nefus - Slashdot User

Submission + - MSI Exposes 600K+ Warranty Records via Open Server

Submitted by ewhac on Friday July 12, 2024 @07:17PM

ewhac writes: Gamers Nexus today filed a YouTube video report that PC component manufacturer MSI left their internal warranty and RMA processing Web site accessible to the open Internet, with no authentication. Virtually the entire history of MSI warranty claims going back to at least 2017 were searchable and accessible for the browsing, including customer names, email addresses, phone numbers, and serial numbers of MSI devices. This event follows closely on the heels of a video report just a few days earlier of PC component manufacturer Zotac leaving their warranty/RMA and B2B records server open to indexing by Google. Gamers Nexus posted their reports after informing Zotac and MSI of their open servers and verifying they were no longer accessible. However, the data from MSI's server has almost certainly been fully scraped at this point, giving scammers a gold mine of data permitting them to impersonate MSI personnel and defraud customers. Anyone who's filed a warranty or RMA claim with MSI in the past seven years should exercise caution when receiving unsolicited emails or phone calls purporting to be from MSI.

Submission + - California Prohibited from Enforcing PI Licensing Law Against Anti-Spam Crusader (ij.org)

Submitted by schwit1 on Friday July 12, 2024 @04:31PM

schwit1 writes: U.S. District Judge Rita Lin has permanently enjoined the California Bureau of Security and Investigative Services from enforcing its private-investigator licensing requirement against anti-spam entrepreneur Jay Fink. The order declares that forcing Jay to get a license to run his business is so irrational that it violates the Due Process Clause of the Fourteenth Amendment.

Comment Re:Now we wait for the hardware... (Score 1) 49

by nefus on Tuesday April 02, 2024 @04:06PM (#64364676) Attached to: Researchers Unlock Fiber Optic Connection 1.2 Million Times Faster Than Broadband

But that isn't really what I meant, is it. :-)

Comment Now we wait for the hardware... (Score 1) 49

by nefus on Tuesday April 02, 2024 @09:58AM (#64363622) Attached to: Researchers Unlock Fiber Optic Connection 1.2 Million Times Faster Than Broadband

I guess we'll have to wait for hardware that can handle it now. Not to mention the licensing of this new fiber and the years it will take to install.

Comment Re:Funny (Score 0) 23

by nefus on Tuesday March 26, 2024 @09:57AM (#64345743) Attached to: Tennessee Becomes First State To Protect Musicians, Other Artists Against AI

Musicians have more protections in Tennessee than women do.

Hans Kristian Graebener = StoneToss

Oh, I didn't realize that musicians can't be women. Wowzers!

Submission + - Google publishes schedule for abolishing third-party cookies, starting 2024 (gigazine.net)

Submitted by AmiMoJo on Monday November 20, 2023 @06:11AM

AmiMoJo writes: Google engineers have published a schedule for eliminating third-party cookies in Chrome. It will be tested on 1% of users from the first quarter of 2024, and then phased out from the third quarter. The original plan was to abolish third-party cookies in 2022 , but due to suspicions of antitrust violations, this was postponed to the end of 2023, and then again to 2024. The abolition of third-party cookies will make it possible to protect privacy-related data such as what sites users visit and what pages they view from advertising companies.

Submission + - The Next Big Solar Storm Could Fry the Grid (wsj.com) 1

Submitted by SonicSpike on Thursday October 12, 2023 @10:04AM

SonicSpike writes: The odds are low that in any given year a storm big enough to cause effects this widespread will happen. And the severity of those impacts will depend on many factors, including the state of our planet’s magnetic field on that day. But it’s a near certainty that some form of this catastrophe will happen someday, says Ian Cohen, a chief scientist who studies heliophysics at the Johns Hopkins Applied Physics Laboratory.

To get ahead of this threat, a loose federation of U.S. and international government agencies, and hundreds of scientists affiliated with those bodies, have begun working on how to make predictions about what our Sun might do. And a small but growing cadre of scientists argue that artificial intelligence will be an essential component of efforts to give us advance notice of such a storm.

The most dangerous of these solar storms is known as a coronal mass ejection, when a gargantuan blob of charged particles is catapulted from the Sun’s atmosphere by rapidly shifting magnetic fields, at speeds in excess of 8,000 times that of sound. These happen often, but we’re rarely aware of them because they only affect us when they happen to strike earth.

What makes these huge blasts of particles so dangerous to our power grid and electronics is that, when they collide with Earth, the interaction of the sun’s magnetic field with our own can induce large currents in power lines on Earth. If you’ve ever moved a magnet back and forth across a copper wire to illuminate a lightbulb in science class, this is the same effect–but on a global scale. A solar storm can induce currents in power lines that are strong enough to trip safety mechanisms–or even seriously damage parts of our power-distribution infrastructure.

And while the undersea fiber-optic cables for internet data don’t carry electricity, they do have electrical signal-repeaters within them. These repeaters boost the optical signal as it travels the length of the cable. If they’re disabled, the cable ceases to function.

Solar storms can also pose a threat for satellites in higher orbits around earth–such as the ones that make up our GPS system–by bringing a spike in so-called killer electrons that can damage and, in extreme cases, disable the satellites. Closer to Earth, solar storms can heat the atmosphere, causing it to expand in a way that increases drag, which can cause some satellites in lower orbits to crash to the surface. This happened in February 2022, leading to the destruction of 40 Starlink satellites.

Solar storms have already struck again and again. In 1859, a now-legendary storm known as the Carrington Event hit, well before we built a civilization dependent on electronic devices that it could wreck. It caused auroras as far south as the Caribbean, made telegraph lines spark, caused fires at some telegraph stations, and shut down parts of the telegraphy network in the northern hemisphere.

Submission + - IRS says Microsoft may owe more than $29 billion in back taxes (cnbc.com)

Submitted by Anonymous Coward on Thursday October 12, 2023 @09:42AM

An anonymous reader writes: Microsoft

received Notices of Proposed Adjustment from the Internal Revenue Service for an additional tax payment of $28.9 billion, the company said in an 8-K filing Wednesday.

Microsoft said the dispute concerns the company's allocated profits between countries and jurisdictions between 2004 and 2013. It said up to $10 billion in taxes that the company has already paid are not reflected in the proposed adjustments made by the IRS.

Submission + - World-First Trial of Gene Therapy To Cure Form of Deafness Begins (ft.com)

Submitted by Anonymous Coward on Wednesday October 11, 2023 @06:50PM

An anonymous reader writes: A world-first trial of a gene therapy to cure a form of deafness has begun, potentially heralding a revolution in the treatment of hearing loss. Up to 18 children from the UK, Spain and the US are being recruited to the study, which aims to transform treatment of auditory neuropathy, a condition caused by the disruption of nerve impulses traveling from the inner ear to the brain. Participants will be monitored for five years to gauge whether their hearing improves, with initial results expected to be published next February.

Auditory neuropathy can be due to a variation in a single gene — known as the OTOF gene — which produces a protein called otoferlin. This protein typically allows the inner hair cells in the ear to communicate with the hearing nerve. Mutations in the OTOF gene can be identified by genetic testing. However, [Professor Manohar Bance, an ear surgeon at Cambridge University Hospitals NHS Foundation Trust who is leading the trial in the UK] said it was a condition often missed when newborn babies were screened for potential hearing problems. “This is one of the few conditions where everything works except the transmission between the hair cells and the nerve. So everything else looks fine when you test it, but they can’t hear anything. So these poor kids’ [difficulties] end up being missed,” Bance added.

The new gene therapy aims to deliver a working copy of the faulty OTOF gene using a modified, non-pathogenic virus. It will be delivered via an injection into the cochlea under general anaesthetic. Bance estimates that about 20,000 people across the US and five European countries — the UK, Germany, France, Spain and Italy — have auditory neuropathy due to OTOF mutations, underlining the potential significance of a successful treatment.[...] “If it works, it’s ‘one and done’” but the cost to health systems “is something that worries me," he added, noting that gene therapies could be priced in “the million dollar range” per patient. However, he hoped that “economies of scale” as the technology developed further would ultimately allow them to be provided more cheaply.

Submission + - Raspberry Pi 5 announced (raspberrypi.com) 1

Submitted by jizmonkey on Thursday September 28, 2023 @02:18AM

jizmonkey writes: Today the Raspberry Pi 5 was announced, to ship at the end of October. The new version is priced at $60 for the 4GB variant, and $80 for its 8GB sibling, and virtually every aspect of the platform has been upgraded. The new CPU is twice as fast and new features include simultaneous 5.0 Gbps USB 3.0 ports and a PCIe 2.0 x1 interface which can be used for an m.2 storage. Priority will be given to individual buyers through the end of the year.

Submission + - Backdoor Firmware Lets China State Hackers Control Routers With 'Magic Packets' (arstechnica.com)

Submitted by Anonymous Coward on Wednesday September 27, 2023 @04:54PM

An anonymous reader writes: Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday. The hacking group, tracked under names including BlackTech, Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has been operating since at least 2010, a joint advisory published by government entities in the US and Japan reported. The group has a history of targeting public organizations and private companies in the US and East Asia. The threat actor is somehow gaining administrator credentials to network devices used by subsidiaries and using that control to install malicious firmware that can be triggered with “magic packets” to perform specific tasks.

The hackers then use control of those devices to infiltrate networks of companies that have trusted relationships with the breached subsidiaries. “Specifically, upon gaining an initial foothold into a target network and gaining administrator access to network edge devices, BlackTech cyber actors often modify the firmware to hide their activity across the edge devices to further maintain persistence in the network,” officials wrote in Wednesday’s advisory. “To extend their foothold across an organization, BlackTech actors target branch routers—typically smaller appliances used at remote branch offices to connect to a corporate headquarters—and then abuse the trusted relationship of the branch routers within the corporate network being targeted. BlackTech actors then use the compromised public-facing branch routers as part of their infrastructure for proxying traffic, blending in with corporate network traffic, and pivoting to other victims on the same corporate network.”

Most of Wednesday's advisory referred to routers sold by Cisco. In an advisory of its own, Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities. Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware, the company said.

Submission + - Ask Slashdot: How do you deal with lousy browser spell-checkers?

Submitted by Tablizer on Wednesday September 27, 2023 @12:42PM

Tablizer writes: Chrome's spell checker doesn't list the proper option for "devine" or "preditor". Soundex would match them and is relatively simple to implement, but most browsers allegedly use the Hunspell algorithm. However, Hunspell doesn't handle incorrect vowels well. Browsers could offer a "More spelling options" menu item to bring up a wider dialog using alternative algorithms, such as Soundex. Until then, can anyone recommend good spelling plug-ins?

Submission + - 'The Blue Flash': How a Screwdriver Slip Caused a Fatal 1946 Atomic Accident

Submitted by theodp on Friday July 28, 2023 @10:07AM

theodp writes: A specially illustrated BBC story created by artist/writer Ben Platts-Mills tells the remarkable story of how a dangerous radioactive apparatus in the Manhattan Project killed a scientist in 1946.

"Less than a year after the Trinity atomic bomb test," Platts-Mills writes, "a careless slip with a screwdriver cost Louis Slotin his life. In 1946, Slotin, a nuclear physicist, was poised to leave his job at Los Alamos National Laboratories (formerly the Manhattan Project). When his successor came to visit his lab, he decided to demonstrate a potentially dangerous apparatus, called the "critical assembly". During the demo, he used his screwdriver to support a beryllium hemisphere over a plutonium core. It slipped, and the hemisphere dropped over the core, triggering a burst of radiation. He died nine days later."

In an interesting follow-up story, Platts-Mills explains how he pieced together what happened inside the room where 'The Blue Flash' occurred (it has been observed that many criticality accidents emit a blue flash of light).

Submission + - Senate Panel Advances Bill To Childproof the Internet (theverge.com)

Submitted by Anonymous Coward on Thursday July 27, 2023 @04:18PM

An anonymous reader writes: Congress is closer than ever to passing a pair of bills to childproof the internet after lawmakers voted to send them to the floor Thursday. The bills — the Kids Online Safety Act (KOSA) and COPPA 2.0 — were approved by the Senate Commerce Committee Thursday by a unanimous voice vote. Both pieces of legislation aim to address an ongoing mental health crisis amongst young people that some lawmakers blame social media for intensifying. But critics of the bills have long argued that they have the potential to cause more harm than good, like forcing social media platforms to collect more user information to properly enforce Congress’ rules.

KOSA is supposed to establish a new legal standard for the Federal Trade Commission and state attorneys general, allowing them to police companies that fail to prevent kids from seeing harmful content on their platforms. The authors of the bills, Sen. Marsha Blackburn (R-TN) and Richard Blumenthal (D-CT), have said the bill keeps kids from seeing content that glamorizes eating disorders, suicidal thoughts, substance abuse, and gambling. It would also ban kids 13 and under from using social media and require companies to acquire parental consent before allowing children under 17 to use their platforms. At Thursday’s markup, Blackburn proposed an amendment to remedy some of the concerns raised by digital rights groups, mainly language requiring platforms to verify the age of their users. Lawmakers approved those changes along with the bill, but the groups fear that platforms would still need to collect more data on all users to live up to the bill’s other rules. [...] The other bill lawmakers approved, COPPA 2.0, raises the age of protection under the Children’s Online Privacy Protection Act from 13 to 16 years of age, along with similar age-gating restrictions. It also bans platforms from targeting ads to kids.

Submission + - NIST Delays Could Push Post-Quantum Security Products Into the Next Decade (esecurityplanet.com)

Submitted by storagedude on Tuesday July 25, 2023 @07:48PM

storagedude writes: A quantum computer capable of breaking public-key encryption is likely years away. Unfortunately, so are products that support post-quantum cryptography.

That's the conclusion of an eSecurity Planet article by Henry Newman. With the second round of NIST's post-quantum algorithm evaluations — announced last week — expected to take "several years" and the FIPS product validation process backed up, Newman notes that it will be some time before products based on post-quantum standards become available.

"The delay in developing quantum-resistant algorithms is especially troubling given the time it will take to get those products to market," Newman writes. "It generally takes four to six years with a new standard for a vendor to develop an ASIC to implement the standard, and it then takes time for the vendor to get the product validated, which seems to be taking a troubling amount of time.

"I am not sure that NIST is up to the dual challenge of getting the algorithms out and products validated so that vendors can have products that are available before quantum computers can break current technology. There is a race between quantum technology and NIST vetting algorithms, and at the moment the outcome is looking worrisome."

And as encrypted data stolen now can be decrypted later, the potential for “harvest now, decrypt later” (HNDL) attacks "is a quantum computing security problem that’s already here."

Slashdot Top Deals