UK lawmakers are sick and tired of shitty internet of things passwords and are whipping out legislation with steep penalties and bans to prove it. The new legislation, introduced to the UK Parliament this week, would ban universal default passwords and work to create what supporters are calling a “firewall around everyday tech.”

Specifically, the bill, called The Product Security and Telecommunications Infrastructure Bill (PSTI), would require unique passwords for internet-connected devices and would prevent those passwords from being reset to universal factory defaults. The bill would also force companies to increase transparency around when their products require security updates and patches, a practice only 20% of firms currently engage in, according to a statement accompanying the bill.

These bolstered security proposals would be overseen by a regulator with sharpened teeth: companies refusing to comply with the security standards could reportedly face fines of £10 million or four percent of their global revenues.

“Every day hackers attempt to break into people’s smart devices,” UK Minister for Media, Data and Digital Infrastructure Julia Lopez said in a statement. “Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft.”

The rules would attempt to meaningfully tackle what’s become a scourge of weak IoT passwords increasingly susceptible to attackers. And we’re not talking about weak, but serviceable passwords either. According to a 2020 report conducted by cybersecurity company Symantec, 55% of IoT passwords used in IoT attacks were “123456.” Another 3% of the attacked devices featured the password “admin.” IoT devices are notoriously insecure outside of passwords as well. A recent report from ​​Palo Alto Networks found that 98% of all IoT device traffic was unencrypted.

The problem is only getting worse, especially as smart home devices gain mass popularity and become more affordable. Though estimates vary, the total number of global IoT devices could swell to over 20 billion by 2030. That’s already translating into more attacks. Just two months ago, Kaspersky Labs told Threat Post that it had detected 1.5 billion IoT attacks in the first half of 2021 alone. That’s double what it detected in the last six months of 2020.

IoT companies also routinely try to throw the blame on customers when their lackluster security practices result in breaches or hacks. That was, maybe most famously, the case for smart home security company Ring, which tried to claim a rise in compromised accounts was the result of customers reusing passwords. In response, Ring and its owner Amazon found themselves on the receiving end of a class-action lawsuit filed in late 2019 accusing the company of negligence for failing to properly secure its devices. For what it’s worth, Ring has since made some meaningful improvements in the security department, including requiring two-factor authentication on new devices and, more recently, adding end-to-end encryption.

The UK’s no-nonsense approach to passwords though could serve as an example for copycats in the U.S. and elsewhere. The U.S. actually passed a significant IoT security bill last year, but it stopped short of issuing penalties or bans on weak passwords. Rather, the legislation, called the IoT Cybersecurity Improvement Act, directs the Commerce Department’s National Institute of Standards and Technology to establish a minimum set of security requirements for IoT devices and for those standards to get a refresher every five years.

The law also requires contractors to put in place vulnerability disclosure policies. But while these provisions are a step in the right direction they are largely limited to firms that engage in business with the federal government.

By contrast, the UK’s proposed bill would cover a far wider scope of divides and manufacturers and, importantly, provide clear monetary sticks to drive compliance. Incentives and carrots are only useful up until a point. Security lapses though, particularly in cheap IoT devices, are nothing new and have thus far been mostly unresponsive to any market nudges. Clear penalties, or at least the threat of them, could instead offer an avenue for actual change.

Woman caught breastfeeding her hairless cat on a Delta flight

A woman who took a Delta flight recently wasn’t kitten around when she whipped out her breasts and started feeding her hairless cat.

The unidentified female flew from Syracuse, NY, to Atlanta, GA, where she was caught breastfeeding her feline on the plane. A flight attendant told her repeatedly to stop and put her cat back in its cage, however, the woman refused.

A message was sent through the Aircraft Communications Addressing and Reporting System (ACARS) to alert Delta crew in Atlanta that a passenger in seat 13A “is breastfeeding a cat and will not put cat back in its carrier when [flight attendant] requested.”

A photo of the message board was found on Reddit and was posted on Twitter by author Rick Wilson.

Flight attendant Ainsley Elizabeth, who was on board during the incident, took to TikTok on Nov. 13 to explain more of what went down, Newsweek reported.

“This woman had one of those, like, hairless cats swaddled up in a blanket so it looked like a baby,” she said. “Her shirt was up and she was trying to get the cat to latch and she wouldn’t put the cat back in the carrier. And the cat was screaming for its life.”

Elizabeth revealed in another video that security got involved. However, she’s unsure of what happened to the woman and her cat once the jet touched down in Atlanta.

The Delta employee who sent the ACARS message also requested that Delta’s Red Coat team apprehend the woman once they got to the ground. Red Coats are “the elite airport customer service experts, identifiable by their bright red coats. They are specially trained to handle on-the-stop customer issues,” according to Delta’s website.

The airline’s website also outlines its policies of women breastfeeding children. “Delta fully supports a woman’s right to breastfeed on board Delta and Delta Connection aircraft and in Delta facilities. Breast pumps are allowed on board. At the airport and if you prefer, many airports do offer private lactation rooms or spaces,” the policy states.

Delta allows animals such as small dogs, cats and household birds to board domestic flights and “must be able to fit in a small, ventilated pet carrier.”

While taking off from Cox's Bazar Airport, a Biman Bangladesh Airlines plane yesterday hit two cows on the runway, leading to their death.

Several officials, in charge of security at the Cox's Bazar Airport, confirmed the matter to The Daily Star wishing anonymity.

The accident happened around 5:57pm on Tuesday when a Biman Bangladesh Airlines flight (EA-437), carrying 94 passengers, was flying from Cox's Bazar to Dhaka.

Till the time of filing this report, it was not yet known who the cows belonged to.

Cox's Bazar Airport sources said the flight landed safely at Dhaka airport at 7:05pm.

Fake it ‘til you make it!

That’s what an anti-vaxxer in Italy hoped would happen when he used a silicone arm to avoid getting jabbed.

Spoiler alert – his attempt failed.

The 50-year-old man was armed with the fake arm at a clinic in Biella in the northern part of the country.

However, since medical staff at the clinic know what an actual arm feels and looks like, they caught on quick when the saw the texture did not match a normal arm. The skin colour was realistic, though, so he gets an A for effort on that front.

Local media reported the man tried to convince the medic to jab his fake arm, even after they realized it was fake.

“A stage costume,” was how he defined it, according to nurse Filippa Bua, who first noticed the man.

“He arrived late in the morning,” Bua told Italian newspaper Corriere della Sera , “I reported to the doctor and then we made a report to communicate it to the superiors.”

It is believed the man was trying to fool medical staff into giving him a Green Pass, which proves the holder has been fully vaccinated against COVID-19 or tested negative or recently recovered from the coronavirus.

Thursday’s fake-arm incident comes as Italy is set to tighten up the rules for unvaccinated citizens.

The man, whose name has not been released, was reported to local police. He now faces fraud charges.

Maryland home burns down during owner's ill-fated snake fight

The homeowner was reportedly trying to clear his Montgomery County home of a snake infestation with smoke, but a fire spread and destroyed the building.

A large structure fire that destroyed a Maryland home in November was caused by the homeowner's ill-fated attempt to clear a snake infestation by smoking them out, according to local fire officials.

According to a tweet from Pete Piringer, public information officer for the Montgomery County Fire and Rescue Service, an investigation revealed that the fire on Big Woods Road near Poolesville on Nov. 23 was accidentally caused when the anti-snake smoke source — coals — came too close to combustibles.

The fire started in the basement walls and floors and then spread upward, eventually causing over $1 million in damages.

Neighbors saw and reported the fire; nobody was injured.

"It is believed that the heat source was too close to the combustibles and caused fire in the walls and ceiling area, unknown and unbeknownst to the homeowner at that time," Piringer said, describing the destroyed building as a "very large home."

“The snakes — the original culprits of this process — which the homeowner was trying to eradicate from this space using smoke apparently did not go as planned,” Piringer said in a recorded statement on Dec. 3.

Piringer said that insurance investigators have taken over after Montgomery County investigators determined the fire to be accidental in nature.

As for the snakes, Piringer thinks they have likely left "at least temporarily."

"I’m not a wildlife expert but at the time of the fire some firefighters did see some snake skins while others found one coming out of the foundation," Piringer said in a text message to NBC News.

Firefighters moved the snake that emerged from the burned-down home and "were able to retrieve it and move it safely to a different environment."

Drink-driver, 29, tried to fool police by swallowing hand sanitiser before a breath test – without realising anti-bacterial gel contained alcohol

A drink-driver tried to fool police by swallowing hand sanitiser before a breath test – without realising that the anti-bacterial gel contained alcohol.

Shop assistant Sophie Nutter, 29, was told by a judge she was lucky not to be spending Christmas behind bars after the test showed 52 micrograms of alcohol in 100ml of breath. The legal limit is 35 micrograms.

She had been spotted swerving across the road in her Suzuki Swift with four flat tyres and a broken windscreen.

Police found her slurping from a bottle of hand sanitiser.

The mother from Beverley, East Yorkshire, admitted drink-driving and using a vehicle likely to cause danger of injury on April 7 when she appeared at Hull Crown Court.

Recorder Alex Menary told the court that Nutter had tried to swallow sanitiser, which contains 60 per cent alcohol, in a failed effort to reduce her breath test reading.

She had breached a two-year suspended sentence for drug offences imposed in October last year.

She was given a one-year community order and a 23-month driving ban and must pay £100 costs.

Scammers in a few big Texas cities have been putting fake QR codes on parking meters to trick people into paying the fraudsters. Parking enforcement officers recently found stickers with fraudulent QR codes on pay stations in Austin, Houston, and San Antonio.

San Antonio police warned the public of the scam on December 20, saying that "people attempting to pay for parking using those QR codes may have been directed to a fraudulent website and submitted payment to a fraudulent vendor." Similar scams were then found in Austin and Houston.

The Austin Transportation Department started examining their own meters after being "notified of a QR code scam by the City of San Antonio in late December—when more than 100 pay stations were stickered with fraudulent codes," Fox 7 Austin reported last week. Austin officials checked the city's 900 or so parking pay stations and found fraudulent QR codes on 29 of them, according to a KXAN article.

The fake QR codes reportedly directed people to a "Quick Pay Parking" website at the domain passportlab.xyz, which is now offline. It's not clear how many people—if any—were tricked into paying the fraudsters.

"We don't use QR codes at all for this very reason, because they are easy to fake or place on the devices," Austin parking division manager Jason Redfern told KXAN. "And we heard from industry leaders that this would be a possibility." Austin accepts payments directly at the meter with coins or credit or with the Park ATX mobile payment app.

Austin city officials said in a press release that they are "continuing to inspect the City's more than 900 pay stations to ensure there are no additional QR codes in use." Austin urged people to call 911 if they see someone without a city employee badge tampering with a pay station. "Any person who believes they were a victim of a credit card breach due to recent parking meter payments should file a police report and notify their card issuer immediately," the city also said.

Houston officials found five meters with fake QR codes and removed the stickers. Like Austin, Houston does not use QR codes on parking meters but does offer a payment app.

While the scam seems to have been centered in Texas, it could be repeated anywhere. If you see a QR code on a parking meter, ignore it and make sure you pay the city directly.