The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers
The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers
FBI 寻求获取美国车牌识别系统的“近实时”访问权限
A WIRED investigation this week found that a former Phoenix police officer who owns a company that offers firearms training to Immigration and Customs enforcement was involved in six shootings, four of which were deadly. Meanwhile, a New York police officer’s lawyer has been banned from Madison Square Garden amid a lawsuit the cop filed over injuries sustained during a boxing match at an MSG venue. 《连线》(WIRED)本周的一项调查发现,一名凤凰城前警官拥有一家为美国移民及海关执法局(ICE)提供枪支训练的公司,该警官曾卷入六起枪击事件,其中四起导致死亡。与此同时,一名纽约警官的律师被麦迪逊广场花园(MSG)禁止入内,起因是该警官因在 MSG 场馆举行的拳击比赛中受伤而提起了诉讼。
The Take It Down Act went into effect in the United States this week, allowing people to demand that websites and other platforms remove their nonconsensual nudes. WIRED reached out to more than a dozen companies to give you a rundown on how to take action. If you’re trying to opt out of having your data collected by data brokers and other companies, however, the process might not be so simple. New research claims that many major companies used manipulative tactics to keep people from opting out. 《移除法案》(Take It Down Act)本周在美国生效,允许人们要求网站和其他平台删除未经其同意发布的裸照。WIRED 联系了十几家公司,为您总结了如何采取行动。然而,如果您试图拒绝让数据经纪人和其他公司收集您的数据,过程可能并不简单。最新研究称,许多大公司使用操纵性手段来阻止用户选择退出。
The Federal Trade Commission this week announced a settlement with three marketing firms—not because they sold “Active Listening” technology for serving targeted advertising, but because the technology allegedly did not work. 美国联邦贸易委员会(FTC)本周宣布与三家营销公司达成和解,原因并非因为它们销售用于投放定向广告的“主动监听”技术,而是因为该技术被指根本无法工作。
A bipartisan pair of US lawmakers this week took an initial stab at cracking down on automatic license plate readers, or ALPRs. Their legislation would have effectively prevented state and local governments from using the surveillance tech for police tracking. 本周,两名美国两党议员首次尝试打击自动车牌识别系统(ALPR)。他们的立法旨在有效阻止州和地方政府利用这种监控技术进行警务追踪。
GitHub, the popular Microsoft-owned code repository, suffered a data breach this week. The attack is part of a never-before-seen string of similar breaches carried out by the cybercrime group TeamPCP. 微软旗下的热门代码托管平台 GitHub 本周遭遇数据泄露。此次攻击是网络犯罪组织 TeamPCP 发起的一系列前所未有的类似攻击的一部分。
Finally, as the Trump administration and US tech companies have grown increasingly intertwined, European nations are looking for US-free alternatives, with France leading the charge. 最后,随着特朗普政府与美国科技公司之间的联系日益紧密,欧洲国家正在寻找摆脱美国技术的替代方案,法国正处于这一行动的前沿。
And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. 不仅如此,我们每周都会汇总那些我们未深入报道的安全与隐私新闻。点击标题即可阅读全文。祝大家保持安全。
The FBI Wants ‘Near Real-Time’ Access to License Plate Readers Across the US
FBI 寻求获取全美车牌识别系统的“近实时”访问权限
While US lawmakers stealthily proposed to prohibit the use of automated license plate readers across the country this week, it has also been revealed that the Federal Bureau of Investigation is planning to buy nationwide access to the cameras and access “near real time” data about vehicle movements. 就在本周美国议员悄然提议在全国范围内禁止使用自动车牌识别系统(ALPR)的同时,有消息披露,联邦调查局(FBI)正计划购买全国范围内的摄像头访问权限,以获取有关车辆行驶轨迹的“近实时”数据。
First reported by 404 Media, recently published procurement records for the FBI Directorate of Intelligence show the agency gearing up to pay millions for access to data captured by roadside ALPR data. These cameras take images of every passing vehicle, adding their license plate, location, time and data, into searchable databases that are often accessed by local law enforcement agencies and some federal agencies. 据 404 Media 最先报道,FBI 情报局最近公布的采购记录显示,该机构正准备斥资数百万美元,以获取路边 ALPR 系统捕获的数据。这些摄像头会拍摄每一辆经过的车辆,将其车牌、位置、时间和数据存入可搜索的数据库中,这些数据库经常被地方执法机构和一些联邦机构访问。
“The FBI has a crucial need for accessible LPRs to provide a diverse and reliable range of collections across the United States,” a statement of work says. “This data should be available across major highways and in an array of locations for maximum usefulness to law enforcement.” Further documents said the access to data must be provided in “near real time.” 一份工作说明书称:“FBI 对可访问的车牌识别系统有迫切需求,以便在美国各地提供多样化且可靠的数据采集。这些数据应覆盖主要高速公路及各类地点,从而最大限度地发挥其对执法工作的效用。”后续文件指出,数据访问必须实现“近实时”提供。
Google Publishes Live Exploit Code for Unpatched Chromium Flaw
Google 发布未修复 Chromium 漏洞的实时利用代码
Google this week made public a working proof-of-concept for an unfixed vulnerability in Chromium, the open source codebase underpinning Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Arc, reported Ars Technica. The flaw was originally reported to the company 42 months ago by independent researcher Lyra Rebane, who initially assumed Wednesday’s posting to the project’s bug tracker meant a patch had finally shipped. It hadn’t. Google pulled the disclosure after the error became apparent, but the exploit code is already mirrored on archival sites. 据 Ars Technica 报道,Google 本周公开了一个针对 Chromium 未修复漏洞的可行概念验证(PoC)。Chromium 是 Chrome、Microsoft Edge、Brave、Opera、Vivaldi 和 Arc 等浏览器的开源代码库。该漏洞最初由独立研究员 Lyra Rebane 在 42 个月前报告给 Google,她最初以为周三在项目漏洞追踪器上的发布意味着补丁终于发布了。事实并非如此。在错误变得明显后,Google 撤回了披露信息,但利用代码已被镜像到存档网站上。
The bug abuses the Browser Fetch API, a feature meant to handle large background downloads, allowing any website a target visits to spin up a persistent service worker on the device. The resulting connection can be used to monitor browsing activity, route traffic through the victim’s machine, or pull the device into a proxied DDoS network—connections that survive browser restarts and, in some cases, reboots. On Edge, telltale signs are minimal. Chrome users may see an unexplained downloads dropdown. 该漏洞滥用了 Browser Fetch API(一项用于处理大型后台下载的功能),允许目标访问的任何网站在设备上启动一个持久的服务工作线程(Service Worker)。由此产生的连接可用于监控浏览活动、通过受害者机器路由流量,或将设备拉入代理 DDoS 网络——这些连接在浏览器重启甚至在某些情况下重启设备后依然存在。在 Edge 上,迹象极不明显。Chrome 用户可能会看到无法解释的下载下拉菜单。
Google’s own engineers flagged the bug as serious in the original disclosure thread, assigning it a multiple high-severity tiers in the company’s internal ranking system. Firefox and Safari are unaffected, as neither implements the relevant feature. Google said it is working on a fix. Users seeing unprompted download windows should treat them as suspect. Google 自己的工程师在最初的披露帖中将该漏洞标记为严重,并在公司内部排名系统中将其列为多个高严重性级别。Firefox 和 Safari 不受影响,因为它们都没有实现相关功能。Google 表示正在修复中。用户如果看到未经提示的下载窗口,应将其视为可疑。
Feds Arrest Men Allegedly Behind Deepfake Sexual Abuse Watched Millions of Times
联邦政府逮捕涉嫌制作数百万次观看的深度伪造性虐待内容的男子
Ever so slowly, a crackdown on people creating deepfake sexual abuse images may be starting. In recent months, the UK and the EU have announced plans to ban so-called nudifying websites that create fake nude images of women and girls using artificial intelligence. With the increasing enforcement of the Take It Down Act since May 19, similar pressure is being applied in the US. 针对制作深度伪造性虐待图像人员的打击行动正在缓慢展开。近几个月来,英国和欧盟宣布计划禁止所谓的“脱衣”网站,这些网站利用人工智能制作女性和女孩的虚假裸照。随着 5 月 19 日以来《移除法案》执行力度的加大,美国也正在施加类似的压力。
This week, the Federal Trade Commission sent a letter to 12 companies offering nudifying services, warning them they may be in violation of the Act saying they should have a process “through which victims can request the removal of nonconsensual intimate images.” While not limiting the services’ content, the move increases scrutiny on the harmful sites. 本周,联邦贸易委员会向 12 家提供“脱衣”服务的公司发送了信函,警告它们可能违反了该法案,并指出它们应该建立一个“受害者可以请求删除未经同意的私密图像”的流程。虽然此举并未直接限制这些服务的内容,但加强了对这些有害网站的审查。
The Department of Justice also arrested two men for allegedly sharing “thousands” of AI-created photos and videos showing real women nude or involved in sex acts. The men, Cornelius Shannon, 51, and Arturo Hernandez, 20, are alleged to have uploaded the AI creations to pornography websites and video sharing platforms. The images and videos, which prosecutors say were viewed millions of times, included celebrities and politicians, but also women known to the accused. The arrests follow the first conviction of an Ohio man last month under the Take It Down Act. 司法部还逮捕了两名男子,他们涉嫌分享了“数千”张由 AI 生成的显示真实女性裸体或参与性行为的照片和视频。这两名男子分别是 51 岁的 Cornelius Shannon 和 20 岁的 Arturo Hernandez,据称他们将这些 AI 生成的内容上传到了色情网站和视频分享平台。检察官称,这些图像和视频被观看了数百万次,其中包括名人和政客,也有被告认识的女性。此次逮捕发生在上个月一名俄亥俄州男子根据《移除法案》首次被定罪之后。