An anonymous reader shares a report: Did your company recently send you a phishing email? Employers will sometimes simulate phishing messages to train workers on how to spot the hacking threat. But one Google security manager argues the IT industry needs to drop the practice, calling it counterproductive. "PSA for Cybersecurity folk: Our co-workers are tired of being 'tricked' by phishing exercises y'all, and it is making them hate us for no benefit," tweeted Matt Linton, a security incident manager at Google. Linton also published a post on the Google Security blog about the pitfalls of today's simulated phishing tests. The company is required to send fake phishing emails to its employees to meet the US government's security compliance requirements. In these tests, Google sends an employee a phishing email. If the worker clicks a link in the email, they'll be told they failed the test and will usually be required to take some sort of training course. However, Linton argues that simulated phishing tests can lead to harmful side effects, which can undermine a company's security. "There is no evidence that the tests result in fewer incidences of successful phishing campaigns," Linton said, noting that phishing attacks continue to help hackers gain a foothold inside networks, despite such training. He also pointed to a 2021 study that ran for 15 months and concluded that these phishing tests don't "make employees more resilient to phishing."

Read more of this story at Slashdot.

Apple executive Phil Schiller admitted in court on Wednesday that the company's court-mandated changes to its iPhone app store payment system have not significantly increased competition. The ongoing hearings in Oakland, California, are determining whether Apple is properly complying with an antitrust order to allow developers to display links to alternative payment options. Despite Apple's implementation of the changes in January, only a small number of apps have sought approval for external payment links. U.S. District Judge Yvonne Gonzalez Rogers has expressed frustration with Apple executives, questioning whether they understand the order's intent to increase competition. Schiller defended Apple's response as well-intentioned but acknowledged the need for further action to encourage more apps to utilize external payment options.

Read more of this story at Slashdot.

A server maintained by Cogent Communications, one of the 13 root servers crucial to the Internet's domain name system, fell out of sync with its peers for over four days due to an unexplained glitch. This issue, which could have caused worldwide stability and security problems, was resolved on Wednesday. The root servers store cryptographic keys necessary for authenticating intermediate servers under the DNSSEC mechanism. Inconsistencies in these keys across the 13 servers could lead to an increased risk of attacks such as DNS cache poisoning. Engineers postponed planned updates to the .gov and .int domain name servers' DNSSEC to use ECDSA cryptographic keys until the situation stabilized. Cogent stated that it became aware of the issue on Tuesday and resolved it within 25 hours. ArsTechnica, which has a great writeup about the incident, adds: Initially, some people speculated that the depeering of Tata Communications, the c-root site outage, and the update errors to the c-root itself were all connected somehow. Given the vagueness of the statement, the relation of those events still isn't entirely clear.

Read more of this story at Slashdot.

A hacker claims to have breached a scam call center, stolen the source code for the company's tools, and emailed the company's scam victims, according to multiple screenshots and files provided by the hacker to 404 Media. From the report: The hack is the latest in a long series of vigilante actions in which hackers take matters into their own hands and breach or otherwise disrupt scam centers. A massively popular YouTube community, with creators mocking their targets, also exists around the practice. "Hello, everyone! If you are seeing this email then you have been targeted by a fake antivirus company known as 'Waredot,'" the hacker wrote in their alleged email to customers, referring to the scam call center. The email goes on to suggest that customers issue a chargeback "as this trash software isn't worth anywhere NEAR $300-$400 per month, and these trash idiots don't deserve your money!"

Read more of this story at Slashdot.

Google pays Reddit $60 million a year to train its AI on posts on Reddit, and it looks like Google's AI is now pulling directly from the dregs of the internet. Google's AI overview for "cheese not sticking to pizza" is brilliant information it got from an 11-year-old Reddit post.

Read more of this story at Slashdot.

The AI boom and a growing talent shortage has resulted in companies paying AI software engineers a whole lot more than their non-AI counterparts. From a report: As of April 2024, AI software engineers in the U.S. were paid a median salary of nearly $300,000, while other software technicians made about $100,000 less, according to data compiled by salary data website Levels.fyi. The pay gap that was already about 30% in mid-2022 has grown to almost 50%. "It's clear that companies value AI skills and are willing to pay a premium for them, no matter what job level you're at," wrote data scientist Alina Kolesnikova in the Levels.fyi report. That disparity is more pronounced at some companies. The robotaxi company Cruise, for example, pays AI engineers at the staff level a median of $680,500 -- while their non-AI colleagues make $185,500 less, according to Levels.fyi.

Read more of this story at Slashdot.

An old-school video game rivalry has a new chapter: Atari, known for producing one of the first hit home game consoles, has announced the acquisition of long-time rival Intellivision's brand and rights to over 200 games from Intellivision Entertainment. The two companies were key players in the industry's first console war in the late 1970s and early 1980s. Atari plans to expand distribution of Intellivision games and explore new opportunities for the brand. Mike Mika, studio head at Digital Eclipse, an Atari-owned game studio, commented on the deal, saying the acquisition "ends the longest-running console war in history."

Read more of this story at Slashdot.

An anonymous reader shares a report: Apple is working on all-screen foldable devices. Unlike its competitors, however, its focus seems less on foldable smartphones and tablets, and instead on an all-screen foldable laptop. Ming-Chi Kuo has previously reported that Apple was developing a 20.3-inch MacBook device for 2027, but today the analyst has shared several key new details about the futuristic MacBook model. One such detail is that Apple is now eyeing an earlier 2026 launch for the product. Here are some of the key features Kuo expects to see in the all-screen MacBook: 1. Multiple foldable screen options are still possible, with the rumored 20.3-inch display potentially replaced by an 18.8-inch panel. The former would, when folded, resemble a current 14-15-inch MacBook, while the latter would correspond better to a modern day 13-14-inch model like the smaller MacBook Air. 2. A 2026 debut is now expected for the device, one year earlier than previously reported. 3. The MacBook is expected to receive an M5-series chip, which lines up with the expected timeline of the M4 spreading to the whole Mac lineup by the end of 2025. 4. Apple's goal is to provide a crease-free design for the foldable display.

Read more of this story at Slashdot.

iFixit and Samsung are parting ways. Two years after they teamed up on one of the first direct-to-consumer phone repair programs, iFixit CEO and co-founder Kyle Wiens tells The Verge the two companies have failed to renegotiate a contract -- and says Samsung is to blame. From a report: "Samsung does not seem interested in enabling repair at scale," Wiens tells me, even though similar deals are going well with Google, Motorola, and HMD. He believes dropping Samsung shouldn't actually affect iFixit customers all that much. Instead of being Samsung's partner on genuine parts and approved repair manuals, iFixit will simply go it alone, the same way it's always done with Apple's iPhones. While Wiens wouldn't say who technically broke up with whom, he says price is the biggest reason the Samsung deal isn't working: Samsung's parts are priced so high, and its phones remain so difficult to repair, that customers just aren't buying.

Read more of this story at Slashdot.

The Justice Department on Thursday said it was suing Live Nation Entertainment [non-paywalled link], the concert giant that owns Ticketmaster, asking a court to break up the company over claims it illegally maintained a monopoly in the live entertainment industry. From a report: In the lawsuit, which is joined by 29 states and the District of Columbia, the government accuses Live Nation of dominating the industry by locking venues into exclusive ticketing contracts, pressuring artists to use its services and threatening its rivals with financial retribution. Those tactics, the government argues, have resulted in higher ticket prices for consumers and have stifled innovation and competition throughout the industry. "It is time to break up Live Nation-Ticketmaster," Merrick Garland, the attorney general, said in a statement announcing the suit, which is being filed in the U.S. District Court for the Southern District of New York. The lawsuit is a direct challenge to the business of Live Nation, a colossus of the entertainment industry and a force in the lives of musicians and fans alike. The case, filed 14 years after the government approved Live Nation's merger with Ticketmaster, has the potential to transform the multibillion-dollar concert industry. Live Nation's scale and reach far exceed those of any competitor, encompassing concert promotion, ticketing, artist management and the operation of hundreds of venues and festivals around the world.

Read more of this story at Slashdot.

Taiwan's new technology minister Wu Cheng-wen said smart machines connected to the internet, including chip tools, can be remotely shut off in the event of a conflict on the island. From a report: Wu, stepping in to oversee science and technology as part of a new administration, was responding to a lawmaker's question about a Bloomberg News report that chipmaking gear maker ASML Holding NV and Taiwan Semiconductor Manufacturing Co. have the ability to disable the world's most advanced chip machines remotely. China on Thursday escalated military exercises around the island that Beijing considers part of its territory, only days after the self-governing democracy of 23 million inaugurated a new president in Lai Ching-te. Tensions in the Taiwan Strait have caused concern in the US and other leading nations about implications for the global economy -- which counts on TSMC to produce the world's most essential chips. "According to today's smart chip manufacturing technology, it can be done," Wu said. "Whatever industry and machinery, if it is linked online, we can use this smart manufacturing technology to remotely control the machinery, including stopping it."

Read more of this story at Slashdot.

The House Foreign Affairs Committee on Wednesday voted overwhelmingly to advance a bill that would make it easier for the Biden administration to restrict the export of AI systems, citing concerns China could exploit them to bolster its military capabilities. From a report: The bill, sponsored by House Republicans Michael McCaul and John Molenaar and Democrats Raja Krishnamoorthi and Susan Wild, also would give the Commerce Department express authority to bar Americans from working with foreigners to develop AI systems that pose risks to U.S. national security. Without this legislation "our top AI companies could inadvertently fuel China's technological ascent, empowering their military and malign ambitions," McCaul, who chairs the committee, warned on Wednesday. "As the (Chinese Communist Party) looks to expand their technological advancements to enhance their surveillance state and war machine, it is critical we protect our sensitive technology from falling into their hands," McCaul added. The Chinese Embassy in Washington did not immediately respond to a request for comment. The bill is the latest sign Washington is gearing up to beat back China's AI ambitions over fears Beijing could harness the technology to meddle in other countries' elections, create bioweapons or launch cyberattacks.

Read more of this story at Slashdot.

Microsoft's Windows Recall feature is attracting controversy before even venturing out of preview. From a report: The principle is simple. Windows takes a snapshot of a user's active screen every few seconds and dumps it to disk. The user can then scroll through the snapshots and, when something is selected, the user is given options to interact with the content. Mozilla's Chief Product Officer, Steve Teixeira, told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn't. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers. "Microsoft is also once again playing gatekeeper and picking which browsers get to win and lose on Windows -- favoring, of course, Microsoft Edge. Microsoft's Edge allows users to block specific websites and private browsing activity from being seen by Recall. Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall. "Right now, there's no documentation on how a non-Chromium based, third-party browser, such as Firefox, can protect user privacy from Recall. Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."

Read more of this story at Slashdot.

A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch reported Wednesday. From the report: The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in the spyware, these screenshots are available to anyone on the internet, not just the spyware's intended users. This is the most recent example of consumer-grade spyware exposing sensitive information because of a security flaw in the spyware itself. It's also the second known time that pcTattletale has exposed screenshots of the devices that the app is installed on. Several other spyware apps in recent years had security bugs or misconfigurations that exposed the private and personal data of unwitting device owners, in some cases prompting action by government regulators. pcTattletale allows whomever controls it to remotely view the target's Android or Windows device and its data, from anywhere in the world. pcTattletale's website says the app "runs invisibly in the background on their workstations and can not be detected."

Read more of this story at Slashdot.

The Consumer Financial Protection Bureau declared on Wednesday that customers of the burgeoning buy now, pay later industry have the same federal protections as users of credit cards. From a report: The agency unveiled what it called an "interpretive rule" that deemed BNPL lenders essentially the same as traditional credit card providers under the decades-old Truth in Lending Act. That means the industry -- currently dominated by fintech firms like Affirm, Klarna and PayPal -- must make refunds for returned products or canceled services, must investigate merchant disputes and pause payments during those probes, and must provide bills with fee disclosures. "Regardless of whether a shopper swipes a credit card or uses Buy Now, Pay Later, they are entitled to important consumer protections under long-standing laws and regulations already on the books," CFPB Director Rohit Chopra said in a release. The CFPB, which last week was handed a crucial victory by the Supreme Court, has pushed hard against the U.S. financial industry, issuing rules that slashed credit card late fees and overdraft penalties. The agency, formed in the aftermath of the 2008 financial crisis, began investigating the BNPL industry in late 2021.

Read more of this story at Slashdot.

WhatsApp's security team warned that despite the app's encryption, users are vulnerable to government surveillance through traffic analysis, according to an internal threat assessment obtained by The Intercept. The document suggests that governments can monitor when and where encrypted communications occur, potentially allowing powerful inferences about who is conversing with whom. The report adds: Even though the contents of WhatsApp communications are unreadable, the assessment shows how governments can use their access to internet infrastructure to monitor when and where encrypted communications are occurring, like observing a mail carrier ferrying a sealed envelope. This view into national internet traffic is enough to make powerful inferences about which individuals are conversing with each other, even if the subjects of their conversations remain a mystery. "Even assuming WhatsApp's encryption is unbreakable," the assessment reads, "ongoing 'collect and correlate' attacks would still break our intended privacy model." The WhatsApp threat assessment does not describe specific instances in which it knows this method has been deployed by state actors. But it cites extensive reporting by the New York Times and Amnesty International showing how countries around the world spy on dissident encrypted chat app usage, including WhatsApp, using the very same techniques. As war has grown increasingly computerized, metadata -- information about the who, when, and where of conversations -- has come to hold immense value to intelligence, military, and police agencies around the world. "We kill people based on metadata," former National Security Agency chief Michael Hayden once infamously quipped. Meta said "WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works." Though the assessment describes the "vulnerabilities" as "ongoing," and specifically mentions WhatsApp 17 times, a Meta spokesperson said the document is "not a reflection of a vulnerability in WhatsApp," only "theoretical," and not unique to WhatsApp.

Read more of this story at Slashdot.

The seemingly "never-ending" rain last autumn and winter in the UK and Ireland was made 10 times more likely and 20% wetter by human-caused global heating, a study has found. From a report: More than a dozen storms battered the region in quick succession between October and March, which was the second-wettest such period in nearly two centuries of records. The downpour led to severe floods, at least 20 deaths, severe damage to homes and infrastructure, power blackouts, travel cancellations, and heavy losses of crops and livestock. The level of rain caused by the storms would have occurred just once in 50 years without the climate crisis, but is now expected every five years owing to 1.2C of global heating reached in recent years. If fossil fuel burning is not rapidly cut and the global temperature reaches 2C in the next decade or two, such severe wet weather would occur every three years on average, the analysis showed. [...] The analysis, conducted by climate scientists working as part of the World Weather Attribution group, compared how likely and how intense the wet winter was in today's heated world with how likely it would have been in a world without high levels of carbon emissions. Warmer air can hold more water vapour and therefore produce more rain. Hundreds of "attribution studies" have shown how global heating is already supercharging extreme weather such as heatwaves, wildfires, droughts and storms across the world.

Read more of this story at Slashdot.

An anonymous reader shares a report: For those of us who came of age in the early days of personal computing, the names "Intel 486" and "Windows XP" evoke a nostalgic whirlwind of memories. The 486 was the hot new CPU of the early 90s, while Windows XP became a household name and Microsoft's most popular OS over a decade later. But did you ever imagine these two icons of different eras could be merged into an unholy union? Well, start brushing off those vintage 486 rigs, because a modder has actually made it happen. Going by the name Dietmar on the MSFN forums, he has somehow managed to get Microsoft's beloved Windows XP running on the ancient 486 architecture. It's worth mentioning that these two were never meant to coexist. The first 486 chips hit the market way back in 1989, while Windows XP landed over a decade later in 2001. The 486 represented a major breakthrough when Intel unveiled it in 1989. Packing over a million transistors, it remained Intel's primary x86 chip until the arrival of the Pentium in 1993. Such was the processor's longevity that Intel continued manufacturing it for embedded systems until 2007. Still, 486 systems were simply too underpowered to run XP, which needed at least a Pentium-class processor from the 586 generation - or any compatible chip that ran at 233MHz or higher. Meanwhile, the i486 could only do 133MHz. It also needed at least 64MB of RAM and at least 1.5GB of storage.

Read more of this story at Slashdot.

The United States has assessed that Russia launched what is likely a counter space weapon last week that's now in the same orbit as a U.S. government satellite, Pentagon spokesman Maj. Gen. Pat Ryder confirmed Tuesday. From a report: "What I'm tracking here is on May 16, as you highlighted, Russia launched a satellite into low Earth orbit that we that we assess is likely a counter space weapon presumably capable of attacking other satellites in low Earth orbit," Ryder said when questioned by ABC News about the information, which was made public earlier Tuesday by Robert Wood, deputy U.S. ambassador to the United Nations. "Russia deployed this new counter space weapon into the same orbit as a U.S. government satellite," Ryder continued. "And so assessments further indicate characteristics resembling previously deployed counter space payloads from 2019 and 2022." Ryder added: "Obviously, that's something that we'll continue to monitor. Certainly, we would say that we have a responsibility to be ready to protect and defend the space domain and ensure continuous and uninterrupted support to the joint and combined force. And we'll continue to balance the need to protect our interests in space with our desire to preserve a stable and sustainable space environment." When asked if the Russian counter space weapon posed a threat to the U.S. satellite, Ryder responded: "Well, it's a counter space weapon in the same orbit as a U.S. government satellite."

Read more of this story at Slashdot.