authorities recovered the stolen items from his home, the Okaloosa County Sheriff's Office said in a news release last week. Authorities said a traveler reported last month that her luggage never made it to her destination. The items inside were worth about $1,600. She said an Apple AirTag, a tracking device that triggers alerts on iPhones, iPads and Apple computers, had been in her luggage and showed that it was on Kathy Court in Mary Esther, about 50 miles east of Pensacola.

On Aug. 9, another traveler reported that more than $15,000 worth of jewelry and other items had been taken from his luggage. Okaloosa County sheriff's deputies investigating both suspected thefts cross-referenced Destin-Fort Walton Beach Airport employees who lived near Kathy Court and found De Luca at his home. He was arrested Aug. 10. The items reported missing on Aug. 9 were recovered, and De Luca admitted to rummaging through someone else's luggage and removing an Apple AirTag, the sheriff's office said. The woman's luggage has not been found.

MIT Technology Review obtained Prince's investor presentation for the "RedPill Phone," which promises more than it could possibly deliver. From the report: Erik Prince's pitch to investors was simple -- but certainly ambitious: pay just 5 million euros and cure the biggest cybersecurity and privacy plagues of our day. The American billionaire -- best known for founding the notorious private military firm Blackwater, which became globally infamous for killing Iraqi civilians and threatening US government investigators -- was pushing Unplugged, a smartphone startup promising "free speech, privacy, and security" untethered from dominant tech giants like Apple and Google. In June, Prince publicly revealed the new phone, priced at $850. But before that, beginning in 2021, he was privately hawking the device to investors -- using a previously unreported pitch deck that has been obtained by MIT Technology Review. It boldly claims that the phone and its operating system are "impenetrable" to surveillance, interception, and tampering, and its messenger service is marketed as "impossible to intercept or decrypt."

Boasting falsely that Unplugged has built "the first operating system free of big tech monetization and analytics," Prince bragged that the device is protected by "government-grade encryption." Better yet, the pitch added, Unplugged is to be hosted on a global array of server farms so that it "can never be taken offline." One option is said to be a server farm "on a vessel" located in an "undisclosed location on international waters, connected via satellite to Elon Musk's StarLink." An Unplugged spokesperson explained that "they benefit in having servers not be subject to any governmental law." The Unplugged investor pitch deck is a messy mix of these impossible claims, meaningless buzzwords, and outright fiction. While none of the experts I spoke with had yet been able to test the phone or read its code, because the company hasn't provided access, the evidence available suggests Unplugged will fall wildly short of what's promised.

[...] The UP Phone's operating system, called LibertOS, is a proprietary version of Google's Android, according to an Unplugged spokesperson. It's running on an unclear mix of hardware that a company spokesperson says they've designed on their own. Even just maintaining a unique Android "fork" -- a version of the operating system that departs from the original, like a fork in the road -- is a difficult endeavor that can cost massive money and resources, experts warn. For a small startup, that can be an insurmountable challenge. [...] Another key issue is life span. Apple's iPhones are considered the most secure consumer device on the market due in part to the fact that the company offers security updates to some of its older phones for six years, longer than virtually all competitors. When support for a phone ends, security vulnerabilities go unaddressed, and the phone is no longer secure. There is no information available on how long UP Phones will receive security support. "There are two things happening here," says Allan Liska, a cyberintelligence analyst at the cybersecurity firm Recorded Future. "There are the actual attempts to make real secure phones, and then there is the marketing BS. Distinguishing between those two can be really hard."

"When I worked in US intelligence, we [penetrated] a number of phone companies overseas," says Liska. "We were inside those phone companies. We could easily track people based on where they connected to the towers. So when you talk about being impenetrable, that's wrong. This is a phone, and the way that phones work is they triangulate to cell towers, and there is always latitude and longitude for exactly where you're sitting," he adds. "Nothing you do to the phone is going to change that."

The UP Phone is due out in November 2022.

An anonymous reader quotes a report from The Guardian: A British judge has ruled that a case against the kingdom of Saudi Arabia brought by a dissident satirist who was targeted with spyware can proceed, a decision that has been hailed as precedent-setting and one that could allow other hacking victims in Britain to sue foreign governments who order such attacks. The case against Saudi Arabia was brought by Ghanem Almasarir, a prominent satirist granted asylum in the UK, who is a frequent critic of the Saudi royal family. At the centre of the case are allegations that Saudi Arabia ordered the hacking of Almasarir's phone, and that he was physically assaulted by agents of the kingdom in London in 2018. The targeting and hacking of Almasarir's phone by a network probably linked to Saudi Arabia was confirmed by researchers at the Citizen Lab at the University of Toronto, who are considered among the world's leading experts in tracking digital surveillance of dissidents, journalists and other members of civil society. Saudi Arabia is known to be a former client of NSO Group, whose powerful Pegasus hacking software covertly penetrates and compromises smartphones.

Saudi Arabia's attempt to have the case dismissed on the grounds that it had sovereign immunity protection under the State Immunity Act 1978 was dismissed by the high court judge. In the ruling, against which Saudi Arabia is likely to appeal, Justice Julian Knowles found that Almasarir's case could proceed under an exception to the sovereign immunity law that applies to any act by a foreign state that causes personal injury. He also found that Almasarir had provided enough evidence to conclude, on the balance of probabilities, that Saudi Arabia was responsible for the alleged assault. Saudi Arabia's claim that the case was too weak or speculative to proceed was dismissed. [...] The decision could have profound implications for other individuals targeted or hacked by NSO's spyware within the UK. They include Lady Shackleton and Princess Haya, the former wife of Dubai's ruler Sheikh Mohammed bin Rashid al-Maktoum. Both were hacked by the sheikh using NSO spyware during lengthy court proceedings between Haya and her former husband in London. In a statement praising the decision, Almasarir said: "I no longer feel safe and I am constantly looking over my shoulder. I no longer feel able to speak up for the oppressed Saudi people, because I fear that any contact with people inside the kingdom could put them in danger. I look forward to presenting my full case to the court in the hope that I can finally hold the kingdom to account for the suffering I believe they have caused me."

An anonymous reader shares a report: 'Beware in-app browsers' is a good rule of thumb for any privacy conscious mobile app user -- given the potential for an app to leverage its hold on user attention to snoop on what you're looking at via browser software it also controls. But eyebrows are being raised over the behavior of TikTok's in-app browser after independent privacy research by developer Felix Krause found the social network's iOS app injecting code that could enable it to monitor all keyboard inputs and taps. Aka, keylogging.

"TikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app. This can include passwords, credit card information and other sensitive user data," warns Krause in a blog post detailing the findings. "We can't know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third party websites." [emphasis his]

After publishing a report last week -- focused on the potential for Meta's Facebook and Instagram iOS apps to track users of their in-app browsers -- Krause followed up by launching a tool, called InAppBrowser.com, that lets mobile app users get details of code that's being injected by in-app browsers by listing JavaScript commands executed by the app as it renders the page. (NB: He warns the tool does not necessarily list all JavaScript commands executed nor can it pick up tracking an app might be doing using native code -- so at best it's offering a glimpse of potentially sketchy activities.)

Several readers have shared this report: In February, when the Def Con hacker conference released its annual transparency report, the public learned that one of the most prominent figures in the field of social engineering had been permanently banned from attending. For years, Chris Hadnagy had enjoyed a high-profile role as the leader of the conference's social engineering village. But Def Con's transparency report stated that there had been multiple reports of him violating the conference's code of conduct. In response, Def Con banned Hadnagy from the conference for life; in 2022, the social engineering village would be run by an entirely new team. Now, Hadnagy has filed a lawsuit against the conference alleging defamation and infringement of contractual relations. The lawsuit was filed in the United States District Court for the Eastern District of Pennsylvania on August 3rd and names Hadnagy as the plaintiff, with Def Con Communications and the conference founder, Jeff Moss, also known as "The Dark Tangent," as defendants. Moss was reportedly served papers in Las Vegas while coordinating the conference this year.

There are few public details about the incidents that caused Hadnagy's ban, as is common in harassment cases. In the transparency report announcing the permanent ban, Def Con organizers were deliberately vague about the reported behavior. "After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON," organizers wrote in their post-conference transparency report following the previous year's conference. Def Con's Code of Conduct is minimal, focusing almost entirely on a "no-harassment" policy. "Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid," the text reads. "Participants asked to stop any harassing behavior are expected to comply immediately. We reserve the right to respond to harassment in the manner we deem appropriate."

A Saudi woman has been sentenced to 34 years in prison for retweeting activists through her Twitter account and sharing posts that spoke in favor of the right of women to drive. The Verge reports: Salma al-Shehab was a PhD candidate at the University of Leeds in the UK and was detained in January 2021 after returning to Saudi Arabia for a vacation. Shehab was initially sentenced to six years for using social media to "disturb public order and destabilize the security and stability of the state," based on having reshared tweets from Saudi activists living in exile who called for the release of political prisoners in the kingdom. The incident was reported in an editorial board piece from The Washington Post, which called it "yet another glimpse at the brutal underside of the Saudi dictatorship under its crown prince and de facto head of state, Mohammed bin Salman."

The Post reports that prosecutors in the appeal to Shehab's case argued for a more severe punishment under Saudi cybercrime and anti-terrorism laws, leading to a drastically increased sentence of 34 years, handed down on August 8th. The Freedom Initiative nonprofit, which advocates for the rights of prisoners detained in the Middle East, states that this is the longest known sentence for a women's rights activist in Saudi Arabia.

An anonymous reader quotes a report from Bleeping Computer: North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. The name of the false document was "Coinbase_online_careers_2022_07." When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device. Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems. They said that the malicious file is compiled for Macs with both Intel and Apple silicon, meaning that users of both older and newer models were targeted. In a thread on Twitter, they note that the malware drops three files [...].

ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way. Looking at the macOS malware, the researchers noticed that it was signed on July 21 (as per the timestamp value) with a certificate issued in February to a developer using the name Shankey Nohria and team identifier 264HFWQH63. On August 12, the certificate had not been revoked by Apple. However, the malicious application was not notarized -- an automatic process that Apple uses to check software for malicious components. Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control (C2) server, which was no longer responding at the time of the analysis.