An anonymous reader shares a report: Did your company recently send you a phishing email? Employers will sometimes simulate phishing messages to train workers on how to spot the hacking threat. But one Google security manager argues the IT industry needs to drop the practice, calling it counterproductive. "PSA for Cybersecurity folk: Our co-workers are tired of being 'tricked' by phishing exercises y'all, and it is making them hate us for no benefit," tweeted Matt Linton, a security incident manager at Google. Linton also published a post on the Google Security blog about the pitfalls of today's simulated phishing tests. The company is required to send fake phishing emails to its employees to meet the US government's security compliance requirements. In these tests, Google sends an employee a phishing email. If the worker clicks a link in the email, they'll be told they failed the test and will usually be required to take some sort of training course. However, Linton argues that simulated phishing tests can lead to harmful side effects, which can undermine a company's security. "There is no evidence that the tests result in fewer incidences of successful phishing campaigns," Linton said, noting that phishing attacks continue to help hackers gain a foothold inside networks, despite such training. He also pointed to a 2021 study that ran for 15 months and concluded that these phishing tests don't "make employees more resilient to phishing."

Read more of this story at Slashdot.

Apple executive Phil Schiller admitted in court on Wednesday that the company's court-mandated changes to its iPhone app store payment system have not significantly increased competition. The ongoing hearings in Oakland, California, are determining whether Apple is properly complying with an antitrust order to allow developers to display links to alternative payment options. Despite Apple's implementation of the changes in January, only a small number of apps have sought approval for external payment links. U.S. District Judge Yvonne Gonzalez Rogers has expressed frustration with Apple executives, questioning whether they understand the order's intent to increase competition. Schiller defended Apple's response as well-intentioned but acknowledged the need for further action to encourage more apps to utilize external payment options.

Read more of this story at Slashdot.

A server maintained by Cogent Communications, one of the 13 root servers crucial to the Internet's domain name system, fell out of sync with its peers for over four days due to an unexplained glitch. This issue, which could have caused worldwide stability and security problems, was resolved on Wednesday. The root servers store cryptographic keys necessary for authenticating intermediate servers under the DNSSEC mechanism. Inconsistencies in these keys across the 13 servers could lead to an increased risk of attacks such as DNS cache poisoning. Engineers postponed planned updates to the .gov and .int domain name servers' DNSSEC to use ECDSA cryptographic keys until the situation stabilized. Cogent stated that it became aware of the issue on Tuesday and resolved it within 25 hours. ArsTechnica, which has a great writeup about the incident, adds: Initially, some people speculated that the depeering of Tata Communications, the c-root site outage, and the update errors to the c-root itself were all connected somehow. Given the vagueness of the statement, the relation of those events still isn't entirely clear.

Read more of this story at Slashdot.

A hacker claims to have breached a scam call center, stolen the source code for the company's tools, and emailed the company's scam victims, according to multiple screenshots and files provided by the hacker to 404 Media. From the report: The hack is the latest in a long series of vigilante actions in which hackers take matters into their own hands and breach or otherwise disrupt scam centers. A massively popular YouTube community, with creators mocking their targets, also exists around the practice. "Hello, everyone! If you are seeing this email then you have been targeted by a fake antivirus company known as 'Waredot,'" the hacker wrote in their alleged email to customers, referring to the scam call center. The email goes on to suggest that customers issue a chargeback "as this trash software isn't worth anywhere NEAR $300-$400 per month, and these trash idiots don't deserve your money!"

Read more of this story at Slashdot.

Google pays Reddit $60 million a year to train its AI on posts on Reddit, and it looks like Google's AI is now pulling directly from the dregs of the internet. Google's AI overview for "cheese not sticking to pizza" is brilliant information it got from an 11-year-old Reddit post.

Read more of this story at Slashdot.

The AI boom and a growing talent shortage has resulted in companies paying AI software engineers a whole lot more than their non-AI counterparts. From a report: As of April 2024, AI software engineers in the U.S. were paid a median salary of nearly $300,000, while other software technicians made about $100,000 less, according to data compiled by salary data website Levels.fyi. The pay gap that was already about 30% in mid-2022 has grown to almost 50%. "It's clear that companies value AI skills and are willing to pay a premium for them, no matter what job level you're at," wrote data scientist Alina Kolesnikova in the Levels.fyi report. That disparity is more pronounced at some companies. The robotaxi company Cruise, for example, pays AI engineers at the staff level a median of $680,500 -- while their non-AI colleagues make $185,500 less, according to Levels.fyi.

Read more of this story at Slashdot.

An old-school video game rivalry has a new chapter: Atari, known for producing one of the first hit home game consoles, has announced the acquisition of long-time rival Intellivision's brand and rights to over 200 games from Intellivision Entertainment. The two companies were key players in the industry's first console war in the late 1970s and early 1980s. Atari plans to expand distribution of Intellivision games and explore new opportunities for the brand. Mike Mika, studio head at Digital Eclipse, an Atari-owned game studio, commented on the deal, saying the acquisition "ends the longest-running console war in history."

Read more of this story at Slashdot.

An anonymous reader shares a report: Apple is working on all-screen foldable devices. Unlike its competitors, however, its focus seems less on foldable smartphones and tablets, and instead on an all-screen foldable laptop. Ming-Chi Kuo has previously reported that Apple was developing a 20.3-inch MacBook device for 2027, but today the analyst has shared several key new details about the futuristic MacBook model. One such detail is that Apple is now eyeing an earlier 2026 launch for the product. Here are some of the key features Kuo expects to see in the all-screen MacBook: 1. Multiple foldable screen options are still possible, with the rumored 20.3-inch display potentially replaced by an 18.8-inch panel. The former would, when folded, resemble a current 14-15-inch MacBook, while the latter would correspond better to a modern day 13-14-inch model like the smaller MacBook Air. 2. A 2026 debut is now expected for the device, one year earlier than previously reported. 3. The MacBook is expected to receive an M5-series chip, which lines up with the expected timeline of the M4 spreading to the whole Mac lineup by the end of 2025. 4. Apple's goal is to provide a crease-free design for the foldable display.

Read more of this story at Slashdot.

iFixit and Samsung are parting ways. Two years after they teamed up on one of the first direct-to-consumer phone repair programs, iFixit CEO and co-founder Kyle Wiens tells The Verge the two companies have failed to renegotiate a contract -- and says Samsung is to blame. From a report: "Samsung does not seem interested in enabling repair at scale," Wiens tells me, even though similar deals are going well with Google, Motorola, and HMD. He believes dropping Samsung shouldn't actually affect iFixit customers all that much. Instead of being Samsung's partner on genuine parts and approved repair manuals, iFixit will simply go it alone, the same way it's always done with Apple's iPhones. While Wiens wouldn't say who technically broke up with whom, he says price is the biggest reason the Samsung deal isn't working: Samsung's parts are priced so high, and its phones remain so difficult to repair, that customers just aren't buying.

Read more of this story at Slashdot.

The Justice Department on Thursday said it was suing Live Nation Entertainment [non-paywalled link], the concert giant that owns Ticketmaster, asking a court to break up the company over claims it illegally maintained a monopoly in the live entertainment industry. From a report: In the lawsuit, which is joined by 29 states and the District of Columbia, the government accuses Live Nation of dominating the industry by locking venues into exclusive ticketing contracts, pressuring artists to use its services and threatening its rivals with financial retribution. Those tactics, the government argues, have resulted in higher ticket prices for consumers and have stifled innovation and competition throughout the industry. "It is time to break up Live Nation-Ticketmaster," Merrick Garland, the attorney general, said in a statement announcing the suit, which is being filed in the U.S. District Court for the Southern District of New York. The lawsuit is a direct challenge to the business of Live Nation, a colossus of the entertainment industry and a force in the lives of musicians and fans alike. The case, filed 14 years after the government approved Live Nation's merger with Ticketmaster, has the potential to transform the multibillion-dollar concert industry. Live Nation's scale and reach far exceed those of any competitor, encompassing concert promotion, ticketing, artist management and the operation of hundreds of venues and festivals around the world.

Read more of this story at Slashdot.

Taiwan's new technology minister Wu Cheng-wen said smart machines connected to the internet, including chip tools, can be remotely shut off in the event of a conflict on the island. From a report: Wu, stepping in to oversee science and technology as part of a new administration, was responding to a lawmaker's question about a Bloomberg News report that chipmaking gear maker ASML Holding NV and Taiwan Semiconductor Manufacturing Co. have the ability to disable the world's most advanced chip machines remotely. China on Thursday escalated military exercises around the island that Beijing considers part of its territory, only days after the self-governing democracy of 23 million inaugurated a new president in Lai Ching-te. Tensions in the Taiwan Strait have caused concern in the US and other leading nations about implications for the global economy -- which counts on TSMC to produce the world's most essential chips. "According to today's smart chip manufacturing technology, it can be done," Wu said. "Whatever industry and machinery, if it is linked online, we can use this smart manufacturing technology to remotely control the machinery, including stopping it."

Read more of this story at Slashdot.

In a memo sent to employees, T-Mobile said it will be raising prices on some of its older plans, starting with the next bill. CNET reports: The memo was sent out by Jon Freier, president of T-Mobile's consumer group. The note doesn't list which plans are affected, but Freier specifically says that those on the carrier's latest assortment of Go5G plans will not see their prices increase. The same goes for the "millions of customers" who are covered by T-Mobile's Price Lock guarantee, which he says will continue to be in effect for those people. Freier says in the memo that T-Mobile is raising prices on older plans "for the first time in nearly a decade" and that the increases are designed to "keep up with rising inflation and costs." It isn't known exactly how many people will be affected by the change. The note says that it will affect a "small portion" of T-Mobile's customers. Those with free lines from the carrier will not see increases on those lines, T-Mobile confirmed to CNET. The company expects to notify all affected customers on Wednesday. T-Mobile previously tried to move customers on older, generally cheaper plans to some of its newer, pricier ones last year, only to back off the plan amid backlash. Whereas with that move people had the option to call T-Mobile's support and push back against the change, a source familiar with the company's plans tells CNET that this option won't be available with this new rate hike.

Read more of this story at Slashdot.

Michael Larabel reports via Phoronix: The latest RISC-V port updates have been merged for the in-development Linux 6.10 kernel. Most notable with today's RISC-V merge to Linux 6.10 is now supporting the Rust programming language within the Linux kernel. RISC-V joins the likes of x86_64, LoongArch, and ARM64 already supporting the use of the in-kernel Rust language support. The use of Rust within the mainline Linux kernel is still rather limited with just a few basic drivers so far and a lot of infrastructure work taking place, but there are a number of new drivers and other subsystem support on the horizon. RISC-V now supporting Rust within the Linux kernel will become more important moving forward. The RISC-V updates for Linux 6.10 also add byte/half-word compare-and-exchange, support for Zihintpause within hwprobe, a PR_RISCV_SET_ICACHE_FLUSH_CTX prctl(), and support for lockless lockrefs. More details on these RISC-V updates for Linux 6.10 via this Git merge.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Hopes that replacement fuels for airplanes will slash carbon pollution are misguided and support for these alternatives could even worsen the climate crisis, a new report has warned. There is currently "no realistic or scalable alternative" to standard kerosene-based jet fuels, and touted "sustainable aviation fuels" are well off track to replace them in a timeframe needed to avert dangerous climate change, despite public subsidies, the report by the Institute for Policy Studies, a progressive thinktank, found. "While there are kernels of possibility, we should bring a high level of skepticism to the claims that alternative fuels will be a timely substitute for kerosene-based jet fuels," the report said. [...] In the U.S., Joe Biden's administration has set a goal for 3 billion gallons of sustainable aviation fuel, which is made from non-petroleum sources such as food waste, woody biomass and other feedstocks, to be produced by 2030, which it said will cut aviation's planet-heating emissions by 20%. [...] Burning sustainable aviation fuels still emits some carbon dioxide, while the land use changes needed to produce the fuels can also lead to increased pollution. Ethanol biofuel, made from corn, is used in these fuels, and meeting the Biden administration's production goal, the report found, would require 114m acres of corn in the U.S., about a 20% increase in current land area given over to to the crop. In the UK, meanwhile, 50% of all agricultural land will have to be given up to sustain current flight passenger levels if jet fuel was entirely replaced. "Agricultural land use changes could threaten global food security as well as nature-based carbon sequestration solutions such as the preservation of forests and wetlands," the report states. "As such, SAF production may actively undermine the Paris agreement goal of achieving greatly reduced emissions by 2050." Chuck Collins, co-author of the report, said: "To bring these fuels to the scale needed would require massive subsidies, the trade-offs would be unacceptable and would take resources aware from more urgent decarbonization priorities." "It's a huge greenwashing exercise by the aviation industry. It's magical thinking that they will be able to do this." Phil Ansell, director of the Center for Sustainable Aviation at the University of Illinois, added: "There's an underappreciation of how big the energy problem is for aviation. We are still many years away from zero pollution flights. But it's true that the industry has been slow to pick things up. We are now trying to find solutions, but we are working at this problem and realizing it's a lot harder than we thought. We are late to the game. We are in the dark ages in terms of sustainability, compared to other sectors."

Read more of this story at Slashdot.

According to CNBC, Amazon plans to enhance its Alexa voice assistant with generative AI and introduce it to customers through a monthly subscription service. While the price point has yet to be determined, sources say it will not be included in the company's $139-per-year Prime offering. From the report: The team is now tasked with turning Alexa into a relevant device that holds up amid the new AI competition, and one that justifies the resources and headcount Amazon has dedicated to it. It has undergone a massive reorganization, with much of the team shifting to the artificial general intelligence, or AGI, team, according to the three sources. Others pointed to bloat within Alexa, a team of thousands of employees. As of 2023, Amazon said it had sold more than 500 million Alexa-enabled devices, giving the company a foothold with consumers. [...] One source estimated the cost of using generative AI in Alexa at 2 cents per query, and said a $20 price point was floated internally. Another suggested it would need to be in a single-digit dollar amount, which would undercut other subscription offerings. OpenAI's ChatGPT charges $20 per month for its advanced models. Still, they point to Alexa's installed user base, with devices in hundreds of millions of homes, as an opportunity. Those who worked on Alexa say the fact that it's already in people's living rooms and kitchens makes the stakes higher, and mistakes more costly if Alexa doesn't understand a command or provides unreliable information. [...] Amazon will use its own large language model, Titan, in the Alexa upgrade, according to a source.

Read more of this story at Slashdot.

The House Foreign Affairs Committee on Wednesday voted overwhelmingly to advance a bill that would make it easier for the Biden administration to restrict the export of AI systems, citing concerns China could exploit them to bolster its military capabilities. From a report: The bill, sponsored by House Republicans Michael McCaul and John Molenaar and Democrats Raja Krishnamoorthi and Susan Wild, also would give the Commerce Department express authority to bar Americans from working with foreigners to develop AI systems that pose risks to U.S. national security. Without this legislation "our top AI companies could inadvertently fuel China's technological ascent, empowering their military and malign ambitions," McCaul, who chairs the committee, warned on Wednesday. "As the (Chinese Communist Party) looks to expand their technological advancements to enhance their surveillance state and war machine, it is critical we protect our sensitive technology from falling into their hands," McCaul added. The Chinese Embassy in Washington did not immediately respond to a request for comment. The bill is the latest sign Washington is gearing up to beat back China's AI ambitions over fears Beijing could harness the technology to meddle in other countries' elections, create bioweapons or launch cyberattacks.

Read more of this story at Slashdot.

FCC Chairwoman Jessica Rosenworcel has proposed (PDF) disclosure rules for AI-generated content used in political ads. "If adopted, the proposal would look into whether the FCC should require political ads on radio and TV to disclose when there is AI-generated content," reports Quartz. From the report: The FCC is seeking comment on whether on-air and written disclosure should be required in broadcasters' political files when AI-generated content is used in political ads; proposing that the rules apply to both candidates and issue advertisements; requesting comment on what a specific definition of AI-generated comment should look like; and proposing that disclosure rules be applied to broadcasters and entities involved in programming, such as cable operators and radio providers. The proposed disclosure rules do not prohibit the use of AI-generated content in political ads. The FCC has authority through the Bipartisan Campaign Reform Act to make rules around political advertising. If the proposal is adopted, the FCC will take public comment on the rules. "As artificial intelligence tools become more accessible, the Commission wants to make sure consumers are fully informed when the technology is used," Rosenworcel said in a statement. "Today, I've shared with my colleagues a proposal that makes clear consumers have a right to know when AI tools are being used in the political ads they see, and I hope they swiftly act on this issue."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Krebs On Security: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates. Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID. Periodically, Apple and Google mobile devices will forward their locations -- by querying GPS and/or by using cellular towers as landmarks -- along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it's what allows your mobile phone to continue displaying your planned route even when the device can't get a fix on GPS. With Google's WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths -- via an application programming interface (API) request to Google -- whose WPS responds with the device's computed position. Google's WPS requires at least two BSSIDs to calculate a device's approximate position. Apple's WPS also accepts a list of nearby BSSIDs, but instead of computing the device's location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple's API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user's location based on known landmarks. In essence, Google's WPS computes the user's location and shares it with the device. Apple's WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own. That's according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple's API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random. They learned that while only about three million of those randomly generated BSSIDs were known to Apple's Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups. "Plotting the locations returned by Apple's WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points," the report adds. "The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America." The researchers wrote: "We observe routers move between cities and countries, potentially representing their owner's relocation or a business transaction between an old and new owner. While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location." A copy of the UMD research is available here (PDF).

Read more of this story at Slashdot.

Microsoft is adding screenshot prevention controls in Edge to block you from taking screenshots at work. "It's all designed to prevent you from sharing screenshots with competitors, relatives, and journalists using Microsoft Edge for Business," reports PCWorld. From the report: Specifically, IT managers at corporations will be able to tag web pages as protected, as defined in various Microsoft policy engines in Microsoft 365, Microsoft Defender for Cloud Apps, Microsoft Intune Mobile Application Management and Microsoft Purview, Microsoft said. The screenshot prevention feature will be available to customers in the "coming months," Microsoft said. It's also unclear whether third-party tools will be somehow blocked from taking screenshots or recording video, too. Microsoft will also roll out a way to force Edge for Business users to automatically update their browsers. The feature will enter a preview phase over the next few weeks, Microsoft said. "The Edge management service will enable IT admins to see which devices have Edge instances that are out of date and at risk," Microsoft said. "It will also provide mitigating controls, such as forcing a browser restart to install updates, enabling automatic browser updates or enabling enhanced security mode for added protections."

Read more of this story at Slashdot.