An anonymous reader quotes a report from Wired: Stablecoins, cryptocurrencies pegged to a stable value like the US dollar, were created with the promise of bringing the frictionless, border-crossing fluidity of Bitcoin to a form of digital money with far less volatility. That combination has proved to be wildly popular, rocketing the total value of stablecoin transactions since 2022 past even that of Bitcoin itself. It turns out, however, that as stablecoins have become popular among legitimate users over the past two years, they were even more popular among a different kind of user: those exploiting them for billions of dollars of international sanctions evasion and scams. As part of itsannual crime report, cryptocurrency-tracing firm Chainalysis today released new numbers on the disproportionate use of stablecoins for both of those massive categories of illicit crypto transactions over the last year. By analyzing blockchains, Chainalysis determined that stablecoins were used in fully 70 percent of crypto scam transactions in 2023, 83 percent of crypto payments to sanctioned countries like Iran and Russia, and 84 percent of crypto payments to specifically sanctioned individuals and companies. Those numbers far outstrip stablecoins' growing overall use -- including for legitimate purposes -- which accounted for 59 percent of all cryptocurrency transaction volume in 2023. In total, Chainalysis measured $40 billion in illicit stablecoin transactions in 2022 and 2023 combined. The largest single category of that stablecoin-enabled crime was sanctions evasion. In fact, across all cryptocurrencies, sanctions evasion accounted for more than half of the $24.2 billion in criminal transactions Chainalysis observed in 2023, with stablecoins representing the vast majority of those transactions. [...] Chainalysis concedes that the analysis in its report excludes some cryptocurrencies like Monero and Zcash that are designed to be harder or impossible to trace with blockchain analysis. It also says it based its numbers on the type of cryptocurrency sent directly to an illicit actor, which may leave out other currencies used in money laundering processes that repeatedly swap one type of cryptocurrency for another to make tracing more difficult. "Whether it's an individual located in Iran or a bad guy trying to launder money -- either way, there's a benefit to the stability of the US dollar that people are looking to obtain," says Andrew Fierman, Chainalysis' head of sanctions strategy. "If you're in a jurisdiction where you don't have access to the US dollar due to sanctions, stablecoins become an interesting play." Fierman points to Nobitex, the largest cryptocurrency exchange operating in the sanctioned country of Iran, as well as Garantex, a notorious exchange based in Russia that has been specifically sanctioned for its widespread criminal use. According to Chainalysis, "Stablecoin usage on Nobitex outstrips bitcoin by a 9:1 ratio, and on Garantex by a 5:1 ratio," reports Wired. "That's a stark difference from the roughly 1:1 ratio between stablecoins and bitcoins on a few nonsanctioned mainstream exchanges that Chainalysis checked for comparison."

Read more of this story at Slashdot.

U.S. edutech platform Coursera added a new user every minute on average for its AI courses in 2023, CEO Jeff Maggioncalda said on Thursday, in a clear sign of people upskilling to tap a potential boom in generative AI. Reuters: The technology behind OpenAI's ChatGPT has taken the world by a storm and sparked a race among companies to roll out their own versions of the viral chatbot. "I'd say the real hotspot is generative AI because it affects so many people," he told Reuters in an interview at the World Economic Forum in Davos. Coursera is looking to offer AI courses along with companies that are the frontrunners in the AI race, including OpenAI and Google's DeepMind, Maggioncalda said. Investors had earlier feared that apps based on generative AI might replace ed-tech firms, but on the contrary the technology has encouraged more people to upskill, benefiting companies such as Coursera. The company has more than 800 AI courses and saw more than 7.4 million enrollments last year. Every student on the platform gets access to a ChatGPT-like AI assistant called "Coach" that provides personalized tutoring.

Read more of this story at Slashdot.

OpenAI's stated mission is to create the artificial general intelligence, or AGI. Demis Hassabis, the leader of Google's AI efforts, has the same goal. Now, Meta CEO Mark Zuckerberg is entering the race. From a report: While he doesn't have a timeline for when AGI will be reached, or even an exact definition for it, he wants to build it. At the same time, he's shaking things up by moving Meta's AI research group, FAIR, to the same part of the company as the team building generative AI products across Meta's apps. The goal is for Meta's AI breakthroughs to more directly reach its billions of users. "We've come to this view that, in order to build the products that we want to build, we need to build for general intelligence," Zuckerberg tells me in an exclusive interview. "I think that's important to convey because a lot of the best researchers want to work on the more ambitious problems." [...] No one working on AI, including Zuckerberg, seems to have a clear definition for AGI or an idea of when it will arrive. "I don't have a one-sentence, pithy definition," he tells me. "You can quibble about if general intelligence is akin to human level intelligence, or is it like human-plus, or is it some far-future super intelligence. But to me, the important part is actually the breadth of it, which is that intelligence has all these different capabilities where you have to be able to reason and have intuition." He sees its eventual arrival as being a gradual process, rather than a single moment. "I'm not actually that sure that some specific threshold will feel that profound." As Zuckerberg explains it, Meta's new, broader focus on AGI was influenced by the release of Llama 2, its latest large language model, last year. The company didn't think that the ability for it to generate code made sense for how people would use a LLM in Meta's apps. But it's still an important skill to develop for building smarter AI, so Meta built it anyway. External research has pegged Meta's H100 shipments for 2023 at 150,000, a number that is tied only with Microsoft's shipments and at least three times larger than everyone else's. When its Nvidia A100s and other AI chips are accounted for, Meta will have a stockpile of almost 600,000 GPUs by the end of 2024, according to Zuckerberg.

Read more of this story at Slashdot.

Microsoft today made Reading Coach, its AI-powered tool that provides learners with personalized reading practice, available at no cost to anyone with a Microsoft account. From a report: As of this morning, Reading Coach is accessible on the web in preview -- a Windows app is forthcoming. And soon (in late spring), Reading Coach will integrate with learning management systems such as Canva, Microsoft says. Reading Coach builds on Reading Progress, a plug-in for the education-focused version of Microsoft Teams, Teams for Education, designed to help teachers foster reading fluency in their students. Inspired by the success of Reading Progress (evidently), Microsoft launched Reading Coach in 2022 as a part of Teams for Education and Immersive Reader, the company's cross-platform assistive service for language and reading comprehension.

Read more of this story at Slashdot.

Coinbase said buying cryptocurrency on an exchange was more like collecting Beanie Babies than investing in a stock or bond. From a report: The biggest US crypto exchange made the comparison Wednesday in a New York federal court hearing. Coinbase was arguing for the dismissal of a Securities and Exchange Commission lawsuit accusing it of selling unregistered securities. William Savitt, a lawyer for Coinbase, told US District Judge Katherine Polk Failla that tokens trading on the exchange aren't securities subject to SEC jurisdiction because buyers don't gain any rights as a part of their purchases, as they do with stocks or bonds. "It's the difference between buying Beanie Babies Inc and buying Beanie Babies," Savitt said. The question of whether digital tokens are securities has divided courts.

Read more of this story at Slashdot.

Private equity firms are increasingly buying hospitals across the US, and when they do, patients suffer, according to two separate reports. Specifically, the equity firms cut corners, slash services, lay off staff, lower quality of care, take on substantial debt, and reduce charity care, leading to lower ratings and more medical errors, the reports collectively find. ArsTechnica: Last week, the financial watchdog organization Private Equity Stakeholder Project (PESP) released a report delving into the state of two of the nation's largest hospital systems, Lifepoint and ScionHealth -- both owned by private equity firm Apollo Global Management. Through those two systems, Apollo runs 220 hospitals in 36 states, employing around 75,000 people. The report found that some of Apollo's hospitals were among the worst in their respective states, based on a ranking by The Lown Institute Hospital Index. The index ranks hospitals and health systems based on health equity, value, and outcomes, PESP notes. The hospitals also have dismal readmission rates and government rankings. The Center for Medicare and Medicaid Services (CMS) ranks hospitals on a one- to five-star system, with the national average of 3.2 stars overall and about 30 percent of hospitals at two stars or below. Apollo's overall average is 2.8 stars, with nearly 40 percent of hospitals at two stars or below. The other report, a study published in JAMA late last month, found that the rate of serious medical errors and health complications increases among patients in the first few years after private equity firms take over. The study examined Medicare claims from 51 private equity-run hospitals and 259 matched control hospitals. Specifically, the study, led by researchers at Harvard University, found that patients admitted to private equity-owned hospitals had a 25 percent increase in developing hospital-acquired conditions compared with patients in the control hospitals. In private equity hospitals, patients experienced a 27 percent increase in falls, a 38 percent increase in central-line bloodstream infections (despite placing 16 percent fewer central lines than control hospitals), and surgical site infections doubled.

Read more of this story at Slashdot.

The EU has proposed sweeping changes within the music streaming industry to promote smaller artists and make sure underpaid performers are being fairly compensated. From a report: A resolution to address concerns regarding inadequate streaming royalties for artists and biased recommendation algorithms was adopted by members of the European Parliament (MEPs) on Wednesday, highlighting that no existing EU rules currently apply to music streaming services, despite being the most popular way to consume audio. The proposition was made to ensure European musical works are accessible and avoid being overshadowed by the "overwhelming amount" of content being continually added to streaming platforms like Spotify. MEPs also called for outdated "pre-digital" royalty rates to be revised, noting that some schemes force performers to accept little to no revenue in exchange for greater exposure. Imposing quotas for European musical works is being considered to help promote artists in the EU.

Read more of this story at Slashdot.

Apple has updated its long-standing App Store guidelines, giving developers the option to let users make in-app purchases for iOS apps outside of its App Store. But the changes still haven't won over one of the company's longtime critics. From a report: Under the new rules, app developers can provide customers with links to third-party purchase options for their apps, but they must still pay Apple fees of either 12% or 27%. Spotify, one of Apple's biggest critics, isn't a fan of the changes. In a statement, the music streaming service slammed the new rules. "Once again, Apple has demonstrated that they will stop at nothing to protect the profits they exact on the backs of developers and consumers under their app store monopoly," the company said in a statement. "Their latest move in the US -- imposing a 27% fee for transactions made outside of an app on a developer's website -- is outrageous and flies in the face of the court's efforts to enable greater competition and user choice." Tech columnist John Gruber, writing at DaringFireball: Maybe the cynics are right! Let's just concede that they are, and that Apple will only make decisions here that benefit its bottom line. My argument remains that Apple should not be pursuing this plan for complying with the anti-steering injunction by collecting commissions from web sales that initiate in-app. Whatever revenue Apple would lose to non-commissioned web sales (for non-games) is not worth the hit they are taking to the company's brand and reputationâ--âthis move reeks of greed and avariceâ--ânor the increased ire and scrutiny of regulators and legislators on the "anti-Big-Tech" hunt. Apple should have been looking for ways to lessen regulatory and legislative pressure over the past few years, and in today's climate that's more true than ever. But instead, their stance has seemingly been "Bring it on." Confrontational, not conciliatory, conceding not an inch. Rather than take a sure win with most of what they could want, Apple is seemingly hell-bent on trying to keep everything. To win in chess all you need is to capture your opponent's king. Apple seemingly wants to capture every last piece on the boardâ--âeven while playing in a tournament where the referees (regulators) are known to look askance at blatant poor sportsmanship (greed). Apple's calculus should be to balance its natural desire to book large amounts of revenue from the App Store with policies that to some degree placate, rather than antagonize, regulators and legislators. No matter what the sport, no matter what the letter of the rulebook says, it's never a good idea to piss off the refs.

Read more of this story at Slashdot.

Google News is sometimes boosting sites that rip-off other outlets by using AI to rapidly churn out content, 404 Media claims: From the report: Google told 404 Media that although it tries to address spam on Google News, the company ultimately does not focus on whether a news article was written by an AI or a human, opening the way for more AI-generated content making its way onto Google News. The presence of AI-generated content on Google News signals two things: first, the black box nature of Google News, with entry into Google News' rankings in the first place an opaque, but apparently gameable, system. Second, is how Google may not be ready for moderating its News service in the age of consumer-access AI, where essentially anyone is able to churn out a mass of content with little to no regard for its quality or originality. UPDATE: Engadget argues that "to find such stories required heavily manipulating the search results in Google News," noting that in the cited case, 404 Media's search parameters "are essentially set so that the original stories don't appear." Engadget got this rebuke from Google. "Claiming that these sites were featured prominently in Google News is not accurate - the sites in question only appeared for artificially narrow queries, including queries that explicitly filtered out the date of an original article. "We take the quality of our results extremely seriously and have clear policies against content created for the primary purpose of ranking well on News and we remove sites that violate it." Engadget then wrote, "We apologize for overstating the issue and are including a slightly modified version of the original story that has been corrected for accuracy, and we've updated the headline to make it more accurate."

Read more of this story at Slashdot.

Google News is boosting sites that rip-off other outlets by using AI to rapidly churn out content, 404 Media has found. From the report: Google told 404 Media that although it tries to address spam on Google News, the company ultimately does not focus on whether a news article was written by an AI or a human, opening the way for more AI-generated content making its way onto Google News. The presence of AI-generated content on Google News signals two things: first, the black box nature of Google News, with entry into Google News' rankings in the first place an opaque, but apparently gameable, system. Second, is how Google may not be ready for moderating its News service in the age of consumer-access AI, where essentially anyone is able to churn out a mass of content with little to no regard for its quality or originality.

Read more of this story at Slashdot.

OpenAI on Thursday announced its first partnership with a higher education institution. Starting in February, Arizona State University will have full access to ChatGPT Enterprise and plans to use it for coursework, tutoring, research and more. From a report: The partnership has been in the works for at least six months, when ASU chief information officer Lev Gonick first visited OpenAI's HQ, which was preceded by the university faculty and staff's earlier use of ChatGPT and other artificial intelligence tools, Gonick told CNBC in an interview. ChatGPT Enterprise, which debuted in August, is ChatGPT's business tier and includes access to GPT-4 with no usage caps, performance that's up to two times faster than previous versions and API credits. With the OpenAI partnership, ASU plans to build a personalized AI tutor for students, not only for certain courses but also for study topics. STEM subjects are a focus and are "the make-or-break subjects for a lot of higher education," Gonick said. The university will also use the tool in ASU's largest course, Freshman Composition, to offer students writing help. ASU also plans to use ChatGPT Enterprise to develop AI avatars as a "creative buddy" for studying certain subjects, like bots that can sing or write poetry about biology, for instance.

Read more of this story at Slashdot.

Google researchers say they have evidence that a notorious Russian-linked hacking group -- tracked as "Cold River" -- is evolving its tactics beyond phishing to target victims with data-stealing malware. From a report: Cold River, also known as "Callisto Group" and "Star Blizzard," is known for conducting long-running espionage campaigns against NATO countries, particularly the United States and the United Kingdom. Researchers believe the group's activities, which typically target high-profile individuals and organizations involved in international affairs and defense, suggest close ties to the Russian state. U.S. prosecutors in December indicted two Russian nationals linked to the group. Google's Threat Analysis Group (TAG) said in new research this week that it has observed Cold River ramping up its activity in recent months and using new tactics capable of causing more disruption to its victims, predominantly targets in Ukraine and its NATO allies, academic institutions and non-government organizations. These latest findings come soon after Microsoft researchers reported that the Russia-aligned hacking group had improved its ability to evade detection. In research shared with TechCrunch ahead of its publication on Thursday, TAG researchers say that Cold River has continued to shift beyond its usual tactic of phishing for credentials to delivering malware via campaigns using PDF documents as lures.

Read more of this story at Slashdot.

Google has laid off over a thousand employees across various departments since January 10th. CEO Sundar Pichai's message is to brace for more cuts. The Verge: "We have ambitious goals and will be investing in our big priorities this year," Pichai told all Google employees on Wednesday in an internal memo that was shared with me. "The reality is that to create the capacity for this investment, we have to make tough choices." So far, those "tough choices" have included layoffs and reorganizations in Google's hardware, ad sales, search, shopping, maps, policy, core engineering, and YouTube teams. "These role eliminations are not at the scale of last year's reductions, and will not touch every team," Pichai wrote in his memo -- a reference to when Google cut 12,000 jobs this time last year. "But I know it's very difficult to see colleagues and teams impacted." Pichai said the layoffs this year were about "removing layers to simplify execution and drive velocity in some areas." He confirmed what many inside Google have been fearing: that more "role eliminations" are to come. "Many of these changes are already announced, though to be upfront, some teams will continue to make specific resource allocation decisions throughout the year where needed, and some roles may be impacted," he wrote.

Read more of this story at Slashdot.

When Microsoft announced it was baking ChatGPT into its Bing search engine last February, bullish analysts declared the move an "iPhone moment" that could upend the search market and chip away at Google's dominance. "The entire search category is now going through a sea change," Chief Executive Officer Satya Nadella said at the time. "That opportunity comes very few times." Almost a year later, the sea has yet to change. Bloomberg: The new Bing -- powered by OpenAI's generative AI technology -- dazzled internet users with conversational replies to queries asked in a natural way. But Microsoft's search engine ended 2023 with just 3.4% of the global search market, according to data analytics firm StatCounter, up less than 1 percentage point since the ChatGPT announcement. Bing has long struggled for relevance and attracted more mockery than recognition over the years as a serious alternative to Google. Multiple rebrandings and redesigns since its 2009 debut did little to boost Bing's popularity. A month before Microsoft infused the search engine with generative AI, people were spending 33% less time using it than they had 12 months earlier, according to SensorTower. The ChatGPT reboot at least helped reverse those declines. In the second quarter of 2023, US monthly active users more than doubled year over year to 3.1 million, according to a Bloomberg Intelligence analysis of SensorTower mobile app data. Overall, users were spending 84% more time on the search engine, the data show. By year-end, Bing's monthly active users had increased steadily to 4.4 million, according to SensorTower.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they need to run large language models (LLMs) and to crunch data quickly at massive scale. Between video game processing and AI, demand for GPUs has never been higher, and chipmakers are rushing to bolster supply. In new findings released today, though, researchers are highlighting a vulnerability in multiple brands and models of mainstream GPUs -- including Apple, Qualcomm, and AMD chips -- that could allow an attacker to steal large quantities of data from a GPU's memory. The silicon industry has spent years refining the security of central processing units, or CPUs, so they don't leak data in memory even when they are built to optimize for speed. However, since GPUs were designed for raw graphics processing power, they haven't been architected to the same degree with data privacy as a priority. As generative AI and other machine learning applications expand the uses of these chips, though, researchers from New York -- based security firm Trail of Bits say that vulnerabilities in GPUs are an increasingly urgent concern. "There is a broader security concern about these GPUs not being as secure as they should be and leaking a significant amount of data," Heidy Khlaaf, Trail of Bits' engineering director for AI and machine learning assurance, tells WIRED. "We're looking at anywhere from 5 megabytes to 180 megabytes. In the CPU world, even a bit is too much to reveal." To exploit the vulnerability, which the researchers call LeftoverLocals, attackers would need to already have established some amount of operating system access on a target's device. Modern computers and servers are specifically designed to silo data so multiple users can share the same processing resources without being able to access each others' data. But a LeftoverLocals attack breaks down these walls. Exploiting the vulnerability would allow a hacker to exfiltrate data they shouldn't be able to access from the local memory of vulnerable GPUs, exposing whatever data happens to be there for the taking, which could include queries and responses generated by LLMs as well as the weights driving the response. In their proof of concept, as seen in the GIF below, the researchers demonstrate an attack where a target -- shown on the left -- asks the open source LLM Llama.cpp to provide details about WIRED magazine. Within seconds, the attacker's device -- shown on the right -- collects the majority of the response provided by the LLM by carrying out a LeftoverLocals attack on vulnerable GPU memory. The attack program the researchers created uses less than 10 lines of code. [...] Though exploiting the vulnerability would require some amount of existing access to targets' devices, the potential implications are significant given that it is common for highly motivated attackers to carry out hacks by chaining multiple vulnerabilities together. Furthermore, establishing "initial access" to a device is already necessary for many common types of digital attacks. The researchers did not find evidence that Nvidia, Intel, or Arm GPUs contain the LeftoverLocals vulnerability, but Apple, Qualcomm, and AMD all confirmed to WIRED that they are impacted. Here's what each of the affected companies had to say about the vulnerability, as reported by Wired: Apple: An Apple spokesperson acknowledged LeftoverLocals and noted that the company shipped fixes with its latest M3 and A17 processors, which it unveiled at the end of 2023. This means that the vulnerability is seemingly still present in millions of existing iPhones, iPads, and MacBooks that depend on previous generations of Apple silicon. On January 10, the Trail of Bits researchers retested the vulnerability on a number of Apple devices. They found that Apple's M2 MacBook Air was still vulnerable, but the iPad Air 3rd generation A12 appeared to have been patched. Qualcomm: A Qualcomm spokesperson told WIRED that the company is "in the process" of providing security updates to its customers, adding, "We encourage end users to apply security updates as they become available from their device makers." The Trail of Bits researchers say Qualcomm confirmed it has released firmware patches for the vulnerability. AMD: AMD released a security advisory on Wednesday detailing its plans to offer fixes for LeftoverLocals. The protections will be "optional mitigations" released in March. Google: For its part, Google says in a statement that it "is aware of this vulnerability impacting AMD, Apple, and Qualcomm GPUs. Google has released fixes for ChromeOS devices with impacted AMD and Qualcomm GPUs."

Read more of this story at Slashdot.

In an opinion piece for the Guardian, American journalist and author John R. MacArthur discusses the alarming decline in reading skills among American youth, highlighted by a Department of Education survey showing significant drops in text comprehension since 2019-2020, with the situation worsening since 2012. While remote learning during the pandemic and other factors like screen-based reading are blamed, a new study by Columbia University suggests that reading on paper is more effective for comprehension than reading on screens, a finding not yet widely adopted in digital-focused educational approaches. From the report: What if the principal culprit behind the fall of middle-school literacy is neither a virus, nor a union leader, nor "remote learning"? Until recently there has been no scientific answer to this urgent question, but a soon-to-be published, groundbreaking study from neuroscientists at Columbia University's Teachers College has come down decisively on the matter: for "deeper reading" there is a clear advantage to reading a text on paper, rather than on a screen, where "shallow reading was observed." [...] [Dr Karen Froud] and her team are cautious in their conclusions and reluctant to make hard recommendations for classroom protocol and curriculum. Nevertheless, the researchers state: "We do think that these study outcomes warrant adding our voices ... in suggesting that we should not yet throw away printed books, since we were able to observe in our participant sample an advantage for depth of processing when reading from print." I would go even further than Froud in delineating what's at stake. For more than a decade, social scientists, including the Norwegian scholar Anne Mangen, have been reporting on the superiority of reading comprehension and retention on paper. As Froud's team says in its article: "Reading both expository and complex texts from paper seems to be consistently associated with deeper comprehension and learning" across the full range of social scientific literature. But the work of Mangen and others hasn't influenced local school boards, such as Houston's, which keep throwing out printed books and closing libraries in favor of digital teaching programs and Google Chromebooks. Drunk on the magical realism and exaggerated promises of the "digital revolution," school districts around the country are eagerly converting to computerized test-taking and screen-reading programs at the precise moment when rigorous scientific research is showing that the old-fashioned paper method is better for teaching children how to read. Indeed, for the tech boosters, Covid really wasn't all bad for public-school education: "As much as the pandemic was an awful time period," says Todd Winch, the Levittown, Long Island, school superintendent, "one silver lining was it pushed us forward to quickly add tech supports." Newsday enthusiastically reports: "Island schools are going all-in on high tech, with teachers saying they are using computer programs such as Google Classroom, I-Ready, and Canvas to deliver tests and assignments and to grade papers." Terrific, especially for Google, which was slated to sell 600 Chromebooks to the Jericho school district, and which since 2020 has sold nearly $14bn worth of the cheap laptops to K-12 schools and universities. If only Winch and his colleagues had attended the Teachers College symposium that presented the Froud study last September. The star panelist was the nation's leading expert on reading and the brain, John Gabrieli, an MIT neuroscientist who is skeptical about the promises of big tech and its salesmen: "I am impressed how educational technology has had no effect on scale, on reading outcomes, on reading difficulties, on equity issues," he told the New York audience. "How is it that none of it has lifted, on any scale, reading? ... It's like people just say, "Here is a product. If you can get it into a thousand classrooms, we'll make a bunch of money.' And that's OK; that's our system. We just have to evaluate which technology is helping people, and then promote that technology over the marketing of technology that has made no difference on behalf of students ... It's all been product and not purpose." I'll only take issue with the notion that it's "OK" to rob kids of their full intellectual potential in the service of sales -- before they even get started understanding what it means to think, let alone read.

Read more of this story at Slashdot.

With NASA's Artemis moon program now targeting September 2025 for its Artemis 2 mission and September 2026 for Artemis 3, some members of Congress are concerned about the potential repercussions, particularly with China's growing ambitions in lunar exploration. "For the United States and its partners not to be on the moon when others are on the moon is unacceptable," said Mike Griffin, former NASA administrator. "We need a program that is consistent with that theme. Artemis is not that program. We need to restart it, not keep it on track." Space.com reports: The U.S. House of Representatives' Committee on Science, Space and Technology held a hearing about the new Artemis plan today (Jan. 17), and multiple members voiced concern about the slippage. "I remind my colleagues that we are not the only country interested in sending humans to the moon," Committee Chairman Frank Lucas (R-OK) said in his opening remarks. "The Chinese Communist Party is actively soliciting international partners for a lunar mission -- a lunar research station -- and has stated its ambition to have human astronauts on the surface by 2030," he added. "The country that lands first will have the ability to set a precedent for whether future lunar activities are conducted with openness and transparency, or in a more restricted manner." The committee's ranking member, California Democrat Zoe Lofgren (D-CA), voiced similar sentiments. "Let me be clear: I support Artemis," she said in her opening remarks. "But I want it to be successful, especially with China at our heels. And we want to be helpful here in the committee in ensuring that Artemis is strong and staying on track as we look to lead the world, hand-in-hand with our partners, in the human exploration of the moon and beyond." Several other committee members stressed that the new moon race is part of a broader competition with China, and that coming in second could imperil U.S. national security. "It's no secret that China has a goal to surpass the United States by 2045 as global leaders in space. We can't allow this to happen," Rich McCormick (R-GA) said during the hearing. "I think the leading edge that we have in space technology will protect the United States -- not just the economy, but technologies that can benefit humankind." And Bill Posey (R-FL) referred to space as the "ultimate military high ground," saying that whoever leads in the final frontier "will control the destiny of this Earth."

Read more of this story at Slashdot.

Before RESTful web services and JSON as a serialization format, XML was going to conquer the world. Circa 2001, I remember going to user's groups only to hear about how XML was going to allow legacy mainframes to be connected to modern applications (without discussing the fact that the legacy mainframe still needed maintenance and code support). These days, XML is (nearly) dead, and lighter-weight markup languages have replaced it, including JSON.

Which brings us to this method, from Chris:

public string GetResultsAsJSON() { return base.XmlResultText; }

This does, in fact, return a JSON string.

It's a delightful mix of stringly typed data (XML and JSON, I think we can agree, are different types), legacy code not being fully modernized, and fields being re-used. The exact kind of code you see in a codebase you inherit, you groan and grumble about, and then you pinch your nose and get back to work, because you know there are things that are much more urgent than fixing this.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

An anonymous reader quotes a report from BleepingComputer: Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware. Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to breach accounts on other sites. Information-stealing malware attempts to steal a wide variety of data from an infected computer, including credentials saved in browsers, VPN clients, and FTP clients. This type of malware also attempts to steal SSH keys, credit cards, cookies, browsing history, and cryptocurrency wallets. The stolen data is collected in text files and images, which are stored in archives called "logs." These logs are then uploaded to a remote server to be collected later by the attacker. Regardless of how the credentials are stolen, they are then used to breach accounts owned by the victim, sold to other threat actors on cybercrime marketplaces, or released for free on hacker forums to gain reputation amongst the hacking community. The Naz.API is a dataset allegedly containing over 1 billion lines of stolen credentials compiled from credential stuffing lists and from information-stealing malware logs. It should be noted that while the Naz.API dataset name includes the word "Naz," it is not related to network attached storage (NAS) devices. This dataset has been floating around the data breach community for quite a while but rose to notoriety after it was used to fuel an open-source intelligence (OSINT) platform called illicit.services. This service allows visitors to search a database of stolen information, including names, phone numbers, email addresses, and other personal data. The service shut down in July 2023 out of concerns it was being used for Doxxing and SIM-swapping attacks. However, the operator enabled the service again in September. Illicit.services use data from various sources, but one of its largest sources of data came from the Naz.API dataset, which was shared privately among a small number of people. Each line in the Naz.API data consists of a login URL, its login name, and an associated password stolen from a person's device, as shown [here]. "Here's the back story: this week I was contacted by a well-known tech company that had received a bug bounty submission based on a credential stuffing list posted to a popular hacking forum," explained Troy Hunt, the creator of Have I Been Pwned, in blog post. "Whilst this post dates back almost 4 months, it hadn't come across my radar until now and inevitably, also hadn't been sent to the aforementioned tech company." "They took it seriously enough to take appropriate action against their (very sizeable) user base which gave me enough cause to investigate it further than your average cred stuffing list." To check if your credentials are in the Naz.API dataset, you can visit Have I Been Pwned.

Read more of this story at Slashdot.

"The ambient light sensors present in most mobile devices can be accessed by software without any special permissions, unlike permissions required for accessing the microphone or the cameras," writes longtime Slashdot reader BishopBerkeley. "When properly interrogated, the data from the light sensor can reveal much about the user." IEEE Spectrum reports: While that may not seem to provide much detailed information, researchers have already shown these sensors can detect light intensity changes that can be used to infer what kind of TV programs someone is watching, what websites they are browsing or even keypad entries on a touchscreen. Now, [Yang Liu, a PhD student at MIT] and colleagues have shown in a paper in Science Advances that by cross-referencing data from the ambient light sensor on a tablet with specially tailored videos displayed on the tablet's screen, it's possible to generate images of a user's hands as they interact with the tablet. While the images are low-resolution and currently take impractically long to capture, he says this kind of approach could allow a determined attacker to infer how someone is using the touchscreen on their device. [...] "The acquisition time in minutes is too cumbersome to launch simple and general privacy attacks on a mass scale," says Lukasz Olejnik, an independent security researcher and consultant who has previously highlighted the security risks posed by ambient light sensors. "However, I would not rule out the significance of targeted collections for tailored operations against chosen targets." But he also points out that, following his earlier research, the World Wide Web Consortium issued a new standard that limited access to the light sensor API, which has already been adopted by browser vendors. Liu notes, however, that there are still no blanket restrictions for Android apps. In addition, the researchers discovered that some devices directly log data from the light sensor in a system file that is easily accessible, bypassing the need to go through an API. The team also found that lowering the resolution of the images could bring the acquisition times within practical limits while still maintaining enough detail for basic recognition tasks. Nonetheless, Liu agrees that the approach is too complicated for widespread attacks. And one saving grace is that it is unlikely to ever work on a smartphone as the displays are simply too small. But Liu says their results demonstrate how seemingly harmless combinations of components in mobile devices can lead to surprising security risks.

Read more of this story at Slashdot.