Linux fréttir

An anonymous reader quotes a report from Wired: An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US. Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site's backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. "The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk," Darby wrote in a statement. "We take our responsibilities to protect customer data very seriously." CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address -- and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures. By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users and claims on its website that it has handled more than 800,000 bags for customers. [...] The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a "rate limiting" security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. "Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. "The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything."

Read more of this story at Slashdot.

Palantir has secured a massive $10 billion contract with the U.S. Army to unify 75 contracts into a single AI-focused enterprise framework, streamlining procurement and enhancing military readiness. CNBC reports: The agreement creates a "comprehensive framework for the Army's future software and data needs" that provides the government with purchasing flexibility and removes contract-related fees and procurement timelines, according to a release. Palantir co-founder and CEO Alex Karp has been a vocal proponent of protecting U.S. interests and joining forces on AI to fend off adversaries. Earlier this year, Palantir delivered its first two AI-powered systems in its $178 million contract with the U.S. Army. In May, the Department of Defense boosted its Maven Smart Systems contract to beef up AI capabilities by $795 million.

Read more of this story at Slashdot.

Plaintiffs argued that the company massively oversold the assisted-driving capabilities of its cars

After two weeks of testimony, a Florida jury has found Tesla partially responsible for the death of one person and causing serious injuries to another in a crash where the driver was using the company's much-touted Autopilot system.…

Atlassian laid off 150 employees via a pre-recorded video. "While not specifically outlined, the affected staff seem to be from the company's European operations, with The Australian saying that Cannon-Brooke's overshared that it would be difficult to axe its European staff due to contract arrangements, but that the company had already begun moving in that direction," reports CyberDaily. While the company claims the cuts weren't directly caused by AI, it has simultaneously rolled out AI-enhanced customer service tools and emphasized automation as a key part of its digital transformation strategy. From the report: Atlassian CEO and co-founder Mike Cannon-Brookes sent the video titled "Restructuring the CSS Team: A Difficult Decision for Our Future" to staff on Wednesday morning (30 July), informing them that 150 staff had been made redundant. The video reportedly did not make it seem that the decision was difficult, but rather said it would allow its staff "to say goodbye." The video itself did not announce who was leaving, but it told employees they would have to wait 15 minutes for an email about their employment. Those who were terminated had their laptops blocked immediately. They reportedly will receive six months' pay. "AI is going to change Australia," [said former co-CEO and co-founder Scott Farquhar]. "Every person should be using AI daily for as many things as they can. Like any new technology, it will feel awkward to start with, but every business person, every business leader, every government leader, and every bureaucrat should be using it." He also said that governments should be implementing AI more broadly. [...] Commenting on the termination, Farquhar said the mass termination was due to the customer service team no longer being needed in the same capacity, as larger clients required less complex support following a move to the cloud.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Amazon CEO Andy Jassy sees an opportunity to deliver ads to users during their conversations with the company's AI-powered digital assistant, Alexa+, he said during Amazon's second-quarter earnings call Thursday. "People are excited about the devices that they can buy from us that has Alexa+ enabled in it. People do a lot of shopping [with Alexa+]; it's a delightful shopping experience that will keep getting better," said Jassy on the call with investors and Wall Street analysts. "I think over time, there will be opportunities, as people are engaging in more multi-turn conversations, to have advertising play a role to help people find discovery, and also as a lever to drive revenue." [...] Amazon has made Alexa+ free for Prime customers (who pay $14.99 a month) and added a $20-a-month subscription tier for Alexa+ on its own. Jassy suggested on Thursday that Alexa+ could eventually include subscription tiers beyond what's available today -- perhaps an ad-free tier. Up until now, ads have only appeared in Alexa in limited ways. Users may occasionally see a visual ad on Amazon's smart display device, the Echo Show, or hear a pre-recorded ad in between songs on one of Alexa's smart speakers. But Jassy's description of an AI-generated ad that Alexa+ delivers in a multistep conversation, which could help users find new products, is uncharted territory for Amazon and the broader tech industry. Marketers have expressed interest in advertising in AI chatbots, and specifically Alexa+, but exactly how remains unclear. [...] Jassy is betting that users will talk to Alexa+ more than Alexa, which could drive more advertising and more shopping on Amazon.com. However, early reviews of Alexa+ have been mixed. Amazon has reportedly struggled to ship some of Alexa+'s more complicated features, and the rollout has been slower than many expected. There's a lot to figure out before Amazon puts ads in Alexa+. Like most AI models, Alexa+ is not immune to hallucinations. Before advertisers agree to make Alexa+ a spokesperson for their products, Amazon may have to come up with some ways to ensure that its AI will not offer false advertising for a product. Jassy seems enthusiastic about making advertising a larger part of Amazon business. Amazon's advertising revenue went up 22% in the second quarter, compared to the same period last year. Delivering ads in AI chatbot conversations may also raise privacy concerns. People tend to talk more with AI chatbots compared to deterministic assistants, like the traditional Alexa and Siri products. As a result, generative AI chatbots tend to collect more information on users. Some users might be unsettled by having that information sold to advertisers and having ads appear in their natural language conversations with AI.

Read more of this story at Slashdot.

India's national university ranking will start penalizing institutions if a sizable number of papers published by their researchers are retracted -- a first for an institutional ranking system. Nature: The move is an attempt by the government to address the country's growing number of retractions due to misconduct. Many retractions correct honest mistakes in the literature, but others arise because of misconduct. India has had more papers retracted than any country apart from China and the United States, according to an analysis of the public database maintained by Retraction Watch of retractions over the past three decades. But whereas less than 1 paper is retracted for every 1,000 papers published in the United States, more than 3 are retracted for every 1,000 published in China, and the figure is 2 per 1,000 in India. The majority in India and China are withdrawn because of misconduct or research-integrity concerns.

Read more of this story at Slashdot.