news aggregator

A now-fixed security flaw in India's income tax e-filing portal exposed millions of taxpayers' personal and financial data due to a basic IDOR vulnerability that let users view others' records by swapping PAN numbers. "The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India," reports TechCrunch. "The data also exposed citizens' Aadhaar number, a unique government-issued identifier used as proof of identity and for accessing government services." From the report: The researchers found that when they signed into the portal using their Permanent Account Number (PAN), an official document issued by the Indian income tax department, they could view anyone else's sensitive financial data by swapping out their PAN for another PAN in the network request as the web page loads. This could be done using publicly available tools like Postman or Burp Suite (or using the web browser's in-built developer tools) and with knowledge of someone else's PAN, the researchers told TechCrunch. The bug was exploitable by anyone who was logged-in to the tax portal because the Indian income tax department's back-end servers were not properly checking who was allowed to access a person's sensitive data. This class of vulnerability is known as an insecure direct object reference, or IDOR, a common and simple flaw that governments have warned is easy to exploit and can result in large-scale data breaches. "This is an extremely low-hanging thing, but one that has a very severe consequence," the researchers told TechCrunch. In addition to the data of individuals, the researchers said that the bug also exposed data associated with companies who were registered with the e-Filing portal. [...] It remains unclear how long the vulnerability has existed or whether any malicious actors have accessed the exposed data.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: Micro Center and iFixit have announced a partnership that combines the DIY repair giant's guides, parts, and toolkits with Micro Center's nationwide chain of computer and electronics stores. Customers browsing iFixit online can now find local Micro Center locations through a built-in locator and even stop in for a free consultation with a certified technician. Inside stores, shoppers will see iFixit toolkits and parts on shelves, while Micro Center's in-house technicians begin using iFixit's gear for professional repairs.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: Sora 2, Open AI's new AI video generator, puts a visual watermark on every video it generates. But the little cartoon-eyed cloud logo meant to help people distinguish between reality and AI-generated bullshit is easy to remove and there are half a dozen websites that will help anyone do it in a few minutes. A simple search for "sora watermark" on any social media site will return links to places where a user can upload a Sora 2 video and remove the watermark. 404 Media tested three of these websites, and they all seamlessly removed the watermark from the video in a matter of seconds. Hany Farid, a UC Berkeley professor and an expert on digitally manipulated images, said he's not shocked at how fast people were able to remove watermarks from Sora 2 videos. "It was predictable," he said. "Sora isn't the first AI model to add visible watermarks and this isn't the first time that within hours of these models being released, someone released code or a service to remove these watermarks." [...] According to Farid, Open AI is decent at employing strategies like watermarks, content credentials, and semantic guardrails to manage malicious use. But it doesn't matter. "It is just a matter of time before someone else releases a model without these safeguards," he said. Both [Rachel Tobac, CEO of SocialProof Security] and Farid said that the ease at which people can remove watermarks from AI-generated content wasn't a reason to stop using watermarks. "Using a watermark is the bare minimum for an organization attempting to minimize the harm that their AI video and audio tools create," Tobac said, but she thinks the companies need to go further. "We will need to see a broad partnership between AI and Social Media companies to build in detection for scams/harmful content and AI labeling not only on the AI generation side, but also on the upload side for social media platforms. Social Media companies will also need to build large teams to manage the likely influx of AI generated social media video and audio content to detect and limit the reach for scammy and harmful content." "I'd like to know what OpenAI is doing to respond to how people are finding ways around their safeguards," Farid said. "Will they adapt and strengthen their guardrails? Will they ban users from their platforms? If they are not aggressive here, then this is going to end badly for us all."

Read more of this story at Slashdot.

Both men, 17, taken into custody

London cops on Tuesday arrested two teenagers on suspicion of computer misuse and blackmail following a ransomware attack on a chain of London preschools.…

Longtime Slashdot reader schwit1 shares a report from Reuters: OpenAI said on Tuesday it has banned several ChatGPT accounts with suspected links to the Chinese government entities after the users asked for proposals to monitor social media conversations. In its latest public threat report (PDF), OpenAI said some individuals had asked its chatbot to outline social media 'listening' tools and other monitoring concepts, violating the startup's national security policy. The San Francisco-based firm's report raises safety concerns over potential misuse of generative AI amid growing competition between the U.S. and China to shape the technology's development and rules. OpenAI said it also banned several Chinese-language accounts that used ChatGPT to assist phishing and malware campaigns and asked the model to research additional automation that could be achieved through China's DeepSeek. It also banned accounts tied to suspected Russian-speaking criminal groups that used the chatbot to help develop certain malware, OpenAI said.

Read more of this story at Slashdot.

Jailbreaks, direct prompt injection not allowed

Google on Monday rolled out a new AI Vulnerability Reward Program to encourage researchers to find and report flaws in its AI systems, with rewards of up to $30,000 for a single qualifying report.…

Longtime Slashdot reader kamesh shares a report from TechCrunch: Tech behemoth IBM is teaming up with AI research lab Anthropic to bring AI into its software. Armonk, New York-based IBM announced it will be adding Anthropic's Claude large language model family into some of its software products on Tuesday. The first product to tap Claude will be IBM's integrated development environment, which is already available to a select group of customers. IBM also announced it created a guide in partnership with Anthropic on how enterprises can build, deploy, and maintain enterprise-grade AI agents. Terms of the deal were not disclosed.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Smartphone processor and modem maker Qualcomm is acquiring Arduino, the Italian company known mainly for its open source ecosystem of microcontrollers and the software that makes them function. In its announcement, Qualcomm said that Arduino would "[retain] its brand and mission," including its "open source ethos" and "support for multiple silicon vendors." Qualcomm didn't disclose what it would pay to acquire Arduino. The acquisition also needs to be approved by regulators "and other customary closing conditions." The first fruit of this pending acquisition will be the Arduino Uno Q, a Qualcomm-based single-board computer with a Qualcomm Dragonwing QRB2210 processor installed. The QRB2210 includes a quad-core Arm Cortex-A53 CPU and a Qualcomm Adreno 702 GPU, plus Wi-Fi and Bluetooth connectivity, and combines that with a real-time microcontroller "to bridge high-performance computing with real-time control." "Arduino will retain its independent brand, tools, and mission, while continuing to support a wide range of microcontrollers and microprocessors from multiple semiconductor providers as it enters this next chapter within the Qualcomm family," Qualcomm said in its press release. "Following this acquisition, the 33M+ active users in the Arduino community will gain access to Qualcomm Technologies' powerful technology stack and global reach. Entrepreneurs, businesses, tech professionals, students, educators, and hobbyists will be empowered to rapidly prototype and test new solutions, with a clear path to commercialization supported by Qualcomm Technologies' advanced technologies and extensive partner ecosystem." CNBC notes in its reporting that this acquisition gives Qualcomm "direct access to the tinkerers, hobbyists and companies at the lowest levels of the robotics industry." From the report: Arduino products can't be used to build commercial products but, with chips preinstalled, they're popular for testing out a new idea or proving a concept. Qualcomm hopes that Arduino can help it gain loyalty and legitimacy among startups and builders as robots and other devices increasingly need more powerful chips for artificial intelligence. When some of those experiments become products, Qualcomm wants to sell them its chips commercially.

Read more of this story at Slashdot.

U.S. GDP growth in the first half of 2025 was driven almost entirely by investment in data centers and information processing technology. The GDP growth would have been just 0.1% on an annualized basis without these technology-related categories, according to Harvard economist Jason Furman. Investment in information-processing equipment and software accounted for only 4% of U.S. GDP during this period but represented 92% of GDP growth. Renaissance Macro Research estimated in August that the dollar value contributed to GDP growth by AI data-center buildout had surpassed U.S. consumer spending for the first time. Consumer spending makes up two-thirds of GDP. Tech giants including Microsoft, Google, Amazon, Meta and Nvidia poured tens of billions of dollars into building and upgrading data centers.

Read more of this story at Slashdot.

House Committee on China wants more comprehensive ban on chipmaking equipment exports to Middle Kingdom

US export controls have had mixed results in stemming the flow of chipmaking equipment into China, according to a congressional investigation, which found US and allied companies sold $38 billion worth of semiconductor tools in 2024 alone.…

Microsoft Copilot, not so much

Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.…

An anonymous reader shares a report: Changes are coming to the Play Store in spite of a concerted effort from Google to maintain the status quo. The company asked the US Supreme Court to freeze parts of the Play Store antitrust ruling while it pursued an appeal, but the high court has rejected that petition. That means the first elements of the antitrust remedies won by Epic Games will have to be implemented in mere weeks. The app store case is one of three ongoing antitrust actions against Google, but it's the furthest along of them. Google lost the case in 2023, and in 2024, US District Judge James Donato ordered a raft of sweeping changes aimed at breaking Google's illegal monopoly on Android app distribution. In July, Google lost its initial appeal, leaving it with little time before the mandated changes must begin. [...] The more dramatic changes are not due until July 2026, but this month will still bring major changes to Android apps. Google will have to allow developers to link to alternative methods of payment and download outside the Play Store, and it cannot force developers to use Google Play Billing within the Play Store. Google is also prohibited from setting prices for developers.

Read more of this story at Slashdot.

An anonymous reader shares a report: YouTube megastar Jimmy Donaldson, the creator behind the platform's biggest channel MrBeast, is worried there are "scary times" ahead for the creator economy as AI video tools make it increasingly difficult to tell what is real. "When AI videos are just as good as normal videos, I wonder what that will do to YouTube and how it will impact the millions of creators currently making content for a living.. scary times," Donaldson said on X on Sunday. Donaldson's concerns come on the heels of OpenAI's release of a Sora social media platform able to AI generated short-form videos, including of individuals who "upload" themselves onto the app. Meta launched its similar video-generating Vibes platform last month.

Read more of this story at Slashdot.

Samsung, Hisense, TCL and Sony presented RGB LED TVs at IFA in Berlin last month. The technology replaces each standard LED backlight with a trio of red, green and blue LEDs to expand the range of colors a screen can display. Each manufacturer is using different name for the technology: Hisense has called it RGB-MiniLED, Samsung named it Micro RGB, Sony introduced Sony RGB Technology, and TCL branded it RGB Micro LED. The companies previously tried other monikers at CES. Avi Greengart of Techsponential told PCMag the difference in color fidelity was not subtle when he viewed Samsung's version. PCMag found the Hisense 116UX the brightest TV with the widest color range he had evaluated. Both the 116-inch Hisense and Samsung's 115-inch model list at $30,000. TCL introduced RGB sets in China at prices starting at the equivalent of $1,150 for a 65-inch model. Greengart cautioned that it remained unclear whether the technology would rapidly decline in price or stay expensive like MicroLED.

Read more of this story at Slashdot.

An anonymous reader shares a report: It's been a while since Apple last mocked Windows security, but the iPhone maker has just released an ad that hits Windows hard. The eight-minute commercial pokes fun at the CrowdStrike Blue Screen of Death (BSOD) issue that took down millions of Windows machines last year. Apple's ad follows The Underdogs, a fictional company that's about to attend a trade show, before a PC outage causes chaos and a Blue Screen of Death shuts down machines at the convention. If it wasn't clear Apple was mocking the infamous CrowdStrike incident, an IT expert appears in the middle of the ad and starts discussing kernel-level functionality, the core part of an operating system that has unrestricted access to system memory and hardware.

Read more of this story at Slashdot.

The Danish government wants to introduce a ban on several social media platforms for children under the age of 15, as Prime Minister Mette Frederiksen announced Tuesday. From a report: "Mobile phones and social media are stealing our children's childhood," she said in her opening speech to the Danish parliament, the Folketing. "We have unleashed a monster," Frederiksen said, noting that almost all Danish seventh graders, where pupils are typically 13 or 14 years old, own a cellphone. "I hope that you here in the chamber will help tighten the law so that we take better care of our children here in Denmark," she added. However, Frederiksen did not give further details on what such a ban would entail, nor does a bill on an age limit appear in the government's legislative program for the upcoming parliamentary year.

Read more of this story at Slashdot.

OpenAI has signed about $1 trillion in deals this year for computing power to run its AI models, commitments that dwarf its revenue and raise questions about how it can fund them. From a report: Monday's deal with chipmaker AMD follows similar agreements with Nvidia, Oracle and CoreWeave, as OpenAI races to find the computing power it thinks it will need to run services such as ChatGPT. The deals would give OpenAI access to more than 20 gigawatts of computing capacity, roughly equivalent to the power from 20 nuclear reactors, over the next decade. Each 1GW of AI computing capacity costs about $50bn to deploy in today's prices, according to estimates by OpenAI executives, making the total cost about $1tn. The deals have bound some of the world's biggest tech groups to OpenAI's ability to become a profitable business that can meet its increasingly steep financial obligations.

Read more of this story at Slashdot.

Agency aims to replace its default 'no' with default 'yes' while overhauling rules for operators

The US Federal Communications Commission has launched "Space Month," with Chairman Brendan Carr saying that "we'll replace a default to no at the agency to a default to yes" for satellite licensing requests.…

No fraud monitoring and no apology after miscreants make off with medical, financial data

Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.…

AmiMoJo writes: The Irish Government's basic income scheme for artists is set to become a permanent fixture from next year, with 2,000 new places to be made available under Budget 2026. Minister for Culture Patrick O'Donovan has secured agreement with other government departments to continue and expand the initiative, which had previously operated on a pilot basis. Participants in the scheme receive a weekly payment of $379.50. The pilot programme, launched in 2022, provided basic income support to 2,000 artists and creative arts workers across Ireland. It aimed to support the arts sector's recovery following the COVID-19 pandemic, during which many artists experienced significant income loss due to restrictions on live performances and events. The scheme provides unconditional, regular payments to eligible artists and creative workers, allowing them to focus on their practice without the pressure of commercial viability. It is not means-tested and operates independently of social welfare payments. An independent evaluation of the pilot, published earlier this year, found that recipients reported increased time spent on creative work, reduced financial stress, and improved well-being.

Read more of this story at Slashdot.