SoylentNews

upstart writes:

Please don't, actually. But do update your Shimano Di2 shifters' software to prevent a new radio-based form of cycling sabotagers:

Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks. Performance-enhancing drugs. Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs.

Now, for those who fail to download a software patch for their gear shifters—yes, bike components now get software updates—there may be hacker saboteurs to contend with, too.

At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear.

The trick would, the researchers say, easily be enough to hamper a rival on a climb or, if timed to certain intense moments of a race, even cause dangerous instability. "The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time," says Earlence Fernandes, an assistant professor at UCSD's Computer Science and Engineering department. "Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person's bike like that."

[...] To exploit those wireless components and sabotage a specific target bike, the researchers' technique does require that a hacker first intercept the target's gear-shift signals at some point before they carry out their attack. The hacker can then replay those signals—even months later—to cause the bike to shift at the hacker's command.

To carry out that eavesdrop-and-replay attack, the researchers used a $1500 USRP software-defined radio, an antenna, and a laptop. They say though that a $350 HackRF would work just as well, and point out that their hardware setup could be miniaturized to the degree that it could be hidden along the sidelines of a race, in a cycling team car, or even in the back pouch of a rider's jersey, such as by implementing it in a Raspberry Pi mini-computer.

Arthur T Knackerbracket has processed the following story:

Google announced Monday that it's shutting down all AdSense accounts in Russia due to "ongoing developments in Russia."

This effectively ends Russian content creators' ability to monetize their posts, including YouTube videos. The change impacts accounts monetizing content through AdSense, AdMob, and Ad Manager, the support page said.

While Google has declined requests to provide details on what prompted the change, it's the latest escalation of Google's ongoing battle with Russian officials working to control the narrative on Russia's war with Ukraine.

In February 2022, Google paused monetization of all state-funded media in Russia, then temporarily paused all ads in the country the very next month. That March, Google paused the creation of new Russia-based AdSense accounts and blocked ads globally that originated from Russia. In March 2022, Google also paused monetization of any content exploiting, condoning, or dismissing Russia's war with Ukraine. Seemingly as retaliation, Russia seized Google's bank account, causing Google Russia to shut down in May 2022.

Since then, Google has "blocked more than 1,000 YouTube channels, including state-sponsored news, and over 5.5 million videos," Reuters reported.

For Russian creators who have still found ways to monetize their content amid the chaos, Google's decision to abruptly shut down AdSense accounts comes as "a serious blow to their income," Bleeping Computer reported. Russia is second only to the US in terms of YouTube web traffic, Similarweb data shows, making it likely that Russia-based YouTubers earned "significant" revenues that will now be suddenly lost, Bleeping Computer reported.

Russia-based creators—including YouTubers, as well as bloggers and website owners—will receive their final payout this month, according to a message from Google to users reviewed by Reuters.

"Assuming you have no active payment holds and meet the minimum payment thresholds," payments will be disbursed between August 21 and 26, Google's message said.

Google's spokesperson offered little clarification to Reuters and Bleeping Computer, saying only that "we will no longer be able to make payments to Russia-based AdSense accounts that have been able to continue monetizing traffic outside of Russia. As a result, we will be deactivating these accounts effective August 2024."

It seems likely, though, that Russia passing a law in March—banning advertising on websites, blogs, social networks, or any other online sources published by a "foreign agent," as Reuters reported in February—perhaps influenced Google's update. The law also prohibited foreign agents from placing ads on sites, and under the law, foreign agents could include anti-Kremlin politicians, activists, and media. With new authority, Russia may have further retaliated against Google, potentially forcing Google to give up the last bit of monetization available to Russia-based creators increasingly censored online.

State assembly member and Putin ally Vyacheslav Volodin said that the law was needed to stop financing "scoundrels" allegedly "killing our soldiers, officers, and civilians," Reuters reported.

[...] As Google has tried to resist pressure from Russian lawmakers to censor content that officials deem illegal, such as content supporting Ukraine or condemning Russia, YouTube had become one of the last bastions of online free speech, Reuters reported. It's unclear how ending monetization in the region will impact access to anti-Kremlin reporting on YouTube or more broadly online in Russia. Last February, a popular journalist with 1.64 million subscribers on YouTube, Katerina Gordeeva, wrote on Telegram that "she was suspending her work due to the law," Reuters reported.

"We will no longer be able to work as before," Gordeeva said. "Of course, we will look for a way out."

Original Submission

AnonTechie writes:

The Conversation

In 2002, after a Pentagon news briefing, the then US secretary of defence Donald Rumsfeld was widely ridiculed for his thoughts about knowledge. Discussing the issue of whether Iraq was supplying weapons of mass destruction to terrorists, he said:

As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say, we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know.

Rumsfeld was describing a world characterised by uncertainty, insecurity and ambiguity. And he actually made a valid point about how leaders face situations where complete knowledge is not, and cannot be, available.

This awareness of a lack of knowledge is something we call a state of "unknowingness". And our research suggests , perhaps surprisingly, that it can be a good thing for leaders and the organisations they run.

[...] We also found that if "unknowingness" is recognised and accepted, it can lead to better decision making across an organisation – and improved leadership overall.

[...] But any organisation which has to deal with "unknowns" (whether they are known or unknown) would benefit from recognising and accepting these particular challenges.

There may be little they can do about the things they don't even know they don't know about yet. But when they are aware of the absence of knowledge, and accept an inability to know everything or always make the "right" decision, our research suggests that this can actually be a positive step.

[Also Covered By]: PHYS.ORG

Original Submission

Arthur T Knackerbracket has processed the following story:

University of Texas researchers have used AI to develop a safer, effective version of an antibiotic that shows promise in animal trials. This new method could accelerate the creation of treatments for antibiotic-resistant bacterial infections. Credit: The University of Texas at Austin

In a hopeful development for the demand for safer and more effective antibiotics, researchers at The University of Texas at Austin have utilized artificial intelligence to create a new drug that is already demonstrating promise in animal trials.

Publishing their results in Nature Biomedical Engineering, the scientists describe using a large language model—an AI tool like the one that powers ChatGPT—to engineer a version of a bacteria-killing drug that was previously toxic in humans, so that it would be safe to use.

The prognosis for patients with dangerous bacterial infections has worsened in recent years as antibiotic-resistant bacterial strains spread and the development of new treatment options has stalled. However, UT researchers say AI tools are game-changing.

[...] Large language models, or LLMs, were originally designed to generate and explore sequences of text, but scientists are finding creative ways to apply these models to other domains. For example, just as sentences are made up of sequences of words, proteins are made up of sequences of amino acids. LLMs cluster together words that share common attributes (such as cat, dog, and hamster) in what’s known as an “embedding space” with thousands of dimensions. Similarly, proteins with similar functions, like the ability to fight off dangerous bacteria without hurting the people who host said bacteria, may cluster together in their own version of an AI embedding space.

“The space containing all molecules is enormous,” said Davies, co-senior author of the new paper. “Machine learning allows us to find the areas of chemical space that have the properties we’re interested in, and it can do it so much more quickly and thoroughly than standard one-at-a-time lab approaches.”

For this project, the researchers employed AI to identify ways to reengineer an existing antibiotic called Protegrin-1 that is great at killing bacteria, but toxic to people. Protegrin-1, which is naturally produced by pigs to combat infections, is part of a subtype of antibiotics called antimicrobial peptides (AMPs). AMPs generally kill bacteria directly by disrupting cell membranes, but many target both bacterial and human cell membranes.

First, the researchers used a high-throughput method they had previously developed to create more than 7,000 variations of Protegrin-1 and quickly identify areas of the AMP that could be modified without losing its antibiotic activity.

Next, they trained a protein LLM on these results so that the model could evaluate millions of possible variations for three features: selectively targeting bacterial membranes, potently killing bacteria and not harming human red blood cells to find those that fell in the sweet spot of all three. The model then helped guide the team to a safer, more effective version of Protegrin-1, which they dubbed bacterially selective Protegrin-1.2 (bsPG-1.2).

Mice infected with multidrug-resistant bacteria and treated with bsPG-1.2 were much less likely to have detectable bacteria in their organs six hours after infection, compared to untreated mice. If further testing offers similarly positive results, the researchers hope eventually to take a version of the AI-informed antibiotic drug into human trials.

“Machine learning’s impact is twofold,” Davies said. “It’s going to point out new molecules that could have the potential to help people, and it’s going to show us how we can take those existing antibiotic molecules and make them better and focus our work to more quickly get those to clinical practice.”

Reference: “Deep mutational scanning and machine learning for the analysis of antimicrobial-peptide features driving membrane selectivity” by Justin R. Randall, Luiz C. Vieira, Claus O. Wilke and Bryan W. Davies, 31 July 2024, Nature Biomedical Engineering.
  DOI: 10.1038/s41551-024-01243-1

Original Submission

"dalek" writes:

The Bell Riots are a unique event in Star Trek in that when Deep Space Nine showed them on screen, they were in the future, but that time period is now contemporary. Star Trek has shown time travel to events that were in the past or contemporary when the shows or movies aired, and they discussed future events like the Eugenics Wars of the 1990s but only showed their effects in the future with the original series episode Space Seed and the movie The Wrath of Khan.

The Bell Riots are shown in a two part episode called Past Tense (Part I, Script; Part II, Script) in which a transporter accident sends Commander Sisko, Lieutenant Dax, and Doctor Bashir back in time to August 30, 2024. They arrive in San Francisco, but over two centuries too early. Sisko and Bashir are found by security guards, and because of their lack of identification, they are sent to Sanctuary District A. However, Dax is found by a wealthy business owner named Chris Brynner, who provides her shelter.

There are sanctuary districts in nearly every city, places where people were promised food and shelter while employment was scarce, but quickly became overcrowded and with poor living conditions. The general public is mostly unaware of the conditions within the sanctuary districts, whose residents are prevented from leaving and have largely been forgotten. The residents are referred to by slang terms of gimmies (unemployed people), dims (mentally ill people), and ghosts (people who struggled to integrate and joined gangs). During the Bell Riots, some ghosts and other residents overpowered the guards, took hostages, and seized control of the sanctuary's processing center for incoming residents. Despite rumors that the hostages had been killed, Gabriel Bell prevented this from happening. Bell was able to broadcast from the district and inform the public of the living conditions within the district, which brought the living conditions to the general public's attention and spurred on reforms.

However, when Sisko is attacked on August 31 by a gang of ghosts, Gabriel Bell is killed by a ghost named B.C. while trying to help Sisko fend off off the attackers. This alters the timeline, and Sisko assumes the role of Bell to try to restore the proper course of history. There is no longer a Federation in the 24th century, no evidence of advanced technology on Earth, and there is a Romulan outpost at Alpha Centuary. Chief O'Brien and Major Kira use the transporters to travel back in time to a few points in history to try to find the missing crew members and restore the timeline. The episode's script includes this dialogue:

O'BRIEN: Well, we know one thing. They arrived before the year twenty forty eight.
ODO: How can you be sure?
O'BRIEN: Because we were just there. And that wasn't the mid-twenty first century I read about in school. It's been changed. I mean, Earth history has been through its rough patches, but never that rough.

In the Star Trek universe, 2048 occurs within World War III, which includes the use of strategic nuclear weapons by the United States, China, and Russia. This leads to a nuclear winter and the collapse of society. Past Tense was written to examine the issue of homelessness, specifically that homeless people are moved out of view of the general public and are forgotten about. There is a contrast of the extreme wealth of people like Chris Brynner and the destitution in the sanctuary districts. The story also serves as a warning that failing to address societal inequality may lead to more severe problems in the future, in this case making WWIII and the societal collapse far worse. One of the writers, Ira Steven Behr, commented that B.C. is not viewed as a murderer despite killing the real Gabriel Bell because society forced him into the situation, and he was just trying to survive the conditions in the sanctuary district. In 2021, writer Robert Hewitt Wolfe said about the episode:

"As a writer, all you can do is be a voice in the wilderness, sometimes. You can yell, 'Fire!' but you can't put it out. It's disappointing that we're still grappling with this problem. I certainly would have hoped it would be better by now, and people would be like, 'Ha! Remember that Deep Space Nine episode that said homelessness would still be a problem in the 2020s? They were so gloomy!' But one of the themes of the show is that paradise doesn't come for free. Even if it does get handed to you, you have to continually work to protect it and renew it and advance it."

Deep Space Nine is my favorite of all of the Star Trek series, and these are two of my favorite episodes. Although some people criticized the story for being too preachy and politicized, when it was wrapped up by Sisko, Bashir, and Dax restoring the timeline, I considered it a very memorable and compelling story. World War III, which begins in 2026, is mentioned in multiple series as a disastrous event for humanity, and although I'm not aware of this being shown on screen, this story does fill in some of the prelude up to the war. Have any readers seen this two-part episode? If so, what are your thoughts on this story and the themes it examines?

Original Submission

owl writes:

https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/

In a perfect example of checkbox security in action:

I received an email today. What follows is a slightly edited version (for brevity).

From: DOE Attestation Subject: [ACTION REQUIRED] U.S. Department of Energy Secure Software Development Attestation Submission Request

OMB Control No. 1670-0052 Expires: 03/31/2027

Hello Haxx

** The following communication contains important DOE Secure Software Development Attestation Submission instructions. Please read this communication in its entirety. **

The U.S. Department of Energy (DOE) has identified your company's software as affected by this request. The list of impacted software products and versions can be found below.

DOE Request:

In support of the Office of Management and Budget (OMB) requirement to collect attestations per M-22-18, please complete the U.S. Department of Energy Secure Software Development Attestation Form (DOE Common Form). If you are unable to attest to all secure software development framework (SSDF) practices, please be sure to attach your Plan of Action and Milestones (POA&M). The software listed below has been identified as being associated with your company and requires DOE to collect an attestation for the software.

Product Name Version Number

libcurl 8.3

hubie writes:

Disney has asked a Florida court to dismiss a wrongful death lawsuit citing an arbitration waiver in the terms and conditions for Disney+:

According to Newsday, Disney has asked a Florida court to dismiss the wrongful death lawsuit filed by Jeffrey Piccolo, husband of Kanokporn Tangsuan, a doctor at NYU Langone in New York City, who passed away after eating a meal at Raglan Road Irish Pub in Disney Springs in October 2023.

Tangsuan had a severe dairy and nut allergy and informed the waitstaff at the restaurant of her dietary needs, and was "unequivocally assured" they could be accommodated. She ordered and ate the "Sure I'm Frittered" vegetarian broccoli and corn fritters, the "Scallop Forest" sea scallops appetizer, the "This Shepherd Went Vegan" entree, and a side of onion rings.

[...] In the latest update for the Disney Springs wrongful death lawsuit, Disney cited legal language within the terms and conditions for Disney+, which "requires users to arbitrate all disputes with the company." Disney claims Piccolo reportedly agreed to this in 2019 when signing up for a one-month free trial of the streaming service on his PlayStation console.

In the May 31 motion filed to move the wrongful death lawsuit to arbitration, Disney attorneys said that the Disney+ subscriber agreement states that any dispute, except for small claims, "must be resolved by individual binding arbitration." Disney says that similar language was agreed to by Piccolo when he used the My Disney Experience app to purchase tickets to visit EPCOT at Walt Disney World in September 2023. Tangsuan died before she and Piccolo could use the tickets.

[...] Attorneys for Piccolo called Disney's latest motion "preposterous," and that it's "'absurd' to believe that the 153 million subscribers to the popular streaming service have waived all claims against the company and its affiliates because of language 'buried' within the terms and conditions," according to Newsday.

Original Submission

Arthur T Knackerbracket has processed the following story:

It was only in February when Cisco laid off 4,000 people, or 5% of its workforce, as it struggled with a challenging economy and weak demand.

According to Reuters, Cisco is preparing to announce a new round of job cuts, possibly alongside its fourth-quarter results on Wednesday. The publication writes that the number of people being let go is likely to match or be higher than the 4,000 employees laid off in February. The company had nearly 85,000 workers at the end of fiscal 2023; this count does not include the effects of the previous round of layoffs.

Cisco spent $28 billion completing the acquisition of cybersecurity specialist Splunk in March, a purchase that Cisco hopes will reduce its reliance on one-time equipment sales by boosting its subscription offerings.

As with so many recent layoffs in the tech world, AI has once again played a part in people losing their jobs. Cisco launched a $1 billion fund to make investments in AI startups in June, and it has made 20 AI-focused acquisitions and investments in the last several years. Cost cutting helps offset these big investments, and fears that returns on AI spending won't match the money being poured into the industry isn't helping matters.

The company is also focusing on an AI partnership with Nvidia that will see Cisco and Team Green's purpose-built Ethernet networking-based solutions sold through the former's global channels.

[...] According to tracking website Layoffs.fyi, 397 tech companies have laid off 130,482 employees so far in 2024. Throughout all of 2023, 1,193 firms in the industry laid off 264,220 workers.

Original Submission

AnonTechie writes:

A recent study has found that 94% of spreadsheets used in business decision-making contain errors, posing serious risks for financial losses and operational mistakes. This finding highlights the need for better quality assurance practices.

The study, led by Prof. Pak-Lok Poon in collaboration with Central Queensland University, Swinburne University of Technology, City University of Hong Kong, and The Royal Victorian Eye and Ear Hospital, shows that most spreadsheets used in important business applications have errors that can affect decision-making processes. "The high rate of errors in these spreadsheets is concerning," says Prof. Poon.

Errors in spreadsheets can lead to poor decisions, resulting in financial losses, pricing mistakes, and operational problems in fields like health care and nuclear operations. "These mistakes can cause major issues in various sectors," adds Prof. Poon.

More information:Pak-Lok Poon et al, Spreadsheet quality assurance: a literature review, Frontiers of Computer Science (2024). DOI: 10.1007/s11704-023-2384-6

PHYS.ORG

[Also Covered By]: news wise

Original Submission

fliptop writes:

A quote from Wyoming's governor and a local prosecutor were the first things that seemed slightly off to Powell Tribune reporter CJ Baker. Then, it was some of the phrases in the stories that struck him as nearly robotic:

The dead giveaway, though, that a reporter from a competing news outlet was using generative artificial intelligence to help write his stories came in a June 26 article about the comedian Larry the Cable Guy being chosen as the grand marshal of the Cody Stampede Parade.

[...] After doing some digging, Baker, who has been a reporter for more than 15 years, met with Aaron Pelczar, a 40-year-old who was new to journalism and who Baker says admitted that he had used AI in his stories before he resigned from the Enterprise.

[...] Journalists have derailed their careers by making up quotes or facts in stories long before AI came about. But this latest scandal illustrates the potential pitfalls and dangers that AI poses to many industries, including journalism, as chatbots can spit out spurious if somewhat plausible articles with only a few prompts.

[...] "In one case, (Pelczar) wrote a story about a new OSHA rule that included a quote from the Governor that was entirely fabricated," Michael Pearlman, a spokesperson for the governor, said in an email. "In a second case, he appeared to fabricate a portion of a quote, and then combined it with a portion of a quote that was included in a news release announcing the new director of our Wyoming Game and Fish Department."

Related:

• AI Threatens to Crush News Organizations. Lawmakers Signal Change Is Ahead
• New York Times Sues Microsoft, ChatGPT Maker OpenAI Over Copyright Infringement
• A Financial News Site Uses AI to Copy Competitors — Wholesale
• Sports Illustrated Published Articles by Fake, AI-Generated Writers
• OpenAI Has Released the Largest Version Yet of its Fake-News-Spewing AI

Original Submission

Arthur T Knackerbracket has processed the following story:

The Sun is going through an intense time right now. Our host star is experiencing increased activity, with a series of solar eruptions aimed towards Earth that resulted in a rare geomagnetic storm.

The National Oceanic and Atmospheric Administration’s (NOAA) Space Weather Prediction Center issued a severe geomagnetic storm alert on Monday following a series of coronal mass ejections (CMEs) that emerged last week. The storm reached level G4, meaning it’s severe. The geomagnetic storm triggered bright, colorful auroras last night in different parts of the world, with a chance for more of the celestial lights to take over the skies later tonight.

Space weather forecasters at NOAA had been monitoring at least five CMEs that erupted from the Sun since last week in anticipation that some may be headed towards Earth. “Some seem to have missed Earth, some clipped Earth, and then eventually one of those we were anticipating was much more of a good punch,” Shawn Dahl, service coordinator for the Space Weather Prediction Center, told Gizmodo.

[...] The Sun is approaching its solar maximum, a period of increased activity during its 11-year cycle that’s characterized by intense solar flares, coronal mass ejections, and massive sunspots. Earlier in May, a G5, or extreme, geomagnetic storm hit Earth as a result of large expulsions of plasma from the Sun’s corona (also known as coronal mass ejections). The G5 storm was the first to hit Earth in more than 20 years, and had some effects on Earth’s power grid.

[...] This solar cycle is exceptionally active, with the Sun developing the largest number of sunspots since 2002. CMEs typically erupt from regions on the Sun with increased amounts of magnetic flux associated with sunspots, and so far the Sun has sprouted 299 sunspots during its current solar cycle.

It’s obvious that the Sun isn’t stopping anytime soon. “Bottom line is, we’re going to be under the influence of increased activity all of this year, all of next year, and even in 2026 where we’ll continue to have higher chances this type of activity to continue to happen from time to time over the remainder of this solar cycle maximum that we’re experiencing,” Dahl said.

Original Submission

hubie writes:

"We just would like for them to stop honking their horn at four in the morning repeatedly," one neighbor said:

In San Francisco's South of Market neighborhood, neighbors say repeated honking from Waymo driverless cars is disturbing their sleep.

Multiple residents in high-rise buildings off of 2nd Street near Harrison Street told NBC Bay Area News they have been hearing Waymo vehicles honking in a nearby parking lot for the past several weeks. They said that the lot began to be occupied by Waymo vehicles just a few weeks ago. The Waymos appear to go to the lot to rest in between rides.

Christopher Cherry who lives in the building next door said he was "really excited" to have Waymo in the neighborhood, thinking it would bring more security and quiet to the area.

"We started out with a couple of honks here and there, and then as more and more cars started to arrive, the situation got worse, " Cherry said.

Cherry said the honking happens daily at different levels, with the most intense honking occurring at around 4:00 a.m. and at evening rush hour times.

[...] Videos from residents of these incidents show Waymo cars filing into the parking lot, and then attempting to back into spots, which appears to trigger honking from the other Waymo cars.

[...] Neighbors note, there is no one in the cars that they can flag down and ask to stop the honking.

"I think the most frustrating thing about this is that there is just nobody to talk to, and even at the corporate level, I am finding it difficult, not impossible," White said.

Original Submission

Arthur T Knackerbracket has processed the following story:

This year's Pwnie Awards Ceremony was held on Saturday at the DEF CON hacker convention in Las Vegas. Now in its 17th year, the Pwnie Awards recognises some of the most outstanding achievements in technology security over the past year — as well as the greatest failures. 

As such, it was obvious that CrowdStrike would take home an award this year. Over 8.5 million Windows computers went down in July after the cybersecurity company pushed out an update to its software, bringing numerous companies and services across the world to a sudden halt. Businesses impacted included banks, airlines, mail carriers, supermarkets, and telecommunications companies.

The CrowdStrike outage was a massive global event, which has now been recognised with a massive Pwnie Award trophy. The two-tiered trophy awarded to CrowdStrike dwarfed the smaller pony-shaped ones for other categories, as befitting the eclipsing size of its blunder.

"Definitely not the award to be proud of receiving," Sentonas said in his acceptance speech, taking the stage to laughter and applause. "I think the team was surprised when I said straight away that I'd be coming to get it. We got this horribly wrong, we've said that a number of different times. It's super important to own it when you do things well, it's super important to own it when you do things horribly wrong, which we did in this case."

Accepting the large golden trophy, Sentonas stated that he intended to display it at CrowdStrike's headquarters in Austin, Texas. His hope is that it will serve as a reminder to CrowdStrike's staff to prevent such mistakes from happening in the future.

"The reason why I wanted the trophy is I'm heading back to headquarters," Sentosas continued. "I'm gonna take the trophy with me, it's gonna sit pride of place, because I want every CrowdStriker who comes to work to see it. Because our goal is to protect people, and we got this wrong, and I want to make sure that everybody understands these things can't happen, and that's what this community's about. So from that perspective I will say thank you."

Sentonas' in-person acceptance of CrowdStrike's Pwnie Award was widely well-received, with social media users praising him for accepting accountability with humility, class, and good humour.

Though CrowdStrike's Most Epic Fail trophy was only awarded this weekend, its win had already been announced alongside the Pwnie Award nominations in late July. This was within mere days of the infamous global outage that took down numerous companies and services worldwide. 

In a post to X at the time, the Pwnie Awards stated that it was granting the early award due to "extenuating circumstances." Said circumstance was likely the fact that CrowdStrike's fail was so epic that no one was likely to match it unless they deliberately tried. Even then, it would still be a difficult task.

While all other categories at the 2024 Pwnie Awards had three finalists, CrowdStrike had no competition for the Epic Fail Award. Instead, nominee details for the category simply read, "Lol. Lmao even."

Original Submission

upstart writes:

2.9 billion hit in one of the largest data breaches ever:

Regardless of how careful you are online, your personal data can still end up in the hands of hackers—and a new data breach that exposed the data of 2.9 billion people is the perfect example of this.

As reported by Bloomberg, news of this massive new data breach was revealed as part of a class action lawsuit that was filed at the beginning of this month. A complaint submitted to the US District Court for the Southern District of Florida claims the exposed personal data belongs to a public records data provider named National Public Data, which specializes in background checks and fraud prevention.

The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more, was stolen from National Public Data by a cybercriminal group that goes by the name USDoD. The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million. It's worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world.

Here's everything we know so far about this massive data breach along with some steps you can take to stay safe if your personal information was exposed online.

So how does a firm like National Public Data obtain the personal data of almost 3 billion people? The answer is through scraping which is a technique used by companies to collect data from web sites and other sources online.

What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.

According to the complaint, one of the plaintiffs who resides in California first found out about the breach because he was using one of the best identity theft protection services which notified him that his data was exposed and leaked on the dark web.

As part of the class action lawsuit, this plaintiff is asking the court to have National Public Data securely dispose of all the personal information it acquired through scraping. However, he also wants the firm to compensate him and the other victims financially while implementing stricter security measures going forward.

With full names, addresses and Social Security Numbers in hand, there's a lot that hackers can do with this information, especially when it was made available for sale on the dark web.

Original Submission

upstart writes:

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges:

The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.

"A signal handler in sshd(8) may call a logging function that is not async-signal-safe," according to an advisory released last week.

"The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges."

[...] "The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD," the project maintainers said.

"As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root."

Users of FreeBSD are strongly advised to update to a supported version and restart sshd to mitigate potential threats.

In cases where sshd(8) cannot be updated, the race condition issue can be resolved by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). While this change makes the daemon vulnerable to a denial-of-service, it safeguards it against remote code execution.

Original Submission