The [Internet] is moving faster than ever before. Twitter and Facebook each took more than four years to reach the 100-million-users milestone; Instagram took just over two. TikTok did it in nine months. Now the record has been broken twice in 2023 alone. The apps themselves have evolved—product managers have spent zillions of hours optimizing sign-up “flows” to get people through registration and actually using the things as quickly as possible, and Threads, with its connection to Instagram, benefits from these efforts more than most. But it is also the case that the web is in a new FOMO era. The job of testing the next big thing was once assigned to just the very online; now we all feel like we’re primed to sign up right away or risk being left behind. We all have the fear of missing out.
Earlier this year, the WHO concluded that calorie-free sweeteners in general do not help with weight loss and may increase the risk of type 2 diabetes and cardiovascular disease.
The poll also found that one in five workers (21 per cent) are encouraged to work unpaid overtime, with Londoners facing the most pressure to do so, at 35 per cent. Comparatively, 17 per cent of people in the north of England, 21 per cent in the Midlands, 20 per cent in the south, 16 per cent in Wales, 20 per cent in Scotland and 9 per cent in Northern Ireland said this was the case.
BlackLotus burst on the scene last fall when it was spotted for sale on the Dark Web for $5,000. It has the dubious distinction of being the first in-the-wild malware to successfully bypass to Microsoft's Unified Extensible Firmware Interface (UEFI) Secure Boot protections.
UEFI is the firmware that's responsible for the booting-up routine, so it loads before the operating system kernel and any other software. BlackLotus — a software, not a firmware threat, it should be noted — takes advantage of two vulnerabilities in the UEFI Secure Boot function to insert itself into the earliest phase of the software boot process initiated by UEFI: CVE-2022-21894, aka Baton Drop, CVSS score 4.4; and CVE-2023-24932, CVSS score 6.7. These were patched by Microsoft in January 2022 and May 2023 respectively.
But the country's top technology intelligence division warned that applying the available Windows 10 and Windows 11 patches is only a "a good first step."
BlackLotus targets Windows boot by exploiting a flaw in older boot loaders, or boot managers, to set off a chain of malicious actions that compromise endpoint security. This is achieved by exploiting the Baton Drop vulnerability to strip the Secure Boot policy and prevent its enforcement.
BlackLotus shares some characteristics with Boot Hole, a vulnerability discovered in 2020. Unlike Boot Hole, however, BlackLotus targets vulnerable boot loaders that have not been added to the Secure Boot Deny List Database (DBX) revocation list.
Then, in research published in March, ESET malware analyst Martin Smolár confirmed the myth of an in-the-wild bootkit bypassing Secure Boot "is now a reality," as opposed to hypothetical threats raised by some experts and the usual slew of fake bootkits criminals attempted to trick fellow miscreants into buying.
No Linux-targeting variant of the malware has been observed; BlackLotus strictly nobbles Microsoft Windows machines.
There is a big difference between answering "medical questions and actual medicine," which includes diagnosing and treating genuine health problems," he said.
QuickBlox’s video and chat features are commonly used in mainstream telemedicine applications and platforms. The researchers analyzed a mobile telemedicine application from an undisclosed organization that uses QuickBlox’s framework to provide chat and video services for patients to connect with physicians. The research revealed existing vulnerabilities that worsened when combined with QuickBlox’s framework.
The FTC earlier this week sent a 20-page request for records about how OpenAI addresses risks related to its AI models. The agency is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers, according to the letter, which was reported by the Washington Post.
A civil investigative demand letter has been sent and the investigation is now underway, per the source familiar.
The FTC called on OpenAI to provide detailed descriptions of all complaints it had received of its products making “false, misleading, disparaging or harmful” statements about people. The FTC is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers, according to the document.
The attack was targeted, according to a person briefed on the intrusion into the government networks, with the hackers going after specific accounts rather than carrying out a broad-brush intrusion that would suck up enormous amounts of data. Adam Hodge, a spokesman for the White House’s National Security Council, said no classified networks had been affected. An assessment of how much information was taken is continuing.
Nevertheless, Senate intelligence committee chair Mark Warner issued a statement saying it was “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence” that shows China is “steadily improving its cyber collection capabilities directed against the U.S. and our allies.”
Beside the State Department, it wasn’t known which other US agencies were impacted by the breach. A senior official said the number of agencies was in the single digits.
Citing a statement from US officials, the Washington Post reported that Storm-0558 also breached unclassified email accounts linked to the US government.
The US had detected the breach of federal government accounts "fairly rapidly" and had managed to prevent further breaches, White House national security adviser Jake Sullivan said in an interview with ABC television.
Internet access is growing rapidly across Africa. Although [Internet] penetration is 28% continentwide, it is more than 50% in Nigeria and more than 85% in Kenya, which are two of the continent’s top targets for cyberattacks.
South Africa, where nearly 72% of the population is online, spends a larger share of its economy on cybersecurity than any other African country, yet its citizens remain at risk of abuse by scam artists, criminals and other cybercriminals, according to Kearney, a global management company with an office in Johannesburg.
Linux distributors and application developers using the open-source Ghostscript interpreter for the PostScript language and PDFs are being urged to apply the latest security patch for the utility after the discovery of a major hole.
This vulnerability, CVE-2023-36664, was assigned a CVSS score of 9.8, and could allow for code execution caused by Ghostscript mishandling permission validation for pipe devices.
PyLoose is a relatively simple Python script with a precompiled, base64-encoded XMRig miner, a widely abused open-source tool that uses CPU power to solve complex algorithms required for cryptomining.
Security updates have been issued by Debian (ruby-doorkeeper), Fedora (mingw-nsis and thunderbird), Red Hat (bind9.16, nodejs, nodejs:16, nodejs:18, python38:3.8 and python38-devel:3.8, and rh-nodejs14-nodejs), Slackware (krb5), SUSE (geoipupdate, installation-images, libqt5-qtbase, python-Django1, and skopeo), and Ubuntu (knot-resolver, lib3mf, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-gcp, linux-ibm, linux-oracle, linux-azure-fde, linux-xilinx-zynqmp, and scipy).
When the arrest of Conor Fitzpatrick, aka “Pompompurin,” was made known on March 17, 2023, the members of Breached.vc (“BreachForums”) were shocked to learn from court filings how poor their forum owner’s OpSec was and that he had already admitted to law enforcement that he was known as “Pompompurin” and was the owner of BreachForums. It seemed very likely that with all the evidence law enforcement had and his own admissions, “Pom” would likely plead guilty in hopes of some reduced charges or sentencing.
QuickBlox, a software development framework used in telemedicine and finance, was found to have several critical security flaws, according to a joint study from computer and network security research firms Check Point Research and Claroty Team82 published July 12.
QuickBlox’s video and chat features are commonly used in mainstream telemedicine applications and platforms. The researchers analyzed a mobile telemedicine application from an undisclosed organization that uses QuickBlox’s framework to provide chat and video services for patients to connect with physicians. The research revealed existing vulnerabilities that worsened when combined with QuickBlox’s framework.
Over 34 million Indonesian passports were leaked in a massive data breach impacting the country’s Immigration Directorate General at the Ministry of Law and Human Rights.
Cybersecurity researcher and founder of Ethical Hacker Indonesia, Teguh Aprianto, disclosed the breach on his Twitter account @secgron, attributing the attack to a hacktivist identified as Bjorka.
The Federal Trade Commission has opened an expansive investigation into OpenAI, probing whether the maker of the popular ChatGPT bot has run afoul of consumer protection laws by putting personal reputations and data at risk.
The agency this week sent the San Francisco company a 20-page demand for records about how it addresses risks related to its AI models, according to a document reviewed by The Washington Post. The salvo represents the most potent regulatory threat to date to OpenAI’s business in the United States, as the company goes on a global charm offensive to shape the future of artificial intelligence policy.
Installed on more than one million WordPress sites, the security and firewall plugin was designed to prevent cyberattacks such as brute-force attempts, warn when the default admin username is used for login, prevent bot attacks, log user activity, and eliminate comment spam.
It was discovered that AIOS version 5.1.9 writes plaintext passwords from login attempts to the database, which essentially provides any privileged user with access to the login credentials of all other administrator users.
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]
Passport and ID card – soon available only through a smartphone app? At least that’s how the EU Commission seems to envision it.
The European Commission’s Migration and Home Affairs Department (DG HOME) has launched an initiative to digitalise travel documents. Following the public consultation, this could result in a proposal for an EU regulation in the third quarter of 2023.
Under the General Vehicle Safety Regulation, all new types of vehicles must be fitted with an advanced driver distraction warning system from mid-2024. The system monitors primarily driver eye movements and warns drivers when distracted. This will help reduce accidents on EU roads.
This initiative sets out the specific test procedures and technical requirements for the approval of vehicles fitted with this system.
The French police are getting new surveillance powers: [...]
In a special broadcast on TV channel Medya Haber, PKK Executive Council member Duran Kalkan said that Tayyip Erdoßan and his government want to continue Turkey's genocidal policy against the Kurds, implemented since 1923 under the Lausanne Treaty, by leaning on NATO.
The Executive Council of the Kurdistan National Congress (KNK) released a statement condemning the acquiescence of NATO and Sweden to Erdoßan’s demands and their complicity in the Turkish state’s attacks against the Kurdish people.
The statement released by KNK Executive Council on Wednesday includes the following:
“At the 2023 NATO Summit in Lithuania, world leaders accepted the demands of authoritarian Turkish President Recep Tayyip Erdoßan, transforming the event into a high-level diplomatic session sanctioning the oppression of the Kurdish people and promising continued bloodshed and displacement throughout Kurdistan. [...]
This development certainly also concerns Greek interests as the government is rightly demanding guarantees about whether and how Ankara will use the aircraft it will procure from the United States.
Al-Azhari admitted in court papers that he scouted potential terrorism targets in the Tampa Bay area, sought to acquire multiple weapons and pledged an oath of allegiance to the Islamic State. The FBI recorded many conversations between Al-Azhari and confidential or undercover sources in which he discussed avenging imprisoned Islamic State fighters and using violence to oppose U.S. military actions in the Middle East.
Despite a landmark decision in the world of crypto regulation yesterday with the SEC's ruling on Ripple Labs' XRP currency, crypto at large is far from thriving. One area in a particularly rough patch is the NFT sector, with multiple firms making major cuts recently.
Most prominently is Dapper Labs, which announced cuts to 51 employees. This is its third round of cuts in nine months: first 22% in November, then 20% more in February, now an estimated 13%.
Liz Truss was back in the headlines this week, when she appeared at the launch of a new lobby group called the Growth Commission on Wednesday.
Some commentators pointed out the irony of a prime minister who tanked the pound – and failed to outlast a lettuce – saying that her widely criticised mini budget “may pay off in the long term”.
Today in Tedium: There’s a certain problem I’ve noticed with social media recently, and it has something to do with the last issue I wrote, regarding Threads. Basically, there are so many emerging social networks right now because Loud Annoying Space Man gave us all a reason to leave Twitter. But the problem is that some of your friends went to Threads. Some of them went to Bluesky. Some went to Mastodon. Some went to T2. Some are still on Twitter. None of these services have compatible APIs at this point. And all of your friends want to read that witty thing you said. So, as an end user, you’re ultimately stuck messaging to people on every single network. This is a solvable problem—and one that we’ve had plenty of practice with in the instant messenger era. Today’s Tedium talks instant messaging protocols, both open and closed, and what they could teach us about this current moment. — Ernie @ Tedium
The implications of the legislative disaster that is Bill C-18 continue to unfold as Canadian Heritage Minister Pablo Rodriguez is now essentially doing precisely what he said would not do, namely negotiate with the big tech platforms over government mandated payments for news links. Rodriguez had long claimed that the bill was designed to keep the government out of the issue and to leave it to the platforms and media companies to craft agreements. Yet with the departmental update this week, it is clear that the government is now discussing a minimum spend for inclusion in the regulations, effectively putting itself at the very head of the negotiating table.
The Supreme Court in Sweden on Thursday said there are "obstacles to extradition" of two Turkish citizens wanted by Ankara for alleged involvement in the so-called Gulen movement.
In a statement, the court said "the requirement of dual criminality" — when a criminal offense in Turkey would also be considered a crime in Sweden — had not been met.
Evidently inspired by her raging bigot of a husband's WTF ad with oiled beefcakes and serial killers, Casey DeSantis, aka "America's Karen," released her own overwrought plug - cue Nazi marching music! - declaring she and other zealot moms will "protect the innocence of our children" from history, empathy, masks, books, rainbows, immigrants, black people and sweet Jesus male seahorses giving birth by electing her loathsome partner in crime to "do for America what he did for us in Florida." Thanks, no thanks.
What kind of a week was last week in the theater of war wherein battles rage over illegal censorship, illegal attacks on freedom of speech, illegal government infringements on our constitutional rights, and, amid it all, the complicity of our most powerful media in these illegalities? For a brief while it looked as though it was a very fine week. On July 4, an excellent day for this, a district court in Louisiana ruled that the White House and a long list of other federal agencies are barred from all contacts with social media companies if the intent is to intimidate or otherwise coerce Twitter, Google, Facebook, and other such platforms into deleting, suppressing, or in any way obscuring content protected as free speech, to paraphrase a key passage in the ruling.
However, a number of Western countries expressed during the debates their opposition to the anti-blasphemy laws and, at the same time, strongly denounced the burning of the Quran in Sweden.
"We regret having to vote against this unbalanced text, but it contradicts positions we have long taken on freedom of expression," said U.S. Ambassador Michele Taylor.
As for her French counterpart, Jerome Bonnavon, he indicated that human rights protect "persons and not religions, sects, beliefs, or their symbols."
"There's this colossal elephant in the room and, until I deal with that, it is difficult to take seriously anything else," he said.
In an interview with the BBC, the 76-year-old British-American author said he is working with a “very good therapist” but is still indecisive on whether he will attend another public event that is not invitation-only and “controllable.” His attacker, 24-year-old Hadi Matar — who is being charged with attempted murder — pleaded not guilty in August 2022.
"I'm in two minds about it," he continued. "There's one bit of me that actually wants to go and stand on the court and look at him and there's another bit of me that just can't be bothered.
"I don't have a very high opinion of him. And I think what is important to me now is that you're able to find life continuing. I'm more engaged with the business of, you know, getting on with it."
He also said that he still employs security now in America on certain occasions. At the time of the attack, he was living without round-the-clock security after a fatwa was issued by Iran’s Ayatollah Khomeini in 1988, which put him into hiding for a decade. “Writers don’t have much power. We don’t have armies,” he said. “What we have is the ability to write about the world, if we’re any good, that might endure.”
Talking about his upcoming book on the stabbing incident, he told the BBC that it won't be more than a "couple of hundred of pages" long.
The writer was stabbed by a 24-year-old man named Hadi Matar, who has been charged with attempted murder. He has pleaded not guilty and is being held without bail.
Attacks against Rushdie have been feared since the late 1980s and the publication of his novel The Satanic Verses, which Iran’s Ayatollah Ruhollah Khomeini condemned as blasphemous for passages referring to the Prophet Muhammad.
Khomeini had issued a decree calling for Rushdie’s death after the publication of his book, forcing the author into hiding.
As far as the council is concerned, this is no ordinary doodle, but a clear and deliberate representation of the so-called nine-dash line: a maritime boundary demarcating Beijing’s contested ownership of the South China Sea. The line has been featured on Chinese maps since the 1940s and, despite being rejected by the International Court of Justice in The Hague in 2016, is still used today to justify the expansion of China’s naval presence in the region, its construction of artificial islands, and its intimidation of foreign fishermen.
In yesterday's session, the Green Left Party presented a proposal to prioritize the investigation on imprisoned journalists ahead of other motions in parliament. MP Ayà Ÿegül Doßan took the floor to explain the proposal and, while discussing long-standing violations of freedom of expression against Kurdish media, made reference to the book.
The Digital Security Act, which criminalizes several forms of speech online, has frequently been used to target critical journalists in Bangladesh since its enactment in 2018. In March 2023, Bangladesh authorities arrested a Prothom Alo reporter and opened multiple investigations under the act into the leading newspaper’s leadership and staff, prompting United Nations human rights chief Volker Türk to reiterate his call on authorities to impose an immediate moratorium on the law.
On June 27, the day the driver was killed, a protester [sic] hit Kiran Ridley, a photographer with photo agency Getty Images, three times on his head in the western Parisian suburb of Nanterre, and three other protesters [sic] threw stones at him before he could flee from the scene. Ridley was treated for a broken nose and had to undergo facial reconstruction surgery, the reporter told CPJ via messaging app.
Pushkin had an ulcer and did not receive timely medical treatment, independent Belarussian media reported, citing unnamed sources informed on the matter. He was arrested in March 2021 and, a year later, sentenced for desecrating state symbols and inciting hatred.
The reason? Pushkin had painted a portrait of Yevgeny Shikhar, the leader of the Belarusian anti-Soviet underground after World War II, and shown it at an exhibition.
“Though we negotiated intent on making a fair deal — and though your strike vote gave us the leverage to make some gains — the studios’ responses to our proposals have been wholly insufficient, given the existential crisis writers are facing,” the negotiating committee wrote to membership in a letter. “The companies’ behavior has created a gig economy inside a union workforce, and their immovable stance in this negotiation has betrayed a commitment to further devaluing the profession of writing.”
[...]
Meanwhile, according to the WGA’s calculations, industry profits have ballooned from $5 billion in 2000 to $28-$30 billion from 2017-2021. Spending on original streaming content grew from $5 billion in 2019 to $19 billion in 2023 — the lion’s share of it by Netflix, which reported $6 billion in operating profits in 2021 and $5.6 billion in 2022.
If anything will help illustrate the absolute necessity of SAG-AFTRA striking, it’s these proposed “groundbreaking” AI concessions that the AMPTP allegedly offered during negotiations. It was addressed in remarks by one of the SAG-AFTRA leaders, Duncan Crabtree-Ireland, who explained: “They proposed that our background performers should be able to be scanned, get one day’s pay, and their company should own that scan, their image, their likeness and should be able to use it for the rest of eternity, in any project they want with no consent and with no compensation.”
The severe method comes out of the guild’s successful battle with the agencies in 2021 over dismantling the lucrative practice of packaging. The WGA picked off one agency after another until final holdout WME backed down, a tactic seen as a warning sign by many in the studio and streamer C-suites.
[...]
On a parallel track and reinforcing the AMPTP’s divide-and-conquer approach, negotiations with the Director’s Guild in late May proved a success, with ratification coming last month. Even if the 160,000-member SAG-AFTRA joins the WGA on the picket lines, the studios hope to get the actors back to the negotiating table in a few weeks.
There are many reasons for this, the report’s authors explain, but the main one is that new units being produced are on the higher end and not affordable to people with the lowest incomes. Coupled with rent increases and deteriorating buildings, it means the benefits of the housing boom have been uneven. According to the report, “while multifamily rental construction is at a decades-long peak, the high asking rents of new units make them unaffordable for many households.”
We just got done noting how Dish Network’s long-hyped 5G wireless network is likely doomed. While they’re technically building a “wireless network,” the network’s coverage, phone selection, and overall quality has proven laughable so far, and there have been growing worries that Dish is running out of cash.
The European Commission sent a charge sheet to the world's most popular social network last December, singling out two practices that showed that Meta abused its market power.
It said Meta's tying of its online classified ads service Facebook Marketplace with its social network Facebook gave the former an unfair advantage.
Driving the news: Notice of the appeal was filed to a U.S. District Court in San Francisco Wednesday evening.
For human readers, the scholarly communication user experience has been characterized by fragmentation. In recent years, substantial efforts have been devoted to ameliorating this fragmentation, whether by aggregation, syndication, or infrastructure for entitlement-based linking. I have long dreamed of a single site filled with all scholarship for ready discovery and access. This fragmentation, for human readers, is mostly a massive inconvenience. For the machines, though, whether for training or analysis, fragmentation is a real impediment. The machines never, ever, want to read the publications just of a single publisher. The machines want to read everything, or at least everything in a given field. And this in turn raises questions about the work of assembling everything together — which is no small task — and making it available for machine training and analysis. More than six years ago, I looked at the state of play when it came to assembling together substantially all published content. While some of the players have shifted around, the question today is more pressing than ever: Who Has All the Content?
After receiving unanimous support in Italy's Chamber of Deputies back in March, a new anti-piracy bill designed to tackle pirate IPTV services and other 'live' content broadcasts has been unanimously approved by the Senate. The bill gives new powers to telecoms regulator AGCOM to block internet traffic and black out illicit providers within minutes. Service providers linked in any capacity to the accessibility of illicit content must comply.
Last year, the U.S. indicted two Russians who stand accused of operating the book piracy site Z-Library. Anton Napolsky and Valeriia Ermakova were arrested in Argentina. The U.S. requested their extradition but the defendants want to stop that in its tracks. The pair have asked a New York federal court to dismiss the indictment, citing various shortcomings.
Zoro.to, previously the world's largest pirate site, suddenly disappeared last week. With over 205 million visits per month, that was hugely significant, as was its rapid reappearance under a new name. Site staff initially claimed a new team had taken over, then rumors of "DMCA" problems emerged. A few hours ago, Zoro.to's domain records began pointing to name servers used by the MPA to service seized domains. Copyright issues are also confirmed.
Topics addressed range from the fundamental issues surrounding open culture, its transformative impact, and the challenges it faces in a world undergoing profound changes.