Tech News

DeepMind Details All the Ways AGI Could Wreck the World

technology - Posted On:2025-04-03 20:00:00 Source: slashdot

An anonymous reader quotes a report from Ars Technica, written by Ryan Whitwam: Researchers at DeepMind have ... released a new technical paper (PDF) that explains how to develop AGI safely, which you can download at your convenience. It contains a huge amount of detail, clocking in at 108 pages before references. While some in the AI field believe AGI is a pipe dream, the authors of the DeepMind paper project that it could happen by 2030. With that in mind, they aimed to understand the risks of a human-like synthetic intelligence, which they acknowledge could lead to "severe harm." This work has identified four possible types of AGI risk, along with suggestions on how we might ameliorate said risks. The DeepMind team, led by company co-founder Shane Legg, categorized the negative AGI outcomes as misuse, misalignment, mistakes, and structural risks. The first possible issue, misuse, is fundamentally similar to current AI risks. However, because AGI will be more powerful by definition, the damage it could do is much greater. A ne'er-do-well with access to AGI could misuse the system to do harm, for example, by asking the system to identify and exploit zero-day vulnerabilities or create a designer virus that could be used as a bioweapon. DeepMind says companies developing AGI will have to conduct extensive testing and create robust post-training safety protocols. Essentially, AI guardrails on steroids. They also suggest devising a method to suppress dangerous capabilities entirely, sometimes called "unlearning," but it's unclear if this is possible without substantially limiting models. Misalignment is largely not something we have to worry about with generative AI as it currently exists. This type of AGI harm is envisioned as a rogue machine that has shaken off the limits imposed by its designers. Terminators, anyone? More specifically, the AI takes actions it knows the developer did not intend. DeepMind says its standard for misalignment here is more advanced than simple deception or scheming as seen in the current literature. To avoid that, DeepMind suggests developers use techniques like amplified oversight, in which two copies of an AI check each other's output, to create robust systems that aren't likely to go rogue. If that fails, DeepMind suggests intensive stress testing and monitoring to watch for any hint that an AI might be turning against us. Keeping AGIs in virtual sandboxes with strict security and direct human oversight could help mitigate issues arising from misalignment. Basically, make sure there's an "off" switch. If, on the other hand, an AI didn't know that its output would be harmful and the human operator didn't intend for it to be, that's a mistake. We get plenty of those with current AI systems -- remember when Google said to put glue on pizza? The "glue" for AGI could be much stickier, though. DeepMind notes that militaries may deploy AGI due to "competitive pressure," but such systems could make serious mistakes as they will be tasked with much more elaborate functions than today's AI. The paper doesn't have a great solution for mitigating mistakes. It boils down to not letting AGI get too powerful in the first place. DeepMind calls for deploying slowly and limiting AGI authority. The study also suggests passing AGI commands through a "shield" system that ensures they are safe before implementation. Lastly, there are structural risks, which DeepMind defines as the unintended but real consequences of multi-agent systems contributing to our already complex human existence. For example, AGI could create false information that is so believable that we no longer know who or what to trust. The paper also raises the possibility that AGI could accumulate more and more control over economic and political systems, perhaps by devising heavy-handed tariff schemes. Then one day, we look up and realize the machines are in charge instead of us. This category of risk is also the hardest to guard against because it would depend on how people, infrastructure, and institutions operate in the future. Read more of this story at Slashdot.

Read More

Microsoft's Miniature Windows 365 Link PC Goes On Sale

technology - Posted On:2025-04-03 18:00:01 Source: slashdot

An anonymous reader shares a report: Microsoft's business-oriented "Link" mini-desktop PC, which connects directly to the company's Windows 365 cloud service, is now available to buy for $349.99 in the US and in several other countries. Windows 365 Link, which was announced last November, is a device that is more easily manageable by IT departments than a typical computer while also reducing the needs of hands on support. Read more of this story at Slashdot.

Read More

Schrodinger's Economics

technology - Posted On:2025-04-03 11:00:00 Source: slashdot

databasecowgirl writes: Commenting in The Times on the absurdity of Meta's copyright infringement claims, Caitlin Moran defines Schrodinger's economics: where a company is both [one of] the most valuable on the planet yet also too poor to pay for the materials it profits from. Ultimately "move fast and break things" means breaking other people's things. Or, possibly worse, going full 'The Talented Mr Ripley': slowly feeling so entitled to the things you are enamored of that you end up clubbing out the brains of your beloved in a boat. Read more of this story at Slashdot.

Read More

Amazon Set To Launch First Operational Satellites For Project Kuiper Network

technology - Posted On:2025-04-03 03:15:00 Source: slashdot

Amazon and United Launch Alliance will launch 27 full-scale satellites on April 9 as part of Amazon's Project Kuiper, marking the company's first major step toward building a global satellite internet network to rival SpaceX's Starlink. GeekWire reports: ULA said the three-hour window for the Atlas V rocket's liftoff from Cape Canaveral Space Force Station's Space Launch Complex 41 in Florida is scheduled to open at noon ET (9 a.m. PT) that day. ULA is planning a live stream of launch coverage via its website starting about 20 minutes ahead of liftoff. Amazon said next week's mission -- known as Kuiper-1 or KA-1 (for Kuiper Atlas 1) -- will put 27 Kuiper satellites into orbit at an altitude of 280 miles (450 kilometers). ULA launched two prototype Kuiper satellites into orbit for testing in October 2023, but KA-1 will mark Amazon's first full-scale launch of a batch of operational satellites designed to bring high-speed internet access to millions of people around the world. [...] According to Amazon, the Kuiper satellite design has gone through significant upgrades since the prototypes were launched in 2023. Amazon's primary manufacturing facility is in Kirkland, Wash., with some of the components produced at Project Kuiper's headquarters in nearby Redmond. The mission profile for KA-1 calls for deploying the satellites safely in orbit and establishing ground-to-space contact. The satellites would then use their electric propulsion systems to settle into their assigned orbits at an altitude of 392 miles (630 kilometers), under the management of Project Kuiper's mission operations team in Redmond. Under the current terms of its license from the Federal Communications Commission, Amazon is due to launch 3,232 Kuiper satellites by 2029, with half of those satellites going into orbit by mid-2026. Read more of this story at Slashdot.

Read More

Vibe Coded AI App Generates Recipes With Very Few Guardrails

technology - Posted On:2025-04-02 23:45:00 Source: slashdot

An anonymous reader quotes a report from 404 Media: A "vibe coded" AI app developed by entrepreneur and Y Combinator group partner Tom Blomfield has generated recipes that gave users instruction on how to make "Cyanide Ice Cream," "Thick White Cum Soup," and "Uranium Bomb," using those actual substances as ingredients. Vibe coding, in case you are unfamiliar, is the new practice where people, some with limited coding experience, rapidly develop software with AI assisted coding tools without overthinking how efficient the code is as long as it's functional. This is how Blomfield said he made RecipeNinja.AI. [...] The recipe for Cyanide Ice Cream was still live on RecipeNinja.AI at the time of writing, as are recipes for Platypus Milk Cream Soup, Werewolf Cream Glazing, Cholera-Inspired Chocolate Cake, and other nonsense. Other recipes for things people shouldn't eat have been removed. It also appears that Blomfield has introduced content moderation since users discovered they could generate dangerous or extremely stupid recipes. I wasn't able to generate recipes for asbestos cake, bullet tacos, or glue pizza. I was able to generate a recipe for "very dry tacos," which looks not very good but not dangerous. In a March 20 blog on his personal site, Blomfield explained that he's a startup founder turned investor, and while he has experience with PHP and Ruby on Rails, he has not written a line of code professionally since 2015. "In my day job at Y Combinator, I'm around founders who are building amazing stuff with AI every day and I kept hearing about the advances in tools like Lovable, Cursor and Windsurf," he wrote, referring to AI-assisted coding tools. "I love building stuff and I've always got a list of little apps I want to build if I had more free time." After playing around with them, he wrote, he decided to build RecipeNinja.AI, which can take a prompt as simple as "Lasagna," and generate an image of the finished dish along with a step-by-stape recipe which can use ElevenLabs's AI generated voice to narrate the instruction so the user doesn't have to interact with a device with his tomato sauce-covered fingers. "I was pretty astonished that Windsurf managed to integrate both the OpenAI and Elevenlabs APIs without me doing very much at all," Blomfield wrote. "After we had a couple of problems with the open AI Ruby library, it quickly fell back to a raw ruby HTTP client implementation, but I honestly didn't care. As long as it worked, I didn't really mind if it used 20 lines of code or two lines of code." Having some kind of voice controlled recipe app sounds like a pretty good idea to me, and it's impressive that Blomfield was able to get something up and running so fast given his limited coding experience. But the problem is that he also allowed users to generate their own recipes with seemingly very few guardrails on what kind of recipes are and are not allowed, and that the site kept those results and showed them to other users. Read more of this story at Slashdot.

Read More

NaNoWriMo To Close After 20 Years

technology - Posted On:2025-04-02 21:15:00 Source: slashdot

NaNoWriMo, the nonprofit behind the annual novel-writing challenge, is shutting down after 20 years but will keep its websites online temporarily so users can retrieve their content. The Guardian reports: A 27-minute YouTube video posted the same day by the organization's interim executive director Kilby Blades explained that it had to close due to ongoing financial problems, which were compounded by reputational damage. In November 2023, several community members complained to the nonprofit's board, Blades said. They believed that staff had mishandled accusations made in May 2023 that a NaNoWriMo forum moderator was grooming children on a different website. The moderator was eventually removed, though this was for unrelated code of conduct violations and occurred "many weeks" after the initial complaints. In the wake of this, community members came forward with other complaints related to child safety on the NaNoWriMo sites. The organization was also widely criticized last year over a statement on the use of artificial intelligence in creative writing. After stating that it did not support or explicitly condemn any approach to writing, including the use of AI, it said that the "categorical condemnation of artificial intelligence has classist and ableist undertones." It went on to say that "not all writers have the financial ability to hire humans to help at certain phases of their writing," and that "not all brains have same abilities ... There is a wealth of reasons why individuals can't 'see' the issues in their writing without help." "We hold no belief that people will stop writing 50,000 words in November," read Monday's email. "Many alternatives to NaNoWriMo popped up this year, and people did find each other. In so many ways, it's easier than it was when NaNoWriMo began in 1999 to find your writing tribe online." Read more of this story at Slashdot.

Read More

Five VPN Apps In the App Store Had Links To Chinese Military

technology - Posted On:2025-04-02 20:30:00 Source: slashdot

A joint investigation found that at least five popular VPN apps on the App Store and Google Play have ties to Qihoo 360, a Chinese company with military links. Apple has since removed two of the apps but has not confirmed the status of the remaining three, which 9to5Mac notes have "racked up more than a million downloads." The five apps in question are Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, and Signal Secure VPN (not associated with the Signal messaging app). The Financial Times reports: At least five free virtual private networks (VPNs) available through the US tech groups' app stores have links to Shanghai-listed Qihoo 360, according to a new report by research group Tech Transparency Project, as well as additional findings by the Financial Times. Qihoo, formally known as 360 Security Technology, was sanctioned by the US in 2020 for alleged Chinese military links. The US Department of Defense later added Qihoo to a list of Chinese military-affiliated companies [...] In recent recruitment listings, Guangzhou Lianchuang says its apps operate in more than 220 countries and that it has 10mn daily users. It is currently hiring for a position whose responsibilities include "monitoring and analyzing platform data." The right candidate will be "well-versed in American culture," the posting says. Read more of this story at Slashdot.

Read More

European Commission Takes Aim At End-to-End Encryption and Proposes Europol Become an EU FBI

it - Posted On:2025-04-02 16:30:00 Source: slashdot

The European Commission has announced its intention to join the ongoing debate about lawful access to data and end-to-end encryption while unveiling a new internal security strategy aimed to address ongoing threats. From a report: ProtectEU, as the strategy has been named, describes the general areas that the bloc's executive would like to address in the coming years although as a strategy it does not offer any detailed policy proposals. In what the Commission called "a changed security environment and an evolving geopolitical landscape," it said Europe needed to "review its approach to internal security." Among its aims is establishing Europol as "a truly operational police agency to reinforce support to Member States," something potentially comparable to the U.S. FBI, with a role "in investigating cross-border, large-scale, and complex cases posing a serious threat to the internal security of the Union." Alongside the new Europol, the Commission said it would create roadmaps regarding both the "lawful and effective access to data for law enforcement" and on encryption. Read more of this story at Slashdot.

Read More

Microsoft Urges Businesses To Abandon Office Perpetual Licenses

it - Posted On:2025-04-02 16:00:00 Source: slashdot

Microsoft is pushing businesses to shift away from perpetual Office licenses to Microsoft 365 subscriptions, citing collaboration limitations and rising IT costs associated with standalone software. "You may have started noticing limitations," Microsoft says in a post. "Your apps are stuck on your desktop, limiting productivity anytime you're away from your office. You can't easily access your files or collaborate when working remotely." In its pitch, the Windows-maker says Microsoft 365 includes Office applications as well as security features, AI tools, and cloud storage. The post cites a Microsoft-commissioned Forrester study that claims the subscription model delivers "223% ROI over three years, with a payback period of less than six months" and "over $500,000 in benefits over three years." Read more of this story at Slashdot.

Read More

Why Watts Should Replace mAh as Essential Spec for Mobile Devices

technology - Posted On:2025-04-02 03:15:01 Source: slashdot

Tech manufacturers continue misleading consumers with impressive-sounding but less useful specs like milliamp-hours and megahertz, while hiding the one measurement that matters most: watts. The Verge argues that the watt provides the clearest picture of a device's true capabilities by showing how much power courses through chips and how quickly batteries drain. With elementary math, consumers could easily calculate battery life by dividing watt-hours by power consumption. The Verge: The Steam Deck gaming handheld is my go-to example of how handy watts can be. With a 15-watt maximum processor wattage and up to 9 watts of overhead for other components, a strenuous game drains its 49Wh battery in roughly two hours flat. My eight-year-old can do that math: 15 plus 9 is 24, and 24 times 2 is 48. You can fit two hour-long 24-watt sessions into 48Wh, and because you have 49Wh, you're almost sure to get it. With the least strenuous games, I'll sometimes see my Steam Deck draining the battery at a speed of just 6 watts -- which means I can get eight hours of gameplay because 6 watts times 8 hours is 48Wh, with 1Wh remaining in the 49Wh battery. Unlike megahertz, wattage also indicates sustained performance capability, revealing whether a processor can maintain high speeds or will throttle due to thermal constraints. Watts is also already familiar to consumers through light bulbs and power bills, but manufacturers persist with less transparent metrics that make direct comparisons difficult. Read more of this story at Slashdot.

Read More

Mozilla To Launch 'Thunderbird Pro' Paid Services

technology - Posted On:2025-04-01 19:00:00 Source: slashdot

Mozilla plans to introduce a suite of paid professional services for its open-source Thunderbird email client, transforming the application into a comprehensive communication platform. Dubbed "Thunderbird Pro," the package aims to compete with established ecosystems like Gmail and Office 365 while maintaining Mozilla's commitment to open-source software. The Pro tier will include four core services: Thunderbird Appointment for streamlined scheduling, Thunderbird Send for file sharing (reviving the discontinued Firefox Send), Thunderbird Assist offering AI capabilities powered by Flower AI, and Thundermail, a revamped email client built on Stalwart's open-source stack. Initially, Thunderbird Pro will be available free to "consistent community contributors," with paid access for other users. Mozilla Managing Director Ryan Sipes indicated the company may consider limited free tiers once the service establishes a sustainable user base. This initiative follows Mozilla's 2023 announcement about "remaking" Thunderbird's architecture to modernize its aging codebase, addressing user losses to more feature-rich competitors. Read more of this story at Slashdot.

Read More

Arkansas Social Media Age Verification Law Blocked By Federal Judge

technology - Posted On:2025-04-01 17:00:00 Source: slashdot

A federal judge struck down Arkansas' Social Media Safety Act, ruling it unconstitutional for broadly restricting both adult and minor speech and imposing vague requirements on platforms. Engadget reports: In a ruling (PDF), Judge Timothy Brooks said that the law, known as Act 689 (PDF), was overly broad. "Act 689 is a content-based restriction on speech, and it is not targeted to address the harms the State has identified," Brooks wrote in his decision. "Arkansas takes a hatchet to adults' and minors' protected speech alike though the Constitution demands it use a scalpel." Brooks also highlighted the "unconstitutionally vague" applicability of the law, which seemingly created obligations for some online services, but may have exempted services which had the "predominant or exclusive function [of]... direct messaging" like Snapchat. "The court confirms what we have been arguing from the start: laws restricting access to protected speech violate the First Amendment," NetChoice's Chris Marchese said in a statement. "This ruling protects Americans from having to hand over their IDs or biometric data just to access constitutionally protected speech online." It's not clear if state officials in Arkansas will appeal the ruling. "I respect the court's decision, and we are evaluating our options," Arkansas Attorney general Tim Griffin said in a statement. Read more of this story at Slashdot.

Read More

DeepMind is Holding Back Release of AI Research To Give Google an Edge

technology - Posted On:2025-04-01 13:00:00 Source: slashdot

Google's AI arm DeepMind has been holding back the release of its world-renowned research, as it seeks to retain a competitive edge in the race to dominate the burgeoning AI industry. From a report: The group, led by Nobel Prize-winner Sir Demis Hassabis, has introduced a tougher vetting process and more bureaucracy that made it harder to publish studies about its work on AI, according to seven current and former research scientists at Google DeepMind. Three former researchers said the group was most reluctant to share papers that reveal innovations that could be exploited by competitors, or cast Google's own Gemini AI model in a negative light compared with others. The changes represent a significant shift for DeepMind, which has long prided itself on its reputation for releasing groundbreaking papers and as a home for the best scientists building AI. Meanwhile, huge breakthroughs by Google researchers -- such as its 2017 "transformers" paper that provided the architecture behind large language models -- played a central role in creating today's boom in generative AI. Since then, DeepMind has become a central part of its parent company's drive to cash in on the cutting-edge technology, as investors expressed concern that the Big Tech group had ceded its early lead to the likes of ChatGPT maker OpenAI. "I cannot imagine us putting out the transformer papers for general use now," said one current researcher. Among the changes in the company's publication policies is a six-month embargo before "strategic" papers related to generative AI are released. Researchers also often need to convince several staff members of the merits of publication, said two people with knowledge of the matter. Read more of this story at Slashdot.

Read More

Gmail is Making It Easier For Businesses To Send Encrypted Emails To Anyone

it - Posted On:2025-04-01 11:00:00 Source: slashdot

Google is rolling out a new encryption model for Gmail that allows enterprise users to send encrypted messages without requiring recipients to use custom software or exchange encryption certificates. The feature, launching in beta today, initially supports encrypted emails within the same organization, with plans to expand to all Gmail inboxes "in the coming weeks" and third-party email providers "later this year." Unlike Gmail's current S/MIME-based encryption, the new system lets users simply toggle "additional encryption" in the email draft window. Non-Gmail recipients will receive a link to access messages through a guest Google Workspace account, while Gmail users will see automatically decrypted emails in their inbox. Read more of this story at Slashdot.

Read More

Xiaomi EV Involved in First Fatal Autopilot Crash

technology - Posted On:2025-04-01 09:15:00 Source: slashdot

An anonymous reader quotes a report from Reuters: China's Xiaomi said on Tuesday that it was actively cooperating with police after a fatal accident involving a SU7 electric vehicle on March 29 and that it had handed over driving and system data. The incident marks the first major accident involving the SU7 sedan, which Xiaomi launched in March last year and since December has outsold Tesla's Model 3 on a monthly basis. Xiaomi's shares, which had risen by 34.8% year to date, closed down 5.5% on Wednesday, underperforming a 0.2% gain in the Hang Seng Tech index. Xiaomi did not disclose the number of casualties but said initial information showed the car was in the Navigate on Autopilot intelligent-assisted driving mode before the accident and was moving at 116 kph (72 mph). A driver inside the car took over and tried to slow it down but then collided with a cement pole at a speed of 97 kph, Xiaomi said. The accident in Tongling in the eastern Chinese province of Anhui killed the driver and two passengers, Chinese financial publication Caixin reported on Tuesday citing friends of the victims. In a rundown of the data submitted to local police posted on a Weibo account of the company, Xiaomi said NOA issued a risk warning of obstacles ahead and its subsequent immediate takeover only happened seconds before the collision. Local media reported that the car caught fire after the collision. Xiaomi did not mention the fire in the statement. The report notes that the car was a "so-called standard version of the SU7, which has the less-advanced smart driving technology without LiDAR." Read more of this story at Slashdot.

Read More

Anthropic Will Begin Sweeping Offices For Hidden Devices

technology - Posted On:2025-04-01 01:45:00 Source: slashdot

Anthropic said it will start sweeping physical offices for hidden devices as part of a ramped-up security effort as the AI race intensifies. From a report: The company, backed by Amazon and Google, published safety and security updates in a blog post on Monday, and said it also plans to establish an executive risk council and build an in-house security team. Anthropic closed its latest funding round earlier this month at a $61.5 billion valuation, which makes it one of the highest-valued AI startups. In addition to high-growth startups, tech giants including Google, Amazon and Microsoft are racing to announce new products and features. Competition is also coming from China, a risk that became more evident earlier this year when DeepSeek's AI model went viral in the U.S. Anthropic said in the post that it will introduce "physical" safety processes, such as technical surveillance countermeasures -- or the process of finding and identifying surveillance devices that are used to spy on organizations. The sweeps will be conducted "using advanced detection equipment and techniques" and will look for "intruders." Read more of this story at Slashdot.

Read More

Honey Lost 4 Million Chrome Users After Shady Tactics Were Revealed

technology - Posted On:2025-03-31 16:30:00 Source: slashdot

The Chrome extension Honey has lost over 4 million users after a viral video exposed it for hijacking affiliate codes and misleading users about finding the best coupon deals. 9to5Google reports: As we reported in early January, Honey had lost around 3 million users immediately after the video went viral, but ended up gaining back around 1 million later on. Now, as of March 2025, Honey is down to 16 million users on Chrome, down from its peak of 20 million. This drop comes after new Chrome policy has taken effect which prevents Honey, and extensions like it, from practices including taking over affiliate codes without disclosure or without benefit to the extension's users. Honey has since updated its extension listing with disclosure, and we found that the behavior shown in the December video no longer occurs. Read more of this story at Slashdot.

Read More

Micron Hikes Memory Prices Amid Surging AI Demand

it - Posted On:2025-03-31 14:30:00 Source: slashdot

Micron will raise prices for DRAM and NAND flash memory chips through 2026 as AI and data center demand strains supply chains, the U.S. chipmaker confirmed Monday. The move follows a market rebound from previous oversupply, with memory prices steadily climbing as producers cut output while AI and high-performance computing workloads grow. Rivals Samsung Electronics and SK Hynix are expected to implement similar increases. Micron cited "un-forecasted demand across various business segments" in communications to channel partners. The price hikes will impact sectors ranging from consumer electronics to enterprise data centers. Read more of this story at Slashdot.

Read More

Microsoft is Redesigning the Windows BSOD And It Might Change To Black

technology - Posted On:2025-03-31 11:00:00 Source: slashdot

Microsoft has announced that it's overhauling its Blue Screen of Death error message in Windows 11. From a report: The new design drops the traditional blue color, frowning face, and QR code in favor of a simplified screen that looks a lot more like the black screen you see when Windows is performing an update. It's not immediately clear if this new BSOD will remain as a black screen once Microsoft ships the final version of this update. "We're previewing a new, more streamlined UI for unexpected restarts which better aligns with Windows 11 design principles and supports our goal of getting users back into productivity as fast as possible," explains Microsoft in a blog post about the change. "We've simplified your experience while preserving the technical information on the screen." Read more of this story at Slashdot.

Read More

HTTPS Certificate Industry Adopts New Security Requirements

it - Posted On:2025-03-31 04:00:01 Source: slashdot

The Certification Authority/Browser Forum "is a cross-industry group that works together to develop minimum requirements for TLS certificates," writes Google's Security blog. And earlier this month two proposals from Google's forward-looking roadmap "became required practices in the CA/Browser Forum Baseline Requirements," improving the security and agility of TLS connections... Multi-Perspective Issuance Corroboration Before issuing a certificate to a website, a Certification Authority (CA) must verify the requestor legitimately controls the domain whose name will be represented in the certificate. This process is referred to as "domain control validation" and there are several well-defined methods that can be used. For example, a CA can specify a random value to be placed on a website, and then perform a check to verify the value's presence has been published by the certificate requestor. Despite the existing domain control validation requirements defined by the CA/Browser Forum, peer-reviewed research authored by the Center for Information Technology Policy of Princeton University and others highlighted the risk of Border Gateway Protocol (BGP) attacks and prefix-hijacking resulting in fraudulently issued certificates. This risk was not merely theoretical, as it was demonstrated that attackers successfully exploited this vulnerability on numerous occasions, with just one of these attacks resulting in approximately $2 million dollars of direct losses. The Chrome Root Program led a work team of ecosystem participants, which culminated in a CA/Browser Forum Ballot to require adoption of MPIC via Ballot SC-067. The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on MPIC as part of their certificate issuance process. Some of these CAs are relying on the Open MPIC Project to ensure their implementations are robust and consistent with ecosystem expectations... Linting Linting refers to the automated process of analyzing X.509 certificates to detect and prevent errors, inconsistencies, and non-compliance with requirements and industry standards. Linting ensures certificates are well-formatted and include the necessary data for their intended use, such as website authentication. Linting can expose the use of weak or obsolete cryptographic algorithms and other known insecure practices, improving overall security... The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on linting as part of their certificate issuance process. Linting also improves interoperability, according to the blog post, and helps reduce the risk of non-compliance with standards that can result in certificates being "mis-issued". And coming up, weak domain control validation methods (currently permitted by the CA/Browser Forum TLS Baseline Requirements) will be prohibited beginning July 15, 2025. "Looking forward, we're excited to explore a reimagined Web PKI and Chrome Root Program with even stronger security assurances for the web as we navigate the transition to post-quantum cryptography." Read more of this story at Slashdot.

Read More