OpenAI said in a letter that it supports California bill AB 3211, which requires tech companies to label AI-generated content. Reuters reports: San Francisco-based OpenAI believes that for AI-generated content, transparency and requirements around provenance such as watermarking are important, especially in an election year, according to a letter sent to California State Assembly member Buffy Wicks, who authored the bill. "New technology and standards can help people understand the origin of content they find online, and avoid confusion between human-generated and photorealistic AI-generated content," OpenAI Chief Strategy Officer Jason Kwon wrote in the letter, which was reviewed by Reuters. AB 3211 has already passed the state Assembly by a 62-0 vote. Earlier this month it passed the senate appropriations committee, setting it up for a vote by the full state Senate. If it passes by the end of the legislative session on Aug. 31, it would advance to Governor Gavin Newsom to sign or veto by Sept. 30.

Read more of this story at Slashdot.

Apple is expected to launch the iPhone 16 lineup on September 9th, 2024, at 1PM ET / 10AM PT. The tech giant sent out invitations to the event today with the tagline: "It's Glowtime" -- a reference to the redesigned Siri with Apple Intelligence. The Verge reports: The big change to the iPhone 16 and 16 Plus is expected to be a switch to a vertically aligned camera system on the back. (If the final phones look like what we've seen on iPhone 16 dummy units, I'm already a big fan of this change.) The iPhone 16 Pro and 16 Pro Max phones might get bigger screens but are rumored to keep Apple's familiar three-camera layout. Those phones could also come in a new bronze color. All four iPhone 16 models are expected to have the Action Button, which was exclusive to the Pro line with the iPhone 15. Apple's new iPhones may also have a new button dedicated to capturing photos and videos, but it's unclear if that will be a Pro-exclusive feature or will be available on the regular iPhone 16 models as well. AI and the company's Apple Intelligence features will likely be a big part of Apple's event, too.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Financial Times: Ikea is taking on the likes of eBay, Craigslist, and Gumtree with a peer-to-peer marketplace for customers to sell secondhand furniture to each other. Ikea Preowned will be tested in Madrid and Oslo until the end of the year with the aim of rolling out the buying and selling platform globally, according to Jesper Brodin, chief executive of Ingka, the main operator of Ikea stores. [...] Ikea has had a small offering under which it buys used furniture from customers and resells it in store. But the new platform is more ambitious, aiming to tackle the secondhand market for customers selling directly to each other -- an area where Brodin estimates Ikea has a higher market share than in new furniture sales. Customers enter their product, their own pictures, and a selling price, while Ikea's own artificial intelligence-enabled database brings in its own promotional images and measurements. The buyer collects the furniture directly from the seller, who has the option of receiving money or a voucher from Ikea with a 15 percent bonus. "Very often there is a monopoly or oligopoly on platforms that operate," said Brodin, talking about eBay or digital classified ad services such as Gumtree in the UK and Finn in Norway. Finn has 8,700 items from Ikea listed in Oslo alone. Early offerings on Ikea Preowned include large items such as sofas for up to $670 (600 euros) and wardrobes for $500 (450 euros) as well as smaller items such as a toilet roll holder for $4.50 (4 euros). Listings are free, but Brodin said Ikea could eventually charge "a symbolic fee, a humble fee." He added: "We're going to verify the full scope including the economics. If a lot of people use the offer to get a discount with Ikea -- it's a good way to reconnect with customers. I am very curious. I think it makes business sense." Ikea has previously tested selling its new furniture on third-party platforms such as Alibaba's Tmall in China, but the Preowned platform marks its first foray into secondhand marketplaces. It also dovetails with the retailer's wish to become "circular and climate positive" by 2030.

Read more of this story at Slashdot.

An anonymous reader shares a report: OpenAI lacks advanced security and customer support. It's just a research company, not an established cloud provider. The ChatGPT-maker is not focused enough on corporate customers. These are just some of the talking points Amazon Web Services' salespeople are told to follow when dealing with customers using, or close to buying, OpenAI's products, according to internal sales guidelines obtained by Business Insider. Other talking points from the documents include OpenAI's lack of access to third-party AI models and weak enterprise-level contracts. AWS salespeople should dispel the hype around AI chatbots like ChatGPT, and steer the conversation toward AWS's strength of running the cloud infrastructure behind popular AI services, the guidelines added. [...] The effort to criticize OpenAI is also unusual for Amazon, which often says it's so customer-obsessed that it pays little attention to competitors. This is the latest sign that suggests Amazon knows it has work to do to catch up in the AI race. OpenAI, Microsoft, and Google have taken an early lead and could become the main platforms where developers build new AI products and tools. Though Amazon created a new AGI team last year, the company's existing AI models are considered less powerful than those made by its biggest competitors. Instead, Amazon has prioritized selling AI tools like Bedrock, which gives customers access to third-party AI models. AWS also offers cloud access to in-house AI chips that compete with Nvidia GPUs, with mixed results so far.

Read more of this story at Slashdot.

Pavel Durov, the Russian-born billionaire co-founder of the Telegram messaging app, was arrested in France in connection with an investigation into criminal activity on the platform and a lack of cooperation with law enforcement, prosecutors announced on Monday. From a report: Durov, who has French citizenship, was detained at Le Bourget airport, just outside Paris, on Saturday evening after arriving from Azerbaijan on his private jet. His surprise arrest has sparked debate over free speech worldwide and led to an outcry in Moscow. The Paris prosecutor Laure Beccuau said the investigation concerned crimes related to illicit transactions, child sexual abuse, fraud and the refusal to communicate information to authorities. Earlier in the day the French president, Emmanuel Macron, gave the first confirmation that Durov had been arrested as part of a judicial inquiry in relation to Telegram. "In a state governed by the rule of law, freedoms are upheld within a legal framework, both on social media and in real life, to protect citizens and respect their fundamental rights," Macron wrote on X, adding that the arrest was "in no way a political decision." "It is up to the judiciary, in full independence, to enforce the law," he said. A senior official at Ofmin, a French agency set up last year to prevent violence against children, said Durov's arrest was linked to Telegram's failure to properly fight crime on the app, including the spread of child sexual abuse material.

Read more of this story at Slashdot.

Car buyers are increasingly skeptical of advanced automotive technologies, a new JD Power survey reveals. The study found that while drivers appreciate practical innovations like blind spot monitoring, they see little value in features such as automatic parking systems and passenger-side infotainment screens. The survey measured user experiences with new vehicle technologies. Results show that systems partially automating driving tasks had low perceived usefulness, aligning with recent Insurance Institute for Highway Safety data indicating no safety improvements from such features. The survey identified AI-based smart climate control as popular among users. However, facial recognition, fingerprint scanners, and gesture controls were largely viewed negatively.

Read more of this story at Slashdot.

Millions of Australians just got official permission to ignore their bosses outside of working hours, thanks to a new law enshrining their "right to disconnect." From a report: The law doesn't strictly prohibit employers from calling or messaging their workers after hours. But it does protect employees who "refuse to monitor, read or respond to contact or attempted contact outside their working hours, unless their refusal is unreasonable," according to the Fair Work Commission, Australia's workplace relations tribunal. That includes outreach from their employer, as well as other people "if the contact or attempted contact is work-related." The law, which passed in February, took effect on Monday for most workers and will apply to small businesses of fewer than 15 people starting in August 2025. It adds Australia to a growing list of countries aiming to protect workers' free time. "It's really about trying to bring back some work-life balance and make sure that people aren't racking up hours of unpaid overtime for checking emails and responding to things at a time when they're not being paid," said Sen. Murray Watt, Australia's minister for employment and workplace relations. The law doesn't give employees a complete pass, however.

Read more of this story at Slashdot.

theodp writes: Typos happen to the best of us, but spelling still counts when it comes to software development. So, it's kind of surprising to see that both Amazon CEO Andy Jassy and former AWS CEO Adam Selipsky failed to notice an embarrassing typo in a demo video they offered to their millions of followers on social media as evidence of Amazon Q AI's Java upgrade capabilities, which Amazon has been trumpeting for months in SEC filings, shareholder communication, and Amazon's latest earnings call with Wall Street analysts. Just 37 seconds into the demo of the software that Amazon says saved it 4,500 developer-years of work and provided an additional $260M in annualized efficiency gains, Amazon Q kicks off the Java upgrade conversation by saying, "I can help you upgrade your Jave [sic] 8 and 11 codebases to Java 17." The embarrassing misspelling did prompt Twitter user @archo5dev to alert Jassy to the typo, but there's been no response yet from Jassy, who boasted that Amazon developers were unable to find any mistakes in Q's work in "79% of the auto-generated code reviews." It's probably worth noting that both Jassy and Selipsky opted to showcase a drop-dead simple demo of Amazon Q Code Transformation rather than some of the lengthier and less-magical demos of the product.

Read more of this story at Slashdot.

President Emmanuel Macron said Monday that the French government was not involved in the arrest of Telegram founder and CEO Pavel Durov. From a report: "The arrest of Telegram's president on French territory took place as part of an ongoing judicial investigation. This is in no way a political decision. It is up to the judges to decide," Macron said. Durov was detained Saturday night after his private jet arrived in Paris. The Paris prosecutor has not yet communicated the reasons for the arrest of Durov, who founded the messaging app in 2013. The tech chief currently remains in policy custody. The arrest follows probes "accusing Telegram of being complicit in numerous affairs linked to drug trafficking, apology for terrorism and cyberbullying," French daily Le Monde reported. In a statement, Telegram said that its CEO -- a Russian-born French-Emirati citizen -- had "nothing to hide" and that the company abided by EU law. [...] "More than anything else, France is committed to freedom of expression and communication, innovation and entrepreneurship," Macron said Monday. "In a state governed by the rule of law, on social networks as in real life, freedoms are exercised within a framework established by law to protect citizens and respect their fundamental rights."

Read more of this story at Slashdot.

IBM is the latest American company to downsize its presence in China amid heightened tensions between Washington and Beijing. From a report: China's efforts to decrease its dependence on the West have ratcheted up local market competition -- and U.S. tech giants including Microsoft are looking elsewhere to house their operations. IBM will shut down its research and development department in China, impacting about 1,000 jobs, multiple outlets reported Monday. The Chinese government has encouraged domestic companies to overtake and push out U.S. tech dominance out of the country in a bid for self-sufficiency in the sector, the Wall Street Journal reported earlier this year. IBM has faced mounting competition in China in recent years, IBM executive Jack Hergenrother told employees virtually Monday, per the Journal. IBM reportedly plans to move its R&D operations to other overseas facilities. According to the company's 2023 annual report released earlier this year, the company saw its revenue in China drop 19.6% last year.

Read more of this story at Slashdot.

Messaging app Telegram has said its CEO Pavel Durov, who was detained in France on Saturday, has "nothing to hide." From a report: Mr Durov was arrested at an airport north of Paris under a warrant for offences related to the app, according to officials. The investigation is reportedly about insufficient moderation, with Mr Durov accused of failing to take steps to curb criminal uses of Telegram. The app is accused of failure to co-operate with law enforcement over drug trafficking, child sexual content and fraud. Telegram said in a statement that "its moderation is within industry standards and constantly improving." The app added: "It is absurd to claim that a platform or its owner are responsible for abuse of that platform." Telegram said Mr Durov travels in Europe frequently and added that it abides by European Union laws, including the Digital Services Act, which aims to ensure a safe and accountable online environment. "Almost a billion users globally use Telegram as means of communication and as a source of vital information," the app's statement read. "We're awaiting a prompt resolution of this situation. Telegram is with you all." Judicial sources quoted by AFP news agency say Mr Durov's detention was extended on Sunday and could last as long as 96 hours.

Read more of this story at Slashdot.

This weekend NASA said they'd turn to SpaceX to return two astronauts from the International Space Station, notes the Associated Press, "rather than risk using the Boeing Starliner capsule that delivered them." (They add that Boeing's capsule "has been plagued by problems with its propulsion system.") But Reuters reported that even before the setback, Boeing and Lockheed Martin were "in talks to sell their rocket-launching joint venture United Launch Alliance to Sierra Space, two people familiar with the discussions said." A deal to sell ULA, a major provider of launch services to the U.S. government and a top rival to Elon Musk's SpaceX, would mark a significant shift in the U.S. space launch industry as ULA separates from two of the largest defense contractors to a smaller, privately held firm. The potential sale comes after years of speculation about ULA's future and failed attempts to divest the joint venture over the past decade. In 2019, Boeing and Lockheed Martin reportedly explored selling ULA but couldn't agree on terms with potential buyers... Jeff Bezos' Blue Origin and Cerberus Capital Management had placed bids in early 2023 for the company, according to people familiar with the negotiations. Rocket Lab had also expressed interest, two people said. None of those discussions led to a deal... A potential deal could accelerate deployment of [Sierra Space's] crewed spaceflight business, analysts said. A ULA acquisition, they said, would give the company in-house access to launch vehicles that could send its spaceplane and space-station components into Earth's orbit, rather than spending hundreds of millions of dollars for those launches as a customer... ULA has faced challenges in scaling Vulcan production and upping its launch rate to meet commercial demand and fulfill contract obligations with the Space Force, which in 2021 picked Vulcan for a sizable chunk of national security missions alongside SpaceX's Falcon fleet. A sale of ULA would unshackle the company from Boeing and Lockheed, whose boards have long resisted ideas from ULA to expand the business beyond rockets and into new competitive markets such as lunar habitats or maneuverable spacecraft, according to former executives. While Reuters's sources say the negotiations could still end without a deal, they also said ULA could be valued between $2 billion and $3 billion, giving Boeing some cash while shifting its focus to its core businesses of aerospace and defense. Thanks to long-time Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

Google may be the most successful company in the world. But a Washington Post reporter argues that Google "makes you largely responsible for dodging the criminals who are hurting legitimate businesses and swindling people." On Monday, I found what appeared to be impostors of customer service for Delta and Coinbase, the cryptocurrency company, in the "People also ask" section high up in Google. A group of people experienced in Google's intricacies also said this week that it took about 22 minutes to fool Google into highlighting a bogus business phone number in a prominent spot in search results... If you look at the two impostor phone numbers in Google for Delta and Coinbase, there are red flags. There are odd fonts and a website below the bogus numbers that wasn't for either company. (I notified Google about the apparent scams on Monday and I still saw them 24 hours later.) The correct customer help numbers did appear at the very top, and Google says businesses have clear instructions to make their customer service information visible to people searching Google. The larger issue is "a persistent pattern of bad guys finding ways to trick Google into showing scammers' numbers for airlines, hotels, local repair companies, banks or other businesses." The toll can be devastating when people are duped by these bogus business numbers. Fortune recently reported on a man who called what a Google listing said was Coinbase customer support, and instead it was an impostor who Fortune said tricked the man and stole $100,000... Most of the time, you will find correct customer service numbers by Googling. But the company doesn't say how often people are tricked out of time and money by bogus listings — nor why Google can't stop the scams from recurring. The article makes two points. Google says when they identify listings violating their rules, they move quickly against them. "Impostor numbers pop up so persistently that I am once again begging you to be wary of Google or Google Maps listings for business phone numbers... You still might see bogus phone numbers in some spots in Google. And if you're stressed trying to find help with a flight or a financial problem, you might overlook warning signs. Scams work because humans make errors in judgment, especially when we're confused or panicky. And business impostors aren't always obvious."

Read more of this story at Slashdot.

Today's anonymous submitter, who we'll call Sally, works on medical devices. As you can imagine, the development process for such devices is very strict. I mean, it should be, but we know that the industry has problems.

Unfortunately for Sally, one of those problems is the tech lead on a project she is inheriting. Said tech lead is leaving, and Sally is coming on to replace them. The project is in C#, and Sally is the most experience with the language, making her the obvious choice to step in.

Now, the current tech lead had some concerns about the development cycle. You see, the whole process of writing code, compiling code, deploying that code onto hardware, and then running the code just took too darn long. If you wanted to iterate as fast as possible, you needed to skip some of those steps.

internal static Action<InstrumentState> Compile(IEnumerable<Configuration.Rule> rules) { var code = string.Format(@" using System; using SomeCompany.SomeProject.Instrument; using SomeCompany.SomeProject.Instrument.State.Actions; using ConsoleState = StateMachine.Types.State; namespace SomeCompany.SomeProject.Instrument.State.Reducers {{ public class Script {{ private static bool _done; private static void Done() {{ _done = true; }} public static void Execute(InstrumentState state) {{ _done = false; {0} }} {1} }} }} " , string.Join(Environment.NewLine, rules.Select((i, o) => string.Format(@" if (!_done) {{ rule{0}(state); }} ", o))) , string.Join(Environment.NewLine, rules.Select((i, o) => string.Format(@" private static void rule{0}(InstrumentState state) {{ if ({1}) {{ {2} }} }}", o, i.Trigger, string.Join(Environment.NewLine, i.Actions)))) ); var types = new[] { typeof(Console), typeof(InstrumentState), typeof(ErrorEventAction), typeof(ComponentId), typeof(global::StateMachine.Types.State) }; var refs = types.Select(h => MetadataReference.CreateFromFile(h.Assembly.Location) as MetadataReference).ToList(); //some default refeerences refs.Add(MetadataReference.CreateFromFile(Path.Combine(Path.GetDirectoryName(typeof(System.Runtime.GCSettings).GetTypeInfo().Assembly.Location), "System.Runtime.dll"))); refs.Add(MetadataReference.CreateFromFile(typeof(Object).Assembly.Location)); var parse = CSharpSyntaxTree.ParseText(code); var assyName = Guid.NewGuid().ToString(); var options = new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary, allowUnsafe: true, optimizationLevel: OptimizationLevel.Release); var compilation = CSharpCompilation.Create(assyName, new List<SyntaxTree> { parse }, refs, options); var state = Expression.Parameter(typeof(InstrumentState), "state"); Action<InstrumentState> y = (_) => { }; using (var stream = new MemoryStream()) { var result = compilation.Emit(stream); if (!result.Success) { var compilationErrors = result.Diagnostics.Where(diagnostic => diagnostic.IsWarningAsError || diagnostic.Severity == DiagnosticSeverity.Error) .ToList(); if (compilationErrors.Any()) { var firstError = compilationErrors.First(); var errorNumber = firstError.Id; var errorDescription = firstError.GetMessage(); var firstErrorMessage = $"{errorNumber}: {errorDescription};"; var exception = new Exception($"Compilation failed, first error is: {firstErrorMessage}"); compilationErrors.ForEach(e => { if (!exception.Data.Contains(e.Id)) exception.Data.Add(e.Id, e.GetMessage()); }); throw exception; } } else { stream.Seek(0, SeekOrigin.Begin); var assy = AssemblyLoadContext.Default.LoadFromStream(stream); var type = assy.GetType("SomeCompany.SomeProject.Instrument.State.Reducers.Script"); y = Expression.Lambda<Action<InstrumentState>>(Expression.Call(type.GetMethod("Execute"), state), state).Compile(); } } return y; }

You know when the first line creates a variable code and it holds C# code, you're in for a time.

The first block of code here does a lot. It queries the rules object- a reference to our settings database- to generate a series of rule{0} functions, where the {0} is some name. The body of the function has a condition on i.Trigger (ensuring this rule only applies sometimes) and then has a body defined by i.Actions, which is just C# code living in our data source.

We then populate an Execute function with calls to every rule{0} function we generated. These themselves are further gated by a _done check, meaning it's possible for some rules to abort the processing of further rules.

The rest of the code here is a set of interactions with the C# compiler. We parse and compile the C# code that we just munged together through string concatenation, emit that compiled data into an in-memory stream, and if it succeeds in compilation, we create a C# assembly based off that stream. That is to say, we generate and execute a library without leaving anything on the filesystem for further review. It all exists purely in memory.

We then generate a lambda which calls the Execute function in that newly generate library, and return it, so that other callers can now use it.

There are so many things wrong with this. Setting aside the code generation, the code that gets generated is complicated: a chain of statements where each has its own dedicated trigger condition and may be skipped based on a done flag. Just trying to analyze that for any non-trivial set of rules is hard.

The code generation, however, is the real WTF. First, they were using a set of static analysis tools to try and maximize code safety. None of the code living in the settings database went through that. Second, the settings database was editable by customers. Doctors were expected to edit it. The very idea that you could change the code running on the device by editing the Settings database was a huge "No!" But the bonus of doing this all in memory means that if there were a breach, it'd be trivially easy for an attacker to cover their tracks.

Now, there was no malice on the part of the tech lead. This was all just for personal convenience to speed up iterating on the code. It wasn't an intentional security flaw- it was just clever.

Sally raised this to her boss. He sighed, put his head in his hands, and was silent for a long moment. "We just signed off on doing pen-testing last week. They're going to destroy us."

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

To build the massive datacenters generative AI requires, major companies like Amazon and Microsoft "are going nuclear," reports CIO magazine. AWS: Earlier this year, AWS paid $650 million to purchase Talen Energy's Cumulus Data Assets, a 960-megawatt nuclear-powered data center on site at Talen's Susquehanna, Pennsylvania, nuclear plant, with additional data centers planned — pending approval by the Nuclear Regulatory Agency... In addition to its purchase of the Cumulus data center, AWS will have access to nuclear energy as part of a 10-year Power Purchase Agreement (PPA) from the Susquehanna site. Microsoft: Last year, Constellation signed a deal giving Microsoft the rights to receive up to 35% of its power from nuclear sources in addition to its existing solar and wind purchases from Constellation for Microsoft's Boydton, Va., data center. Microsoft has also signed a nuclear carbon credits deal with Ontario Power Generation for its operations in Canada. The broader industry: Many of the deals under discussion are with existing nuclear power providers for hyperscalars [large-scale datacenters] to access energy or to employ small module nuclear reactors (SMRs) with smaller carbon footprints that will be annexed to existing nuclear power plants. Nucor, Oklo, Rolls-Royce SMR, Westinghouse Electric, Moltex Energy, Terrestrial Energy, General Electric, Hitachi Nuclear Energy, and X-energy are among the roster of companies with SMRs under development to meet the growing needs of AI data centers... One energy analyst does not expect nuclear SMRs to be operational until 2030, yet he and many others acknowledge the need for sustainable, carbon-free alternatives to electricity, wind, and solar is very pressing. "Today's electric grids are struggling to keep up with demand, even as datacenter companies are planning huge new additions to their fleets to power generative AI applications. As a result, companies like Google, Amazon, and Microsoft are increasingly taking matters into their own hands and getting creative. They are now looking at on-site nuclear-based SMRs, and even fusion reactors," says Peter Kelly-Detwiler, principal of Northbridge Energy Partners. "This global arms race for power arose pretty quickly, and it's like nothing we have ever seen before." Thanks to Slashdot reader snydeq for sharing the news.

Read more of this story at Slashdot.

America's Department of Energy has three R&D labs, according to Wikipedia, one of which is Sandia National Labs. And that New Mexico-based lab has just announced that "A milestone in quantum sensing is drawing closer, promising exquisitely accurate, GPS-free navigation." with research into "a motion sensor so precise it could minimize the nation's reliance on global positioning satellites." Until recently, such a sensor — a thousand times more sensitive than today's navigation-grade devices — would have filled a moving truck. But advancements are dramatically shrinking the size and cost of this technology. For the first time, researchers from Sandia National Laboratories have used silicon photonic microchip components to perform a quantum sensing technique called atom interferometry, an ultra-precise way of measuring acceleration. It is the latest milestone toward developing a kind of quantum compass for navigation when GPS signals are unavailable. The team published its findings and introduced a new high-performance silicon photonic modulator — a device that controls light on a microchip — as the cover story in the journal Science Advances... The new modulator is the centerpiece of a laser system on a microchip. Rugged enough to handle heavy vibrations, it would replace a conventional laser system typically the size of a refrigerator... Besides size, cost has been a major obstacle to deploying quantum navigation devices. Every atom interferometer needs a laser system, and laser systems need modulators. "Just one full-size single-sideband modulator, a commercially available one, is more than $10,000," said Sandia scientist Jongmin Lee. Miniaturizing bulky, expensive components into silicon photonic chips helps drive down these costs. "We can make hundreds of modulators on a single 8-inch wafer and even more on a 12-inch wafer," Kodigala said. And since they can be manufactured using the same process as virtually all computer chips, "This sophisticated four-channel component, including additional custom features, can be mass-produced at a much lower cost compared to today's commercial alternatives, enabling the production of quantum inertial measurement units at a reduced cost," Lee said. As the technology gets closer to field deployment, the team is exploring other uses beyond navigation. Researchers are investigating whether it could help locate underground cavities and resources by detecting the tiny changes these make to Earth's gravitational force. They also see potential for the optical components they invented, including the modulator, in LIDAR, quantum computing, and optical communications. Thanks to Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

SecurityWeek reports: A significant backdoor in millions of contactless cards made by China-based Shanghai Fudan Microelectronics Group allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world. French security services firm Quarkslab has made an eye-popping discovery... Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, researcher Philippe Teuwen explained in a paper. Thanks to Slashdot reader wiredmikey for sharing the article.

Read more of this story at Slashdot.

A university in Taiwan was breached with "a previously unseen backdoor (Backdoor.Msupedge) utilizing an infrequently seen technique," Symantec reports. The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic... The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution... Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven... The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution. Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown. More from The Record: Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools. Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said. Additional coverage at The Hacker News. Thanks to Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities. Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern '%%target%%', which may indicate that the scan is meant to include additional path components but the expansion of the template failed. The scans were not only identified by the unique user agent but also by the origin IP addresses matching addresses OpenAI published as being used for OpenAI actions. OpenAI actions allow OpenAI to connect to external APIs. Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu, wrote that OpenAI seems to be scanning random IP addresses — including honeypots.

Read more of this story at Slashdot.

Long-time Slashdot reader mmell writes: Recent reports have indicated a near-complete collapse in the population of Snow Crabs in the Bering Sea. Scientists with the US Government's National Oceanographic and Atmospheric Administration have concluded that warming in the environment has led to vast numbers of snow crabs starving to death. There has been a lot of back-and-forth, a lot of argument on whether or how much humanity has had an effect on the fundamental ecology of our planet... Here is a fine example of anthropogenic change to the planet's weather, ecosystems and even the planet's very ability to feed us. From the government's findings on the NOAA web site: What is particularly noteworthy is these boreal conditions associated with the snow crab collapse are more than 200 times likely to occur in the present climate (1.0 –1.5 of warming rate) than in the preindustrial era," said Mike Litzow, lead author and director of the Alaska Fisheries Science Center's Kodiak Lab. âoeEven more concerning is that Arctic conditions conducive for snow crabs to retain their dominant role in the southeastern Bering Sea are expected to continue to decline in the future.â [...] Litzow and his team expect to see Arctic conditions in only 8 percent of future years in the southeastern Bering Sea. The warmer temperatures brought existential threats including including a fatal disease and more crab-eating predators, their study found. CNN reports that the crabs' "horrific demise appears to be just one impact of the massive transition unfolding in the region, scientists reported... Parts of the Bering Sea are literally becoming less Arctic." Billions of crabs ultimately starved to death, devastating Alaskaâ(TM)s fishing industry in the years that followed... The decline of the Alaskan snow crab signals a wider ecosystem change in the Arctic, as oceans warm and sea ice disappears. The ocean around Alaska is now becoming inhospitable for several marine species, including red king crab and sea lions, experts say... The Arctic region has warmed four times faster than the rest of the planet, scientists have reported. Litzow called whatâ(TM)s happening in the Bering Sea a âoebellwetherâ of whatâ(TM)s to come. âoeAll of us need to recognize the impacts of climate change,â he said.

Read more of this story at Slashdot.