fidzu : science

An anonymous reader quotes a report from The Verge: First, Anker told us it was impossible. Then, it covered its tracks. It repeatedly deflected while utterly ignoring our emails. So shortly before Christmas, we gave the company an ultimatum: if Anker wouldn't answer why its supposedly always-encrypted Eufy cameras were producing unencrypted streams -- among other questions -- we would publish a story about the company's lack of answers. It worked. In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted -- they can and did produce unencrypted video streams for Eufy's web portal, like the ones we accessed from across the United States using an ordinary media player. But Anker says that's now largely fixed. Every video stream request originating from Eufy's web portal will now be end-to-end encrypted -- like they are with Eufy's app -- and the company says it's updating every single Eufy camera to use WebRTC, which is encrypted by default. Reading between the lines, though, it seems that these cameras could still produce unencrypted footage upon request. That's not all Anker is disclosing today. The company has apologized for the lack of communication and promised to do better, confirming it's bringing in outside security and penetration testing companies to audit Eufy's practices, is in talks with a "leading and well-known security expert" to produce an independent report, is promising to create an official bug bounty program, and will launch a microsite in February to explain how its security works in more detail. Those independent audits and reports may be critical for Eufy to regain trust because of how the company has handled the findings of security researchers and journalists. It's a little hard to take the company at its word! But we also think Anker Eufy customers, security researchers and journalists deserve to read and weigh those words, particularly after so little initial communication from the company. That's why we're publishing Anker's full responses [here]. As highlighted by Ars Technica, some of the notable statements include: - Its web portal now prohibits users from entering "debug mode." - Video stream content is encrypted and inaccessible outside the portal. - While "only 0.1 percent" of current daily users access the portal, it "had some issues," which have been resolved. - Eufy is pushing WebRTC to all of its security devices as the end-to-end encrypted stream protocol. - Facial recognition images were uploaded to the cloud to aid in replacing/resetting/adding doorbells with existing image sets, but has been discontinued. No recognition data was included with images sent to the cloud. - Outside of the "recent issue with the web portal," all other video uses end-to-end encryption. - A "leading and well-known security expert" will produce a report about Eufy's systems. - "Several new security consulting, certification, and penetration testing" firms will be brought in for risk assessment. - A "Eufy Security bounty program" will be established. - The company promises to "provide more timely updates in our community (and to the media!)."

Read more of this story at Slashdot.

02 Feb 2023 10:00pm GMT

Shell has misleadingly overstated how much it is spending on renewable energy and should be investigated and potentially fined by the US financial regulator, according to a non-profit group which has lodged a complaint against the oil giant. From a report: The US Securities and Exchange Commission (SEC) has been urged to act over Shell's most recent annual report in which it stated 12% of its capital expenditure was funneled into a division called Renewables and Energy Solutions in 2021. The division's webpage, which is adorned with pictures of wind turbines and solar panels, says it is working to invest in "wind, solar, electric vehicle charging, hydrogen, and more." However, Global Witness, the activist group that has lodged the new complaint with the SEC, argues that just 1.5% of Shell's capital expenditure has been used to develop genuine renewables, such as wind and solar, with much of the rest of the division's resources devoted to gas, which is a fossil fuel.

Read more of this story at Slashdot.

02 Feb 2023 9:20pm GMT

02 Feb 2023 8:53pm GMT

02 Feb 2023 8:42pm GMT

Razer announced its lightest gaming mouse today, the Viper Mini Signature Edition. From a report: It only weighs 49g, making it 16 percent lighter than the company's Viper V2 Pro and one of the most lightweight mice we've seen from a large company. The mouse uses a magnesium alloy exoskeleton with a semi-hollow interior (bearing a slight resemblance to the SteelSeries Aerox 3 Wireless). "We wanted to push beyond the traditional honeycomb design, and this required a material with an outstanding strength-to-weight ratio," said Razer's Head of Industrial Design, Charlie Bolton. "After evaluating plastics, carbon fiber and even titanium, we ultimately chose magnesium alloy for its exceptional properties." Razer says the mouse uses its fastest wireless tech and will be among its best-performing wireless mice. Price: $280.

Read more of this story at Slashdot.

02 Feb 2023 8:41pm GMT

With a magnesium-alloy exoskeleton, the Viper Mini SE weighs 1.73 ounces.

02 Feb 2023 8:36pm GMT

02 Feb 2023 7:08pm GMT

ISP gave FCC false coverage information to prevent others from getting grants.

02 Feb 2023 7:06pm GMT

Company says it will push updates, hire experts, and start a bounty program.

02 Feb 2023 6:32pm GMT