23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. BleepingComputer reports: The proposed class action settlement (PDF), filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval. "23andMe believes the settlement is fair, adequate, and reasonable," the company said in a memorandum filed (PDF) Friday.

23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during annual training sessions. "23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives' claims for statutory damages," the company said in the filed preliminary settlement.

"23andMe denies any wrongdoing whatsoever, and this Agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe with respect to any claim of any fault or liability or wrongdoing or damage whatsoever."

Gemini Live is rolling out its Live Voice Mode for all Android users, allowing them to hold real-time, interactive voice conversations with Gemini. "Previously locked into conventional text-based input and responses, Gemini Live Voice Mode gives hands-free ways to explore ideas, brainstorm, and talk through topics in real-time," reports Tom's Guide. From the report: This new voice feature is integrated into the Android Gemini app, so users need to update their app or download it from the Google Play Store if they haven't already done so. Once installed, users can turn on Live Voice Mode and start talking directly to Gemini. Do you want to get your thoughts sorted out or chat? It's fast and interactive, and no typing is required in this mode.

Users can have voice conversations on virtually anything. Suppose one is stuck with a complex project and needs a fresh perspective or researching a new hobby or course of study and wants to flesh out the subject by talking it out with Gemini. It promises to offer rich insight and ideas through conversation so that one's productivity and creativity are enhanced in ways that, up until now, have been possible only with human dialogue. [...]

The main advantage of Gemini Live Voice Mode is that it is interactive. A voice assistant would respond to a question you pose in voice, while with the live voice mode in Gemini, the dialogue sounds and feels more natural, with a tone that takes on that of the discussion and facilitates a back-and-forth interaction style. You can ask follow-up questions, clarify misunderstandings, or refine your ideas as you speak, making it more like a collaboration than a simple Q&A.

The Biden administration is proposing new rules to limit the "de minimis" exemption, which some Chinese e-commerce companies like Shein and Temu use to ship low-cost goods under $800 to U.S. customers without tariffs. The changes would subject certain shipments to closer inspection and tariffs, aiming to protect American consumers and businesses by ensuring a level playing field against Chinese platforms that have exploited this loophole. The Verge reports: Under the proposed rules, the US will prevent companies from claiming the de minimis exemption if their goods are covered by Section 301, Section 232, and Section 201 tariffs, which apply to products from China, steel, and aluminum, as well as washing machines and solar panels. In addition to slapping these shipments with tariffs, the rule change would subject them to closer inspection by US Customs and Border Protection.

The Biden administration said the proposal would help "protect consumers from goods that do not meet regulatory health and safety standards." Even though Shein is headquartered in Singapore, it's known for cheap fast fashion that's mainly manufactured in China. The China-based Temu sells clothes, household items, electronics, and a variety of other goods made in the country as well.

An anonymous reader quotes a report from Ars Technica: Researchers still don't know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP].

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user. "These off-brand devices discovered to be infected were not Play Protect certified Android devices," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety."

Users can confirm if their device runs Android TV OS via this link and following the steps here.

Former FTX CEO Sam Bankman-Fried's legal team has filed an appeal challenging his conviction on seven felony counts and his 25-year prison sentence. They argue that he was not presumed innocent, that the jury received incomplete information about FTX user funds, and that the prosecution's narrative was biased. CoinTelegraph reports: In a Sept. 13 filing in the United States Court of Appeals for the Second Circuit, SBF's lawyers filed a 102-page brief claiming that the former FTX CEO was "never presumed innocent," subject to scrutiny that allegedly affected prosecutors, the presiding judge, and treatment by the media. Bankman-Fried's legal team announced in April -- a few weeks after a federal judge sentenced him to 25 years in prison -- that they intended to appeal. According to the appeal, SBF's lawyers alleged the jury was "only allowed to see half the picture" with FTX user funds, claiming prosecutors had "presented a false narrative" that the money was permanently lost and Bankman-Fried intentionally caused that loss. They also claimed that counsel for the FTX debtors worked with the US government in a way that was above and beyond "cooperation," providing information allegedly as an "arm of the prosecution."

"From day one, the prevailing narrative -- initially spun by the lawyers who took over FTX, quickly adopted by their contacts at the US Attorney's Office -- was that Bankman-Fried had stolen billions of dollars of customer funds, driven FTX to insolvency, and caused billions in losses," said the appeal. "Now, nearly two years later, a very different picture is emerging -- one confirming FTX was never insolvent, and in fact had assets worth billions to repay its customers. But the jury at Bankman-Fried's trial never got to see that picture." The legal team requested the appellate court grant SBF a new trial with a different judge. It's unclear whether the Second Circuit could rule to affirm Bankman-Fried's conviction in the US District Court for the Southern District of New York or reverse the decision and set the groundwork for a new trial.

iFixit has created its own USB-C soldering iron and portable power station called FixHub, "designed to allow all types of users to handle soldering work wherever they may be," reports MacRumors. From the report: The Portable Power Station serves as the command and power center for FixHub, including a 55-watt-hour battery to support over eight hours of continuous soldering on a single charge. The power supply delivers up to 100 watts to a pair of USB-C ports, allowing it to run two soldering irons simultaneously, and the fact that it's simply a USB-C power output device means you can also use it to power or recharge an array of devices like phones.

The solidly built power station includes a handy display to show the status of your soldering iron, along with a convenient dial for adjusting the power being delivered to the iron, supporting temperatures up to 400C (750F). A flip-up bracket raises the front of the power station a bit to make the display easier to see while in use, while attachment points on the left and right side allow you to clip on the soldering iron's cap for convenient access as a stand. A USB-C port on the rear of the power station allows for up to 45 watts of input to recharge the station, and iFixit says it is safe to leave continuously connected to power so it's ready whenever you need it. [...]

iFixit is of course known for more than just hardware, and it has hundreds of free soldering guides on its website, ranging from the basics of soldering to specific repair projects. It also wouldn't be an iFixit product without repairability being front of mind, so the FixHub system is designed to allow for easy repairs and iFixit will be releasing a number of guides to help users replace batteries, repair parts, and more. Supplementing the FixHub is an optional Portable Soldering Toolkit, which provides an extensive set of tools and consumables to get you going on soldering projects. The USB Smart Soldering Iron and Portable Soldering Station are priced at $79.95 and $249.95, respectively.

An anonymous reader quotes a report from Wired: You can tell a lot about someone from their eyes. They can indicate how tired you are, the type of mood you're in, and potentially provide clues about health problems. But your eyes could also leak more secretive information: your passwords, PINs, and messages you type. Today, a group of six computer scientists are revealing a new attack against Apple's Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device's virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes. "Based on the direction of the eye movement, the hacker can determine which key the victim is now typing," says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.

To be clear, the researchers did not gain access to Apple's headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime. The researchers alerted Apple to the vulnerability in April, and the company issued a patch to stop the potential for data to leak at the end of July. It is the first attack to exploit people's "gaze" data in this way, the researchers say. The findings underline how people's biometric data -- information and measurements about your body -- can expose sensitive information and beused as part of the burgeoning surveillance industry.

The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people's avatars while they completed a variety of typing tasks. When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. "When we are typing our gaze will show some regular patterns," Zhan says. Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. "During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused," Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior.

The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they've made it. "The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected." Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn't have any knowledge of the victim's typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.

Have you ever been in a high-stakes situation in which you needed to perform but completely bombed? You're not alone. Experiments in monkeys reveal that 'choking' under pressure is linked to a drop in activity in the neurons that prepare for movement. Nature: "You see it across the board, you see it in sports, in all kinds of different sports and outside of sports as well." says Steven Chase, a neuroscientist at Carnegie Mellon University in Pittsburgh, Pennsylvania. Chase and his colleagues investigated what happens in the brain that causes performance to plummet, and published their findings in Neuron on 12 September.

Choking under pressure is not unique to humans. In the same way that a tennis player might miss a match-winning shot, monkeys can also underperform in high-reward situations. The team set up a computer task in which rhesus monkeys received a reward after quickly and accurately moving a cursor over a target. Each trial gave the monkeys cues as to whether the reward would be small, medium-sized, large or 'jackpot'. Jackpot rewards were rare and unusually big, creating a high-stakes, high-reward situation. Using a tiny, electrode-covered chip implanted into the monkeys' brains, the team watched how neuronal activity changed between reward scenarios. The chip was situated on the motor cortex, an area of the frontal lobe that controls movement.

The researchers found that, in jackpot scenarios, the activity of neurons associated with motor preparation decreased. Motor preparation is the brain's way of making calculations about how to complete a movement -- similar to lining up an arrow on a target before unleashing it. The drop in motor preparation meant that the monkey's brains were underprepared, and so they underperformed. The results "help us understand how reward-outcome-mediated behaviour is not linear," says Bita Moghaddam, a behavioural neuroscientist at Oregon Health & Science University in Portland. To a certain extent, "you just don't perform better as the reward increases," Moghaddam says. It would also be interesting to see how other brain regions respond in jackpot-reward situations, she adds, because multiple regions could be involved.

Dell and HP executives have acknowledged a delay in the anticipated commercial PC refresh cycle. Michael Dell, speaking at the Citi 2024 Global TMT conference, stated that the refresh cycle "has been delayed for sure." The Register adds: Without offering any reasons for postponement -- and not being pressed for one by the analyst interviewing him -- the billionaire reckoned the size of the refresh is "going to be even bigger" because of it. "So first of all we have a certain date with Windows 10 end-of-life and we're almost within a one year window of that, and as you get in that one-year window, the enterprise IT people start screwing around and saying, 'Oh, we better do something about this'," said Dell.

Enrique Lores, CEO at rival PC maker HP, who spoke at the Goldman Sachs Communacopia + Technology conference this week, agreed enterprises are also about to invest in new lines. "First of all there is a large and aging installed base on PCs. Many of these PCs were bought during COVID and now we are four [or] five years after they were bought and they will have to be replaced. "We also see an opportunity driven by the Windows 11 refresh that is only starting now... this is what is behind some of the strength that we see on the commercial side. Microsoft⦠will start discontinuing their support for the previous versions, and this always ties the replacement and upgrade," he said, adding "this is going to be driving demand in the coming quarters."

OpenAI's latest models have "meaningfully" increased the risk that AI will be misused to create biological weapons [non-paywalled link], the company has acknowledged. From a report: The San Francisco-based company announced its new models, known as o1, on Thursday, touting their new abilities to reason, solve hard maths problems and answer scientific research questions. OpenAI's system card, a tool to explain how the AI operates, said the new models had a "medium risk" for issues related to chemical, biological, radiological and nuclear (CBRN) weapons -- the highest risk that OpenAI has ever given for its models. The company said it meant that the technology has "meaningfully improved" the ability of experts to create bioweapons. AI software with more advanced capabilities, such as the ability to perform step-by-step reasoning, pose an increased risk of misuse in the hands of bad actors, according to experts.

Japan is overhauling how its ubiquitous 24-hour mini-police stations are operated nationwide as more crime fighting moves from the streets to the web. From a report: Called koban in Japanese, officers at these small police boxes handle a variety of tasks from responding to crime and patrolling neighborhoods to handling lost items. There are also chuzaisho outposts where police officers live full-time. The National Police Agency will update operational rules on Friday to allow some outposts to shut down at night if necessary. It will also allow greater flexibility on the use of mobile or temporary outposts, depending on local needs and staffing considerations.

Prefectural police will decide on changes involving specific outposts. Japan's koban system dates back to 1874 and is believed to have started operating around the clock in the 1880s. There were 6,215 kobans and 5,923 live-in outposts across Japan as of April. They have inspired countries like Singapore and Brazil to set up similar outposts focused on community policing. The change comes amid shifting crime patterns. Roughly 700,000 crime cases were reported in 2023, down more than 70% from the post-World War II peak in 2002. Street crime, like purse-snatching and car break-ins, were down around 80% to 240,000 cases. Instead, online and phone-based crimes, like impersonation scams and romance scams, are on the rise.

Apple unveiled a multitrack recording feature for Voice Memos at its recent iPhone event, exclusive to the iPhone 16 Pro. The feature allows users to layer vocals over guitar tracks without headphones, utilizing advanced microphone technology and machine learning algorithms to reduce ambient noise.

Engadget argues the feature's exclusivity to the new $1,000+ model is unnecessary, given modern smartphones' processing power far exceeds that of early digital audio workstations. They contend that basic multitrack recording functionality could be implemented on older iPhone models. Apple's decision to limit this feature contradicts its inclusion of GarageBand on all iPhones and the availability of Audio Mix on base iPhone 16 models, which offers similar noise reduction capabilities. The story adds: Why is this particular feature walled behind the iPhone 16 Pro? It's a simple multitrack recording function. From the ad, it looks like the app can't even layer more than two tracks at a time. This can't exactly be taxing that A18 Pro chip, especially when the phone can also handle 4K/120 FPS video recording in Dolby Vision.

Apple asked a court Friday to dismiss its three-year-old hacking lawsuit against spyware pioneer NSO Group, arguing that it might never be able to get the most critical files about NSO's Pegasus surveillance tool and that its own disclosures could aid NSO and its increasing number of rivals. From a report: A redacted version of the filing in San Francisco federal court cited a July article in the Guardian, which reported that Israeli officials had taken files from NSO's headquarters. The newspaper said the officials asked an Israeli court to keep the action secret even from those involved in an earlier, still pending hacking suit against NSO filed by Meta's WhatsApp. Israeli ministry of justice communications that were hacked showed that officials were concerned about sensitive information reaching Americans, the newspaper said.

"While Apple takes no position on the truth or falsity of the Guardian Story described above, its existence presents cause for concern about the potential for Apple to obtain the discovery it needs," the iPhone maker wrote in its filing Friday. Israeli officials have not disputed the authenticity of the documents but have denied interfering in the U.S. litigation.

Annapurna Interactive's entire gaming staff has resigned from the company following a leadership dispute, according to a Bloomberg report. From a report: The report, which IGN can confirm based on conversations with our own sources, states that Annapurna Interactive president Nathan Gary had recently been in negotiations with Annapurna founder and billionaire Megan Ellison to spin the gaming segment off as its own company. However, Ellison eventually pulled out of negotiations, at which point Gary resigned. Almost 30 other individuals, including division co-heads Deborah Mars and Nathan Vella, as well as the entire remaining staff of Annapurna Interactive, joined him.

"All 25 members of the Annapurna Interactive team collectively resigned," Gary and the resigned staff said in a joint statement to Bloomberg. "This was one of the hardest decisions we have ever had to make and we did not take this action lightly." While negotiations were still ongoing, Annapurna Interactive re-hired former Epic Games executive Hector Sanchez as its president of interactive and new media, and Paul Doyle as its head of strategy. IGN understands that Sanchez was expected to head up Annapurna's gaming efforts in Gary's absence once his part of the company was spun-off. With Gary now having resigned, Sanchez has taken the lead. Annapurna has earned success and awards for games including Cocoon, Stray, Neon White, The Artful Escape, and Sayonara Wild Hearts.

United Airlines said that it will outfit its entire fleet with Starlink internet service, aiming to keep fliers loyal by offering zippier, more reliable browsing and downloads that the carrier expects will mirror what travelers are used to on the ground. From a report: United's deal is a bet that Starlink's technology can propel it above rival carriers in offering fast, free Wi-Fi. The airline is in the midst of a broader effort to burnish its premium and business travel bona fides, which has included retrofitting planes with lots of power outlets and seat back screens.

The airline said it would begin testing the Starlink service early next year, with the first passenger flights likely equipped later in 2025. United said Starlink's service will be more reliable, particularly over oceans and other remote areas -- a key advantage for the airline's network of long-haul international flights that cross the Atlantic and Pacific oceans. It will allow passengers to access live TV and streaming, and to use several devices at once.