technology - Posted On:2024-07-26 21:45:00 Source: slashdot

Brian Krebs writes via KrebsOnSecurity: Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google's "Sign in with Google" feature. [...] Google Workspace offers a free trial that people can use to access services like Google Docs, but other services such as Gmail are only available to Workspace users who can validate control over the domain name associated with their email address. The weakness Google fixed allowed attackers to bypass this validation process. Google emphasized that none of the affected domains had previously been associated with Workspace accounts or services. "The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification during the signup process," [said Anu Yamunan, director of abuse and safety protections at Google Workspace]. "The vector here is they would use one email address to try to sign in, and a completely different email address to verify a token. Once they were email verified, in some cases we have seen them access third party services using Google single sign-on." Yamunan said none of the potentially malicious workspace accounts were used to abuse Google services, but rather the attackers sought to impersonate the domain holder to other services online. Read more of this story at Slashdot.

Read More

yro - Posted On:2024-07-26 21:00:00 Source: slashdot

On Wednesday, Judge Nina Morrison ruled that cellphone searches at the border are "nonroutine" and require probable cause and a warrant, likening them to more invasive searches due to their heavy privacy impact. As reported by Reason, this decision closes the loophole in the Fourth Amendment's protection against unreasonable searches and seizures, which Customs and Border Protection (CBP) agents have exploited. Courts have previously ruled that the government has the right to conduct routine warrantless searches for contraband at the border. From the report: Although the interests of stopping contraband are "undoubtedly served when the government searches the luggage or pockets of a person crossing the border carrying objects that can only be introduced to this country by being physically moved across its borders, the extent to which those interests are served when the government searches data stored on a person's cell phone is far less clear," the judge declared. Morrison noted that "reviewing the information in a person's cell phone is the best approximation government officials have for mindreading," so searching through cellphone data has an even heavier privacy impact than rummaging through physical possessions. Therefore, the court ruled, a cellphone search at the border requires both probable cause and a warrant. Morrison did not distinguish between scanning a phone's contents with special software and manually flipping through it. And in a victory for journalists, the judge specifically acknowledged the First Amendment implications of cellphone searches too. She cited reporting by The Intercept and VICE about CPB searching journalists' cellphones "based on these journalists' ongoing coverage of politically sensitive issues" and warned that those phone searches could put confidential sources at risk. Wednesday's ruling adds to a stream of cases restricting the feds' ability to search travelers' electronics. The 4th and 9th Circuits, which cover the mid-Atlantic and Western states, have ruled that border police need at least "reasonable suspicion" of a crime to search cellphones. Last year, a judge in the Southern District of New York also ruled (PDF) that the government "may not copy and search an American citizen's cell phone at the border without a warrant absent exigent circumstances." Read more of this story at Slashdot.

Read More

news - Posted On:2024-07-26 20:15:00 Source: slashdot

Nvidia's new R555 Linux driver series has significantly improved their open-source GPU kernel driver modules, achieving near parity with their proprietary drivers. Phoronix's Michael Larabel reports: The NVIDIA open-source kernel driver modules shipped by their driver installer and also available via their GitHub repository are in great shape. With the R555 series the support and performance is basically at parity of their open-source kernel modules compared to their proprietary kernel drivers. [...] Across a range of different GPU-accelerated creator workloads, the performance of the open-source NVIDIA kernel modules matched that of the proprietary driver. No loss in performance going the open-source kernel driver route. Across various professional graphics workloads, both the NVIDIA RTX A2000 and A4000 graphics cards were also achieving the same performance whether on the open-source MIT/GPLv2 driver or using NVIDIA's classic proprietary driver. Across all of the tests I carried out using the NVIDIA 555 stable series Linux driver, the open-source NVIDIA kernel modules were able to achieve the same performance as the classic proprietary driver. Also important is that there was no increased power use or other difference in power management when switching over to the open-source NVIDIA kernel modules. It's great seeing how far the NVIDIA open-source kernel modules have evolved and that with the upcoming NVIDIA 560 Linux driver series they will be defaulting to them on supported GPUs. And moving forward with Blackwell and beyond, NVIDIA is just enabling the GPU support along their open-source kernel drivers with leaving the proprietary kernel drivers to older hardware. Tests I have done using NVIDIA GeForce RTX 40 graphics cards with Linux gaming workloads between the MIT/GPL and proprietary kernel drivers have yielded similar (boring but good) results: the same performance being achieved with no loss going the open-source route. You can view Phoronix's performance results in charts here, here, and here. Read more of this story at Slashdot.

Read More

news - Posted On:2024-07-26 19:30:00 Source: slashdot

US presidential candidate, Robert F. Kennedy Jr., announced during his keynote Friday at the Bitcoin Conference that he would direct the US government to buy Bitcoin until the size of its Bitcoin reserves matched its gold reserves. At current prices, that equates to $615 billion worth of gold. RFK Jr. said: "I will sign an executive order directing the US Treasury to purchase 550 Bitcoin daily until the US has built a reserve of at least 4,000,000 Bitcoins and a position of dominance that no other country will be able to usurp." 4 million Bitcoin is 19% of all Bitcoin that will ever exist. Read more of this story at Slashdot.

Read More

technology - Posted On:2024-07-26 19:30:00 Source: slashdot

An anonymous reader quotes a report from The Register: Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike's shoddy testing software made possible. [...] The firm had the BitLocker keys for all its PCs, so Woltz and colleagues wrote a script that turned them into barcodes that were displayed on a locked-down management server's desktop. The script would be given a hostname and generate the necessary barcode and LAPS password to restore the machine. Woltz went to an office supplies store and acquired an off-the-shelf barcode scanner for AU$55 ($36). At the point when rebooting PCs asked for a BitLocker key, pointing the scanner at the barcode on the server's screen made the machines treat the input exactly as if the key was being typed. That's a lot easier than typing it out every time, and the server's desktop could be accessed via a laptop for convenience. Woltz, Watson, and the team scaled the solution -- which meant buying more scanners at more office supplies stores around Australia. On Monday, remote staff were told to come to the office with their PCs and visit IT to connect to a barcode scanner. All PCs in the firm's Australian fleet were fixed by lunchtime -- taking only three to five minutes for each machine. Watson told us manually fixing servers needed about 20 minutes per machine. Read more of this story at Slashdot.

Read More

news - Posted On:2024-07-26 19:15:00 Source: slashdot

US presidential candidate, Robert F. Kennedy Jr., announced during his keynote Friday at the Bitcoin Conference that he would direct the US government to buy bitcoin until the size of its bitcoin reserves matched its gold reserves. At current prices, that equates to $615 billion worth of gold. RFK Jr. said: "I will sign an executive order directing the US Treasury to purchase 550 Bitcoin daily until the US has built a reserve of at least 4,000,000 Bitcoins and a position of dominance that no other country will be able to usurp." Read more of this story at Slashdot.

Read More

apple - Posted On:2024-07-26 19:00:00 Source: slashdot

The White House announced that Apple has "signed onto the voluntary commitments" in line with the administration's previous AI executive order. "In addition, federal agencies reported that they completed all of the 270-day actions in the Executive Order on schedule, following their on-time completion of every other task required to date." From a report: The executive order "built on voluntary commitments" was supported by 15 leading AI companies last year. The White House said the agencies have taken steps "to mitigate AI's safety and security risks, protect Americans' privacy, advance equity and civil rights, stand up for consumers and workers, promote innovation and competition, advance American leadership around the world, and more." It's a White House effort to mobilize government "to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence," according to the White House. Read more of this story at Slashdot.

Read More

Health - Posted On:2024-07-26 18:30:00 Source: arstechnica

The US Food and Drug Administration has approved two injectable versions of the blockbuster weight-loss and diabetes drug, semaglutide (Wegovy and Ozempic). Both come in pre-filled pens with pre-set doses, clear instructions, and information about overdoses. But, given the drugs' daunting prices and supply shortages, many patients are turning to imitations—and those don't always come with the same safety guardrails.

In an alert Friday, the FDA warned that people are overdosing on off-brand injections of semaglutide, which are dispensed from compounding pharmacies in a variety of concentrations, labeled with various units of measurement, administered with improperly sized syringes, and prescribed with bad dosage math. The errors are leading some patients to take up to 20 times the amount of intended semaglutide, the FDA reports.

Though the agency doesn't offer a tally of overdose cases that have been reported, it suggests it has received multiple reports of people sickened by dosing errors, with some requiring hospitalizations. Semaglutide overdoses cause nausea, vomiting, abdominal pain, fainting, headache, migraine, dehydration, acute pancreatitis, and gallstones, the agency reports.

Read More

yro - Posted On:2024-07-26 18:15:00 Source: slashdot

Thomas Claburn reports via The Register: Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn't necessarily deleted. Joe Leon, a security researcher with the outfit, said in an advisory on Wednesday that being able to access deleted repo data -- such as APIs keys -- represents a security risk. And he proposed a new term to describe the alleged vulnerability: Cross Fork Object Reference (CFOR). "A CFOR vulnerability occurs when one repository fork can access sensitive data from another fork (including data from private and deleted forks)," Leon explained. For example, the firm showed how one can fork a repository, commit data to it, delete the fork, and then access the supposedly deleted commit data via the original repository. The researchers also created a repo, forked it, and showed how data not synced with the fork continues to be accessible through the fork after the original repo is deleted. You can watch that particular demo [here]. According to Leon, this scenario came up last week with the submission of a critical vulnerability report to a major technology company involving a private key for an employee GitHub account that had broad access across the organization. The key had been publicly committed to a GitHub repository. Upon learning of the blunder, the tech biz nuked the repo thinking that would take care of the leak. "They immediately deleted the repository, but since it had been forked, I could still access the commit containing the sensitive data via a fork, despite the fork never syncing with the original 'upstream' repository," Leon explained. Leon added that after reviewing three widely forked public repos from large AI companies, Truffle Security researchers found 40 valid API keys from deleted forks. GitHub said it considers this situation a feature, not a bug: "GitHub is committed to investigating reported security issues. We are aware of this report and have validated that this is expected and documented behavior inherent to how fork networks work. You can read more about how deleting or changing visibility affects repository forks in our [documentation]." Truffle Security argues that they should reconsider their position "because the average user expects there to be a distinction between public and private repos in terms of data security, which isn't always true," reports The Register. "And there's also the expectation that the act of deletion should remove commit data, which again has been shown to not always be the case." Read more of this story at Slashdot.

Read More

technology - Posted On:2024-07-26 17:45:00 Source: slashdot

An anonymous reader quotes a report from the New York Times: If you drive a car made by General Motors and it has an internet connection, your car's movements and exact location are being collected and shared anonymously with a data broker. This practice, disclosed in a letter (PDF) sent by Senators Ron Wyden of Oregon and Edward J. Markey of Massachusetts to the Federal Trade Commission on Friday, is yet another way in which automakers are tracking drivers (source may be paywalled; alternative source), often without their knowledge. Previous reporting in The New York Times which the letter cited, revealed how automakers including G.M., Honda and Hyundai collected information about drivers' behavior, such as how often they slammed on the brakes, accelerated rapidly and exceeded the speed limit. It was then sold to the insurance industry, which used it to help gauge individual drivers' riskiness. The two Democratic senators, both known for privacy advocacy, zeroed in on G.M., Honda and Hyundai because all three had made deals, The Times reported, with Verisk, an analytics company that sold the data to insurers. In the letter, the senators urged the F.T.C.'s chairwoman, Lina Khan, to investigate how the auto industry collects and shares customers' data. One of the surprising findings of an investigation by Mr. Wyden's office was just how little the automakers made from selling driving data. According to the letter, Verisk paid Honda $25,920 over four years for information about 97,000 cars, or 26 cents per car. Hyundai was paid just over $1 million, or 61 cents per car, over six years. G.M. would not reveal how much it had been paid, Mr. Wyden's office said. People familiar with G.M.'s program previously told The Times that driving behavior data had been shared from more than eight million cars, with the company making an amount in the low millions of dollars from the sale. G.M. also previously shared data with LexisNexis Risk Solutions. "Companies should not be selling Americans' data without their consent, period," the letter from Senators Wyden and Markey stated. "But it is particularly insulting for automakers that are selling cars for tens of thousands of dollars to then squeeze out a few additional pennies of profit with consumers' private data." Read more of this story at Slashdot.

Read More

AI - Posted On:2024-07-26 17:15:00 Source: arstechnica

SAG-AFTRA has called for a strike of all its members working in video games, with the union demanding that its next contract not allow "companies to abuse AI to the detriment of our members."

The strike mirrors similar actions taken by SAG-AFTRA and the Writers Guild of America (WGA) last year, which, while also broader in scope than just AI, were similarly focused on concerns about AI-generated work product and the use of member work to train AI.

"Frankly, it’s stunning that these video game studios haven’t learned anything from the lessons of last year—that our members can and will stand up and demand fair and equitable treatment with respect to A.I., and the public supports us in that,” Duncan Crabtree-Ireland, chief negotiator for SAG-AFTRA, said in a statement.

Read More

Science - Posted On:2024-07-26 17:15:00 Source: arstechnica

The astronauts who rode Boeing's Starliner spacecraft to the International Space Station last month still don't know when they will return to Earth.

Astronauts Butch Wilmore and Suni Williams have been in space for 51 days, six weeks longer than originally planned, as engineers on the groundwork through problems with Starliner's propulsion system.

The problems are twofold. The spacecraft's reaction control thrusters overheated, and some of them shut off as Starliner approached the space station June 6. A separate, although perhaps related, problem involves helium leaks in the craft's propulsion system.

Read More

technology - Posted On:2024-07-26 17:00:00 Source: slashdot

Internet service providers are pushing back against the Biden administration's requirement for low-cost options even as they are attempting to secure funds from a $42.45 billion government broadband initiative. The Broadband Equity, Access, and Deployment program, established by law to expand internet access, mandates that recipients offer affordable plans to eligible low-income subscribers, a stipulation the providers argue infringes on legal prohibitions against rate regulation. ISPs claim that the proposed $30 monthly rate for low-cost plans is economically unfeasible, especially in hard-to-reach rural areas, potentially undermining the program's goals by discouraging provider participation. Read more of this story at Slashdot.

Read More

news - Posted On:2024-07-26 16:15:01 Source: slashdot

Online education company 2U filed for Chapter 11 bankruptcy protection and is being taken private in a deal that will wipe out more than half of its $945 million debt [non-paywalled link]. From a report: 2U was a pioneer in the online education space, joining with schools including the University of Southern California, Georgetown University and the University of North Carolina at Chapel Hill to design and operate online courses in fields including nursing and social work. But it struggled in recent years amid new competition and changing regulations. It also had a highly leveraged balance sheet with looming loan-repayment deadlines. 2U closed Wednesday with a market value of about $11.5 million, down from more than $5 billion in 2018. In 2021, 2U bought edX, an online platform for classes that was founded by Harvard University and the Massachusetts Institute of Technology. The debt from that $800 million deal for edX proved debilitating to 2U, WSJ reports. Read more of this story at Slashdot.

Read More

Policy - Posted On:2024-07-26 15:45:00 Source: arstechnica

Internet service providers are eager to get money from a $42.45 billion government fund, but are trying to convince the Biden administration to drop demands that Internet service providers offer broadband service for as little as $30 a month to people with low incomes.

The Broadband Equity, Access, and Deployment (BEAD) program was created by a US law that requires Internet providers receiving federal funds to offer at least one "low-cost broadband service option for eligible subscribers." The Biden administration says it is merely enforcing that legal requirement, but a July 23 letter sent by over 30 broadband industry trade groups claims that the administration is illegally regulating broadband prices.

The fund is administered by the National Telecommunications and Information Administration (NTIA). The NTIA is distributing money to states, which will then distribute it to ISPs. Before obtaining money from the NTIA, each state must get approval for a plan that includes a low-cost option. Nearly half of US states have already gotten approvals.

Read More

Cars - Posted On:2024-07-26 15:45:00 Source: arstechnica

It is hard to escape the feeling that a few too many businesses are jumping on the AI hype train because it's hype-y, rather than because AI offers an underlying benefit to their operation. So I will admit to a little inherent skepticism, and perhaps a touch of morbid curiosity, when General Motors got in touch wanting to show off some of the new AI/ML tools it has been using to win more races in NASCAR, sportscar racing, and IndyCar. As it turns out, that skepticism was misplaced.

GM has fingers in a lot of motorsport pies, but there are four top-level programs it really, really cares about. Number one for an American automaker is NASCAR—still the king of motorsport here—where Chevrolet supplies engines to six Cup teams. IndyCar, which could once boast of being America's favorite racing, is home to another six Chevy-powered teams. And then there's sportscar racing; right now Cadillac is competing in IMSA's GTP class and the World Endurance Championship's Hypercar class, plus a factory Corvette Racing effort in IMSA.

"In all the series we race we either have key partners or specific teams that run our cars. And part of the technical support that they get from us are the capabilities of my team," said Jonathan Bolenbaugh, motorsports analytics leader at GM, based at GM's Charlotte Technical Center in North Carolina.

Read More

technology - Posted On:2024-07-26 15:30:01 Source: slashdot

Google's upcoming Pixel 9 smartphones are set to introduce new AI-powered features, including "Add Me," a tool that will allow users to insert themselves into group photos after those pictures have been taken, according to leaked promotional video obtained by Android Headlines. This feature builds on the Pixel 8's "Best Take" function, which allowed face swapping in group shots. Read more of this story at Slashdot.

Read More

news - Posted On:2024-07-26 15:00:00 Source: slashdot

Open AI models that allow developers to customize them with few restrictions are more likely to promote competition, FTC Chair Lina Khan said, weighing in on a key debate within the industry. From a report: "There's tremendous potential for open-weight models to promote competition," Khan said Thursday in San Francisco at startup incubator Y Combinator. "Open-weight models can liberate startups from the arbitrary whims of closed developers and cloud gatekeepers." "Open-weight" models disclose what an AI model picked up and was tweaked on during its training process. That allows developers to better customize them and makes them more accessible to smaller companies and researchers. But critics have warned that open models carry an increased risk of abuse and could potentially allow companies from geopolitical rivals like China to piggyback off the technology. Khan's comments come as the Biden administration is considering guidance on the use and safety of open-weight models. Read more of this story at Slashdot.

Read More

Science - Posted On:2024-07-26 14:30:01 Source: arstechnica

Astronauts on the ISS tend to favor spicy foods and top other foods with things like tabasco or shrimp cocktail sauce with horseradish. “Based on anecdotal reports, they have expressed that food in space tastes less flavorful. This is the way to compensate for this,” said Grace Loke, a food scientist at the RMIT University in Melbourne, Australia.

Loke’s team did a study to take a closer look at those anecdotal reports and test if our perception of flavor really changes in an ISS-like environment. It likely does, but only some flavors are affected.

“There are many environmental factors that could contribute to how we perceive taste, from the size of the area to the color and intensity of the lighting, the volume and type of sounds present, the way our surroundings smell, down to even the size and shape of our cutlery. Many other studies covered each of these factors in some way or another,” said Loke.

Read More

Biz & IT - Posted On:2024-07-26 14:30:01 Source: arstechnica

CrowdStrike CEO George Kurtz said Thursday that 97 percent of all Windows systems running its Falcon sensor software were back online, a week after an update-related outage to the corporate security software delayed flights and took down emergency response systems, among many other disruptions. The update, which caused Windows PCs to throw the dreaded Blue Screen of Death and reboot, affected about 8.5 million systems by Microsoft's count, leaving roughly 250,000 that still need to be brought back online.

Microsoft VP John Cable said in a blog post that the company has "engaged over 5,000 support engineers working 24x7" to help clean up the mess created by CrowdStrike's update and hinted at Windows changes that could help—if they don't run afoul of regulators, anyway.

"This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience," wrote Cable. "These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem."

Read More