Security researchers from SafeBreach have found what they say is a Windows downgrade attack that's invisible, persistent, irreversible and maybe even more dangerous than last year's BlackLotus UEFI bootkit. From a report: After seeing the damage that UEFI bootkit could do by bypassing secure boot processes in Windows, SafeBreach's Alon Leviev became curious whether there were any other fundamental Windows components that could be abused in a similar manner. He hit the jackpot in one of the most unlikely places: The Windows update process. "I found a way to take over Windows updates to update the system, but with control over all of the actual update contents," Leviev told us in an interview ahead of his Black Hat USA conference presentation today detailing his findings. Using his technique, having compromised a machine so that he could get in as a normal user, Leviev was able to control which files get updated, which registry keys are changed, which installers get used, and the like. And he was able to do all of it while side-stepping every single integrity verification implemented in the Windows update process. After that, "I was able to downgrade the OS kernel, DLLs, drivers ... basically everything that I wanted." To make matters worse, Leviev said that poking and prodding around the vulnerabilities he found enabled him to attack the entire Windows virtualization stack, including virtualization-based security (VBS) features that are supposed to isolate the kernel and make attacker access less valuable.

Read more of this story at Slashdot.

For more than 30 years, the world's largest iceberg was stuck in the Antarctic. Five times the size of New York City's land area and more than 1,000 feet deep, the mammoth piece of ice finally became loose in 2020 and began a slow drift toward the Southern Ocean. Now, A23a, as it's known, is spinning in place. From a report: After leaving Antarctic waters, the iceberg got stuck in a vortex over a seamount, or an underwater mountain. Imagine a 1,400-square-mile piece of ice as deep as the Empire State Building spinning slowly but steadily enough to fully rotate it on its head over the course of about 24 days. The iceberg is spinning near the South Orkney Islands, about 375 miles northeast of the Antarctic Peninsula, "maintaining a chill 15 degree rotation per day," the British Antarctic Survey, the United Kingdom's polar research institute, said on social media. "It's basically just sitting there, spinning around and it will very slowly melt as long as it stays there," said Alex Brearley, a physical oceanographer and head of the Open Oceans research group at the British Antarctic Survey. "What we don't know is how quickly it will actually come out of this." A23a has been embroiled in drama since the start, a trait it picked up from its parent-berg. A23, which was even bigger than A23a, was one of three icebergs that broke off, or calved, from the Filchner Ice Shelf in 1986. At the time of the calving, A23 was home to a Soviet Union research center and researchers eventually had to abandon the base. A23a broke off later that year and hit bottom in the Weddell Sea, where it would remain for 34 more years.

Read more of this story at Slashdot.

Things aren't working out well for Humane, a heavily-funded startup that launched an eponymous AI device earlier this year. Despite significant funding from prominent Silicon Valley figures, the product has been grappling with negative reviews -- and now more pressing issues are emerging. An anonymous reader shares a report: Shortly after Humane released its $699 AI Pin in April, the returns started flowing in. Between May and August, more AI Pins were returned than purchased, according to internal sales data obtained by The Verge. By June, only around 8,000 units hadn't been returned, a source with direct knowledge of sales and return data told me. As of today, the number of units still in customer hands had fallen closer to 7,000, a source with direct knowledge said. At launch, the AI Pin was met with overwhelmingly negative reviews. Our own David Pierce said it "just doesn't work," and Marques Brownlee called it "the worst product" he's ever reviewed. Now, Humane is attempting to stabilize its operations and maintain confidence among staff and potential acquirers. The New York Times reported in June that HP is considering purchasing the company, and The Information reported last week that Humane is negotiating with its current investors to raise debt, which could later be converted into equity.

Read more of this story at Slashdot.

AI is upending India's technology outsourcing business. The industry is pivoting to adapt, but the changes could cost a large number of coveted jobs. From a report: The country's big outsourcing companies are already using AI and have plans to integrate it throughout their businesses. That might not save the low-end operations that run call centers or do other basic tasks within the so-called business process outsourcing sector. AI is threatening to disrupt most businesses around the world, not just India's $250 billion outsourcing industry. The outsourcing boom in India over the past few decades created the "getting Bangalore-d" phenomenon in the U.S., often used for Americans who lost their jobs to more affordable Indian talent. AI's impact could have big repercussions as the industry employs 5.4 million people, according to tech-industry body Nasscom, and contributes about 8% of the country's economy. More than 80% of companies in the S&P 500 outsource some operations to India, according to HSBC.

Read more of this story at Slashdot.

Parody site creator David Senk has rebuffed CrowdStrike's attempt to shut down his "ClownStrike" website, which lampoons the cybersecurity firm's role in a recent global IT outage. Senk swiftly contested the Digital Millennium Copyright Act takedown notice, asserting fair use for parody. When hosting provider Cloudflare failed to acknowledge his counter-notice, Senk defiantly relocated the site to a Finnish server beyond U.S. jurisdiction. The IT consultant decried the takedown as "corporate cyberbullying," accusing CrowdStrike of exploiting copyright law to silence criticism. Despite CrowdStrike's subsequent admission that parody sites were not intended targets, Senk is remaining resolute, demanding a public apology and refusing to return to Cloudflare's services.

Read more of this story at Slashdot.

Logitech has quashed its earlier remarks about building a subscription-based mouse, following widespread backlash to comments made by CEO Hanneke Faber. The Swiss-American computer peripherals maker clarified that the "forever mouse" concept, mentioned by Faber in a recent podcast interview, was merely speculative internal discussion and not a planned product.

Read more of this story at Slashdot.

An anonymous reader shares a report: Reddit just wrapped up its second earnings call as a public company and CEO Steve Huffman hinted at some significant changes that could be coming to the platform. During the call, the Reddit co-founder said the company would begin testing AI-powered search results later this year. "Later this year, we will begin testing new search result pages powered by AI to summarize and recommend content, helping users dive deeper into products, shows, games and discover new communities on Reddit," Huffman said. He didn't say when those tests would begin, but said it would use both first-party and third-party models. Huffman noted that search on Reddit has "gone unchanged for a long time" but that it's a significant opportunity to bring in new users. He also said that search could one day be a significant source of advertising revenue for the company. Huffman hinted at other non-advertising sources of revenue as well. He suggested that the company might experiment with paywalled subreddits as it looks to monetize new features.

Read more of this story at Slashdot.

Disney Plus will soon no longer let you share your password with people outside your household. From a report: During an earnings call on Wednesday, Disney CEO Bob Iger said the crackdown will kick off "in earnest" this September. The timeline for Disney's password-sharing crackdown has been a bit confusing so far. In February, Disney announced plans to roll out paid sharing and also began notifying users about the change. It then launched paid sharing in a "few countries" in June but provided no information on when it would reach the US.

Read more of this story at Slashdot.

An anonymous reader shares a report: For U.S. chip giant Intel, the darling of the computer age before it fell on harder times in the AI era, things might have been quite different. About seven years ago, the company had the chance to buy a stake in OpenAI, then a fledgling non-profit research organization working in a little-known field called generative AI, four people with direct knowledge of those discussions told Reuters. Over several months in 2017 and 2018, executives at the two companies discussed various options, including Intel buying a 15% stake for $1 billion in cash, three of the people said. They also discussed Intel taking an additional 15% stake in OpenAI if it made hardware for the startup at cost price, two people said. Intel ultimately decided against a deal, partly because then-CEO Bob Swan did not think generative AI models would make it to market in the near future and thus repay the chipmaker's investment, according to three of the sources, who all requested anonymity to discuss confidential matters.

Read more of this story at Slashdot.

Chinese scientists discovered water molecules in lunar samples brought back by the Chang'e 5 moon probe, marking the first time whole H2O molecules were found in lunar material. The findings have been published in Nature Astronomy. Smithsonian Magazine reports: The team used X-ray diffraction to analyze the grains of moon soil, in which they found a lunar mineral dubbed ULM-1 whose mass is made up of more than 40 percent water and also includes ammonia. "This is a new form of water stored on the moon," Xiaolong Chen, co-author of the study and physics researcher at the Chinese Academy of Sciences, tells New Scientist's Alex Wilkins. In the words of CNN's Jessie Yeung, water on the moon is nothing new. Though the samples brought back by the U.S. Apollo missions seemed to show that the moon was dry and lifeless, a recent study suggests that water or hydroxyl may be trapped in glass beads on the moon's surface -- and solar winds could turn the hydroxyl (chemical formula OH) into H2O, according to Yeung. And both American and Indian spacecrafts separately registered what is believed to be water on the moon's surface. This recent discovery, however, marks the first time scientists have found whole molecules of H2O in lunar samples. The findings suggest that "water molecules can persist in sunlit areas of the moon in the form of hydrated salts," the authors write in the study.

Read more of this story at Slashdot.

According to a recent study, SpaceX's new Starlink direct-to-cell (DTC) satellites are nearly five times brighter than traditional Starlinks due to their lower orbit. While these satellites offer the promise of widespread connectivity, their increased brightness poses challenges for astronomical observations, prompting SpaceX to consider applying brightness mitigation techniques. Space.com reports: The higher luminosity of these DTCs compared to regular Starlinks is partly because they circle Earth at just 217 miles (350 kilometers) above the surface, which is lower than traditional Starlink internet satellites, whose altitude is 340 miles (550 kilometers), the study reported. [...] At the time the study was conducted, SpaceX had not yet applied its routine brightness mitigation techniques to the DTCs, such as adjusting their chassis and solar panels to reduce the portion of spacecraft illuminated by the sun, study lead author Anthony Mallama of the IAU Centre for the Protection of Dark and Quiet Skies from Satellite Constellation Interference (IAU-CPS) told Space.com. SpaceX began applying brightness mitigation techniques to regular Starlinks in 2020, after astronomers voiced serious concerns about the satellites' trails streaking across telescope images, rendering them unusable. Prior to launch, the company now applies a mirror-like dielectric surface to the underside of each Starlink chassis, to help reflect sunlight into space rather than scattering it toward Earth. Post launch, the company adjusts spacecraft chassis and solar panels to further reduce luminosity. Together, these techniques are very effective, reducing Starlink satellites' brightness by a factor of 10, Mallama said. If SpaceX applies these brightness mitigation techniques to the DTCs, which are nearly the same size as the regular Starlinks, the DTCs would still be 2.6 times brighter than their traditional counterparts, Mallama and his colleagues reported in the recent study, which was reviewed internally by IAU-CPS and posted to the preprint server arXiv last month. However, while DTCs are brighter objects, they move at a faster apparent rate and spend more time in Earth's shadow than regular Starlinks, which would offset some of their negative impact on astronomy observations, the study noted. "I see it as a tradeoff in parameters rather than an absolute better/worse kind of situation," John Barentine, a principal consultant at Arizona-based Dark Sky Consulting who was not involved with the new study, told Space.com.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: For the first time in 40 years, the Environmental Protection Agency has taken emergency action to stop the use of a pesticide (source may be paywalled; alternative source) linked to serious health risks for unborn babies. Tuesday's emergency order applies to dimethyl tetrachloroterephthalate, also known as DCPA, a weedkiller used on crops such as broccoli, Brussels sprouts, cabbage and onions. When pregnant farmworkers and others are exposed to the pesticide, their babies can experience changes to fetal thyroid hormone levels, which are linked to low birth weight, impaired brain development, decreased IQ and impaired motor skills later in life. "DCPA is so dangerous that it needs to be removed from the market immediately," Michal Freedhoff, assistant administrator for the EPA's Office of Chemical Safety and Pollution Prevention, said in a statement. "It's EPA's job to protect people from exposure to dangerous chemicals. In this case, pregnant women who may never even know they were exposed could give birth to babies that experience irreversible lifelong health problems." The European Union banned DCPA in 2009. But the EPA has been slower to act, frustrating some environmental and public health advocates. In an interview, Freedhoff said that EPA scientists have tried for years to get more information on health risks from the sole manufacturer of the pesticide, AMVAC Chemical. But she said the company refused to turn over the data, including a study on the effects of DCPA on thyroid development and function, until November 2023. "We did make some good-faith efforts to work with the company," Freedhoff said. "But in the end, we didn't think any of the measures proposed by the company would be implementable, enforceable or effective." "DCPA has been used in the United States since the late 1950s," notes the report. "After the pesticide is applied, it can linger in the soil, contaminating crops later grown in those fields, including broccoli, cilantro, green onions, kale and mustard greens." "The emergency order Tuesday temporarily suspends all registrations of the pesticide under the Federal Insecticide, Fungicide and Rodenticide Act. The agency plans to permanently suspend these registrations within the next 90 days."

Read more of this story at Slashdot.

Mike Masnick, a semi-regular Slashdot contributor and founder of the tech blog Techdirt, is joining the board of Bluesky, where he "will be providing advice and guidance to the company to help it achieve its vision of a more open, more competitive, more decentralized online world." Masnick writes: In the nearly three decades that I've been writing Techdirt I've been writing about what is happening in the world of the internet, but also about how much better the internet can be. That won't change. I will still be writing about what is happening and where I believe we should be going. But given that there are now people trying to turn some of that better vision into a reality, I cannot resist this opportunity to help them achieve that goal. The early internet had tremendous promise as a decentralized system that enabled anyone to build what they wanted on a global open network, opening up all sorts of possibilities for human empowerment and creativity. But over the last couple of decades, the internet has moved away from that democratizing promise. Instead, it has been effectively taken over by a small number of giant companies with centralized, proprietary, closed systems that have supplanted the more open network we were promised. There are, of course, understandable reasons why those centralized systems have been successful, such as by providing a more user-friendly experience on the front-end. But there was a price to pay: losing user autonomy, privacy and the benefits of decentralization (not to mention losing a highly dynamic, competitive internet). The internet need not be so limited, and over the years I've tried to encourage people and companies to make different choices to return to the original promise and benefits of openness. With Bluesky, we now have one company who is trying. "Mike's work has been an inspiration to us from the start," says Jay Graber, CEO of Bluesky. "Having him join our board feels like a natural progression of our shared vision for a more open internet. His perspective will help ensure we're building something that truly serves users as we continue to evolve Bluesky and the AT Protocol."

Read more of this story at Slashdot.

At the Flash Memory Summit 2024 this week, NVM Express published the NVMe 2.1 specifications, which hope to enhance storage unification across AI, cloud, client, and enterprise. Phoronix's Michael Larabel writes: New NVMe capabilities with the revised specifications include: - Enabling live migration of PCIe NVMe controllers between NVM subsystems. - New host-directed data placement for SSDs that simplifies ecosystem integration and is backwards compatible with previous NVMe specifications. - Support for offloading some host processing to NVMe storage devices. - A network boot mechanism for NVMe over Fabrics (NVMe-oF). - Support for NVMe over Fabrics zoning. - Ability to provide host management of encryption keys and highly granular encryption with Key Per I/O. - Security enhancements such as support for TLS 1.3, a centralized authentication verification entity for DH-HMAC-CHAP, and post sanitization media verification. - Management enhancements including support for high availability out-of-band management, management over I3C, out-of-band management asynchronous events and dynamic creation of exported NVM subsystems from underlying NVM subsystem physical resources. You can learn more about these updates at NVMExpress.org.

Read more of this story at Slashdot.

Zack Whittaker reports via TechCrunch: A cyberattack on Mobile Guardian, a U.K.-based provider of educational device management software, has sparked outages at schools across the world and has left thousands of students unable to access their files. Mobile Guardian acknowledged the cyberattack in a statement on its website, saying it identified "unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform." The company said the cyberattack "affected users globally," including in North America, Europe and Singapore, and that the incident resulted in an unspecified portion of its userbase having their devices unenrolled from the platform and "wiped remotely." "Users are not currently able to log in to the Mobile Guardian Platform and students will experience restricted access on their devices," the company said. Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage entire fleets of devices used by employees or students. Singapore's Ministry of Education, touted as a significant customer of Mobile Guardian on the company's website since 2020, said in a statement overnight that thousands of its students had devices remotely wiped during the cyberattack. "Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator," the Singaporean education ministry said in a statement. The ministry said it was removing the Mobile Guardian software from its fleet of student devices, including affected iPads and Chromebooks.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Before WordPerfect, the most popular work processor was WordStar. Now, the last ever DOS version has been bundled and set free by one of its biggest fans. WordStar 7.0d was the last-ever DOS release of the classic word processor, and it still has admirers today. A notable enthusiast is Canadian SF writer Robert J Sawyer, who wrote the book that became the TV series Flashforward. Thanks to his efforts you can now try out this pinnacle of pre-Windows PC programs for professional prose-smiths. Sawyer has taken the final release, packaged it up along with some useful tools -- including DOS emulators for modern Windows -- and shared the result. Now you, too, can revel in the sheer unbridled power of this powerful app. The download is 680MB, but as well as the app itself, full documentation, and some tools to help translate WordStar documents to more modern formats, it also includes copies of two FOSS tools that will let you run this MS-DOS application on modern Windows: DOSbox-X and vDosPlus. "The program has been a big part of my career -- not only did I write all 25 of my novels and almost all of my short stories with it (a few date back to the typewriter era), I also in my earlier freelance days wrote hundreds of newspaper and magazine articles with WordStar," says Sawyer.

Read more of this story at Slashdot.

Italy's telecoms regulator AGCOM has summoned Google and Cloudflare to a September meeting to discuss strategies for combating online piracy, six months after launching its Piracy Shield blocking system. The move comes as IPTV piracy remains resilient despite new anti-piracy legislation passed in the country last year. The law introduced harsher penalties for providers and consumers of pirated content, including fines for watching pirate streams. It also granted more aggressive site-blocking powers. Major stream suppliers appear minimally affected by overseas laws. however. AGCOM chief Massimiliano Capitanio seeks commitments from Google to limit pirate services in search results, according to TorrentFreak. The regulator also wants Cloudflare to address IPTV providers using its services to evade blocking.

Read more of this story at Slashdot.

Apple is discontinuing its USB CD and DVD player accessory, the Apple USB SuperDrive. "As noted by one of our readers, it's no longer possible to buy an Apple USB SuperDrive online via the official Apple Store in the US," reports 9to5Mac. "The product's webpage says that it's 'Sold Out,' and given that it's a product introduced in 2008, it seems very unlikely that Apple will ever produce new units again." From the report: Customers can still use their location to see if there's still a unit available for pickup at one of the Apple Retail Stores. The product is still available in other countries such as the UK and Brazil. However, it's probably only a matter of time before Apple's USB SuperDrive disappears from all stores. The MacBook Air was the first MacBook without a built-in CD drive, which led the company to introduce an optical drive sold separately. Apple completely phased out optical drives from its computers in 2013, when all the Macs available in the lineup no longer had a CD reader.

Read more of this story at Slashdot.

Facebook's AI-generated content problem is being fueled by its own creator bonus program, according to an investigation by 404 Media. The program incentivizes users, particularly from developing countries, to flood the platform with AI-generated images for financial gain. The outlet found that influencers in India and Southeast Asia are teaching followers how to exploit Facebook's algorithms and content moderation systems to go viral with AI-generated images. Many use Microsoft's Bing Image Creator to produce bizarre, often emotive content that garners high engagement. "The post you are seeing now is of a poor man that is being used to generate revenue," said Indian YouTuber Gyan Abhishek in a video, pointing to an AI image of an emaciated elderly man. He claimed users could earn "$100 for 1,000 likes" through Facebook's bonus program. While exact payment rates vary, 404 Media verified that consistent viral posting can lead to significant earnings for users in countries like India. Meta has defended the program to 404 Media, stating it works as intended if content meets community standards and engagement is authentic.

Read more of this story at Slashdot.

A Reddit user discovered the backend prompts for Apple Intelligence in the developer beta of macOS 15.1, offering a rare glimpse into the specific guidelines for Apple's AI functionalities. Some of the most notable instructions include: "Do not write a story that is religious, political, harmful, violent, sexual, filthy, or in any way negative, sad, or provocative"; "Do not hallucinate"; and "Do not make up factual information." MacRumors reports: For the Smart Reply feature, the AI is programmed to identify relevant questions from an email and generate concise answers. The prompt for this feature is as follows: "You are a helpful mail assistant which can help identify relevant questions from a given mail and a short reply snippet. Given a mail and the reply snippet, ask relevant questions which are explicitly asked in the mail. The answer to those questions will be selected by the recipient which will help reduce hallucination in drafting the response. Please output top questions along with set of possible answers/options for each of those questions. Do not ask questions which are answered by the reply snippet. The questions should be short, no more than 8 words. The answers should be short as well, around 2 words. Present your output in a json format with a list of dictionaries containing question and answers as the keys. If no question is asked in the mail, then output an empty list. Only output valid json and nothing else." The Memories feature in Apple Photos, which creates video stories from user photos, follows another set of detailed guidelines. The AI is instructed to generate stories that are positive and free of any controversial or harmful content. The prompt for this feature is: "A conversation between a user requesting a story from their photos and a creative writer assistant who responds with a story. Respond in JSON with these keys and values in order: traits: list of strings, visual themes selected from the photos; story: list of chapters as defined below; cover: string, photo caption describing the title card; title: string, title of story; subtitle: string, safer version of the title. Each chapter is a JSON with these keys and values in order: chapter: string, title of chapter; fallback: string, generic photo caption summarizing chapter theme; shots: list of strings, photo captions in chapter. Here are the story guidelines you must obey: The story should be about the intent of the user; The story should contain a clear arc; The story should be diverse, that is, do not overly focus the entire story on one very specific theme or trait; Do not write a story that is religious, political, harmful, violent, sexual, filthy or in any way negative, sad or provocative. Here are the photo caption list guidelines you must obey. Apple's AI tools also include a general directive to avoid hallucination. For instance, the Writing Tools feature has the following prompt: "You are an assistant which helps the user respond to their mails. Given a mail, a draft response is initially provided based on a short reply snippet. In order to make the draft response nicer and complete, a set of question and its answer are provided. Please write a concise and natural reply by modifying the draft response to incorporate the given questions and their answers. Please limit the reply within 50 words. Do not hallucinate. Do not make up factual information."

Read more of this story at Slashdot.