An anonymous reader quotes a report from the Wall Street Journal: The alleged perpetrator had improper access to virtually every South Korean adult's personal information: names, phone numbers and even the keycode to enter residential buildings. It was one of the biggest data breaches of recent years and it has sent the company it targeted -- Coupang, South Korea's equivalent of Amazon -- reeling, generating lawsuits, government investigation and calls to toughen penalties against such leaks. The leak went undetected for nearly five months, hitting Coupang's radar on Nov. 18 only after a customer flagged suspicious activity. At first, Coupang, which was founded by a Korean-American entrepreneur, said it had experienced a data "exposure" affecting roughly 4,500 customer accounts. But within days, the e-commerce firm revised the figure: The leak exposed up to roughly 34 million user accounts in South Korea -- a sum representing more than 90% of the country's working-age population. Coupang started calling the incident a "leak" after Korean regulators took issue with the company's prior word choice. "The Whole Nation Is a Victim," read one local news headline. An investigation has found that the alleged perpetrator had once worked in South Korea as a software developer for authentication systems at Coupang, which is known for its blockbuster U.S. initial public offering a few years ago. The suspected leaker is believed to be a Chinese national who has moved back to China and is now on the lam, South Korean officials say. They haven't named the person. Even after leaving the firm roughly a year ago, the suspect secretly held on to an internal authentication key that granted him unfettered access to the personal information of Coupang users, South Korean authorities and lawmakers say. The infiltration, using overseas servers, started on June 24. By using the login credentials, the suspect was able to appear as if he were still a Coupang employee when accessing the company's systems.

Read more of this story at Slashdot.

The EU is moving to soften its planned 2035 ban on internal combustion cars by allowing a small share of low-emission engines. "The less stringent limit would leave room for automakers to continue selling some plug-in hybrids, which have both electric and internal combustion engines and can use the combustion engine to recharge the battery without the need to find a charging station," reports the Associated Press. From the report: The proposal from the EU's executive commission would change provisions of 2023 legislation requiring average emissions in new cars to equal zero, or a 100% reduction from 2021 levels. The new proposal would require a 90% emissions reduction. That means in practical terms that most cars would be battery-only but would leave room for some cars with internal combustion engines. Automakers would have to compensate for the added emissions by using European steel produced by methods that emit less carbon, and through use of climate neutral e-fuels made from renewable electricity and captured carbon dioxide and biofuels made from plants. EU officials say changing the limit will not affect progress toward making the 27-country bloc's economy climate neutral by 2050. That means producing only as much carbon dioxide as can be absorbed by forests and oceans or by abatement methods such as storing it underground. CO2 is the primary greenhouse gas blamed by scientists for climate change.

Read more of this story at Slashdot.

A Reuters investigation found that Meta knowingly tolerated large volumes of scam and illegal ads from China worth billions in revenue. Reuters reports: Though China's authoritarian government bans use of Meta social media by its citizens, Beijing lets Chinese companies advertise to foreign consumers on the globe-spanning platforms. As a result, Meta's advertising business was thriving in China, ultimately reaching over $18 billion in annual sales in 2024, more than a tenth of the company's global revenue. But Meta calculated that about 19% of that money -- more than $3 billion -- was coming from ads for scams, illegal gambling, pornography and other banned content, according to internal Meta documents reviewed by Reuters. The documents are part of a cache of previously unreported material generated over the past four years by teams including Meta's finance, lobbying, engineering and safety divisions. The cache reveals Meta's efforts over that period to understand the scale of abuse on its platforms and the company's reluctance to introduce fixes that could undermine its business and revenues. The documents show that Meta believed China was the country of origin of roughly a quarter of all ads for scams and banned products on Meta's platforms worldwide. Victims ranged from shoppers in Taiwan who purchased bogus health supplements to investors in the United States and Canada who were swindled out of their savings. "We need to make significant investment to reduce growing harm," Meta staffers warned in an internal April 2024 presentation to leaders of its safety operations. To that end, Meta created an anti-fraud team that went beyond previous efforts to monitor scams and other banned activity from China. Using a variety of stepped-up enforcement tools, it slashed the problematic ads by about half during the second half of 2024 -- from 19% to 9% of the total advertising revenue coming from China. Then Meta Chief Executive Mark Zuckerberg weighed in. "As a result of Integrity Strategy pivot and follow-up from Zuck," a late 2024 document notes, the China ads-enforcement team was "asked to pause" its work. Reuters was unable to learn the specifics of the CEO's involvement or what the so-called "Integrity Strategy pivot" entailed. But after Zuckerberg's input, the documents show, Meta disbanded its China-focused anti-scam team. It also lifted a freeze it had introduced on granting new Chinese ad agencies access to its platforms. One document shows that Meta shelved yet other anti-scam measures that internal tests had indicated would be effective. The document didn't detail the specifics of those measures. Meta took these steps even as an outside consultant it hired produced research that warned "Meta's own behavior and policies" were fostering systemic corruption in the Chinese market for ads targeting users in other countries, additional documents show. The upshot: Within a few months of Meta's brief crackdown, a new crop of Chinese advertising agencies was flooding Facebook and Instagram with prohibited ads. By mid-2025, banned ads climbed back to about 16% of Meta's China revenue. Rob Leathern, who was a senior director of product management at Facebook until 2020 and is no longer at the company, said the scale of predatory advertising revealed in the documents represents a major breakdown in consumer protections at the social media giant. "The levels that you're talking about are not defensible," he said of the percentage of abusive ads. "I don't know how anyone could think this is okay."

Read more of this story at Slashdot.

Quilter says its AI designed a complex Linux single-board computer in just one week, booting Debian on first power-up. "Holy crap, it's working," exclaimed one of the engineers. Tom's Hardware reports: LA-based startup Quilter has outlined Project Speedrun, which marks a milestone in computer design by AI. The headlining claims are that Quilter's AI facilitated the design of a new Linux SBC, using 843 parts and dual-PCBs, taking just one week to finish, then successfully booting Debian the first time it was powered up. The Quilter team reckon that the AI-enhanced process it demonstrated could unlock a new generation of computer hardware makers.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: Mark Carney says that amid a fundamental shift to the nature of globalization, his government will catalyze the growth in both the public and private sector. But Canadian linguists say that's a problem. Language experts have called out the Canadian prime minister's growing "utilization" of British spellings in key documents -- including the recent federal budget and a press release issued following a meeting with Donald Trump. Carney, who served as the governor of the bank of England for seven years, appears to have run afoul of Canadian linguistic norms, returning to his home country with a penchant for using 's' instead of 'z'- a hallmark of British spellings. In an open letter (PDF) chastising the prime minister, six linguists have asked his office, the Canadian government and parliament to stick to Canadian English spelling, "which is the spelling they consistently used from the 1970s to 2025." They warned that if governments start to use other systems for spelling, "this could lead to confusion about which spelling is Canadian." Canadian English is a source of immense pride for the nation's pedants. But the country's distinct and somewhat arbitrary spelling reflects the legacy of how Canada was colonized. "Canadian English evolved through Loyalist settlement after the American Revolutionary War, subsequent waves of English, Scottish, Welsh and Irish immigration, and from European and global contexts," the letter says, with the current accepted spellings of words reflecting "global influences and cultures from around the world represented in our population, as well as containing words and phrases from Indigenous languages." The linguists pointed out that Canada's distinct style of spelling was widespread in media and government documents, with this deliberate decision reflecting a desire to preserve a vital element of the country's "national history, identity and pride."

Read more of this story at Slashdot.

Intel has quietly stopped maintaining its open-source user-space driver stack for Gaudi accelerators. Phoronix reports: It turns out earlier this year Intel archived the SynapseAI Core open-source code and is no longer maintained by Intel. The open-source Synapse AI Core GitHub repository was archived in February and README updated with: "This project will no longer be maintained by Intel. Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project. Intel no longer accepts patches to this project. If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project."

Read more of this story at Slashdot.

A veteran games journalist claims Half-Life 3 is real and still planned as a Spring 2026 launch title tied to Valve's next Steam Machine push. Ars Technica reports: On the contrary, veteran journalist Mike Straw insisted on a recent Insider Gaming podcast that "everybody I've talked to are still adamant [Half-Life 3] is a game that will be a launch title with the Steam Machine." Straw -- who has a long history of reporting gaming rumors from anonymous sources -- said this Half-Life 3 information is "not [from] these run-of-the-mill sources that haven't gotten me information before. ... These aren't like random, one-off people." And those sources are "still adamant that the game is coming in the spring," Straw added, noting that he was "specifically told [that] spring 2026 [is the window] for the Steam Machine, for the Frame, for the Controller, [and] for Half-Life 3." [...] Timing specifics aside, Straw said his sources have him convinced that the long wait for Half-Life 3 is coming to an end in the near future. "The game's real," he said. "At the end of the day, the game is real. There's no denying it. It's just a 'when' and not an 'if' at this point."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: The last vehicle will roll off the assembly line at Volkswagen's plant in Dresden, Germany, on Tuesday, marking the first time in the automaker's 88-year history that it has closed a plant in its home country. Volkswagen warned of potential production cuts last year, as it faced shaky demand in Europe and China, its biggest market, as well as higher tariffs that have crimped sales in the United States. After 24 years of vehicle production, the Dresden plant will be converted into a research hub focused on technologies like artificial intelligence, robotics and chip design. Volkswagen will team up with the government of the state of Saxony and the Dresden University of Technology on the project at the plant, known as the Transparent Factory because of its glass walls. "We did not take the decision to end vehicle production at the Transparent Factory after more than 20 years lightly," Thomas Schafer, chief executive of the Volkswagen brand, said in a statement. "From an economic perspective, however, it was absolutely necessary."

Read more of this story at Slashdot.

Utah Gov. Spencer Cox signed two bills this year that ended solar development tax credits and imposed a new tax on solar generation despite solar power accounting for two-thirds of the new projects waiting to connect to the state's power grid. The legislation passed by the Republican-controlled Legislature has already had an impact. Since May, when the laws took effect, 51 planned solar projects withdrew their applications to connect to the grid. That represents more than a quarter of all projects in Utah's transmission connection queue. The moves came as Cox promoted Operation Gigawatt, an initiative to double the state's energy production in the next decade through what he called an "any of the above" approach. A third bill aimed at limiting solar development on farmland narrowly missed the deadline for passage but is expected to return next year. Rocky Mountain Power earlier this year asked regulators to approve a 30% electricity rate hike. Regulators eventually awarded a 4.7% increase.

Read more of this story at Slashdot.

The new chief of Britain's Secret Intelligence Service told officers this week that they must become as fluent in programming languages like Python as they are in foreign languages like Russian as the spy agency adapts to what she described as a space between peace and war. Blaise Metreweli, MI6's first female chief and previously the service's director general of technology and innovation, said in her first public speech that mastery of technology is now required across the organization. She warned that advanced technologies including AI, biotechnology and quantum computing are revolutionizing both economies and the reality of conflict. Metreweli focused particularly on threats from Russia, saying the country is testing the UK in the grey zone through cyberattacks on critical infrastructure, drones near sensitive sites and propaganda operations.

Read more of this story at Slashdot.

The weight of AI server racks has reached a point where legacy data centers cannot accommodate them even with significant retrofitting efforts, The Verge reports. Chris Brown, chief technical officer at Uptime Institute, said most retrofitting attempts would require "bulldozing the building and starting over from scratch." AI racks are projected to reach 5,000 pounds compared to the 400 to 600 pounds that racks weighed three decades ago. The dramatic increase stems from hundreds to 1,000 GPUs packed densely into each rack alongside memory chips and liquid cooling systems that can add substantial weight. AI workloads now consume up to 350 kilowatts per rack, 35 times the 10 kilowatts that traditional computer chip workloads averaged a decade ago. Legacy data centers with raised floors typically max out at around 1,250 pounds per square foot for static loads. Chris McLean, president of Critical Facility Group, said that rack heights have grown from 6 feet to 9 feet over nearly two decades, creating problems with doorframes and freight elevators in older buildings.

Read more of this story at Slashdot.

U.S. officials excoriated the European Union for discriminating against American technology companies and threatened to penalize European tech companies in return, in a social media post on Tuesday. From a report: The pronouncement appeared to signal a rockier period for U.S.-E.U. trade relations, as the two governments work to finalize a trade framework they announced this year. The United States has been pushing Europe to open up its tech sector to American firms. But U.S. officials have complained that the European Union has not walked back broader regulation of company business practices while also proceeding with investigations of major American tech firms like Google, X, Amazon and Meta. In a social media post, the Office of the United States Trade Representative, which has carried out the negotiations, said that the European Union and some member states had "persisted in a continuing course of discriminatory and harassing lawsuits, taxes, fines and directives" against American companies. The United States had raised concerns with the European Union about these issues for years "without meaningful engagement," all while allowing European companies to operate freely in the United States, it said. If the European Union continues these policies, the United States would "have no choice but to begin using every tool at its disposal to counter these unreasonable measures," the U.S.T.R. said. It named fees and restrictions on service companies among the possibilities, and said it would use the same approach against other countries that echoed Europe's strategy. The post singled out potential European service providers that could be targeted by name, listing Accenture, DHL, Mistral, SAP, Siemens and Spotify, among others.

Read more of this story at Slashdot.

mprindle writes: The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology. The lawsuits target Sony, Samsung, LG, and China-based companies Hisense and TCL Technology Group Corporation. Attorney General Ken Paxton's office also highlighted "serious concerns" about the two Chinese companies being required to follow China's National Security Law, which could give the Chinese government access to U.S. consumers' data. According to complaints filed this Monday in Texas state courts, the TV makers can allegedly use ACR technology to capture screenshots of television displays every 500 milliseconds, monitor the users' viewing activity in real time, and send this information back to the companies' servers without the users' knowledge or consent.

Read more of this story at Slashdot.

McKinsey, the consulting giant that has spent a century advising companies on how to cut costs and restructure operations, is now turning that advice inward as it plans to eliminate thousands of jobs across its non-client-facing departments over the next 18 to 24 months. The firm's leadership has discussed a roughly 10% headcount reduction in support functions, according to Bloomberg. McKinsey's revenue has hovered around $15 billion to $16 billion for the past five years after a decade of rapid expansion that saw employee count climb from 17,000 in 2012 to 45,000 by 2022. The headcount has since slid to about 40,000. The cuts come as consulting firms face cost-conscious clients, Trump administration pressure on government consulting spending, and reduced payments from Saudi Arabia, which had been paying McKinsey at least $500 million annually in the decade up to 2024. McKinsey cut about 1,400 jobs in 2023 under a plan internally labeled Project Magnolia, and axed 200 global tech positions last month. The firm still plans to hire consultants even as it shrinks support staff.

Read more of this story at Slashdot.

A millisecond used to be a big deal for the world's quickest traders. A dispute over huge trading profits at one of the world's largest futures exchanges shows they now think a million times faster [non-paywalled source]. From a report: The controversy is about an arcane technical maneuver in which high-speed traders bombard Frankfurt-based Eurex with useless data. The idea is to keep their connections to the exchange warm so they can react fractionally faster to market-moving information. The battle is the latest chapter in a decadeslong contest among secretive ultrafast trading firms, which have pursued a relentless quest for minuscule speed advantages. A group of high-frequency trading firms has exploited the practice to rake in hundreds of millions of dollars, says Mosaic Finance, a French firm that has complained to Eurex and European regulators. "An arms race is OK, but you must use legal weapons," said Hugues Morin, founder of Mosaic. Eurex says Mosaic's claims are baseless. [...] High-speed traders often seek to capture fleeting differences between prices of related assets, making quick response times critical. If benchmark Euro Stoxx 50 index futures rise, for example, contracts tied to Germany's DAX will usually follow. A first mover will be able to buy DAX futures before they tick higher, then sell out at a higher price -- a strategy that can add up to big profits over time. The maneuver that prompted Mosaic's spat with Eurex can improve reaction times by about 3.2 nanoseconds, according to the French firm, which calls it "corrupted speculative triggering," or CST for short.

Read more of this story at Slashdot.

The glasses-shaped face computers that tech companies have been building for years now face an identity crisis, and their makers can't agree on what to call them. Meta has asked a journalist to refer to its Ray-Ban glasses as "AI glasses" to distinguish them from Google Glass. Google, whose Project Aura is a collaboration with Xreal, calls the product "wired XR glasses" because the company views it as more aligned with headsets in a glasses form factor. Xreal's CEO Chi Xu laughed when asked about Aura's category and said the company will call all its products "AR glasses." Research firms aren't aligned either. Gartner defines smart glasses as camera- and display-free devices with Bluetooth and AI. Counterpoint Research said smart glasses without see-through displays drive volumes in the smart eyewear category. IDC uses a broader definition that includes anything glasses-shaped.

Read more of this story at Slashdot.

The traditional signals that employers used to evaluate entry-level job candidates -- college GPAs, cover letters, and interview performance -- have lost much of their value as grade inflation and widespread AI use render these metrics nearly meaningless, writes The Atlantic. The recent-graduate unemployment rate now sits slightly higher than the overall workforce's, a reversal from historical norms where new college graduates were more likely to be employed than the average worker. Job postings on Handshake, a career-services platform for students and recent graduates, have fallen by more than 16 percent in the past year. At Harvard, 60% of undergraduate grades are now A's, up from fewer than a quarter two decades ago. Seven years ago, 70% of new graduates' resumes were screened by GPA; that figure has dropped to 40%. Two working papers examining Freelancer.com found that cover-letter quality once strongly predicted who would get hired and how well they would perform -- until ChatGPT became available. "We basically find the collapse of this entire signaling mechanism," researcher Jesse Silbert said. The average number of applications per open job has increased by 26% in the past year. Students at UC Berkeley are now applying to 150 internships just to land one or two interviews.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

Mozilla has named Anthony Enzor-DeMeo as its new chief executive, promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future. Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model. "We're not incentivized to push one model or the other," Enzor-DeMeo told The Verge. Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip. He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year.

Read more of this story at Slashdot.

Google's data partner HouseCanary has begun displaying home listings directly in search results in select markets, sending Zillow's shares tumbling more than 8% yesterday as investors weighed whether the search giant might eventually cut into the portal business that Zillow dominates. The experiment places property details, prices, images and a "Request a tour" button at the top of mobile search results. HouseCanary, a full-service brokerage licensed in all 50 states and Washington D.C., said it contacted every MLS in the test regions before launching. Analysts are largely downplaying immediate concerns. Goldman Sachs noted that most of Zillow's traffic comes directly through its apps and websites rather than Google searches, though the firm views the development as a long-term risk. Piper Sandler called the fears "overblown," and Wells Fargo suggested portals like Zillow would likely end up bidding for ad units on Google rather than losing traffic outright.

Read more of this story at Slashdot.