The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the "primary" countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden. 404 Media: The news provides more context around use of SS7, the exploited network and protocol, against phones in the country. In May, 404 Media reported that an official inside DHS's Cybersecurity Insurance and Security Agency (CISA) broke with his department's official narrative and publicly warned about multiple SS7 attacks on U.S. persons in recent years. Now, the newly disclosed information provides more specifics on where at least some SS7 attacks are originating from. The information is included in a letter the Department of Defense (DoD) wrote in response to queries from the office of Senator Wyden. The letter says that in September 2017 DHS personnel gave a presentation on SS7 security threats at an event open to U.S. government officials. The letter says that Wyden staff attended the event and saw the presentation. One slide identified the "primary countries reportedly using telecom assets of other nations to exploit U.S. subscribers," it continues.

Read more of this story at Slashdot.

An Alabama woman became the third person to receive a pig kidney transplant, doctors at NYU Langone Health announced Tuesday. Towana Looney, 53, underwent the procedure on November 25 and was discharged December 6. Her kidney came from a pig with 10 genetic modifications designed to prevent organ rejection. The surgery follows two previous pig kidney transplants this year -- Richard Slayman at Massachusetts General Hospital, who died two months post-surgery from cardiac complications, and Lisa Pisano at NYU Langone, whose transplanted kidney was removed after 47 days due to blood flow issues.

Read more of this story at Slashdot.

An anonymous reader shares a report: A Chinese hacker indicted earlier this month and the PRC-based cybersecurity company he worked for are both sanctioned by the US government for compromising "tens of thousands of firewalls" -- some protecting US critical infrastructure, putting human lives at risk. In a series of coordinated actions, the US Treasury Department's Office of Foreign Assets Control (OFAC), the Department of Justice (DoJ), and the FBI said the massive cyber espionage campaign, which compromised at least 36 firewalls protecting US critical infrastructure, posed significant risks to national security. A federal court in Indiana earlier this month unsealed an indictment charging 30-year-old Guan Tianfeng (Guan) with conspiracy to commit computer and wire fraud by hacking into firewall devices worldwide, including one "used by an agency of the United States." Guan, employed by the Chinese cybersecurity firm Sichuan Silence -- a known contractor for Beijing intelligence -- was alleged to have discovered a zero-day vulnerability in firewall products manufactured by UK cybersecurity firm Sophos.

Read more of this story at Slashdot.

Seagate has launched its first mass-produced hard drives using heat-assisted magnetic recording (HAMR) technology, introducing 32TB and 30TB models under the Exos M brand. The drives, based on Seagate's Mozaic 3+ platform, mark the company's commercial breakthrough in HAMR technology after 16 years of development. Compatible with existing systems, the 32TB model uses shingled magnetic recording, while the 30TB version employs conventional magnetic recording.

Read more of this story at Slashdot.

Manhattan's iconic neon landscape is facing extinction as property owners increasingly replace historic neon signs with LED alternatives. From Times Square's dwindling glassworks to the recent losses at Smith's Bar and Subway Inn, the trend has accelerated across both small businesses and major landmarks, Curbed reports. Rockefeller Center's proposal to replace its 1935 neon signage with LEDs marks a significant moment in this shift, highlighting tensions between energy efficiency and preserving the city's luminous cultural heritage. Of approximately 75,000 outdoor neon signs permitted between 1923-1956, only about 130 remain.

Read more of this story at Slashdot.

Nvidia unveiled a $249 version of its Jetson AI computer Tuesday, targeting hobbyists and small companies with a device that offers 70% more processing power than its predecessor at half the cost. The Jetson Orin Nano Super functions as a portable AI brain for robotics and industrial automation, allowing developers to run AI computations directly without data center connections. The palm-sized device, demonstrated by Nvidia founder Jensen Huang, uses less advanced chips than the company's high-end products. While Nvidia primarily serves major companies and AI startups, the budget-friendly Jetson line aims to make AI development more accessible to students and smaller developers working on drones and cameras.

Read more of this story at Slashdot.

Framework has announced a $39 Dual M.2 Adapter for its Laptop 16, enabling users to add two additional M.2 slots to the laptop's expansion bay. The new component allows for up to 26TB of total storage when combined with the laptop's existing SSD slots, supporting various M.2 form factors with PCIe 4.0 connectivity. The company also replaced the Laptop 16's liquid metal cooling system with Honeywell PTM7958 thermal paste to address performance concerns. Framework will provide the new thermal solution to existing customers upon request. The adapter marks Framework's first modular expansion component for the Laptop 16 since its launch, complementing the optional Radeon RX 7700S graphics card offering.

Read more of this story at Slashdot.

The Federal Trade Commission unveiled a sweeping rule on Tuesday to crack down on hidden fees in ticket sales and hotel bookings, marking a major push by the agency to combat what it calls "junk fees" that cost consumers billions of dollars annually. The bipartisan measure requires businesses to display the total price, including all mandatory fees, upfront when advertising tickets for live events or short-term lodging. The rule aims to end the practice of surprising customers with additional charges like "resort," "convenience," or "service" fees late in the booking process. "People deserve to know up-front what they're being asked to pay," said FTC Chair Lina Khan, who estimates the rule could save consumers up to 53 million hours per year in comparison shopping time, equivalent to $11 billion over a decade. The rule, approved by a 4-1 commission vote, does not ban any specific fees but requires clear disclosure before consumers enter payment information. It will take effect 120 days after publication in the Federal Register. The measure follows a lengthy public comment period that drew over 72,000 responses and represents one of the FTC's most significant consumer protection actions in recent years.

Read more of this story at Slashdot.

Meta has been fined around $263 million in the European Union for a Facebook security breach that affected millions of users which the company disclosed back in September 2018. From a report: The penalty, issued on Tuesday by Ireland's Data Protection Commission (DPC) -- enforcing the bloc's General Data Protection Regulation (GDPR) -- is far from being the largest GDPR fine Meta has been hit with since the regime came into force over five years ago but is notable for being a substantial sanction for a single security incident. The breach it relates to dates back to July 2017 when Facebook, as the company was still known then, rolled out a video upload function that included a "View as" feature which let the user see their own Facebook page as it would be seen by another user. A bug in the design allowed users making use of the feature to invoke the video uploader in conjunction with Facebook's 'Happy Birthday Composer' facility to generate a fully permissioned user token that gave them full access to the Facebook profile of that other user. They could then use the token to exploit the same combination of features on other accounts -- gaining unauthorized access to multiple users' profiles and data, per the DPC.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: TikTokasked the Supreme Court on Monday to temporarily block a law that would effectively ban it in the United States in a matter of weeks. Saying that the law violates both its First Amendment rights and those of its 170 million American users, TikTok, which is controlled by a Chinese parent company, urged the justices to maintain the status quo while they decide whether to hear an appeal. "Congress's unprecedented attempt to single out applicants and bar them from operating one of the most significant speech platforms in this nation presents grave constitutional problems that this court likely will not allow to stand," lawyers for TikTok wrote in their emergency application. President Biden signed the law this spring after it was enacted with wide bipartisan support. Lawmakers said the app's ownership represented a risk because the Chinese government's oversight of private companies would allow it to retrieve sensitive information about Americans or to spread propaganda, though they have not publicly shared evidence that this has occurred. They have also noted that American platforms like Facebook and YouTube are banned in China, and that TikTok itself is not allowed in the country.

Read more of this story at Slashdot.

Waymo will begin testing its autonomous vehicles in Tokyo in early 2025, marking its first deployment outside the U.S. TechCrunch reports: The move to Japan is part of Waymo's "road trips," a development program that involves bringing its technology to a variety of cities and testing it -- with each city having different challenges. In Tokyo, the Waymo robotaxis will face left-hand driving and a dense urban environment. [...] Waymo said it will partner with taxi-hailing app GO and taxi company Nihon Kotsu as part of its Japanese "road trip." Nihon Kotsu will oversee the management and servicing of the Waymo vehicles, according to the company. Initially, Nihon Kotsu drivers will operate the vehicles manually to map key areas of the Japanese capital, including Minato, Shinjuku, Shibuya, Chiyoda, Chuo, Shinagawa, and Koto. Waymo said it is working with Nihon Kotsu's team to train its employees how to operate Waymo's self-driving Jaguar I-Pace vehicles.

Read more of this story at Slashdot.

Ars Technica's Beth Mole reports: Editors of the environmental chemistry journal Chemosphere have posted an eye-catching correction to a study reporting toxic flame retardants from electronics wind up in some household products made of black plastic, including kitchen utensils. The study sparked a flurry of media reports a few weeks ago that urgently implored people to ditch their kitchen spatulas and spoons. Wirecutter even offered a buying guide for what to replace them with. The correction, posted Sunday, will likely take some heat off the beleaguered utensils. The authors made a math error that put the estimated risk from kitchen utensils off by an order of magnitude. Specifically, the authors estimated that if a kitchen utensil contained middling levels of a key toxic flame retardant (BDE-209), the utensil would transfer 34,700 nanograms of the contaminant a day based on regular use while cooking and serving hot food. The authors then compared that estimate to a reference level of BDE-209 considered safe by the Environmental Protection Agency. The EPA's safe level is 7,000 ng -- per kilogram of body weight -- per day, and the authors used 60 kg as the adult weight (about 132 pounds) for their estimate. So, the safe EPA limit would be 7,000 multiplied by 60, yielding 420,000 ng per day. That's 12 times more than the estimated exposure of 34,700 ng per day. However, the authors missed a zero and reported the EPA's safe limit as 42,000 ng per day for a 60 kg adult. The error made it seem like the estimated exposure was nearly at the safe limit, even though it was actually less than a tenth of the limit. "We regret this error and have updated it in our manuscript," the authors said in a correction. "This calculation error does not affect the overall conclusion of the paper," the correction reads. The study maintains that flame retardants "significantly contaminate" the plastic products, which have "high exposure potential."

Read more of this story at Slashdot.

Joseph sends us a tried and true classic: bad date handling code, in JavaScript. We've all seen so much bad date handling code that it takes something special to make me do the "confused dog" head tilt.

var months=new Array(13); months[1]='January'; months[2]='February'; months[3]='March'; months[4]='April'; months[5]='May'; months[6]='June'; months[7]='July'; months[8]='August'; months[9]='September'; months[10]='October'; months[11]='November'; months[12]='December'; var time=new Date(); var lmonth=months[time.getMonth() + 1]; var date=time.getDate(); var year=time.getFullYear(); document.write(lmonth + ' '); document.write(date + ', ' + year);

We create a 13 element array to hold our twelve months, because we can't handle it being zero indexed. This array is going to be our lookup table for month names, so I almost forgive making it one-indexed- January is month 1, normally.

Almost. Because not only is that stupid, the getMonth() function on a date returns the month as a zero-indexed number. January is month 0. So they need to add one to the result of getMonth for their lookup table to work, and it's just so dumb.

Then of course, be output this all using document.write, so we just know it's terrible JavaScript, all the way around.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Infosys co-founder Narayana Murthy has once again argued for Indian workers to spend 70 hours a week in paid employment. From a report: Murthy called for the long working hours in October 2023 and then again in January 2024, and recently shared his opinion that two-day weekends were a mistake. His views have earned plenty of criticism, but he's not backing down. On Sunday he addressed the Indian chamber of Commerce's centenary celebration and reportedly argued 70-hour weeks are necessary because millions of Indian citizens remain in poverty, so those who have jobs should work long hours and embrace entrepreneurialism to create jobs for others.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Uber has 30 days to require certain drivers to get fingerprinted if the ride-hail giant intends to continue transporting unaccompanied teens in California. The California Public Utilities Commission (CPUC) issued a ruling Thursday that requires taxi and ride-hail drivers who are carrying unaccompanied minors in the state to pass a fingerprint background check. The ruling also requires transport companies to pay for the cost of those background checks. "When an adult is being tasked to provide a service to a minor, the adult is placed in a position of trust, responsibility, and control over California's most vulnerable citizenry -- children," reads the decision. "Not conducting a fingerprint-based background check to identify adults with disqualifying arrests or criminal records would place the unaccompanied minor in a potentially dangerous, if not life-threatening situation." [...] The CPUC's ruling also requires transport companies that intend to transport minors share information with the agency on how they implement live trip tracking for parents, what safety procedures they implement at pickup and drop-off locations, and what sort of driver training the companies implement specifically around transporting unaccompanied minors. The ruling also says that each company is responsible for paying for the checks. Uber has also argued against this stipulation, saying that forcing the company -- which has a market cap of around $150 billion as of December -- to pay for fingerprinting would result in a price hike for the Uber for Teens service.

Read more of this story at Slashdot.

YouTube is introducing an optional feature allowing creators to let third-party companies use their videos to train AI models, with the default setting being opt-out. The Verge reports: "We see this as an important first step in supporting creators and helping them realize new value for their YouTube content in the AI era," a TeamYouTube staffer named Rob says in a support post. "As we gather feedback, we'll continue to explore features that facilitate new forms of collaboration between creators and third-party companies, including options for authorized methods to access content." YouTube will be rolling out the setting in YouTube Studio "over the next few days," and unauthorized scraping "remains prohibited," Rob writes. Another support page says that you'll be able to pick and choose from a list of third-party companies that can train on your videos or you can simply allow all third-party companies to train on them.

Read more of this story at Slashdot.

A cyberattack on Rhode Island's RIBridges system has exposed personal data of individuals involved in programs like Medicaid, SNAP, and others, with hackers demanding a ransom. The breach may include sensitive details like Social Security numbers and banking information. The Associated Press reports: Anyone who has been involved in Medicaid, the Supplemental Nutrition Assistance Program known as SNAP, Temporary Assistance for Needy Families, Childcare Assistance Program, Rhode Island Works, Long-term Services and Supports, the At HOME Cost Share Program and health insurance purchased through HealthSource RI may be impacted, McKee said Saturday. The system known as RIBridges was taken offline on Friday, after the state was informed by its vendor, Deloitte, that there was a major security threat to the system. The vendor confirmed that "there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges," the state said. The state has contracted with Experian to run a toll-free hotline for Rhode Islanders to call to get information about the breach and how they can protect their data.

Read more of this story at Slashdot.

Cloudflare's 2024 internet traffic report highlights a 17.2% global increase in traffic, with Google maintaining its position as the most visited service and the U.S. responsible for 34.6% of bot traffic. The Register reports: One surprise (or perhaps not) is that IPv6 traffic is actually down as a percentage of the packets that passed through Cloudflare's network. It says that 28.5 percent of global traffic was IPv6 during 2024, whereas last year's report put this figure at 33.75 percent. The company also reveals that a fifth of all TCP connections (20.7 percent) are unexpectedly terminated before any useful data can be exchanged. Causes of this could vary from DoS attacks, quirky client behavior, or a network interrupting a connection to filter content. Coudflare says about half of these incidents were connections closed "Post SYN" -- after its server has received a client's SYN packet, but before a subsequent acknowledgement (ACK) or any useful data. These can be attributed to DoS attacks or internet scanning, while Post-ACK or Post-PSH anomalies are more often associated with connection tampering activity such as filtering, especially if they occur at high rates in specific networks. Mobile device traffic accounted for about 41.3 percent of the total, which is roughly the same as last year. This is largely split between the Apple and Android ecosystems, with iOS on almost a third and Android accounting for two-thirds. [...] Google's Chrome appears to be the most popular browser by far, accounting for 65.8 percent of all requests during 2024. Just 15.5 percent came from Apple's Safari browser, which leads the way on iOS devices, naturally. Microsoft's Edge accounted for 6.9 percent of browsing, while Mozilla Firefox stood at 4 percent. For search engines, Google also claimed the top spot, with a greater than 88 percent share of all search traffic that passed through Cloudflare. Yandex and Baidu were next with 3.1 percent and 2.7 percent, respectively, while Bing trailed with 2.6 percent. DuckDuckGo accounted for 0.9 percent of searches. You can read Cloudflare's full Year in Review here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 9to5Mac: A new survey suggests that Apple Intelligence matters to iPhone buyers, but the majority say that the initial features add little to no value. It remains to be seen whether Genmoji and ChatGPT integration will change that view. Things are even worse for Samsung smartphones, with an even greater majority of owners saying they can't see much point in the AI features offered A new survey by tech trade-in site SellCell found that AI is an important factor when choosing a new smartphone: "iPhone users showed relatively higher interest in mobile AI than Samsung users as almost half (47.6%) of iPhone users reported AI features as a 'very' or 'somewhat' important deciding factor when buying a new phone vs. 23.7% of Samsung users who said the same." "Smartphone users in general are unsatisfied with the existing AI features as the survey recorded 73% of Apple Intelligence users and 87% of Galaxy AI users stating the new features to be either 'not very valuable' or they 'add little to no value' to their smartphone experience," reports SellCell. According to the survey, these are the most popular Apple Intelligence features: - Writing Tools (72%) - Notification summaries (54%) - Priority Messages (44.5%) - Clean Up in Photos (29.1%) - Smart Reply in Mail and Messages (20.9%)

Read more of this story at Slashdot.

Thirteen vapes are thrown away every second in the UK -- more than a million a day -- leading to an "environmental nightmare," according to research. From a report: There has also been a rise in "big puff" vapes which are bigger and can hold up to 6,000 puffs per vape, with single use vapes averaging 600. Three million of these larger vapes are being bought every week according to the research, commissioned by Material Focus, and conducted by Opinium. 8.2 million vapes are now thrown away or recycled incorrectly every week. From June 2025 it will be illegal to sell single-use vapes, a move designed to combat environmental damage and their widespread use by children. Vapes will only be allowed to be sold if they are rechargeable or contain a refillable cartridge. But all types of vape contain lithium-ion batteries which are dangerous if crushed or damaged because they can cause fires in bin lorries or waste and recycling centres. These fires are on the rise across the UK, with an increase last year of 71% compared with 2022.

Read more of this story at Slashdot.