tedlistens - Slashdot User

Submission + - How Trump is hacking away at U.S. cyber defenses (fastcompany.com)

Submitted by tedlistens on Thursday May 01, 2025 @03:51PM

tedlistens writes: Eight years after creating the Cybersecurity and Infrastructure Security Agency
Trump's second administration is ripping up parts of the country’s cyber playbook and taking many of its best players off the field, from threat hunters and election defenders at CISA to the leader of the NSA and Cyber Command. Amid a barrage of severe attacks like Volt Typhoon and rising trade tensions, lawmakers, former officials, and cyber professionals say that sweeping and confusing cuts are making the country more vulnerable and emboldening its adversaries. “There are intrusions happening now that we either will never know about or won’t see for years because our adversaries are undoubtedly stepping up their activity, and we have a shrinking, distracted workforce,” says Jeff Greene, a cybersecurity expert who has held top roles at CISA and the White House.

Submission + - Chase CISO Condemns SaaS Security (csoonline.com)

Submitted by itwbennett on Thursday May 01, 2025 @11:17AM

itwbennett writes: In an open letter to suppliers, Chase CISO Patrick Opet, took the industry to task for 'quietly enabling cyber attackers,' among a litany of other security sins. Sources quoted in this CSOonline article didn't disagree with what is generally agreed to be an accurate description of today's security challenges, but what Opet hoped to accomplish with this letter is unclear. One analyst described it as 'more of a call to discussion than a call to action.' Another pinned the lack of specificity on the likely involvement of Chase legal and other officials making edits that watered down the substance, so 'the essence of the letter is lost trying to protect themselves.'

Submission + - Peking U. Just Made the World's Fastest Transistor and It Is Not Made of Silicon (zmescience.com)

Submitted by schwit1 on Thursday May 01, 2025 @09:16AM

schwit1 writes: The new transistor runs 40% faster and uses less power.

With a slender sheet of lab-grown bismuth and an architecture unlike anything inside today’s silicon chips, they’ve built what they call the world’s fastest and most efficient transistor. Not only does it outperform the best processors made by Intel and TSMC, but it also uses less energy doing so. And most important of all, there’s no trace of silicon involved.

This two-dimensional, silicon-free transistor represents a radical rethinking of what chips can be and how they can be made.

Rather than silicon, the Peking University team built their transistor using bismuth oxyselenide (BiOSe) for the channel, and bismuth selenite oxide (BiSeO) as the gate material.

These materials are part of a class known as two-dimensional semiconductors — atomically thin sheets with exceptional electrical properties. Bismuth oxyselenide, in particular, offers something silicon struggles with at ultra-small sizes: speed.

Electrons move through it faster, even when packed into tiny spaces. It also has a higher dielectric constant, meaning it can hold and control electric charge more efficiently. That makes for faster switching, reduced energy loss, and — very importantly — a lower chance of overheating.

“This reduces electron scattering and current loss, allowing electrons to flow with almost no resistance, akin to water moving through a smooth pipe,” Peng explained.

The interface between these materials is also smoother than that of common semiconductor-oxide combinations used in industry today. That means fewer defects and less electrical noise.

All of this adds up to stunning results. According to the team, their transistor can run 40% faster than today’s most advanced 3-nanometer silicon chips — and it does so while using 10% less energy.

Submission + - Apple Violated Antitrust Ruling, Federal Judge Finds (ground.news)

Submitted by walterbyrd on Wednesday April 30, 2025 @11:08PM

walterbyrd writes: On April 30, 2025, Judge Yvonne Gonzalez Rogers in Oakland ruled that Apple willfully violated a 2021 injunction related to its App Store practices.
The violation occurred because Apple imposed new fees and policies that blocked meaningful competition for external app purchases, defying the court's original order.
The court found Apple engineered obstacles like 27% commissions on off-App Store purchases, scare screens, and static URLs to deter users from using alternative payment methods.
Judge Rogers described Apple's response as a "blatant attempt to sidestep the court's authority" and referred Apple and VP Alex Roman for potential criminal contempt after finding Roman lied under oath.
The ruling bars Apple from interfering with developers' ability to communicate alternative payment options and may lead to criminal charges, while Epic Games signals potential return of Fortnite to iOS.

Submission + - Huge reproducibility project fails to validate dozens of biomedical studies (archive.is)

Submitted by Anonymous Coward on Wednesday April 30, 2025 @10:08AM

An anonymous reader writes: In an unprecedented effort, a coalition of more than 50 research teams has surveyed a swathe of Brazilian biomedical studies to double-check their findings — with dismaying results.

The teams were able to replicate the results of less than half of the tested experiments1. That rate is in keeping with that found by other large-scale attempts to reproduce scientific findings. But the latest work is unique in focusing on papers that use specific methods and in examining the research output of a specific country, according to the research teams.

The results provide an impetus to strengthen the country’s science, the study’s authors say. “We now have the material to start making changes from within — whether through public policies or within universities,” says Mariana Boechat de Abreu, a metascience researcher at the Federal University of Rio de Janeiro (UFRJ) in Brazil and one of the coordinators of the project.

The work was posted on 8 April to the bioRxiv preprint server and has not yet been peer reviewed.

Submission + - New York Budget Deal Includes 'Bell-To-Bell' School Cellphone Ban (cbsnews.com)

Submitted by Anonymous Coward on Tuesday April 29, 2025 @04:21PM

An anonymous reader writes: New York Gov. Kathy Hochul says a $254 billion state budget deal has been reached, including a "bell-to-bell" school cellphone ban. [...] The distraction-free policy would take effect next school year, making New York the largest state in the country with a "bell-to-bell" cellphone ban. Hochul says the plan will help protect children from addictive technology and improve their mental health. The New York State United Teachers union also came out in support of the ban, saying "we are at a crisis point."

The governor previously outlined the proposal back in January, saying it would ban the use of smartphones and other internet-enabled devices on school grounds during the school day. That includes classroom time, lunch and study hall periods. "A bell-to-bell ban, morning until the day is over, is not going to hurt your kids. It's going to help them emerge with stronger mental health and resiliency," she told CBS News New York at the time.

Hochul said the ban would include smartphones and other personal "smart" devices, like smartwatches. Exemptions could be made if a student requires a device to manage a medical condition or for translation purposes. Cellphones that don't have internet capability and devices that are provided by the school for lesson plans would still be allowed. The proposal would let individual schools come up with their own ways to implement the ban and store the devices, and schools would be able to decide whether to have students leave them in things like pouches, lockers or cubbies. It would also require schools to make sure parents have a way to contact their children during the day, if needed.

Submission + - What the internet looked like in 1994, according to 15 websites born that year (fastcompany.com)

Submitted by tedlistens on Sunday June 23, 2024 @05:05PM

tedlistens writes: A trip down memory lane, thirty years ago in 1994—what CERN dubbed "the Year of the Web"—offers some telling glimpses of the future, and some lessons for it too.

Submission + - The companies helping governments hack citizens' phones: a "thriving" industry (fastcompany.com)

Submitted by tedlistens on Friday February 23, 2024 @10:50PM

tedlistens writes: A wave of scrutiny and sanctions have helped expose the secretive, quasi-legal industry behind spyware tools, and put financial strain on firms like Israel’s NSO Group, which builds Pegasus. And yet business is booming. New research published this month by Google and Meta suggest that despite new restrictions, the cyberattack market is growing, and growing more dangerous, aiding government violence and repression and eroding democracy around the globe.

“The industry is thriving,” says Maddie Stone, a researcher at Google’s Threat Analysis Group (TAG) who hunts zero-day exploits, the software bugs that have yet to be fixed and are worth potentially hundreds of millions to spyware sellers. “More companies keep popping up, and their government customers are determined to buy from them, and want these capabilities, and are using them.”

For the first time, half of known zero-days against Google and Android products now come from private companies, according to a report published this month by Stone’s team at Google. Beyond prominent firms like NSO and Candiru, Google’s researchers say they are tracking about 40 companies involved in the creation of hacking tools that have been deployed against “high risk individuals.” “If governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over,” reads the report.

The Google findings and a spyware-focused threat report published by Meta a week later reflect an increasingly tough response by Big Tech to an industry that profits from breaking into its systems. The reports also put new pressure on the US and others to take action against the mostly unregulated industry.

Submission + - Air Pollution Could Be Significant Cause of Dementia (theguardian.com)

Submitted by Anonymous Coward on Friday February 23, 2024 @07:52PM

An anonymous reader writes: Air pollution from traffic is linked to some of the more severe forms of dementia, and could be a significant cause of the condition among those who are not already genetically predisposed to it, research suggests. Research carried out in Atlanta, Georgia, found that people with higher exposure to traffic-related fine particulate matter air pollution were more likely to have high amounts of the amyloid plaques in their brains that are associated with Alzheimer’s. The findings, which will alarm anyone living in a town or city, but particularly those living near busy roads, add to the harms already known to be caused by road traffic pollution, ranging from climate change to respiratory diseases.

A team of researchers from Atlanta’s Emory University set out to specifically investigate the effects on people’s brains of exposure the type of fine particulate matter known as PM2.5. This consists of particles of less than 2.5 microns in diameter – about a hundredth the thickness of a human hair – suspended in the air, and is known to penetrate deep into living tissue, including crossing the blood-brain barrier. Traffic-related PM2.5 concentrations are a major source of ambient pollution in the metro-Atlanta area, and also in urban centers across the planet. [...] “We found that donors who lived in areas with high concentrations of traffic-related air pollution exposure, in particular PM2.5 exposure, had higher levels of Alzheimer’s disease neuropathology in their brain,” said Anke Huels, an assistant professor at Emory University in Atlanta, who was the lead author on the study. “In particular, we looked at a score that is used to evaluate evaluate amyloid plaques in the brain, in autopsy samples, and we showed that donors who live in areas with higher levels of air pollution, and also higher levels of amyloid plaques in their brain.”

There was a positive relationship between exposure to high levels of PM2.5 and levels of amyloid plaques in the brains of the subjects the team examined. They found that people with a 1 ug/m3 higher PM2.5 exposure in the year before death were nearly twice as likely to have higher levels of amyloid plaques in their brains, while those with higher exposure in the three years before death were 87% more likely to have higher levels of plaques. Huels and her team also investigated whether having the main gene variant associated with Alzheimer’s disease, ApoE4, had any effect on the relationship between air pollution and signs of Alzheimer’s in the brain. “We found that the association between In air pollution and severity of Alzheimer’s disease was stronger among those who did not carry an ApoE4 allele, those who did not have that strong genetic risk for Alzheimer disease,” Huels said. “Which kind of suggests that environmental exposures like air pollution may explain some of the Alzheimer’s risk in people whose risk cannot be explained by genetic risk factor.”

Submission + - FCC To Declare AI-Generated Voices In Robocalls Illegal Under Existing Law (arstechnica.com)

Submitted by Anonymous Coward on Thursday February 01, 2024 @04:43PM

An anonymous reader writes: The Federal Communications Commission plans to vote on making the use of AI-generated voices in robocalls illegal. The FCC said that AI-generated voices in robocalls have "escalated during the last few years" and have "the potential to confuse consumers with misinformation by imitating the voices of celebrities, political candidates, and close family members." FCC Chairwoman Jessica Rosenworcel's proposed Declaratory Ruling would rule that "calls made with AI-generated voices are 'artificial' voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal," the commission announced yesterday. Commissioners reportedly will vote on the proposal in the coming weeks.

The TCPA, a 1991 US law, bans the use of artificial or prerecorded voices in most non-emergency calls "without the prior express consent of the called party." The FCC is responsible for writing rules to implement the law, which is punishable with fines. As the FCC noted yesterday, the TCPA "restricts the making of telemarketing calls and the use of automatic telephone dialing systems and artificial or prerecorded voice messages." Telemarketers are required "to obtain prior express written consent from consumers before robocalling them. If successfully enacted, this Declaratory Ruling would ensure AI-generated voice calls are also held to those same standards."

Rosenworcel said her proposed ruling will "recognize this emerging technology as illegal under existing law, giving our partners at State Attorneys General offices across the country new tools they can use to crack down on these scams and protect consumers. "AI-generated voice cloning and images are already sowing confusion by tricking consumers into thinking scams and frauds are legitimate," Rosenworcel said. "No matter what celebrity or politician you favor, or what your relationship is with your kin when they call for help, it is possible we could all be a target of these faked calls."

Submission + - Fiber Optics Bring You Internet. Now They're Also Listening to Trains (wired.com)

Submitted by Anonymous Coward on Wednesday January 31, 2024 @06:22PM

An anonymous reader writes: Stretching thousands upon thousands of miles under your feet, a web of fibrous ears is listening. Whether you walk over buried fiber optics or drive a car across them, above-ground activity creates a characteristic vibration that ever-so-slightly disturbs the way light travels through the cables. With the right equipment, scientists can parse that disturbance toidentify what the source wasand when exactly it was roaming there. This quickly proliferating technique is known as distributed acoustic sensing, or DAS, and it’s so sensitive that researchers recently used it to monitor the cacophony ofa mass cicada emergence. Others are using the cables as an ultra-sensitive instrument fordetecting volcanic eruptionsandearthquakes: Unlike a traditional seismometer stuck in one place, a web of fiber optic cables can cover a whole landscape, providing unprecedented detail of Earth’s rumblings at different locations. Now scientists are experimenting with bringing DAS to a railroad near you.

When a train runs along a section of track, it creates vibrations that analysts can monitor over time—if that signal suddenly changes, it might indicate a problem with the rail, like a crack, or a snapped tie. Or if on a mountain pass a rockslide blasts across the track, DAS might “hear” that too, warning railroad operators of a problem that human eyes hadn’t yet glimpsed. More gradual changes in the signal might betray the development of faults in track alignment. It just so happens that fiber optic cables already run along many railways to connect all the signaling equipment or for telecommunications. “You’re utilizing the already available facilities and infrastructure for that, which can reduce the cost,” says engineer Hossein Taheri, who isstudyingDAS for railroads at Georgia Southern University. “There could be some railroads where they don’t have the fiber, and you need to lay down. But yes, most of them, usually they do already have it.”

To tap into that fiber, you need a device called an interrogator, which fires laser pulses down the cables and analyzes the tiny bits of light that bounce back. So, say a rock hits the track 20 miles away from the interrogator. That creates a characteristic ground vibration that disturbs the fiber optics near the track, which shows up in the light signal. Because scientists know the speed of light, they can precisely measure the time it took for that signal to travel back to their interrogator, pinpointing the distance to the disturbance to within 10 meters, or about 30 feet. For a given stretch of track, you’d have already analyzed the DAS signals for a length of time, building a vibration profile for a normal, healthy railway. When the DAS data suddenly starts showing something different, you might have an issue, which shows up like an EKG picking up a problem with a human heartbeat. “What we’re doing is profiling the track, looking for changes in the acoustic signature,” says Daniel Pyke, a rail expert and spokesperson for Sensonic, which develops DAS technology for railroads. “We know what trackshouldsound like, we know what a trainshouldsound like. And we know that if it’s changing—so let’s say this joint is coming loose—that needs someone to go and fix it before it becomes a problem.”

Submission + - Sam Altman Says AI Depends On Energy Breakthrough (reuters.com)

Submitted by Anonymous Coward on Thursday January 18, 2024 @07:50PM

An anonymous reader writes: OpenAI's CEO Sam Altman on Tuesday said an energy breakthrough is necessary for future artificial intelligence, which will consume vastly more power than people have expected. Speaking at a Bloomberg event on the sidelines of the World Economic Forum's annual meeting in Davos, Altman said the silver lining is that more climate-friendly sources of energy, particularly nuclear fusion or cheaper solar power and storage, are the way forward for AI. "There's no way to get there without a breakthrough," he said. "It motivates us to go invest more in fusion."

In 2021, Altman personally provided $375 million to private U.S. nuclear fusion company Helion Energy, which since has signed a deal to provide energy to Microsoft in future years. Microsoft is OpenAI's biggest financial backer and provides it computing resources for AI. Altman said he wished the world would embrace nuclear fission as an energy source as well.

Submission + - 'Stablecoins' Enabled $40 Billion In Crypto Crime Since 2022 (wired.com)

Submitted by Anonymous Coward on Thursday January 18, 2024 @05:08PM

An anonymous reader writes: Stablecoins, cryptocurrencies pegged to a stable value like the US dollar, were created with the promise of bringing the frictionless, border-crossing fluidity of Bitcoin to a form of digital money with far less volatility. That combination has proved to be wildly popular, rocketing the total value of stablecoin transactions since 2022 past even that of Bitcoin itself. It turns out, however, that as stablecoins have become popular among legitimate users over the past two years, they were even more popular among a different kind of user: those exploiting them for billions of dollars of international sanctions evasion and scams.

As part of itsannual crime report, cryptocurrency-tracing firm Chainalysis today released new numbers on the disproportionate use of stablecoins for both of those massive categories of illicit crypto transactions over the last year. By analyzing blockchains, Chainalysis determined that stablecoins were used in fully 70 percent of crypto scam transactions in 2023, 83 percent of crypto payments to sanctioned countries like Iran and Russia, and 84 percent of crypto payments to specifically sanctioned individuals and companies. Those numbers far outstrip stablecoins' growing overall use—including for legitimate purposes—which accounted for 59 percent of all cryptocurrency transaction volume in 2023.

In total, Chainalysis measured $40 billion in illicit stablecoin transactions in 2022 and 2023 combined. The largest single category of that stablecoin-enabled crime was sanctions evasion. In fact, across all cryptocurrencies, sanctions evasion accounted for more than half of the $24.2 billion in criminal transactions Chainalysis observed in 2023, with stablecoins representing the vast majority of those transactions. [...] Chainalysis concedes that the analysis in its report excludes some cryptocurrencies like Monero and Zcash that are designed to be harder or impossible to trace with blockchain analysis. It also says it based its numbers on the type of cryptocurrency sent directly to an illicit actor, which may leave out other currencies used in money laundering processes that repeatedly swap one type of cryptocurrency for another to make tracing more difficult.

Submission + - Side channel attack against post-quantum encryption algorithm (thehackernews.com) 1

Submitted by jd on Monday January 08, 2024 @10:50AM

jd writes: Crystals-Kyber was chosen to be the US government's post-quantum cryptography system of choice last year, but a side-channel attack has been identified.

From TFA, NIST says that this is an implementation-specific attack (the reference implementation) and not a vulnerability in Kyber itself.

From TFA:
The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH Royal Institute of Technology said in a paper.

CRYSTALS-Kyber is one of four post-quantum algorithms selected by the U.S. National Institute of Standards and Technology (NIST) after a rigorous multi-year effort to identify a set of next-generation encryption standards that can withstand huge leaps in computing power.

One of the popular countermeasures to harden cryptographic implementations against physical attacks is masking, which randomizes the computation and detaches the side-channel information from the secret-dependent cryptographic variables.

The attack method devised by the researchers involves a neural network training method called recursive learning to help recover message bits with a high probability of success.

The researchers also developed a new message recovery method called cyclic rotation that manipulates ciphertexts to increase the leakage of message bits, thereby boosting the success rate and making it possible to extract the session key.

"Such a method allows us to train neural networks that can recover a message bit with the probability above 99% from high-order masked implementations," they added.

When reached for comment, NIST told The Hacker News that the approach does not break the algorithm itself and that the findings don't affect the standardization process of CRYSTALS-Kyber.

On the mailing list, D. J. Bernstein added this:

Ive been recently carrying out code analysis for some of the KEM implementations submitted to SUPERCOP. In the case of kyber*/ref, I noticed various "/KYBER_Q" occurrences with variable inputs. In at least one case, line 190 of crypto_kem/kyber768/ref/poly.c, this is clearly a secret input. I'd expect measurable, possibly exploitable, timing variations

Submission + - Can a form of watermarking prevent AI deep faking? (latimes.com)

Submitted by Bruce66423 on Monday January 08, 2024 @04:36AM

Bruce66423 writes: This piece hypotheses the addition of such a watermark and visible icon to all pictures and videos at the time of creation, with the appropriate editing allowed but no substantial alterations. This is achieved by all legitimate editing being done on line to check the change is not creating a fake.

By contrast AI generated content would lack the watermark and icon.

Is it really technically possible to achieve such a clear distinction, or would, in practice, AI be able to replicate the necessary authentication?

Slashdot Top Deals