Linux fréttir

FBI and others list how to spot NK infiltrators, but AI will make it harder

RSAC Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is an answer, for the moment at least.…

HMRC kicks off procurement to modernize customer service after scathing reports

The UK's tax collector plans to appoint a new CRM vendor to manage its vast interactions with citizens over their tax affairs.…

'When we look at the economic outcomes, it really has not moved the needle'

Instead of depressing wages or taking jobs, generative AI chatbots like ChatGPT, Claude, and Gemini have had almost no wage or labor impact so far – a finding that calls into question the huge capital expenditures required to create and run AI models.…

Amazon successfully launched the first 27 satellites for its Project Kuiper internet constellation, kicking off a major effort to compete with Starlink by deploying over 1,600 satellites by mid-2026. It company is investing $10 billion in Kuiper and plans to begin commercial service later this year. CNBC reports: "We had a nice smooth countdown, beautiful weather, beautiful liftoff, and Atlas V is on its way to orbit to take those 27 Kuiper satellites, put them on their way and really start this new era in internet connectivity," Caleb Weiss, a systems engineer at ULA, said on the livestream following the launch. The satellites are expected to separate from the rocket roughly 280 miles above Earth's surface, at which point Amazon will look to confirm the satellites can independently maneuver and communicate with its employees on the ground. [...] In his shareholder letter earlier this month, Amazon CEO Andy Jassy said Kuiper will require upfront investment at first, but eventually the company expects it to be "a meaningful operating income and ROIC business for us." ROIC stands for return on invested capital. Investors will be listening for any commentary around further capex spend on Kuiper when Amazon reports first-quarter earnings after the bell on Thursday. A livestream can be found here.

Read more of this story at Slashdot.

They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse

Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview in the name of science.…

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy. "Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely. One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

Read more of this story at Slashdot.

One launch down, 80-plus to go, for a pittance compared to planned AWS spending

Amazon’s first attempt to hoist production versions of its Project Kuiper broadband-beaming satellites appears to have succeeded.…

Who could possibly be behind this attack on an ethnic minority China despises?

Researchers at Canada’s Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it’s an example of Beijing’s attempts to target the ethnic minority group.…

Oracle engineers mistakenly triggered a five-day software outage at a number of Community Health Systems hospitals, causing the facilities to temporarily return to paper-based patient records. From a report: CHS told CNBC that the outage involving Oracle Health, the company's electronic health record (EHR) system, affected "several" hospitals, leading them to activate "downtime procedures." Trade publication Becker's Hospital Review reported that 45 hospitals were hit. The outage began on April 23, after engineers conducting maintenance work mistakenly deleted critical storage connected to a key database, a CHS spokesperson said in a statement. The outage was resolved on Monday, and was not related to a cyberattack or other security incident. CHS is based in Tennessee and includes 72 hospitals in 14 states, according to the medical system's website.

Read more of this story at Slashdot.

According to an email posted on Duolingo's LinkedIn, the language learning app will "gradually stop using contractors to do work that AI can handle." Co-founder and CEO Luis von Ahn also said the company will be "AI-first." The Verge reports: According to von Ahn, being "AI-first" means the company will "need to rethink much of how we work" and that "making minor tweaks to systems designed for humans won't get us there." As part of the shift, the company will roll out "a few constructive constraints," including the changes to how it works with contractors, looking for AI use in hiring and in performance reviews, and that "headcount will only be given if a team cannot automate more of their work." von Ahn says that "Duolingo will remain a company that cares deeply about its employees" and that "this isn't about replacing Duos with AI." Instead, he says that the changes are "about removing bottlenecks" so that employees can "focus on creative work and real problems, not repetitive tasks." "AI isn't just a productivity boost," von Ahn says. "It helps us get closer to our mission. To teach well, we need to create a massive amount of content, and doing that manually doesn't scale. One of the best decisions we made recently was replacing a slow, manual content creation process with one powered by AI. Without AI, it would take us decades to scale our content to more learners. We owe it to our learners to get them this content ASAP."

Read more of this story at Slashdot.

Florida man altered allergen info, DoSed former colleagues

Former Disney employee Michael Scheuer was sentenced to 36 months in prison and fined almost $688,000 for screwing up a software application the entertainment giant used to cook up its restaurant menus.…

Nixplay has dramatically reduced its free cloud storage offering for digital photo frame users from the original 10GB to just 500MB. The previously announced update, which took effect last week, also removed the formerly free ability to sync Google Photos albums. Users whose accounts already exceed the new 500MB limit will find their content "restricted from sharing or viewing" unless they edit their library or purchase a subscription. Nixplay now offers two paid tiers: Nixplay Lite at $19.99 annually for 100GB storage and Nixplay Plus at $29.99 yearly for unlimited storage.

Read more of this story at Slashdot.

Sometimes, silence is the best option

An Oklahoma City cybersecurity professional accused of installing spyware on a hospital PC confirmed on LinkedIn key details of the drama.…

OpenAI has upgraded ChatGPT's search tool to include shopping features, allowing users to receive personalized product recommendations, view images and reviews, and access direct purchase links using natural language queries. TechCrunch reports: When ChatGPT users search for products, the chatbot will now offer a few recommendations, present images and reviews for those items, and include direct links to webpages where users can buy the products. OpenAI says users can ask hyper-specific questions in natural language and receive customized results. To start, OpenAI is experimenting with categories including fashion, beauty, home goods, and electronics. OpenAI is rolling out the feature in the default AI model for ChatGPT, GPT-4o, today for ChatGPT Pro, Plus, and Free users, as well as logged-out users around the globe. [...] OpenAI claims its search product is growing rapidly. Users made more than a billion web searches in ChatGPT last week, the company told TechCrunch. OpenAI says it's determining ChatGPT shopping results independently, and notes that ads are not part of this upgrade to ChatGPT search. The shopping results will be based on structured metadata from third parties, such as pricing, product descriptions, and reviews, according to OpenAI. The company won't receive a kickback from purchases made through ChatGPT search. [...] Soon, OpenAI says it will integrate its memory feature with shopping for Pro and Plus users, meaning ChatGPT will reference a user's previous chats to make highly personalized product recommendations. The company previously updated ChatGPT to reference memory when making web searches broadly. However, these memory features won't be available to users in the EU, the U.K., Switzerland, Norway, Iceland, and Liechtenstein.

Read more of this story at Slashdot.

New submitter MicroBitz shares a report: SPROUT, short for Soft Pathfinding Robotic Observation Unit, is a flexible, vine-like robot developed by MIT Lincoln Laboratory in collaboration with the University of Notre Dame. Unlike rigid robots or static cameras, SPROUT can "grow" into tight, winding spaces that are otherwise inaccessible, giving first responders a new way to explore, map and assess collapsed structures. Beyond disaster response, the technology could be adapted for inspecting military systems or critical infrastructure in hard-to-reach places, making SPROUT a versatile tool for a variety of high-stakes scenarios. "The urban search-and-rescue environment can be brutal and unforgiving, where even the most hardened technology struggles to operate. The fundamental way a vine robot works mitigates a lot of the challenges that other platforms face," says Chad Council, a member of the SPROUT team, which is led by Nathaniel Hanson. "The mechanical performance of the robots has an immediate effect, but the real goal is to rethink the way sensors are used to enhance situational awareness for rescue teams," adds Hanson. "Ultimately, we want SPROUT to provide a complete operating picture to teams before anyone enters a rubble pile." You can see the SPROUT vine robot in action in a YouTube video from MIT Lincoln Laboratory.

Read more of this story at Slashdot.

Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel

RSAC Chief security officers should negotiate personal liability insurance and a golden parachute when they start a new job – in case things go sideways and management tries to scapegoat them for a network breach.…

An anonymous reader quotes a report from Milwaukee Journal Sentinel: Milwaukee police are mulling a trade: 2.5 million mugshots for free use of facial recognition technology. Officials from the Milwaukee Police Department say swapping the photos with the software firm Biometrica will lead to quicker arrests and solving of crimes. But that benefit is unpersuasive for those who say the trade is startling, due to the concerns of the surveillance of city residents and possible federal agency access. "We recognize the very delicate balance between advancement in technology and ensuring we as a department do not violate the rights of all of those in this diverse community," Milwaukee Police Chief of Staff Heather Hough said during an April 17 meeting. For the first time, Milwaukee police officials detailed their plans to use the facial recognition technology during a meeting of the city's Fire and Police Commission, the oversight body for those departments. In the past, the department relied on facial recognition technology belonging to neighboring police agencies. In an April 24 email, Hough said the department has not entered into an agreement with any facial recognition and the department intends to continue engaging the public before doing so. The department will discuss it at a future meeting of the city's Public Safety and Health Committee next, she said. "While we would like to acquire the technology to assist in solving cases, being transparent with the community that we serve far outweighs the urgency to acquire," she said in an email. Officials said the technology alone could not be used as probable cause to arrest someone and the only authorized uses would be when there's basis to believe criminal activity has happened or could happen, or a threat to public safety is imminent. Hough said the department intended to craft a policy that would ensure no one is arrested solely based on facial recognition matches. That reassurance and others from police officials came as activists, residents and some public officials voiced concern.

Read more of this story at Slashdot.

Homeland Security boss Noem added as last-minute keynote, mind you

RSAC There's a notable absence from this year's RSA Conference that kicked off today in San Francisco: The NSA's State of the Hack panel.…

Onchain investigator ZachXBT flagged a suspicious $330.7 million Bitcoin transfer that was quickly laundered into Monero, causing XMR's price to spike by 50%. CoinTelegraph reports: The transaction, reported on April 28, saw funds moved from a potential victim's wallet to the address bc1qcry...vz55g. Following the transfer, the stolen stash was quickly laundered through over six instant exchanges and swapped into privacy-focused cryptocurrency Monero. The large-scale conversion led to a 50% spike in XMR's price with the token reaching an intraday high of $339, according to data from CoinMarketCap. At the time of writing, XMR has settled slightly but remains up 25% in the past 24 hours, trading at $289. When asked whether North Korea's Lazarus Group was behind the attack, ZachXBT dismissed the theory, stating it was "highly probable it's not," suggesting independent hackers were responsible. "While there are concerns of more criminals moving to privacy coins for anonymity, the vast majority of criminal activity still uses mainstream cryptocurrencies, such as Bitcoin, Ethereum and stablecoins," Chainalysis said. "Cryptocurrency is only useful if you can buy and sell goods and services or cash out into fiat, and that is much more difficult with privacy coins, especially as many mainstream exchanges have offboarded the use of privacy coins, such as Monero."

Read more of this story at Slashdot.

Three Democratic senators are sounding the alarm over brain-computer interface (BCI) technologies' ability to collect -- and potentially sell -- our neural data. From a report: In a letter to the Federal Trade Commission (FTC), Sens. Chuck Schumer (D-NY), Maria Cantwell (D-IN), and Ed Markey (D-MA) called for an investigation into neurotechnology companies' handling of user data, and for tighter regulations on their data-sharing policies. "Unlike other personal data, neural data -- captured directly from the human brain -- can reveal mental health conditions, emotional states, and cognitive patterns, even when anonymized," the letter reads. "This information is not only deeply personal; it is also strategically sensitive."

Read more of this story at Slashdot.