Australia's spy chief has warned that defense workers are exposing themselves to foreign intelligence services through LinkedIn profiles that detail classified projects and security clearances. Director-General Mike Burgess said over 35,000 Australians on the platform indicate access to sensitive information, with 7,000 mentioning defense work and 400 listing involvement in the AUKUS nuclear submarine program. Foreign spies routinely scour professional networking sites posing as consultants and recruiters, Burgess said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: It's a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain "https://chatgpt.com/share," you can find strangers' conversations with ChatGPT. Sometimes, these shared conversation links are pretty dull — people ask for help renovating their bathroom, understanding astrophysics, and finding recipe ideas. In another case, one user asks ChatGPT to rewrite their resume for a particular job application (judging by this person's LinkedIn, which was easy to find based on the details in the chat log, they did not get the job). Someone else is asking questions that sound like they came out of an incel forum. Another person asks the snarky, hostile AI assistant if they can microwave a metal fork (for the record: no), but they continue to ask the AI increasingly absurd and trollish questions, eventually leading it to create a guide called "How to Use a Microwave Without Summoning Satan: A Beginner's Guide." ChatGPT does not make these conversations public by default. A conversation would be appended with a "/share" URL only if the user deliberately clicks the "share" button on their own chat and then clicks a second "create link" button. The service also declares that "your name, custom instructions, and any messages you add after sharing stay private." After clicking through to create a link, users can toggle whether or not they want that link to be discoverable. However, users may not anticipate that other search engines will index their shared ChatGPT links, potentially betraying personal information (my apologies to the person whose LinkedIn I discovered). According to ChatGPT, these chats were indexed as part of an experiment. "ChatGPT chats are not public unless you choose to share them," an OpenAI spokesperson told TechCrunch. "We've been testing ways to make it easier to share helpful conversations, while keeping users in control, and we recently ended an experiment to have chats appear in search engine results if you explicitly opted in when sharing." A Google spokesperson also weighed in, telling TechCrunch that the company has no control over what gets indexed. "Neither Google nor any other search engine controls what pages are made public on the web. Publishers of these pages have full control over whether they are indexed by search engines."

Read more of this story at Slashdot.

Reddit wants to become a full-fledged search engine, leveraging its vast repository of human-generated content and expanding its AI-powered Reddit Answers tool. In its latest note (PDF) to investors, CEO Steve Huffman says the company is "concentrating our resources on the areas that will drive results for our most pressing needs," including "making Reddit a go-to search engine." The Verge reports: Huffman says that "every week, hundreds of millions of people come to Reddit looking for advice, and we're turning more of that intent into active users of Reddit's native search." Reddit's core search has more than 70 million weekly active unique users -- Reddit overall averages 416.4 million weekly active unique users -- and Reddit Answers, the platform's AI search tool that it launched in December, has 6 million weekly users, up from 1 million weekly users in the first quarter of this year. To continue to build out search, Reddit is "expanding Reddit Answers globally, integrating it more deeply into the core search experience, and making search a central feature across Reddit," Huffman says.

Read more of this story at Slashdot.

alternative_right shares a report from Phys.org: Researchers have created a microphone that listens with light instead of sound. Unlike traditional microphones, this visual microphone captures tiny vibrations on the surfaces of objects caused by sound waves and turns them into audible signals. In the journal Optics Express, the researchers describe the new approach, which applies single-pixel imaging to sound detection for the first time. Using an optical setup without any expensive components, they demonstrate that the technique can recover sound by using the vibrations on the surfaces of everyday objects such as leaves and pieces of paper. [...] To demonstrate the new visual microphone, the researchers tested its ability to reconstruct Chinese and English pronunciations of numbers as well as a segment from Beethoven's Fur Elise. They used a paper card and a leaf as vibration targets, placing them 0.5 meters away from the objects while a nearby speaker played the audio. The system was able to successfully reconstruct clear and intelligible audio, with the paper card producing better results than the leaf. Low-frequency sounds (1 kHz) showed slight distortion that improved when a signal processing filter was applied. Tests of the system's data rate showed it produced 4 MB/s, a rate sufficiently low to minimize storage demands and allow for long-term recording. "Currently, this technology still only exists in the laboratory and can be used in special scenarios where traditional microphones fail to work," said research team leader Xu-Ri Yao from Beijing Institute of Technology in China. "We aim to expand the system into other vibration measurement applications, including human pulse and heart rate detection, leveraging its multifunctional information sensing capabilities."

Read more of this story at Slashdot.

If monkeys aren't your bag, Manuel H. is down to clown. "If anyone wants to know the address of that circus - it's written right there. Too bad that it's only useful if you happen to be in the same local subnet..." Or on the same block.

 

"Where's my pension?" paniced Stewart , explaining "I logged on to check my Aegon pension to banish the Monday blues and my mood only worsened!"

 

After last week's episode, BJH is keeping a weather eye out for freak freezes. "The Weather.com app has something for everyone. Simple forecasts almost anyone can understand, and technical jargon for the geeks."

 

"It costs too much to keep a salmon on the road," complains Yitzchok Nolastname . I agree this result looks fishy.

 

"At Vanity Fair, brevity is the soul of wit," notes jeffphi . Always has been.

 

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

An anonymous reader quotes a report from The Guardian: A 515-mile (829km) lightning flash has set a new record as the longest ever identified. The World Meteorological Organization (WMO) confirmed the new world record for the flash registered on October 22, 2017, over the Great Plains in the US. It stretched from east Texas to near Kansas City, Missouri, roughly the distance between Paris and Venice. The previous record of 768km was also recorded in the Great Plains, a hotspot for severe thunderstorms, on April 29, 2020. Since 2016, scientific advances in space-based mapping have allowed for lightning flashes to be measured over a broader space, allowing these long flashes to be recorded. This event was one of the first flashes to be documented using the National Oceanic and Atmospheric Administration's latest model of orbital satellite, known as a geostationary operational environmental satellite. [...] The advances in technology have also allowed for the recording of the greatest duration for a single lightning flash. The record is a flash that lasted 17.1 seconds during a thunderstorm over Uruguay and northern Argentina on June 18, 2020. The findings have been published in the journal Bulletin of the American Meteorological Society.

Read more of this story at Slashdot.

Hackers from the group UNC2891 attempted a high-tech bank heist by physically planting a 4G-enabled Raspberry Pi inside a bank's ATM network, using advanced malware hidden with a never-before-seen Linux bind mount technique to evade detection. "The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on," reports Ars Technica. Although the plot was uncovered before the hackers could hijack the ATM switching server, the tactic showcased a new level of sophistication in cyber-physical attacks on financial institutions. The security firm Group-IB, which detailed the attack in a report on Wednesday, didn't say where the compromised switching equipment was located or how attackers managed to plant the Raspberry Pi. Ars Technica reports: To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank's monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center. As Group-IB was initially investigating the bank's network, researchers noticed some unusual behaviors on the monitoring server, including an outbound beaconing signal every 10 minutes and repeated connection attempts to an unknown device. The researchers then used a forensic tool to analyze the communications. The tool identified the endpoints as a Raspberry Pi and the mail server but was unable to identify the process names responsible for the beaconing. The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent. [Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: "The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named "lightdm", mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server."

Read more of this story at Slashdot.