Newsfeed

Manager was fired, now wants his reputation restored with post on a prominent website

An Alibaba exec accused of sexually assaulting an employee has now sued the plaintiff for damage to his reputation and sought an apology, according to Chinese media reports.…

An anonymous reader quotes a report from The Drive: U.S. Space Force's General David Thompson, the service's second in command, said last week that Russia and China are launching "reversible attacks," such as electronic warfare jamming, temporarily blinding optics with lasers, and cyber attacks, on U.S. satellites "every single day." He also disclosed that a small Russian satellite used to conduct an on-orbit anti-satellite weapon test back in 2019 had first gotten so close to an American one that there were concerns an actual attack was imminent. Thompson, who is Vice Chief of Space Operations, disclosed these details to The Washington Post's Josh Rogin in an interview on the sidelines of the Halifax International Security Forum, which ran from Nov. 19 to 21 in Halifax, Nova Scotia, in Canada. The forum opened just four days after a Russian anti-satellite weapon test involving a ground-launched interceptor, which destroyed a defunct Soviet-era electronic intelligence satellite and created a cloud of debris that presents a risk to the International Space Station (ISS). That test drew widespread condemnation, including from the U.S. government, and prompted renewed discussion about potential future conflicts in space. "The threats are really growing and expanding every single day. And it's really an evolution of activity that's been happening for a long time," Thompson, told Rogin. "We're really at a point now where there's a whole host of ways that our space systems can be threatened." "Right now, Space Force is dealing with what Thompson calls 'reversible attacks' on U.S. government satellites (meaning attacks that don't permanently damage the satellites) 'every single day,'" according to Rogin. "Both China and Russia are regularly attacking U.S. satellites with non-kinetic means, including lasers, radio frequency jammers, and cyber attacks, he said." [...] Thompson's assertion that these kinds of attacks are occurring with extreme frequency is new. It underscores the rapid development and fielding by Russia and China, among others, of a wide variety of anti-satellite capabilities, something the U.S. military has called increasing attention to in recent years. "The Chinese are actually well ahead [of Russia]," Thompson told Rogin. "They're fielding operational systems at an incredible rate." "Thompson could not confirm or deny whether any American satellites had actually been damaged in a Russian or Chinese attack," the report adds. "[H]e told Rogin that even if such a thing had occurred, that very fact would be classified." He did, however, provide new details about the incident in 2019 where a small Russian satellite released a projectile in one on-orbit anti-satellite weapon test. According to The Drive, "Russia's satellite had first got in very close to a U.S. 'national security satellite' and that 'the U.S. government didn't know whether it was attacking or not.'" "It maneuvered close, it maneuvered dangerously, it maneuvered threateningly so that they were coming close enough that there was a concern of collision," Thompson said. "So clearly, the Russians were sending us a message."

Read more of this story at Slashdot.

Recent change to cloud services suspected as cause, any real messes will be advised in email only for now

Updated  Admins in charge of Microsoft 365 subscriptions are complaining that the software giant is spamming them with a stream of bulk and bogus notifications sent to the admin app for iOS.…

Long-time Slashdot reader tinskip shares a report from BleepingComputer: Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. "As alleged, Nickolas Sharp exploited his access as a trusted insider to steal gigabytes of confidential data from his employer, then, posing as an anonymous hacker, sent the company a nearly $2 million ransom demand," U.S. Attorney Damian Williams said today. "As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistleblower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company's computer systems." According to the indictment (PDF), Sharp stole gigabytes of confidential data from Ubiquiti's AWS (on December 10, 2020) and GitHub (on December 21 and 22, 2020) infrastructure using his cloud administrator credentials, cloning hundreds of GitHub repositories over SSH. Throughout this process, the defendant tried hiding his home IP address using Surfshark's VPN services. However, his actual location was exposed after a temporary Internet outage. To hide his malicious activity, Sharp also altered log retention policies and other files that would have exposed his identity during the subsequent incident investigation. "Among other things, SHARP applied one-day lifecycle retention policies to certain logs on AWS which would have the effect of deleting certain evidence of the intruder's activity within one day," the court documents read. After Ubiquiti disclosed a security incident in January following Sharp's data theft, while working to assess the scope and remediate the security breach effects he also tried extorting the company (posing as an anonymous hacker). His ransom note demanded almost $2 million in exchange for returning the stolen files and the identification of a remaining vulnerability. The company refused to pay the ransom and, instead, found and removed a second backdoor from its systems, changed all employee credentials, and issued the January 11 security breach notification. After his extortion attempts failed, Sharp shared information with the media while pretending to be a whistleblower and accusing the company of downplaying the incident. This caused Ubiquiti's stock price to fall by roughly 20%, from $349 on March 30 to $290 on April 1, amounting to losses of over $4 billion in market capitalization.

Read more of this story at Slashdot.

In a separate incident officers also arrested a man on suspicion of drink driving on the A130

mrflash818 shares a report from PCMag: To avoid a lawsuit, Donald Trump's social media site is quietly acknowledging the computer code powering the platform comes from Mastodon. Trump's "Truth Social" site now features a dedicated section labeled "open source," which contains a Zip archive to Mastodon's source code. "Our goal is to support the open source community no matter what your political beliefs are. That's why the first place we go to find amazing software is the community and not 'Big Tech,'" the site adds. Truth Social created the section on Nov. 12, two weeks after social networking provider Mastodon threatened to sue Trump's platform for violating its open-source license. Since Mastodon is an open-source software project, anyone can use it for free. But if you do, the software license demands the code and any ensuing modifications to your Mastodon-powered platform be made publicly available, allowing the entire Mastodon community to benefit. (This doesn't include publishing any user data or disclosing admin access, though.) [...] However, it appears the uploaded Zip archive is simply a barebones version of the existing Mastodon source code you can already find on GitHub. The archive itself is only a mere 30MB in size. Nevertheless, Rochko said the Zip archive might "become more interesting" once Truth Social finally launches.

Read more of this story at Slashdot.

According to Insider, Google is planning to launch its own in-house smartwatch in 2022. "Two employees said a spring launch was possible if the latest testing round is a success, however all sources stressed that details and timelines were subject to change depending on feedback from employees testing the device," reports Insider. From the report: The device, which is internally codenamed "Rohan," will showcase the latest version of Google's smartwatch software to customers and partners [...]. To date, Google has opted to create software for smartwatches built by partners such as Samsung, but has not made a device of its own. [...] Unlike the Apple Watch, Google's smartwatch is round and has no physical bezel, according to artistic renders viewed by Insider and employees who have seen it. Like Apple's device, it will capture health and fitness metrics. The watch has sometimes been referred to internally as the "Pixel watch" or "Android watch," but executives have used a variety of names to refer to the project and it is unclear what branding Google will land on if and when it launches the device. [...] The Rohan watch has a heart-rate monitor and offers basic health-tracking features such as step counting. In its current form the watch will require daily charging, according to a feedback document seen by Insider. One employee testing the watch lamented the charging was slow. Like the Apple Watch, Google's wearable will also use proprietary watchbands. [...]

Read more of this story at Slashdot.

Traffic police in the Epping Forest area stopped dozens of drivers around Buckhurst Hill

Long-time Slashdot reader Aighearach shares a report from Reuters: President Joe Biden on Thursday laid out his strategy to fight the coronavirus as the highly contagious Omicron spread across the globe with winter coming and hours after the first known U.S. case of community transmission of the variant was reported. [...] In California and Colorado, the patients had recently returned from trips to southern Africa and had not gotten booster doses. The case in Minnesota is the first known community transmission within the United States. The patient in Minnesota had recently travelled to New York City for an anime convention, prompting the city to launch contact tracing to try to contain the spread. "We are aware of a case of the Omicron variant identified in Minnesota that is associated with travel to a conference in New York City, and we should assume there is community spread of the variant in our city," New York City Mayor Bill de Blasio said. The person told state health investigators he attended the Anime NYC 2021 convention at the Javits Center from Nov. 19 to 21 and developed mild symptoms on Nov. 22. How many Slashdot readers were there? Have you had a recent COVID test? As of this writing, CNBC reports a total of five cases of the omicron Covid-19 variant have been confirmed in New York. "Cases were discovered in Suffolk County, two in Queens, one in Brooklyn and one in New York City," the report states, citing Gov. Kathy Hochul.

Read more of this story at Slashdot.

FTC sues to block deal because it would be bad for competition

The US Federal Trade Commission, having previously expressed unease about Nvidia's plan to acquire UK chip design firm Arm, acted on its concern Thursday by suing to prevent the deal.…

An anonymous reader quotes a report from Gizmodo: Microsoft, one of the pioneers of DNA storage, is making some headway, working with the University of Washington's Molecular Information Systems Laboratory, or MISL. The company announced in a new research paper the first nanoscale DNA storage writer, which the research group expects to scale for a DNA write density of 25 x 10^6 sequences per square centimeter, or "three orders of magnitude" (1,000x) more tightly than before. What makes this particularly significant is that it's the first indication of achieving the minimum write speeds required for DNA storage. Microsoft is one of the biggest players in cloud storage and is looking at DNA data storage to gain an advantage over the competition by using its unparalleled density, sustainability, and shelf life. DNA is said to have a density capable of storing one exabyte, or 1 billion gigabytes, per square inch -- an amount many magnitudes larger than what our current best storage method, Linear Type-Open (LTO) magnetic tape, can provide. What do these advantages mean in real-world terms? Well, the International Data Corporation predicts data storage demands will reach nine zettabytes by 2024. As Microsoft notes, only one zettabyte of storage would be used if Windows 11 were downloaded on 15 billion devices. Using current methods, that data would need to be stored on millions of tape cartridges. Cut the tape and use DNA, and nine zettabytes of information can be stored in an area as small as a refrigerator (some scientists say every movie ever released could fit in the footprint of a sugar cube). But perhaps a freezer would be a better analogy, because data stored on DNA can last for thousands of years whereas data loss occurs on tape with 30 years and even sooner on SSDs and HDDs. Finding ways to increase write speeds addresses one of the two main problems with DNA storage (the other being cost). With the minimum write speed threshold within grasp, Microsoft is already pushing ahead with the next phase. "A natural next step is to embed digital logic in the chip to allow individual control of millions of electrode spots to write kilobytes per second of data in DNA, and we foresee the technology reaching arrays containing billions of electrodes capable of storing megabytes per second of data in DNA. This will bring DNA data storage performance and cost significantly closer to tape," Microsoft told TechRadar.

Read more of this story at Slashdot.

Google has removed The Pirate Bay and more than 100 related domains from its search results in the Netherlands. The search engine points to a local pirate site-blocking order that was forwarded by anti-piracy group BREIN. The order targets ISPs and doesn't name Google but the company chose to voluntarily comply. TorrentFreak reports: The reason for this broad removal is provided by Google itself. The search giant notes that the results were removed in response to a legal request. This 'request' came from local anti-piracy group BREIN and includes a copy of a Dutch site-blocking order. The order, issued in October last year, required Dutch ISPs Ziggo, KPN, and XS4ALL to block access to Pirate Bay mirrors and proxy sites. Google isn't listed as a party in this lawsuit, but a copy was sent to the search engine nonetheless. BREIN's request, at least the part that's available publicly, doesn't explain why it would apply to Google. However, BREIN informs us that it's not uncommon for Internet services to comply with orders that don't target them directly. A few weeks ago, Dutch ISPs agreed to a covenant where they promise to comply with site-blocking orders that are targeted at other ISPs. While Google is not part of this agreement, in this case it chose to follow the court order. "In essence, this is the same situation as recently agreed in the Dutch government-supported covenant between right holders and internet access providers," BREIN director Tim Kuik informs TorrentFreak. "Dutch case law also shows that once there is a contested court order against one access provider, courts do grant the same order against others if they refuse to conform to it even though they are not named in it." The report notes that this is "the first time that Google has complied with a pirate site blocking order without being named." BREIN has gone on to submit the legal paperwork to block six additional pirate sites, including proxies and mirrors.

Read more of this story at Slashdot.

Badger, badger, badger, coin theft, coin theft!

BadgerDAO, maker of a decentralized finance (DeFi) protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen.…

The White House will unveil a group of countries next week that have pledged to work together to curb exports of technology that can be used by bad actors and repressive governments to violate human rights, senior administration officials said on Thursday. Reuters reports: The announcement, which will be made as part of U.S. President Joe Biden's Summit for Democracy, is aimed at addressing "the misuse of certain dual-use technologies that can lead to human rights abuses" and ensuring "critical and emerging technologies work for and not against democratic societies," the officials told reporters in a briefing call. The officials declined to name the countries that would join the group or the technologies or users targeted by it, but said members would develop and adopt a "written nonbinding code of conduct or statement of principles intended to guide the application of human rights criteria to export licensing policy." The officials singled out China as an example of a nation that has misused technology to control its population.

Read more of this story at Slashdot.

Enforcing rules on content is in everybody's interest, court decides

A federal judge on Wednesday blocked Texas legislation banning large social media companies from moderating content, one day before the law was due to come into effect.…

How to coordinate 16 Arms

Keen on Kubernetes? It has been a long wait, but the Turing Pi 2 is finally close to shipping.…

An anonymous reader quotes a report from Ars Technica: Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. "Project owners can list their tokens without the burden of capital requirements and focus on using funds for building the project instead of providing liquidity," MonoX company representatives say here. "It works by grouping deposited tokens into a virtual pair with vCASH, to offer a single token pool design." An accounting error built into the company's software let an attacker inflate the price of the MONO token and to then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenIn -- that is, the token sent by the user -- decreases and the price of tokenOut -- or the token received by the user -- increases. By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains. There's no practical reason for exchanging a token for the same token, and therefore the software that conducts trades should never have allowed such transactions. Alas, it did, despite MonoX receiving three security audits this year. "These kinds of attacks are common in smart contracts because many developers do not put in the legwork to define security properties for their code" said Dan Guido, an expert in securing smart contracts and CEO of security consultancy Trail of Bits. "They had audits, but if the audits only state that a smart person looked at the code for a given period of time, then the results are of limited value. Smart contracts need testable evidence that they do what you intend, and only what you intend. That means defined security properties and techniques employed to evaluate them." According to Blockchain researcher Igor Igamberdiev, the drained tokens included $18.2 million in Wrapped Ethereum, $10.5 in MATIC tokens, and $2 million worth of WBTC, along with small amounts of tokens for Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X.

Read more of this story at Slashdot.

The Federal Trade Commission on Thursday sued to block Nvidia's $40 billion acquisition of a fellow chip company, Arm, halting one of the biggest semiconductor industry deals in history. From a report: The F.T.C. said the deal between Nvidia, which is based in California and makes chips, and Arm, a British company that designs chips, would stifle competition and harm consumers. The proposed deal would give Nvidia control over computing technology and designs that rival firms rely on to develop competing chips. "Tomorrow's technologies depend on preserving today's competitive, cutting-edge chip markets," said Holly Vedova, the director of the F.T.C.'s competition bureau. "This proposed deal would distort Arm's incentives in chip markets and allow the combined firm to unfairly undermine Nvidia's rivals." The companies announced the merger in September 2020 and said the merger would position the companies as leaders in semiconductors for artificial intelligence.

Read more of this story at Slashdot.

Prosecutors claim Nickolas Sharp even posed as a whistleblower to press

A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm's share price – including allegedly planting fake press stories about the breaches.…

Goldman Sachs is among a handful of tier-one U.S. banks figuring out how to use bitcoin as collateral for cash loans to institutions, CoinDesk reported Thursday, citing people familiar with the plans. From the report: Banks such as Goldman will not touch cryptocurrency spot markets but lean towards synthetic crypto products such as futures. Emulating tri-party repo type arrangements (a way of borrowing funds by selling securities with an agreement to repurchase them, involving a third-party agent), banks are exploring ways to follow the same path of not touching bitcoin, like other synthetic products. It's an opportunity that lays the groundwork for more integrated crypto prime brokerage services in the future, according to the sources CoinDesk spoke with. It's also a continuation of Wall Street's relatively sudden embrace of a $2.7 trillion asset class -- albeit with somewhat niche products. "Goldman was working on getting approved for lending against collateral and tri-party repo," said one of the people. "And if they had a liquidation agent, then they were just doing secured lending without ever having bitcoin touch their balance sheet."

Read more of this story at Slashdot.