ArsTechnica Round-Up Yesterday

An annotated selection FYI:

NOTE: ". . . Even a flicker of reach seems to be enough to connect with Americans on social media, though. WSJ reported that often Americans are directed to pick up migrants who have just crossed into the US. One Arizona border patrol agent told the WSJ that approximately 90 percent of drivers the department arrests—some under 18—admit to being recruited through social media. The US attorney for Arizona, Gary Restaino, told the WSJ that “half the smuggling cases his office prosecutes involve social-media recruitment.”

Border Patrol agent says 90% of drivers arrested were recruited on social media.

Sometimes attracting drivers as young as 14 with emoji-filled posts that promise thousands of dollars “for just a few hours of driving,” smugglers often rely on social media to recruit Americans to help migrants illegally cross the US-Mexico border, The Wall Street Journal reported.

Popular platforms like Instagram, WhatsApp, Snapchat, TikTok, and Twitter all told the WSJ that they prohibit these posts. However, the Journal talked to local and federal law-enforcement officials, as well as defense attorneys for Americans recruited on social media, who confirmed that despite those bans, the trend is “increasingly common.”

When contacted by Ars, a Twitter spokesperson pointed out that the Journal's report didn't include specific examples of this activity happening on the platform. The spokesperson linked to Twitter's Transparency Center, where the company tracks reports on this content.

Snapchat's spokesperson told Ars, "Our global safety teams... work around the clock to quickly investigate any reports and take appropriate action. We will continue to work in close collaboration with law enforcement and support investigations to help prevent abuse on our platform.”

Meta has not yet responded to Ars, but it told the WSJ that it has invested in technology to detect these posts. Ars also couldn't immediately reach TikTok, which told the WSJ that it not only removes posts but bans accounts when such content is detected.

The Journal reported that because of social media bans, most “posts appear briefly” before vanishing. . ."

Starry once planned to cover 40 million homes, currently has just 91,000 users.

Wireless home Internet provider Starry is cutting 500 employees, about half of its workforce, and canceling plans to expand into new states. Starry's board of directors yesterday approved the plan to cut 500 jobs, the Internet service provider said in a Securities and Exchange Commission filing today.

"The decision was based on cost-reduction initiatives intended to reduce operating expenses and allow the Company to focus on serving its existing core markets and customers," the filing said.

Starry said the job cuts will be "substantially complete" by the end of December. Starry also announced a freeze on hiring and non-essential expenditures and withdrew full-year 2022 guidance that was previously given to investors. . .

The press release suggests the job cuts won't be the last major changes for Starry. The company said the cost-cutting plan will "conserve capital and improve its capital runway as it explores all strategic options."

Starry launched in 2016. In mid-2019, Starry spent $48.5 million on 24 GHz spectrum licenses covering more than 25 million households in 25 states. "Combined with Starry’s current deployment roadmap, Starry’s fixed wireless footprint will reach more than 40 million households, covering more than 25 percent of all US households," the company said at the time.

Starry has just 91,000 users

But the expansion never reached the scale envisioned by the company. Starry provides service in Boston; Columbus, Ohio; Denver; Los Angeles; New York City; and Washington, DC. The company's network can serve 5.96 million homes after recent expansions in those markets.

Less than 2 percent of potential users subscribe to Starry service, though the customer number has been growing. Starry said it had 91,297 customers as of September 30, up from 55,078 one year earlier. That includes bulk billing arrangements where a building owner or association is invoiced for multiple units.

Starry says its most popular broadband plan is $50 a month for speeds up to 200Mbps, with unlimited data. Average speed test results last quarter were 196Mbps for downloads, 105Mbps for uploads, and latency of 20.3 ms, Starry says.

Kanojia said Starry "needed to curtail our cash burn while we pursue strategic options," but stressed that it wouldn't abandon its customers. "Today is a very tough day for our Starry team, but I want to be clear: Starry remains open for business," he said. "We, like so many others, are making the difficult calls now and taking steps that will allow us to be laser-focused on financing the business over the long-term and continue serving our markets."

ISP defaulted on FCC funding

In December 2020, the Federal Communications Commission tentatively awarded Starry $268.85 million to serve 108,506 homes and businesses in nine states: Alabama, Arizona, Colorado, Illinois, Mississippi, Nevada, Ohio, Pennsylvania, and Virginia. Starry, also known as Connect Everyone, got final approval to obtain most of the Rural Digital Opportunity Fund (RDOF) money less than two months ago. It would have been paid out over 10 years.

But the company defaulted on the bids in a move that seemed to take the FCC by surprise..."

Data includes signed contracts and projects related to critical infrastructure.

"Microsoft is facing criticism for the way it disclosed a recent security lapse that exposed what a security company said was 2.4 terabytes of data that included signed invoices and contracts, contact information, and emails of 65,000 current or prospective customers spanning five years.

The data, according to a disclosure published Wednesday by security firm SOCRadar, spanned the years 2017 to August 2022. The trove included proof-of-execution and statement of work documents, user information, product orders/offers, project details, personally identifiable information, and documents that may reveal intellectual property. SOCRadar said it found the information in a single data bucket that was the result of a misconfigured Azure Blob Storage.

Microsoft can’t, or Microsoft won’t?

Microsoft posted its own disclosure on Wednesday that said the security company “greatly exaggerated the scope of this issue” because some of the exposed data included “duplicate information, with multiple references to the same emails, projects, and users.” Further using the word “issue” as a euphemism for “leak,” Microsoft also said: “The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.”

Absent from the bare-bones, 440-word post were crucial details, such as a more detailed description of the data that was leaked or how many current or prospective customers Microsoft really believes were affected. Instead, the post chided SOCRadar for using numbers Microsoft disagreed with and for including a search engine people could use to determine if their data was in the exposed bucket. (The security company has since restricted access to the page.)

When one affected customer contacted Microsoft to ask what specific data belonging to their organization was exposed, the reply was: “We are unable to provide the specific affected data from this issue.” When the affected customer protested, the Microsoft support engineer once again declined.

Critics also faulted Microsoft for the way it went about directly notifying those who were affected. . ."

There's a new EnergyStar-like label program for connected devices—but not cars.

"Almost 3 in 4 people think that connected cars and electric vehicle chargers should be rated for their ability to resist cybersecurity threats. That's the finding from a survey conducted last week by BlackBerry to see whether people consider Internet-connected devices (also known as the Internet of Things) to be secure from hacking threats.

The survey was commissioned in response to a new White House initiative announced on Wednesday. The Biden administration plans to launch a labeling program for IoT devices in 2023, similar to the EnergyStar ratings that tell consumers how much electricity a TV or appliance will use.

The White House wants the National Institute of Standards and Technology and the Federal Trade Commission to come up with a basic set of security standards so that Americans can tell at a glance whether that new speaker or washing machine is in danger of joining a botnet or getting hit with ransomware.

Perhaps alarmingly for Ars readers, only 54 percent of the 1,008 people surveyed said they are concerned about Internet-connected devices in their homes being hacked. And just 32 percent said they own IoT devices that they do not let access the Internet due to security concerns. But 82 percent agreed that a cybersecurity rating like EnergyStar would make them feel more informed about connected devices.

BlackBerry also asked, "Do you think a cybersecurity/'star rating' system should be extended to connected cars and electric vehicle charging stations?" Overwhelmingly, respondents did, with 74 percent agreeing with that statement.

There's no indication yet that the White House, NIST, or the FTC plan to include connected cars or EV chargers in the new labeling scheme, but there's probably a better chance of that happening than every connected car being fitted with a physical kill switch to disconnect it."

✓