Hackers Claim to Leak Stolen Madison Square Garden Data
Hackers Claim to Leak Stolen Madison Square Garden Data
黑客声称泄露了麦迪逊广场花园的被盗数据
Meta is testing face-recognition software built by the United States military and regional police department supplier Rank One, WIRED found in an investigation this week. Meta has been exploring the possibility of adding face recognition tech into its smart glasses, and WIRED previously reported that the app for the glasses contained code—now deleted—that would have enabled the company to activate face-recognition features on the devices. 《连线》(WIRED)本周的一项调查发现,Meta 正在测试由美国军方及区域警察部门供应商 Rank One 开发的人脸识别软件。Meta 一直在探索将其智能眼镜加入人脸识别技术的可能性;《连线》此前曾报道称,该眼镜的配套应用程序中包含一段代码(现已被删除),该代码本可使公司激活设备上的人脸识别功能。
Anthropic is still negotiating with the Trump administration, after apparent White House concerns about the safety of new public model Claude Fable 5 resulted in Anthropic pulling the product off the market entirely. But security experts point out that AI models with advanced capabilities for discovering and exploiting software vulnerabilities—in other words, creating potentially dangerous hacking tools—will be ubiquitous soon around the world. 在白宫对新款公共模型 Claude Fable 5 的安全性表示担忧,导致 Anthropic 将该产品全面下架后,Anthropic 目前仍在与特朗普政府进行谈判。但安全专家指出,具备发现并利用软件漏洞(换言之,即制造潜在危险黑客工具)高级能力的 AI 模型,很快将在全球范围内普及。
A leak exposed the identity of members of Peter Thiel’s secretive ‘Dialog’ society this week, revealing more than 200 prominent names registered for a retreat that includes panels on building a cult, sex, and prepping for World War III. WIRED also revealed the society has a secretive way of ranking its members. 本周的一次泄密事件曝光了彼得·蒂尔(Peter Thiel)秘密社团“对话”(Dialog)成员的身份,揭示了 200 多名知名人士注册参加了一场静修活动,该活动包括关于建立邪教、性以及为第三次世界大战做准备的专题讨论。《连线》还披露,该社团拥有一种秘密的成员排名方式。
The United Kingdom will soon begin scanning the faces of asylum-seekers as part of age checks in spite of evidence that such age evaluation and verification tools are deeply flawed and can make mistakes with life-altering consequences. 尽管有证据表明此类年龄评估和验证工具存在严重缺陷,且可能导致改变人生的错误,但英国仍将很快开始扫描寻求庇护者的面部,作为年龄检查的一部分。
In more uplifting uses of surveillance tech, Knicks fans around the world had a chance to watch Thursday’s ticker tape parade in New York City on traffic surveillance cameras thanks to livestreams from the artist Morry Kolman. 在监控技术更令人振奋的应用方面,得益于艺术家 Morry Kolman 的直播,全球的尼克斯队球迷有机会通过交通监控摄像头观看了周四在纽约市举行的纸带游行。
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. 还有更多内容。每周,我们都会汇总那些我们未进行深度报道的安全与隐私新闻。点击标题即可阅读完整报道。祝大家保持安全。
Hackers Allegedly Publish Stolen Madison Square Garden Data
黑客声称发布了麦迪逊广场花园的被盗数据
The hacking and extortion group ShinyHunters has been loudly proclaiming a slew of high-profile victims in recent months: including the education tech firm Instructure, causing disruption in thousands of schools in the process; the photography firm Kodak; and a key European human rights organization. This week, it also published data allegedly stolen from Madison Square Garden, according to reporting by 404 Media. 黑客与勒索组织 ShinyHunters 近几个月来大肆宣扬其一系列高调的受害者:包括导致数千所学校陷入混乱的教育科技公司 Instructure、摄影公司柯达(Kodak)以及一家重要的欧洲人权组织。据 404 Media 报道,本周,该组织还发布了据称从麦迪逊广场花园(Madison Square Garden)窃取的数据。
The published data, allegedly comprising millions of records across 45GB of files, includes potential personal information from customers and references players and coaches from the Knicks. The data was published not long after the Knicks won their first NBA championship since 1973. A sample of the data reviewed by 404 Media included one file purporting to include the names of “talent,” including Knicks members. 这些已发布的数据据称包含 45GB 文件中的数百万条记录,其中包括客户的潜在个人信息,并提及了尼克斯队的球员和教练。这些数据是在尼克斯队赢得自 1973 年以来的首个 NBA 总冠军后不久发布的。404 Media 审查的数据样本中包含一份文件,声称列出了包括尼克斯队成员在内的“人才”名单。
WIRED has recently reported on Madison Square Garden’s extensive use of surveillance technologies, including face recognition systems. Alleged emails in the stolen data viewed by 404 Media include one man complaining about face recognition technology. MSG did not respond to the publication’s request for comment and after the story broke, a federal class action lawsuit was filed over the alleged data breach. 《连线》最近报道了麦迪逊广场花园广泛使用监控技术的情况,包括人脸识别系统。404 Media 查看的被盗数据中包含的疑似电子邮件中,有一封是一位男士对人脸识别技术的抱怨。麦迪逊广场花园未回应媒体的置评请求,且在报道发布后,针对此次涉嫌数据泄露事件,已提起了一项联邦集体诉讼。
San Francisco Gay Bars Are Scanning People’s Faces on Entry
旧金山同性恋酒吧在入口处扫描顾客面部
At least three bars in San Francisco’s Castro district, the well-known LGBTQ region of the city, have been using face scanners at their entrances to collect detailed information on customers. The bars are using tech from Patronscan, an ID verification company, to collect facial images, names, genders, according to Gazetteer SF, which went to bars using the technology. As well as the data collection, if staff at the bars spot customers fighting, being involved in theft, or other negative behaviors, they can log this in the system. Face recognition can then identify the person the next time they are at the bar. The recorded information can be shared as part of a “safety network” between other firms using the tech, creating a widespread surveillance network. 在旧金山著名的 LGBTQ 聚集区卡斯特罗区(Castro district),至少有三家酒吧在入口处使用人脸扫描仪来收集顾客的详细信息。据实地探访这些酒吧的 Gazetteer SF 报道,这些酒吧正在使用身份验证公司 Patronscan 的技术来收集面部图像、姓名和性别。除了数据收集外,如果酒吧工作人员发现顾客有打架、参与盗窃或其他负面行为,他们可以将其记录在系统中。下次该顾客光顾时,人脸识别系统便能识别出此人。记录的信息可以作为使用该技术的其他公司之间“安全网络”的一部分进行共享,从而形成了一个广泛的监控网络。
France’s Domestic Spy Agency to Drop Palantir Tech For French Alternative
法国国内情报机构将弃用 Palantir 技术,转而采用法国本土替代方案
For months, governments and companies in Europe have been ditching US technology, citing surveillance and security risks. This week France’s domestic spy agency, the Direction générale de la Sécurité intérieure (DGSI), announced it would stop using Palantir’s data and AI tools in the coming years, replacing them with software from French firm ChapsVision. “We must use our own AI models,” French prime minister Sébastien Lecornu said. “We cannot rely on tools developed by foreign powers. France must have its own tools.” 几个月来,欧洲各国政府和公司以监控和安全风险为由,纷纷弃用美国技术。本周,法国国内情报机构——法国国内安全总局(DGSI)宣布,将在未来几年内停止使用 Palantir 的数据和 AI 工具,转而使用法国公司 ChapsVision 的软件进行替代。“我们必须使用自己的 AI 模型,”法国国防部长塞巴斯蒂安·勒科尔尼(Sébastien Lecornu)表示,“我们不能依赖外国势力开发的工具。法国必须拥有自己的工具。”
While France has been particularly proactive in trying to remove US technology from its public institutions—going as far as building its own open source equivalents to Zoom and Microsoft Office—it is not the first European intelligence agency to snub Palantir for ChapsVision. Last month, Germany’s intelligence agency BfV said it would use the French technology instead. 尽管法国在试图从公共机构中剔除美国技术方面表现得尤为积极——甚至构建了 Zoom 和 Microsoft Office 的开源替代品——但它并不是第一个为了 ChapsVision 而冷落 Palantir 的欧洲情报机构。上个月,德国情报机构联邦宪法保卫局(BfV)也表示将改用这种法国技术。
Apple Plans To Tweak Private Email Tool—Making Its Use More Obvious
苹果计划调整“隐藏邮件”工具,使其使用痕迹更明显
Apple’s ‘Hide My Email’ tool allows you to generate a random email address that you can use to privately sign-up to new websites and apps, avoiding you handing over personal info to even more websites. However, the company is set to change the way it creates these email addresses. At present, they all use the @icloud.com domain. Going forward, as TechCrunch reported this week, Apple plans to use the domain: @private.icloud.com. The not-so-subtle change could make it easier for firms to detect people are using the privacy-preserving service and demand sign-ups with an alternative email address. 苹果的“隐藏邮件”(Hide My Email)工具允许用户生成一个随机电子邮件地址,用于私密注册新网站和应用程序,从而避免向更多网站泄露个人信息。然而,该公司准备改变创建这些电子邮件地址的方式。目前,它们都使用 @icloud.com 域名。据 TechCrunch 本周报道,苹果计划在未来使用 @private.icloud.com 域名。这一并不隐晦的改动可能会让企业更容易检测到用户正在使用该隐私保护服务,并要求用户使用其他电子邮件地址进行注册。