Vue lecture

Android's 'Restore Credentials' Feature Will Automatically Log You In To Your Apps On a New Phone

Google is introducing "Restore Credentials," a feature that simplifies transferring app credentials when switching Android devices to keep you logged into your apps. The Verge reports: While some apps already did this, Google is making it easier for developers to include this experience by implementing a "restore key" that automatically transfers to the new phone and logs you back into the app. [...] Restore Credentials requires less work than the previous approach on Android, and can automatically check if a restore key is available and log you back in at the first app launch. A restore key is a public key that uses existing passkey infrastructure to move about your credentials. Restore keys can also be backed up to the cloud, although developers can opt out. For that reason, transferring directly from device to device will still likely be more thorough than restoring from the cloud, as is the case with Apple devices today. Notably, Google says restore keys do not transfer if you delete an app and reinstall it.

Read more of this story at Slashdot.

Microsoft Copilot Customers Discover It Can Let Them Read HR Documents, CEO Emails

According to Business Insider (paywalled), Microsoft's Copilot tool inadvertently let customers access sensitive information, such as CEO emails and HR documents. Now, Microsoft is working to fix the situation, deploying new tools and a guide to address the privacy concerns. The story was highlighted by Salesforce CEO Marc Benioff. From the report: These updates are designed "to identify and mitigate oversharing and ongoing governance concerns," the company said in a blueprint for Microsoft's 365 productivity software suite. [...] Copilot's magic -- its ability to create a 10-slide road-mapping presentation, or to summon a list of your company's most profitable products -- works by browsing and indexing all your company's internal information, like the web crawlers used by search engines. IT departments at some companies have set up lax permissions for who can access internal documents -- selecting "allow all" for the company's HR software, say, rather than going through the trouble of selecting specific users. That didn't create much of a problem because there wasn't a tool that an average employee could use to identify and retrieve sensitive company documents -- until Copilot. As a result, some customers have deployed Copilot only to discover that it can let employees read an executive's inbox or access sensitive HR documents. "Now when Joe Blow logs into an account and kicks off Copilot, they can see everything," a Microsoft employee familiar with customer complaints said. "All of a sudden Joe Blow can see the CEO's emails."

Read more of this story at Slashdot.

Apple Is Reportedly Building a More Conversational Siri Powered By LLMs

According to Bloomberg (paywalled), Apple is developing a new version of Siri powered by large language models (LLMs). TechCrunch reports: The new assistant reportedly will fully replace the Siri interface that users rely on today, and Apple is planning to release the feature in the spring of 2026. The feature seems like it will be similar to OpenAI's Advanced Voice Mode but with all the same access to personal information and apps that Siri has today. Until then, Apple is relying on third parties to power the iPhone's advanced AI features.

Read more of this story at Slashdot.

Fintech Giant Finastra Investigating Data Breach

An anonymous reader quotes a report from KrebsOnSecurity: The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra's day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients. On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra's internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems. "On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform," reads Finastra's disclosure, a copy of which was shared by a source at one of the customer firms. "There is no direct impact on customer operations, our customers' systems, or Finastra's ability to serve our customers currently," the notice continued. "We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing." But its notice to customers does indicate the intruder managed to extract or "exfiltrate" an unspecified volume of customer data.

Read more of this story at Slashdot.

The Trade Desk Is Building a CTV OS Called Ventura

The Trade Desk, one of the largest publicly traded advertising technology companies in the world, is building a connected television operating system. Axios reports: Existing OS providers, like Roku, Amazon's Fire TV and Google's Android TV, have a conflict of interest because they own content, [CEO and founder Jeff Green] said. Green believes that conflict of interest has muddled the advertising ecosystem for everyone. "We're looking at a concentration around a handful of players that lack objectivity," Green said. "We think we're in a unique position to make the ecosystem better." [...] Ventura, a nod to the company's headquarters in Ventura, California, will be rolled out to the market in the second half of 2025, Green said. The company has been working to build the system quietly for three years. While some OS developers, such as Google, Amazon and Roku, have also developed their own hardware devices to service their operating systems, Green said The Trade Desk has "no intention of getting into the hardware business." Rather, it will partner with other hardware companies, such as smart TV manufacturers, as well as various television distributors, such as airlines, hotel chains, and gaming companies, to bring its OS to their devices. Green believes hardware companies will be excited about the opportunity to partner because, in a competitive streaming environment, more hardware companies will need to build advertising businesses to scale. [...] Because The Trade Desk's goal is ultimately to improve a murky marketplace, Green said he isn't looking to make money from the OS directly. Ventura will be successful if it drives more pricing transparency and stronger measurement for the CTV advertising ecosystem writ large, he said. "Ultimately, the measure of success will be, do we have an ad auction that is so transparent that we can predict outcomes?" The Trade Desk will benefit financially from a more transparent ecosystem because it lacks a conflict of interest, Green said.

Read more of this story at Slashdot.

Does the Internet Route Around Damage?

Longtime Slashdot reader Zarhan writes: On Sunday and Monday, two undersea cables in Baltic sea were cut. There is talk of a hybrid operation by Russia against Europe, and a Chinese ship has been detained by Danish Navy. However, the interesting part is did the cuts really have any effect, or does the internet actually route around damage? RIPE Atlas tests seem to indicate so. RIPE Atlas probes did not observe any noticeable increase of packet loss and only a minimal and perfectly expected increase of latency as traffic automatically switched itself to other available paths. While 20-30% of paths experienced latency increases, the effects were modest and no packet loss was detected. That said, questions remain about the consequences of further cable disruptions. "We are blind on what would happen if another link would be severed, or worse, if many are severed," reports RIPE Labs.

Read more of this story at Slashdot.

Pakistan's Tech Lobby Warns That Slow Internet is Strangling IT Industry

Pakistan's IT Industry Association (P@SHA) -- the nation's sole tech biz lobby group -- has warned that government policy could lead to business closures and financial losses among its constituents, and damage the nation's IT exports. From a report: P@SHA's main beef is with a slowing of internet access speeds, and government-imposed service outages. Pakistan went offline in May 2022 around the time of mass political protests and blackouts have since persisted -- prompting services like freelance gig platform Fiverr to warn clients that hiring members from Pakistan could mean potential disruptions. Fiverr matters in Pakistan, because the nation has a policy of encouraging freelancers to sell their services online as part of a plan to grow tech services exports. The nation even floated the idea of providing its freelance workers with a tax holiday, subsidized broadband and health insurance as a way of supporting the online labor force. But freelancers have had a hard time of it since the August 2024 introduction of what appears to be a new national firewall. Pakistan has long tried to limit access to what it feels is inappropriate content, and the firewall was aimed at helping that effort. But it greatly slowed internet access speeds -- making life hard for freelancers and other online businesses.

Read more of this story at Slashdot.

US Agency Votes To Launch Review, Update Undersea Telecommunications Cable Rules

The Federal Communications Commission voted on Thursday to propose new rules governing undersea internet cables in the face of growing security concerns, as part of a review of regulations on the links that handle nearly all the world's online traffic. From a report: The FCC voted 5-0 on proposed updates to address the national security concerns over the global network of more than 400 subsea cables that handle more than 98% of international internet traffic. [...] Baltic nations said this week they are investigating whether the cutting of two fiber-optic undersea telecommunication cables in the Baltic Sea was sabotage. Rosenworcel noted that in 2023 Taiwan accused two Chinese vessels of cutting the only two cables that support internet access on the Matsu Islands and Houthi attacks in the Red Sea may have been responsible for the cutting of three cables providing internet service to Europe and Asia.

Read more of this story at Slashdot.

SEC Chair Gary Gensler To Step Down

Gary Gensler will step down as chair of the U.S. Securities & Exchange Commission at noon on Inauguration Day, the agency announced on Thursday. From a report: Gensler has had an aggressive tenure, marked by controversial rulemaking and a combative approach with the cryptocurrency industry.

Read more of this story at Slashdot.

Spotify Has A Pirated Software Problem

An anonymous reader shares a report: People are using Spotify playlist and podcast descriptions to distribute spam, malware, pirated software and cheat codes for video games. Cybersecurity researcher Karol Paciorek posted an example of this: A Spotify playlist titled "*Sony Vegas Pro*13 C-r-a-c-k Free Download 2024 m-y-s-o-f-t-w-a-r-e-f-r-e-e.com" acts as a free advertisement for piracy website m-y-s-o-f-t-w-a-r-e-f-r-e-e[dot]com, which hosts malicious software. "Cybercriminals exploit Spotify for #malware distribution," Paciorek posted on X. "Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links." "The playlist title in question has been removed," a spokesperson for Spotify told 404 Media in a statement. "Spotify's Platform Rules prohibit posting, sharing, or providing instructions on implementing malware or related malicious practices that seek to harm or gain unauthorized access to computers, networks, systems, or other technologies."

Read more of this story at Slashdot.

MIT Undergrads With Family Income Below $200K Can Attend Tuition-free In 2025

schwit1 writes: Undergraduates with family income below $200,000 can expect to attend MIT tuition-free starting next fall, thanks to newly expanded financial aid. Eighty percent of American households meet this income threshold. And for the 50 percent of American families with income below $100,000, parents can expect to pay nothing at all toward the full cost of their students' MIT education, which includes tuition as well as housing, dining, fees, and an allowance for books and personal expenses. This $100,000 threshold is up from $75,000 this year, while next year's $200,000 threshold for tuition-free attendance will increase from its current level of $140,000.

Read more of this story at Slashdot.

Is Your Master's Degree Useless?

While master's degrees are increasingly popular -- with 40% of U.S. bachelor's degree holders now having postgraduate credentials -- new research reveals many don't deliver improved earnings despite soaring costs. Analysis from the U.S. and UK indicates that about 40% of U.S. master's programs fail to provide positive financial returns, with some even leading to financial losses for graduates, as captured in a new Economist story. Similarly, British master's graduates earn no more than bachelor's holders by age 35 after accounting for background factors. This is particularly significant because U.S. students now average $50,000 in postgraduate debt, triple the real cost since 2000, while UK fees have risen 70% since 2011 to $12,000 annually. Returns vary dramatically by field: computer science and engineering show strong gains, while humanities degrees often lead to reduced earnings compared to bachelor's-only peers. Women are more likely than men to see earnings increases, succeeding in 14 out of 31 subject areas compared to men's six. Choice of institution impacts outcomes, though data shows no strong correlation between program cost and graduate earnings.

Read more of this story at Slashdot.

The Growth Rate For Mobile Internet Subscribers Has Stalled Across the World

An anonymous reader shares a report: A recent survey from Global System for Mobile Communications Association Intelligence (GSMA), the research wing of a U.K.-based organization that represents mobile operators around the world, found that 4.6 billion people across the globe are now connected to mobile internet -- or roughly 57% of the world's population. Now, the rate of new mobile internet subscriber growth is slowing. From 2015 to 2021, the survey consistently found over 200 million coming online through mobile devices around the world each year. But in the last two years, that number has dropped to 160 million. Rest of World analysis of that data found that a number of developing countries are plateauing in the number of mobile internet subscribers. That suggests that in countries like Pakistan, Bangladesh, Nigeria, and Mexico, the easiest populations to get online have already logged on, and getting the rest of the population on mobile internet will continue to be a challenge. GSMA collects data by surveying a nationally representative sample of people in each country, and then it correlates the results with similar studies. [...] In countries including China, the U.S., and Singapore, a high share of the population is already connected to mobile internet -- 80%, 81%, and 93%, respectively. So itâ(TM)s no surprise that the rate of mobile internet subscriptions has slowed. But the rate of new users has also slowed in countries including Bangladesh, Nigeria, and Pakistan -- where only 37%, 34%, and 24% of the population currently use mobile internet.

Read more of this story at Slashdot.

Steam Tightens Rules on Game Season Passes

Valve's Steam platform is implementing stricter regulations for season pass sales, requiring detailed content descriptions and specific release windows for downloadable content (DLC), according to SteamDB creator Pavel Djundik. The company will restrict season pass offerings to established partners with proven track records and may issue refunds if developers miss deadlines or deliver unsatisfactory content. Developers must outline DLC components and commit to three-month launch windows, with one possible delay allowed. "If you aren't ready to clearly communicate about the content included in each DLC AND when each DLC will be ready for launch, you shouldn't offer a Season Pass on Steam," Valve stated.

Read more of this story at Slashdot.

OpenAI Accidentally Deleted Potential Evidence in New York Times Copyright Lawsuit

An anonymous reader shares a report: Lawyers for The New York Times and Daily News, which are suing OpenAI for allegedly scraping their works to train its AI models without permission, say OpenAI engineers accidentally deleted data potentially relevant to the case. Earlier this fall, OpenAI agreed to provide two virtual machines so that counsel for The Times and Daily News could perform searches for their copyrighted content in its AI training sets. In a letter, attorneys for the publishers say that they and experts they hired have spent over 150 hours since November 1 searching OpenAI's training data. But on November 14, OpenAI engineers erased all the publishers' search data stored on one of the virtual machines, according to the aforementioned letter, which was filed in the U.S. District Court for the Southern District of New York late Wednesday. OpenAI tried to recover the data -- and was mostly successful. However, because the folder structure and file names were "irretrievably" lost, the recovered data "cannot be used to determine where the news plaintiffs' copied articles were used to build [OpenAI's] models," per the letter. "News plaintiffs have been forced to recreate their work from scratch using significant person-hours and computer processing time," counsel for The Times and Daily News wrote.

Read more of this story at Slashdot.

NASA Wants SpaceX and Blue Origin To Deliver Cargo To the Moon

An anonymous reader quotes a report from The Verge: After asking both SpaceX and Blue Origin to develop cargo landers for its Artemis missions, NASA has announced plans to use those landers to deliver heavy equipment to the Moon. The agency wants Elon Musk's SpaceX to use its Starship cargo lander to deliver a pressurized rover to the Moon "no earlier" than 2032, while Jeff Bezos' Blue Origin will be tasked with delivering a lunar surface habitat no sooner than 2033. Both launches will support NASA's Artemis missions, which aim to bring humans back to the Moon for the first time in over 50 years. Both companies are developing human landing systems for Artemis missions -- SpaceX for Artemis III and Blue Origin for Artemis V. NASA later asked both companies to develop cargo-hauling variants of those landers, capable of carrying 26,000 to 33,000 pounds of equipment and other materials to the Moon. NASA says it will issue proposals to SpaceX and Blue Origin at the beginning of next year.

Read more of this story at Slashdot.

NASA's Curiosity Rover Captures 360-Degree View of Mars

Space.com's Julian Dossett writes: For twelve years, we've watched Curiosity crawl its way over the rocky surface of Mars, decoding mysteries of the Red Planet and broadcasting back home pictures and data from the strange Martian environment. The Mars rover, built by NASA's Jet Propulsion Laboratory (JPL), has slowly scaled Mount Sharp since 2014. This mountain, officially monikered "Aeolis Mons," was discovered in the 1970s; cut into its alien landscape is the boulder-packed Gediz Vallis channel, which some scientists believe to be an ancient river bed. Curiosity crossed into Gediz Vallis earlier this year -- and, yesterday, JPL released a real treat for Mars lovers: a 360-degree panorama view of the Gediz Vallis channel. You can play the YouTube video and move your phone around for the nifty interactive feature. Or, if you're using a desktop PC, you can shift the video around with a mouse. The panorama showcases features like Kukenan Butte and Gale Crater Rim, with scientists debating whether water, wind, or landslides shaped the boulder-laden terrain. Another interesting observation is the presence of mysterious sulfur stones with yellow crystals. Scientists are unsure about their origin since such formations on Earth are linked to hot springs and volcanoes -- neither of which are known to exist on Mars. Curiosity is now heading toward a location called "the boxwork," a mineral-rich area potentially formed by ancient water flows.

Read more of this story at Slashdot.

US Regulators Seek To Break Up Google, Forcing Chrome Sale

In a 23-page document (PDF) filed late Wednesday, U.S. regulators asked a federal judge to break up Google after a court found the tech giant of maintaining an abusive monopoly through its dominant search engine. As punishment, the DOJ calls for a sale of Google's Chrome browser and restrictions to prevent Android from favoring its own search engine. The Associated Press reports: Although regulators stopped short of demanding Google sell Android too, they asserted the judge should make it clear the company could still be required to divest its smartphone operating system if its oversight committee continues to see evidence of misconduct. [...] The Washington, D.C. court hearings on Google's punishment are scheduled to begin in April and Mehta is aiming to issue his final decision before Labor Day. If [U.S. District Judge Amit Mehta] embraces the government's recommendations, Google would be forced to sell its 16-year-old Chrome browser within six months of the final ruling. But the company certainly would appeal any punishment, potentially prolonging a legal tussle that has dragged on for more than four years. Besides seeking a Chrome spinoff and a corralling of the Android software, the Justice Department wants the judge to ban Google from forging multibillion-dollar deals to lock in its dominant search engine as the default option on Apple's iPhone and other devices. It would also ban Google from favoring its own services, such as YouTube or its recently-launched artificial intelligence platform, Gemini. Regulators also want Google to license the search index data it collects from people's queries to its rivals, giving them a better chance at competing with the tech giant. On the commercial side of its search engine, Google would be required to provide more transparency into how it sets the prices that advertisers pay to be listed near the top of some targeted search results. The measures, if they are ordered, threaten to upend a business expected to generate more than $300 billion in revenue this year. "The playing field is not level because of Google's conduct, and Google's quality reflects the ill-gotten gains of an advantage illegally acquired," the Justice Department asserted in its recommendations. "The remedy must close this gap and deprive Google of these advantages."

Read more of this story at Slashdot.

Inside the Booming 'AI Pimping' Industry

An anonymous reader quotes a report from 404 Media: Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps. The practice, first reported by 404 Media in April, has since exploded in popularity, showing that Instagram is unable or unwilling to stop the flood of AI-generated content on its platform and protect the human creators on Instagram who say they are now competing with AI content in a way that is impacting their ability to make a living. According to our review of more than 1,000 AI-generated Instagram accounts, Discord channels where the people who make this content share tips and discuss strategy, and several guides that explain how to make money by "AI pimping," it is now trivially easy to make these accounts and monetize them using an assortment of off-the-shelf AI tools and apps. Some of these apps are hosted on the Apple App and Google Play Stores. Our investigation shows that what was once a niche problem on the platform has industrialized in scale, and it shows what social media may become in the near future: a space where AI-generated content eclipses that of humans. [...] Out of more than 1,000 AI-generated Instagram influencer accounts we reviewed, 100 included at least some deepfake content which took existing videos, usually from models and adult entertainment performers, and replaced their face with an AI-generated face to make those videos seem like new, original content consistent with the other AI-generated images and videos shared by the AI-generated influencer. The other 900 accounts shared images that in some cases were trained on real photographs and in some cases made to look like celebrities, but were entirely AI-generated, not edited photographs or videos. Out of those 100 accounts that shared deepfake or face-swapped videos, 60 self-identify as being AI-generated, writing in their bios that they are a "virtual model & influencer" or stating "all photos crafted with AI and apps." The other 40 do not include any disclaimer stating that they are AI-generated. Adult content creators like Elaina St James say they're now directly competing with these AI rip-off accounts that often use stolen content. Since the explosion of AI-generated influencer accounts on Instagram, St James said her "reach went down tremendously," from a typical 1 million to 5 million views a month to not surpassing a million in the last 10 months, and sometimes coming in under 500,000 views. While she said changes to Instagram's algorithm could also be at play, these AI-generated influencer accounts are "probably one of the reasons my views are going down," St James told 404 Media. "It's because I'm competing with something that's unnatural." Alexios Mantzarlis, the director of the security, trust, and safety initiative at Cornell Tech and formerly principal of trust and safety intelligence at Google, started researching the problem to see where AI-generated content is taking social media and the internet. "It felt like a possible sign of what social media is going to look like in five years," said Mantzarlis. "Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram. This is probably a sign that it's going to be pretty bad."

Read more of this story at Slashdot.

Ubuntu Linux Impacted By Decade-Old 'needrestart' Flaw That Gives Root

Five local privilege escalation (LPE) vulnerabilities in the Linux utility "needrestart" -- widely used on Ubuntu to manage service updates -- allow attackers with local access to escalate privileges to root. The flaws were discovered by Qualys in needrestart version 0.8, and fixed in version 3.8. BleepingComputer reports: Complete information about the flaws was made available in a separate text file, but a summary can be found below: - CVE-2024-48990: Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library. - CVE-2024-48992: The Ruby interpreter used by needrestart is vulnerable when processing an attacker-controlled RUBYLIB environment variable. This allows local attackers to execute arbitrary Ruby code as root by injecting malicious libraries into the process. - CVE-2024-48991: A race condition in needrestart allows a local attacker to replace the Python interpreter binary being validated with a malicious executable. By timing the replacement carefully, they can trick needrestart into running their code as root. - CVE-2024-10224: Perl's ScanDeps module, used by needrestart, improperly handles filenames provided by the attacker. An attacker can craft filenames resembling shell commands (e.g., command|) to execute arbitrary commands as root when the file is opened. - CVE-2024-11003: Needrestart's reliance on Perl's ScanDeps module exposes it to vulnerabilities in ScanDeps itself, where insecure use of eval() functions can lead to arbitrary code execution when processing attacker-controlled input. The report notes that attackers would need to have local access to the operation system through malware or a compromised account in order to exploit these flaws. "Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited," adds BleepingComputer.

Read more of this story at Slashdot.

❌