Linux fréttir

Hackers infiltrated Fast Company's push notifications to send out racial slurs on Tuesday night. They also stole a database that includes employees' emails, password hashes for some of them and unpublished drafts, among other information. Customer records are safe, though, most likely because they're kept in a separate database. Engadget reports: In a statement, Fast Company has told Engadget that its Apple News account was hacked and was used to send "obscene and racist" push notifications." It added that the breach was related to another hack that happened on Sunday afternoon and that it has gone as far as shutting down the whole FastCompany.com domain for now. [...] Apple has addressed the situation in tweet, confirming that the website has been hacked and that it has suspended Fast Company's account. At the moment, Fast Company's website loads a "404 Not Found" page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users. They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator. From there, they were able to grab authentication tokens, Apple News API keys, among other access information. The authentication keys, in turn, gave them the power to grab the names, email addresses and IPs of a bunch of employees. In a statement, Fast Company said: "Fast Company's content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved. Tuesday's hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site's home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google Fiber is touting a test that delivered 20Gbps download speeds to a house in Kansas City, calling it a milestone on the path to offering 100Gbps symmetrical Internet. The company said it will also offer new multi-gigabit tiers in the near future. "We used to get asked, 'who needs a gig?' Today it's no longer a question," Google Fiber CEO Dinni Jain wrote in a blog post yesterday. "Every major provider in the US seems to have now gotten the gigabit memo, and it's only going up from there -- some providers are already offering 2, 5, 8, even 10 Gig products." The Alphabet division recently began selling 2Gbps download speeds with 1Gbps uploads for $100, alongside its longstanding offer of symmetrical 1Gbps speeds for $70 a month. "In the coming months, we'll have announcements to dramatically expand our multi-gigabit tiers. These will be critical milestones on our journey to 100 Gig symmetrical Internet," Jain wrote. Google Fiber is "closer than you might think" to that goal, Jain wrote. "This month, we took our testing out of the lab and into the home, starting with our first trusted tester, Nick Saporito, the Head of Commercial Strategy for GFiber." Jain provided a screenshot from a test at Saporito's home in Kansas City showing 20.2Gbps download speeds. [...] The screenshot doesn't show upload speeds. The municipal broadband provider EPB in Chattanooga, Tennessee, recently launched a symmetrical 25Gbps service, notes Ars, but its costs "$1,500 per month for residential customers and $12,500 a month for business customers."

Read more of this story at Slashdot.

You take the green pill, you'll spend six hours in a 'don't roll your own crypto' debate

Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients. This includes impersonating users and sending messages as them.…

Trading volumes in nonfungible tokens -- digital art and collectibles recorded on blockchains -- have tumbled 97% from a record high in January this year. From a report: They slid to just $466 million in September from $17 billion at the start of 2022, according to data from Dune Analytics. The fading NFT mania is part of a wider, $2 trillion wipeout in the crypto sector as rapidly tightening monetary policy starves speculative assets of investment flows.

Read more of this story at Slashdot.

North Korea has begun a mass Covid-19 vaccination campaign in its border areas, according to South Korea's spy agency, becoming one of the world's final countries to embark on such a national rollout. From a report: North Korea and Eritrea, in east Africa, were the only remaining countries that hadn't started widespread vaccination distribution, the World Health Organization has said. After rejecting millions of doses from other countries last year, North Korea admitted to its first nationwide Covid-19 outbreak in May and declared victory in August. Then, earlier this month, leader Kim Jong Un said Covid-19 vaccines would be distributed starting in November. He cited findings from the country's antiepidemic experts that North Koreans who contracted Covid-19 in May and June would experience a decline in their antibody response starting in October. During a Wednesday briefing to South Korean lawmakers, Seoul's spy agency said North Korea had begun distributing vaccines, though it didn't specify in which border areas. The lawmakers who were briefed didn't say where the vaccines had come from or when they were first distributed. Repeated lockdowns suggest North Korea hasn't eradicated the virus, the spy agency told lawmakers. Considering some recent resumption of flights and train operations between China and North Korea, it is most likely that China is supplying the vaccines, said Hong Min, of the Seoul-based Korea Institute for National Unification, a government-funded think tank.

Read more of this story at Slashdot.

Or so Akamai is dying to tell us

Akamai reckons that, in the first half of 2022 alone, it flagged nearly 79 million newly observed domains (NODs) as malicious.…

Adobe plans to add technology from its creative software portfolio to Figma without tweaking pricing or simplicity after its acquisition, seeking to ease concerns among loyal users that the deal may significantly change the design app. From a report: Photo, video and illustration editing will likely be implemented into the software design app after the acquisition closes, as well as the ability to link projects from Adobe products such as Photoshop or Premiere, Adobe Chief Product Officer Scott Belsky said in an interview. The company is conscious that Figma customers appreciate its simplicity, and any updates will avoid clogging up the way users maneuver around the app, he said. Figma's pricing model will remain "freemium," Belsky said -- meaning that a basic tier will always be accessible without cost. "We don't want to fix something that's working really well."

Read more of this story at Slashdot.

US regulators reached settlements with a dozen banks in a sprawling probe into how global financial firms failed to monitor employees' communications on unauthorized messaging apps, bringing total penalties in the matter to more than $2 billion. From a report: The Securities and Exchange Commission announced $1.1 billion in fines and the Commodity Futures Trading Commission disclosed $710 million in penalties in separate statements Tuesday. Those levies -- against firms including Bank of America, Citigroup and Goldman Sachs Group -- combined with JPMorgan Chase's $200 million in fines from December, bring the total to $2.01 billion, making them the biggest penalties ever against US banks for record-keeping lapses. "Finance, ultimately, depends on trust. By failing to honor their record-keeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust," SEC Chair Gary Gensler said in the agency's statement. "As technology changes, it's even more important that registrants appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications."

Read more of this story at Slashdot.

House of Zen just needs to convince machine makers to use them

AMD put Intel’s low-power Xeon-D and industrial Core-series processors in its sights on Tuesday with the launch of its Ryzen Embedded V3000 CPUs.…

The head of WhatsApp has warned UK ministers that moves to undermine encryption in a relaunched online safety bill would threaten the security of the government's own communications and embolden authoritarian regimes. From a report: In an interview with the Financial Times, Will Cathcart, who runs the Meta-owned messaging app, insisted that alternative techniques were available to protect children using WhatsApp, without having to abandon the underlying security technology that safeguards its more than 2bn users. The UK's bill, which the government argues will make the internet safer, has become a focus of global debate over whether companies such as Google, Meta and Twitter should be forced to proactively scan and remove harmful content on their networks. Tech companies claim it is not technically possible for encrypted messaging apps to scan for material such as child pornography without undermining the security of the entire network, which prevents anyone -- including platform operators -- from reading users' messages. Cathcart said the UK's ultimate position on the issue would have a global impact. "If the UK decides that it is OK for a government to get rid of encryption, there are governments all around the world that will do exactly the same thing, where liberal democracy is not as strong, where there are different concerns that really implicate deep-seated human rights," he said, citing Hong Kong as a potential example.

Read more of this story at Slashdot.

More electric cars will be sold in China this year than in the rest of the world combined, as its domestic market accelerates ahead of the global competition. From a report: This year, a quarter of all new cars purchased in China will be an all-electric vehicle or a plug-in hybrid. By some estimates, more than 300 Chinese companies are making E.V.s, ranging from discount offerings below $5,000 to high-end models that rival Tesla and German automakers. There are roughly four million charging units in the country, double the number from a year ago, with more coming. While other E.V. markets are still heavily dependent on subsidies and financial incentives, China has entered a new phase: Consumers are weighing the features and prices of electric vehicles against gas-powered cars without much consideration of state support. The United States is far behind. This year, the country passed a key threshold of E.V.s accounting for 5 percent of new car sales. China passed that level in 2018. Even new U.S. incentives have raised questions about how effective they will be in addressing mitigating factors for electric cars, such as long wait lists, limited supplies and high prices. The U.S. Inflation Reduction Act, passed last month, included a $7,500 tax credit for electric vehicles with conditions on where the cars are manufactured and where batteries are sourced. Automakers complained that the credit did not apply to many current E.V. models, and that the sourcing requirements could increase the cost of building an E.V. It took China more than a decade of subsidies, long-term investments and infrastructure spending to lay the foundation for its electric vehicle market to start standing on its own. Tu Le, a managing director of the Beijing-based consultancy Sino Auto Insights, said competition and dynamism were now driving the Chinese market, not government subsidies. "We have reached a point in China where we're competing on price. We're competing on features. So it's not a subsidy thing," Mr. Le said. "The market is taking over."

Read more of this story at Slashdot.

Beta-grade widget respects your privacy, we're promised

Cloudflare has begun a public beta test of a CAPTCHA alternative that runs quietly in the background to automatically determine if the webpage visitor is an actual human. Its goal is to allow netizens to avoid having to complete those tedious prove-you're-not-a-bot tests on websites.…

Ahead of its Connect conference in October, Cloudflare this week announced an ambitious new project called Turnstile, which seeks to do away with the CAPTCHAs used throughout the web to verify people are who they say they are. From a report: Available to site owners at no charge, Cloudflare customers or no, Turnstile chooses from a rotating suite of "browser challenges" to check that visitors to a webpage aren't, in fact, bots. CAPTCHAs, the challenge-response tests most of us have encountered when filling out forms, have been around for decades, and they've been relatively successfully at keeping bot traffic at bay. But the rise of cheap labor, bugs in various CAPTCHA flavors and automated solvers have begun to poke holes in the system. Several websites offer human- and AI-backed CAPTCHA-solving services for as low as $0.50 per thousand solved CAPTCHAs, and some researchers claim AI-based attacks can successfully solve CAPTCHAs used by the world's most popular websites. Cloudflare itself was once a CAPTCHA user. But according to CTO John Graham-Cumming, the company was never quite satisfied with it -- if Cloudflare's public rallying cries hadn't made that clear. In a conversation with TechCrunch, Graham-Cumming listed what he sees as the many downsides of CAPTCHA technology, including poor accessibility (visual disabilities can make it impossible to solve a CAPTCHA), cultural bias (CAPTCHAs assume familiarity with objects like U.S. taxis) and the strains that CAPTCHAs place on mobile data plans. [...] Turnstile automatically chooses a browser challenge based on "telemetry and client behavior exhibited during a session," Cloudflare says, rather than factors like login cookies. After running non-interactive JavaScript challenges to gather signals about the visitor and browser environment and using AI models to detect features and visitors who've passed a challenge before, Turnstile fine-tunes the difficulty of the challenge to the specific request -- avoiding having users solve a puzzle.

Read more of this story at Slashdot.

Beware what could be hiding in those LNK shortcuts

A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.…

More pay transparency is coming to California. The Golden State is joining New York City, Colorado, and Washington in requiring employers to disclose pay ranges in job ads. From a report: Gov. Gavin Newsom signed Senate Bill 1162 into law on Tuesday, according to statements from the California Legislative Women's Caucus and the TechEquity Collaborative. Under the law, employers with 15 or more workers will be required to include pay ranges in job postings, and those with 100 or more employees or contractors will have to report median and mean hourly pay rates by job category and "each combination of race, ethnicity, and sex." "This is a big moment for California workers, especially women and people of color who have long been impacted by systemic inequities that have left them earning far less than their colleagues," said state Sen. Monique Limon (D-Santa Barbara) in a statement. Limon introduced the bill in February. The TechEquity Collaborative's chief programs officer, Samantha Gordon, praised the law in a statement as "an important step in equalizing the playing field for the 1.9 million contractors, temps, vendors, and contingent workers" in California. Companies will have to comply by January 2023.

Read more of this story at Slashdot.

Someone going by 'Thrax' claims responsibility for 'incredibly easy' breach

Apple News shut down Fast Company's news channel after "an incredibly offensive alert" was sent to subscribers following a hack of the business publication on Tuesday evening.…

Analyst says challenges remain in attracting partners to roll out products

Oracle's Netsuite has kicked off its Las Vegas conference with a smorgasbord of news aimed at accounts payable, warehouse management, and people management.…

Unnecessary meetings are a $100 million mistake at big companies, according to a new survey that shows workers probably don't need to be in nearly a third of the appointments they attend. From a report: The survey, conducted over the summer by Steven Rogelberg, a professor of organizational science, psychology and management at the University of North Carolina at Charlotte, asked 632 employees across 20 industries to study their weekly calendars and gauge how much time they actually spent in meetings, what they got out of them and how they responded to invitations. Employees spend about 18 hours a week on average in meetings, and they only decline 14% of invites even though they'd prefer to back out of 31% of them. Reluctantly going to noncritical meetings wastes about $25,000 per employee annually, and projects out to $101 million a year for any organization with more than 5,000 employees.

Read more of this story at Slashdot.

Along with revealing authors, IARPA also wants bot to disguise scribes

The US intelligence community has launched a program to develop artificial intelligence that can determine authorship of anonymous writing while also disguising an author's identity by subtly altering their words.…

An anonymous reader shares a report:Since the research lab OpenAI debuted the latest version of DALL-E in April, the AI has dazzled the public, attracting digital artists, graphic designers, early adopters, and anyone in search of online distraction. The ability to create original, sometimes accurate, and occasionally inspired images from any spur-of-the-moment phrase, like a conversational Photoshop, has startled even jaded internet users with how quickly AI has progressed. Five months later, 1.5 million users are generating 2 million images a day. On Wednesday, OpenAI said it will remove its waitlist for DALL-E, giving anyone immediate access. The introduction of DALL-E has triggered an explosion of text-to-image generators. Google and Meta quickly revealed that they had each been developing similar systems, but said their models weren't ready for the public. Rival start-ups soon went public, including Stable Diffusion and Midjourney, which created the image that sparked controversy in August when it won an art competition at the Colorado State Fair.

Read more of this story at Slashdot.