Apple's iPhone 14 Emergency SOS via Satellite Feature was put to the test in Alaska yesterday, when a man became stranded in a rural area. MacRumors reports: In the early hours of the morning on December 1, Alaska State Troopers received an alert that a man traveling by snow machine from Noorvik to Kotzebue had become stranded. The man was in a cold, remote location with no connectivity, and he activated the Emergency SOS via satellite feature on his iPhone 14 to alert authorities to his predicament. Apple's Emergency Response Center worked with local search and rescue teams and the Northwest Arctic Borough Search and Rescue Coordinator to send out volunteer searchers directly to the GPS coordinates that were relayed to Apple using the emergency function.

The man was rescued successfully and there were no injuries. The area where he was located is remote and on the fringes of where satellite connectivity is available. Apple says that satellite connectivity might not work in places above 62 degrees latitude, such as northern parts of Canada and Alaska, and Noorvik and Kotzebue are close to 69 degrees latitude. Troopers who helped with the rescue were "impressed with the accuracy and completeness of information included in the initial alert," with the Emergency SOS via Satellite feature designed to ask several questions ahead of when an alert is sent out to expedite rescue missions.

Electrek recaps yesterday's Tesla's Semi Delivery Event in Nevada: As expected, Tesla delivered the first electric trucks to PepsiCo, a long-time reservation holder, and held a presentation to reveal more details about the production version of the Tesla Semi. There wasn't any big surprise during the presentation. Tesla basically delivered on its original promises made in 2017 when it first unveiled the prototypes of the Tesla Semi. Despite the lack of major changes, it's still a big moment since the electric truck has the potential to change the trucking industry for good by eliminating emissions and significantly reducing costs.

In terms of the technology powering the truck, things have changed since the original prototypes, but not in any major ways. Tesla is now using a tri-motor drivetrain that is basically the same as in the Model S and Model X Plaid. Dan Priestley, Tesla Semi Program manager, explained that Tesla is using one of the motors for cruising speed geared toward peak efficiency at highway speeds and the two other motors are used for torque when accelerating in order to create a smooth driving experience never seen in a class 8 truck before. To prove the capacity, Tesla shared a very impressive video of a Tesla Semi loaded at 82,000 lb. passing a diesel truck at 6% incline on the Donner Pass as if it's nothing:

Tesla promised a range of 500 miles with a full load five years ago, and it delivered on the promise. Tesla shared data on a 500-mile trip with a full load of just under 82,000 lb. total with the tractor. It started out in the Bay Area with a 97% state of charge and ended up in San Diego with still 4% charge. Tesla reiterated that it can achieve a less-than-2 kWh-per-mile efficiency, which means that trucking companies can achieve up to $70,000 in fuel savings per year depending on their cost of electricity. Once the battery pack is depleted after 500 miles or so, you can expect blazing-fast charging thanks to the new 1-megawatt charging technology developed by Tesla. The automaker also said it will make it to the Cybertruck. In an updated article, Electrek's Fred Lambert says Musk confirmed Tesla Semi's efficiency at 1.7 kWh per mile, "which means it has a roughly 900 kWh battery pack."

Tesla didn't reveal the weight of the actual truck or the price. "In 2017, Tesla said the trucks would be $150,000, $180,000, and $200,000, depending on the model, but those prices are expected to have changed over the last five years," reports Lambert.

An anonymous reader quotes a report from Reuters: An Australian law giving the government power to make internet giants Facebook owner Meta and Alphabet's Google negotiate content supply deals with media outlets has largely worked, a government report said. But the law, which took effect in March 2021 after talks with the big tech firms led to a brief shutdown of Facebook news feeds in the country, may need to be extended to other online platforms, the review said.

Since the News Media Bargaining Code (PDF) took effect, the tech firms had inked more than 30 deals with media outlets compensating them for content which generated clicks and advertising dollars, said the Treasury department report, published late Thursday. "At least some of these agreements have enabled news businesses to, in particular, employ additional journalists and make other valuable investments to assist their operations," said the report. "While views on the success or otherwise of the Code will invariably differ, we consider it is reasonable to conclude that the Code has been a success to date."

The report mostly recommended that the government consider new methods of assessing the administration and effectiveness of the law, and did not suggest changing the law itself. But it did note the law lacked "a formal mechanism to extend the Code to other platforms", and suggested the government order the competition regulator, which led the design of the law, to "prepare reports on this question." Google director of government affairs and public policy in Australia Lucinda Longcroft said the company had "furthered our significant contribution to the Australian news industry" by signing deals representing 200 mastheads across the country and "the majority of these outlets are regional or local."

Huawei has confirmed the existence of a smartwatch it's working on featuring a pair of built-in wireless earbuds. "Huawei's account on Chinese Twitter-like site Weibo announced the existence of the device on Wednesday and promised all would be revealed on December 2," reports The Register. "But Huawei has since postponed its Winter 2022 consumer kit launch for unexplained reasons." You can view a teaser video on YouTube. The Verge adds: As the name suggests, the Huawei Watch Buds are a pair of earbuds concealed within a smartwatch that looks similar to the Huawei Watch 3. Details are a little sparse so there's no word yet on what kind of performance or battery life you can expect from either of the products, but the watch itself does appear to be running HarmonyOS.

The earbuds don't seem to resemble any previous Huawei products, sporting a bare-bones black and silver design. While the concept feels more than a little gimmicky, it could be a neat solution for runners and other sporty folks who don't want to carry a separate earbud case during a workout. (If they don't mind the extra bulk on their wrists.) [...] Addressing the elephant in the room, it's unlikely that you'll be able to buy this wacky gadget in the US anyway, regardless of its legitimacy. Huawei products have been effectively banned in the country since the company was placed on the Commerce Department's Bureau of Industry and Security Entity list in 2019.

A group of federal cyber advisers is putting a suspected teen hacking group under the microscope in the second investigation ever conducted by the Cyber Safety Review Board. From a report: The Department of Homeland Security review board -- a group of 15 federal government and private-sector cyber experts -- announced Friday morning that it will study and provide recommendations to fend off the hacking techniques behind the Lapsus$ data extortion group. The Cyber Safety Review Board first investigated and released a report with security recommendations in July about the Log4j open-source software vulnerability that affected millions of devices last year.

Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.

An anonymous reader shares a report: Nvidia's new RTX 4090 and 4080 GPUs both use a new connector called 12VHPWR to deliver power as a way to satisfy ever-more power-hungry graphics cards without needing to set aside the physical space required for three or four 8-pin power connectors. But that power connector and its specifications weren't created by Nvidia alone -- to ensure interoperability, the spec was developed jointly by the PCI Express Special Interest Group (PCI-SIG), a body that includes Nvidia, AMD, Intel, Arm, IBM, Qualcomm, and others.

But the overheating and melting issues experienced by some RTX 4090 owners recently have apparently prompted the PCI-SIG to clarify exactly which parts of the spec it is and is not responsible for. In a statement reported by Tom's Hardware, the group sent its members a reminder that they, not the PCI-SIG, were responsible for safety testing products using connector specs like 12VHPWR. "Members are reminded that PCI-SIG specifications provide necessary technical information for interoperability and do not attempt to address proper design, manufacturing methods, materials, safety testing, safety tolerances, or workmanship," the statement reads. "When implementing a PCI-SIG specification, Members are responsible for the design, manufacturing, and testing, including safety testing, of their products."

Google is shutting down Duplex on the Web, its AI-powered set of services that navigated sites to simplify the process of ordering food, purchasing movie tickets and more. From a report: According to a note on a Google support page, Google on the Web and any automation features enabled by it will no longer be supported as of this month. Google introduced Duplex on the Web, an outgrowth of its call-automating Duplex technology, during its 2019 Google I/O developer conference. To start, it was focused on a couple of narrow use cases, including opening a movie theater chain's website to fill out all of the necessary information on a user's behalf -- pausing to prompt for choices like seats. But Duplex on the Web later expanded to passwords, helping users automatically change passwords exposed in a data breach, as well as assisted checkout for ecommerce retailers, flight check-in for airline sites and automatic discount finding. The promise of Duplex on the Web was that you'd be able to issue Google Assistant a command like "Book me a car from Hertz" and have Duplex pull up the relevant web page and automatically fill in details like your name, car preferences, trip dates, payment information (using information from Gmail and Chrome autofill), and more.

The U.S. Army allocated millions of dollars to sponsor a wide range of esports tournaments, individual high profile Call of Duty streamers, and Twitch events in the last year to specifically grow its audience with Gen-Z viewers, and especially women and Black and Hispanic people, according to internal Army documents obtained by Motherboard. From the report: In many cases the sponsorships ultimately did not happen -- the Army ordered a stop of all spending with Call of Duty's publisher Activision after the company faced a wave of sexual harrassment complaints. But the documents provide much greater insight into the Army's goals and intentions behind its planned integrations with Call of Duty and other massive entertainment franchises.

"Audience: Gen-Z Prospects (A18-24)," one section of the documents read. "Focus on the growth of females, Black & Hispanics." Motherboard obtained the documents through the Freedom of Information Act (FOIA). A table included in the documents lists the funds the Army planned to spend on various platforms, events, and streamers. At the top, is Twitch and its HBCU [Historically Black Colleges and Universities] Showdown. Previous seasons of this esports league had players compete in Madden and NBA games. The Army planned to spend $1 million on sponsoring the event. The documents show that the U.S. military considered gaming and, in particular, Call of Duty, as a potentially useful branding and recruiting tool.

"Rust is awesome, for certain things. But think twice before picking it up for a startup that needs to move fast," Matt Welsh, co-founder and chief executive of Fixie.ai and former Google engineering director, writes in a blog post. From the post: I hesitated writing this post, because I don't want to start, or get into, a holy war over programming languages. (Just to get the flame bait out of the way, Visual Basic is the best language ever!) But I've had a number of people ask me about my experience with Rust and whether they should pick up Rust for their projects. So, I'd like to share some of the pros and cons that I see of using Rust in a startup setting, where moving fast and scaling teams is really important. Right up front, I should say that Rust is very good at what it's designed to do, and if your project needs the specific benefits of Rust (a systems language with high performance, super strong typing, no need for garbage collection, etc.) then Rust is a great choice. But I think that Rust is often used in situations where it's not a great fit, and teams pay the price of Rust's complexity and overhead without getting much benefit.

My primary experience from Rust comes from working with it for a little more than 2 years at a previous startup. This project was a cloud-based SaaS product that is, more-or-less, a conventional CRUD app: it is a set of microservices that provide a REST and gRPC API endpoint in front of a database, as well as some other back-end microservices (themselves implemented in a combination of Rust and Python). Rust was used primarily because a couple of the founders of the company were Rust experts. Over time, we grew the team considerably (increasing the engineering headcount by nearly 10x), and the size and complexity of the codebase grew considerably as well. As the team and codebase grew, I felt that, over time, we were paying an increasingly heavy tax for continuing to use Rust. Development was sometimes sluggish, launching new features took longer than I would have expected, and the team was feeling a real productivity hit from that early decision to use Rust. Rewriting the code in another language would have, in the long run, made development much more nimble and sped up delivery time, but finding the time for the major rewrite work would have been exceedingly difficult.

So we were kind of stuck with Rust unless we decided to bite the bullet and rewrite a large amount of the code. Rust is supposed to be the best thing since sliced bread, so why was it not working so well for us? [...] Despite being some of the smartest and most experienced developers I had worked with, many people on the team (myself included) struggled to understand the canonical ways to do certain things in Rust, how to grok the often arcane error messages from the compiler, or how to understand how key libraries worked (more on this below). We started having weekly "learn Rust" sessions for the team to help share knowledge and expertise. This was all a significant drain on the team's productivity and morale as everyone felt the slow rate of development. As a comparison point of what it looks like to adopt a new language on a software team, one of my teams at Google was one of the first to switch entirely from C++ to Go, and it took no more than about two weeks before the entire 15-odd-person team was quite comfortably coding in Go for the first time.

Maersk and IBM will wind down their shipping blockchain TradeLens by early 2023, ending the pair's five-year project to improve global trade by connecting supply chains on a permissioned blockchain. From a report: TradeLens emerged during the "enterprise blockchain" era of 2018 as a high-flying effort to make inter-corporate trade more efficient. Open to shipping and freight operators, its members could validate the transaction of goods as recorded on a transparent digital ledger.

The idea was to save its member-shipping companies money by connecting their world. But the network was only as strong as its participants; despite some early wins, TradeLens ultimately failed to catch on with a critical mass of its target industry. "TradeLens has not reached the level of commercial viability necessary to continue work and meet the financial expectations as an independent business," Maersk Head of Business Platforms Rotem Hershko said in a statement.

Japanese camera manufacturers are bidding farewell to a once-major component of their operations, with Panasonic Holdings and Nikon suspending development of entry-level point-and-shoot cameras under their flagship brands. From a report: The companies will instead focus resources on pricier mirrorless models going forward, aiming to navigate a market upended by smartphones. Casual photographers flocked to compact digital cameras in the mid- to late 1990s, embracing their affordability and portability compared with single-lens reflex cameras. Global shipments reached 110 million units in 2008, according to the Camera & Imaging Products Association (CIPA). But as the iPhone and other camera-equipped smartphones won general consumers over, the camera industry fell off a cliff. Global shipments of compact digital cameras plunged 97% from the 2008 level to just 3.01 million units in 2021.

Panasonic has been scaling back its model offerings in Lumix compact digital cameras, which debuted in 2001 and enjoyed high spots in domestic rankings at one point. The company has not released any new product for the price range below 50,000 yen ($370 at current rates) or so since 2019 and has no plans to develop a low-priced model going forward. "We've halted developing any new models that can be replaced by a smartphone," a spokesperson said. Panasonic will continue production of current offerings. But its focus going forward will be on developing high-end mirrorless cameras for photography enthusiasts and professionals. Nikon has suspended development of new compact models in its Coolpix line. It now offers just two models with high-powered lenses but it is "closely monitoring market trends" to determine production volumes going forward, according to an official. Nikon has also withdrawn from development of SLR cameras to specialize in upmarket mirrorless single-lens models. These companies are following in rivals' footsteps. Fujifilm has discontinued production of its FinePix compact cameras and will develop only the X100V series and other pricier models.

America's newest nuclear stealth bomber is making its public debut after years of secret development and as part of the Pentagon's answer to rising concerns over a future conflict with China. From a report: The B-21 Raider is the first new American bomber aircraft in more than 30 years. Almost every aspect of the program is classified. Ahead of its unveiling Friday at an Air Force facility in Palmdale, California, only artists' renderings of the warplane have been released. Those few images reveal that the Raider resembles the black nuclear stealth bomber it will eventually replace, the B-2 Spirit.

The bomber is part of the Pentagon's efforts to modernize all three legs of its nuclear triad, which includes silo-launched nuclear ballistic missiles and submarine-launched warheads, as it shifts from the counterterrorism campaigns of recent decades to meet China's rapid military modernization. China is on track to have 1,500 nuclear weapons by 2035, and its gains in hypersonics, cyber warfare, space capabilities and other areas present "the most consequential and systemic challenge to U.S. national security and the free and open international system," the Pentagon said this week in its annual China report.

Meta is urging policymakers to hold off on creating new rules governing the metaverse. From a report: In a policy paper released Friday, Meta argues that many of the world's existing laws and regulations will also apply to activity in the metaverse -- a catch-all term that refers to an immersive virtual world that doesn't yet exist in which users could someday work, play games, shop and interact. Edward Bowles, Meta's head of fintech policy, told reporters that regulators could "stymie innovation" if they create an entirely new regulatory scheme for the metaverse. It's common for corporations, particularly Silicon Valley titans, to discourage politicians from creating new regulations. But in recent years, lawmakers have become interested in reining in the biggest tech companies -- including their investments in virtual reality. The paper is an effort by Meta to shape future legislation impacting the metaverse, a technology so central to the company's mission that it rebranded to "Meta" from "Facebook" last year.

A little over a year after buzzy coding bootcamp Lambda School rebranded as Bloom Institute of Technology, the venture-backed startup is conducting massive layoffs, TechCrunch reported, citing sources. From the report: The workforce reduction, per people familiar with the matter, has impacted half of the company's staff across content, product, data and engineering teams. The layoff is expected to have impacted around 88 employees, using metrics provided in BloomTech's 2022 diversity report metrics.

Employees were called into an All Hands meeting this morning in which BloomTech CEO Austen Allred notified staff of the impending layoffs. After the meeting, those impacted were notified via e-mail. According to documents seen by TechCrunch, employees will get normal pay and medical benefits until January 31, 2023 and are "expected to work" through that period. Those laid off were also offered optional time with managers to talk.

An automated status updater for Slack isn't the only thing Mozilla acquired this week. From a report: On Wednesday, the company announced that it snatched up Active Replica, a Vancouver-based startup developing a "web-based metaverse." According to Mozilla SVP Imo Udom, Active Replica will support Mozilla's ongoing work with Hubs, the latter's VR chatroom service and open source project. Specifically, he sees the Active Replica team working on personalized subscription tiers, improving the onboarding experience and introducing new interaction capabilities in Hubs.

"Together, we see this as a key opportunity to bring even more innovation and creativity to Hubs than we could alone," Udom said in a blog post. "We will benefit from their unique experience and ability to create amazing experiences that help organizations use virtual spaces to drive impact. They will benefit from our scale, our talent, and our ability to help bring their innovations to the market faster." Active Replica was founded in 2020 by Jacob Ervin and Valerian Denis. Ervin is a software engineer by trade, having held roles at AR/VR startups Metaio, Liminal AR and Occipital. Denis has a history in project management -- he worked for VR firms including BackLight, which specializes in location-based and immersive VR experiences for brands.

An anonymous reader quotes a report from Ars Technica: Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts. "The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages," the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. "This also includes private email addresses and phone numbers entered during login." The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post "Warning: do not use Hive Social." Hive Social responded by pulling down its entire service. "The Hive team has become aware of security issues that affect the stability of our application and the safety of our users," company officials wrote. "Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience."

Technical details are being withheld to prevent the active exploitation of them by malicious hackers. According to Business Insider, Hive Social's user base has doubled in the last few weeks, going from about 1 million to 2 million as of last week. The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars.

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the "number of memory safety vulnerabilities have dropped considerably over the past few years/releases."; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android's total vulnerabilities versus 76% four years ago. In fact, "2022 is the first year where memory safety vulnerabilities do not represent a majority of Android's vulnerabilities."

That count is for "vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally." During that period, the amount of new memory-unsafe code entering Android has decreased: "Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. "

Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android's Virtualization framework (AVF), and "various other components and their open source dependencies." Google considers it significant that there have been "zero memory safety vulnerabilities discovered in Android's Rust code" so far across Android 12 and 13. Google's blog post today also talks about non-memory-safety vulnerabilities, and its future plans: "... We're implementing userspace HALs in Rust. We're adding support for Rust in Trusted Applications. We've migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we're excited to bring memory-safety to the kernel, starting with kernel drivers.

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. BleepingComputer reports: Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to "remotely unlock, start, locate, flash, and honk" them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads.

The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles. After intercepting the traffic generated from the two apps, the researchers analyzed it and were able to extract API calls for further investigation. They found that validation of the owner is done based on the user's email address, which was included in the JSON body of POST requests. Next, the analysts discovered that MyHyundai did not require email confirmation upon registration. They created a new account using the target's email address with an additional control character at the end. Finally, they sent an HTTP request to Hyundai's endpoint containing the spoofed address in the JSON token and the victim's address in the JSON body, bypassing the validity check. To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research. A few seconds later, the car unlocked. The multi-step attack was eventually baked into a custom Python script, which only needed the target's email address for the attack.

Yuga Labs analysts found that the mobile apps for Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota, use SiriusXM technology to implement remote vehicle management features. They inspected the network traffic from Nissan's app and found that it was possible to send forged HTTP requests to the endpoint only by knowing the target's vehicle identification number (VIN). The response to the unauthorized request contained the target's name, phone number, address, and vehicle details. Considering that VINs are easy to locate on parked cars, typically visible on a plate where the dashboard meets the windshield, an attacker could easily access it. These identification numbers are also available on specialized car selling websites, for potential buyers to check the vehicle's history. In addition to information disclosure, the requests can also carry commands to execute actions on the cars. [...] Before posting the details, Yuga Labs informed both Hyundai and SiriusXM of the flaws and associated risks. The two vendors have fixed the vulnerabilities.

Parler announced Thursday it reached a mutual agreement with Ye, formerly known as Kanye West, to terminate the sale of the social media app. Axios reports: The deal already was on life support, as Axios previously reported, and it's unclear if a formal merger agreement was ever signed. Parler originally said it had an agreement "in principle," and today referred to it as "intent of sale." A Parler spokesperson previously told Axios that the acquisition was set to close by year-end but declined to say if Ye ever had signed paperwork to that effect.

In a statement, Parler's parent company said: "This decision was made in the interest of both parties in mid-November. Parler will continue to pursue future opportunities for growth and the evolution of the platform for our vibrant community." A source familiar with the situation said that Ye's precarious financial situation -- including the loss of his Adidas deal -- played a role in the deal collapse.

An anonymous reader quotes a report from the Washington Post: Major web browsers moved Wednesday to stop using a mysterious software company that certified websites were secure, three weeks after The Washington Post reported its connections to a U.S. military contractor. Mozilla's Firefox and Microsoft's Edge said they would stop trusting new certificates from TrustCor Systems that vouched for the legitimacy of sites reached by their users, capping weeks of online arguments among their technology experts, outside researchers and TrustCor, which said it had no ongoing ties of concern. Other tech companies are expected to follow suit.

The Post reported on Nov. 8 that TrustCor's Panamanian registration records showed the same slate of officers, agents and partners as a spyware-maker identified this year as an affiliate of Arizona-based Packet Forensics, which has sold communication interception services to U.S. government agencies for more than a decade. One of those contracts listed the "place of performance" as Fort Meade, Md., the home of the National Security Agency and the Pentagon's Cyber Command. The case has put a new spotlight on the obscure systems of trust and checks that allow people to rely on the internet for most purposes. Browsers typically have more than a hundred authorities approved by default, including government-owned ones and small companies, to seamlessly attest that secure websites are what they purport to be."Certificate Authorities have highly trusted roles in the internet ecosystem and it is unacceptable for a CA to be closely tied, through ownership and operation, to a company engaged in the distribution of malware," Mozilla's Kathleen Wilson wrote to a mailing list for browser security experts. "Trustcor's responses via their Vice President of CA operations further substantiates the factual basis for Mozilla's concerns."