×
Microsoft

Microsoft's Bing Deploys Google-Mimicking Interface To Retain Search Users 33

Microsoft's Bing search engine has deployed a controversial interface change that mimics Google's appearance when users search for "Google" or "Google.com" while logged out, blog WindowsLatest reports.

The new design adjusts the page layout to conceal Bing's search bar and navigation, displaying instead a Google-like interface with a central search box that redirects queries to Bing's results.
IT

HDMI 2.2 Debuts, With an 'Ultra96' Cable For Tomorrow's Displays (pcworld.com) 40

The HDMI Forum has announced HDMI 2.2, doubling data bandwidth to 96Gbps through new "Ultra96" cables while maintaining compatibility with existing connectors. The specification, scheduled for release to industry adopters in first-half 2025, promises higher resolutions and refresh rates, including 4K at 480Hz and 8K at 240Hz.

A new Latency Indication Protocol aims to improve audio-video synchronization in multi-device setups. The Forum emphasized applications in AR/VR, medical imaging, and digital signage. Implementation requires both new Ultra96-certified cables and compatible devices, with anti-counterfeit measures included in packaging.
IT

Employers are Offering Remote Work with Lower Salaries (fortune.com) 138

"In many instances, there's a catch: flexible work but at lower pay..." writes Fortune.

"Remote workers are accepting lower salaries in order to achieve remote status. Some are taking as much as 5% to 15% less pay to do so, while other employers are reversing the strategy to entice workers to come to the office at higher salaries..." Today, nearly half of managers anticipate challenges in meeting candidates' compensation expectations. And when the gap between salary expectation and an offer is too great, many employers are negotiating remote and hybrid work to get candidates to sign on the dotted line, according to Robert Half's recently published 2025 U.S. Hiring Outlook. Some candidates accept 5% to 15% less pay in exchange for getting to work from home, Theresa L. Fesinstine, founder of human resources advisory peoplepower.ai, told Fortune. "There's this unspoken exchange rate between flexibility and comp, and for some candidates, it's worth a significant trade-off," said Fesinstine, who has more than two decades of leadership experience in HR. This is especially true "for those who value work-life balance or are saving on commute costs."

There are inherent risks in offering job candidates lower salaries, even if it means getting the chance to work from home. Amy Spurling, founder and CEO of employee benefits reimbursement platform Compt, told Fortune she expects to see a second Great Resignation this year after hiring freezes, benefits cuts, and forced RTO policies in 2023 and 2024. "If you're trying to lowball remote workers, you're about to face a harsh reality," Spurling said. "2025 is going to be a 'find out' year for companies that thought they could use remote work or other 'perks' to replace competitive compensation and genuine employee support." To wit, a 2024 report by PwC forecasts another resignation period with a 28% increase in the number of people who plan to change jobs, compared to 19% during the Great Resignation of 2022...

What's more, Fesinstine argues, remote work "isn't a perk anymore, but rather a standard operating model." So attempting to describe remote work as a benefit doesn't sit well with job candidates...

On the other hand, Michael Steinitz, senior executive director of professional talent solutions at Robert Half, told Fortune their research shows 76% of job candidates are willing to work fully in-office — in exchange for a higher salary.

"Among those employees, the average raise they would request is about 23%, he said."
China

Are US Computer Networks A 'Key Battlefield' in any Future Conflict with China? (msn.com) 70

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.

The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...
Microsoft

FSF Urges Moving Off Microsoft's GitHub to Protest Windows 11's Requiring TPM 2.0 (fsf.org) 146

TPM is a dedicated chip or firmware enabling hardware-level security, housing encryption keys, certificates, passwords, and sensitive data, "and shielding them from unauthorized access," Microsoft senior product manager Steven Hosking wrote last month, declaring TPM 2.0 to be "a non-negotiable standard for the future of Windows."

Or, as BleepingComputer put it, Microsoft "made it abundantly clear... that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support." (This despite the fact that Statcounter Global data "shows that more than 61% of all Windows systems worldwide still run Windows 10.") They add that Microsoft "announced on October 31 that Windows 10 home users will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."

But last week the Free Software Foundation's campaigns manager delivered a message on the FSF's official blog: "Keep putting pressure on Microsoft." Grassroots organization against a corporation as large as Microsoft is never easy. They have the advertising budget to claim that they "love Linux" (sic), not to mention the money and political willpower to corral free software developers from around the world on their nonfree platform Microsoft GitHub. This year's International Day Against DRM took aim at one specific injustice: their requiring a hardware TPM module for users being forced to "upgrade" to Windows 11. As Windows 10 will soon stop receiving security updates, this is a (Microsoft-manufactured) problem for users still on this operating system. Normally, offloading cryptography to a different hardware module could be seen as a good thing — but with nonfree software, it can only spell trouble for the user...

What's crucial now is to keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions.

AI

Dire Predictions for 2025 Include 'Largest Cyberattack in History' (politico.com) 90

Politico asked an "array of thinkers — futurists, scientists, foreign policy analysts and others — to lay out some of the possible 'Black Swan' events that could await us in the new year: What are the unpredictable, unlikely episodes that aren't yet on the radar but would completely upend American life as we know it?"

Here's one from Gary Marcus, a cognitive scientist and author of the book Taming Silicon Valley: How We Can Ensure That AI Works For Us: 2025 could easily see the largest cyberattack in history, taking down, at least for a little while, some sizeable piece of the world's infrastructure, whether for deliberate ransom or to manipulate people to make money off a short on global markets. Cybercrime is already a huge, multi-trillion dollar problem, and one that most victims don't like to talk about. It is said to be bigger than the entire global drug trade. Four things could make it much worse in 2025.

First, generative AI, rising in popularity and declining in price, is a perfect tool for cyberattackers. Although it is unreliable and prone to hallucinations, it is terrific at making plausible sounding text (e.g., phishing attacks to trick people into revealing credentials) and deepfaked videos at virtually zero cost, allowing attackers to broaden their attacks. Already, a cybercrew bilked a Hong Kong bank out of $25 million. Second, large language models are notoriously susceptible to jailbreaking and things like "prompt-injection attacks," for which no known solution exists. Third, generative AI tools are increasingly being used to create code; in some cases those coders don't fully understand the code written, and the autogenerated code has already been shown in some cases to introduce new security holes.

And finally 2025 may see a U.S. government "determined to deregulate as much as possible, slashing costs," Marus speculates, a scenario where "enforcement and investigations will almost certainly decline in both quality and quantity, leaving the world quite vulnerable to ever more audacious attacks."

Elsewhere in Politico's article there's other even less-cheery predictions for 2025. The executive director of an advocacy group for public health professionals describes the possibility of an epidemic "that we had the tools to control" which "winds up killing thousands" (while also "sending the economy back into a Covid-like downward spiral.")

And a law professor predicts 2025 will see a decisive breakthrough in quantum computing. "Those little padlocks you see beside URLs? They would, overnight, become a fiction."
Businesses

UK Bosses Try To Turn Back Clock On Hybrid Working (theguardian.com) 38

As UK workers face a tougher-than-usual January return to offices, many large employers, including Amazon, BT, PwC, and Santander, are enforcing stricter in-person attendance mandates. The Guardian reports: As of 1 January, BT is requiring its 50,000 office-based employees across the UK and several other countries to attend three days a week in what it calls a "three together, two wherever" approach. Workers at the telecoms company have been told that office entry and exit data will be used to monitor attendance. The accountancy firm PwC is also clamping down on remote working; the Spanish-owned bank Santander is formalizing attendance requirements for its 10,000 UK staff; the digital bank Starling has ordered staff back to the office more regularly; and the supermarket chain Asda has made a three-day office week compulsory for thousands of workers at its Leeds and Leicester sites. The international picture is similar. [...]

Multiple studies suggest that the future of work is flexible, with time split between the office and home or another location, in what has been called "the new normal" by the Office for National Statistics. The ONS found in its latest survey that hybrid was the standard pattern for more than a quarter (28%) of working adults in Great Britain in autumn 2024. At the same time, working entirely remotely had fallen since 2021, it found. One of the most frequently reported business reasons for hybrid working was "improved staff wellbeing," the ONS found, while those who worked from home saved an average of 56 minutes each day by dodging the commute.

UK staff have been slower to return to their desks after the pandemic than their counterparts in France, Germany, Italy, Spain and the US. London, in particular, has lagged behind other global cities including Paris and New York, according to recent research from the Centre for Cities thinktank, where workers spent on average 2.7 days a week in the office, attendance levels similar to Toronto and Sydney. It cited the cost, and average length of the commute in and around the UK capital as one of the main reasons for the trend. Despite this, there has been a "slow but steady increase in both attendance and desk use" in British offices, according to AWA, which tracked a 4% rise in attendance, from 29% to 33%, between July 2022 and September 2024.
"Hybrid working is here, it's not going away," said Andrew Mawson, the founder of Advanced Workplace Associates (AWA), a workplace transformation consultancy. "Even though companies are trying to mandate, foolishly in my view, to have their people in the office on a certain number of days, the true reality of it is different."
Privacy

Online Gift Card Store Exposed Hundreds of Thousands of People's Identity Documents (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services.

MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...]

According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries.
MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.
Games

Marvel Game Developer Reverses Century-Long Bans on Linux, Mac Users (arstechnica.com) 31

NetEase has reversed 100-year bans imposed on "Marvel Rivals" players using Linux and Mac compatibility tools in December 2024, following intervention from CodeWeavers' CEO and player complaints.

The game's anti-cheat system had banned players until 2124 for using Proton and CrossOver software on Steam Deck and Apple devices. The company stated on Discord it "will not ban players who are playing fairly and without cheating" but has made no broader commitments regarding compatibility tools.
Chrome

Hackers Target Dozens of VPN, AI Extensions For Google Chrome To Compromise Data 12

An anonymous reader quotes a report from The Record: Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...]

It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."
Windows

Ex-Microsoft Designer Reveals Windows 11's Dynamic Wallpapers That May Have Been Shelved (windowscentral.com) 17

Former Microsoft designer Sergey Kisselev has shared previously unseen concepts for Windows 11 dynamic wallpapers, intended for educational devices. The animated backgrounds were designed to complement Windows 11's centered interface but never shipped with the operating system's 23H2 update as initially planned.
Television

Samsung, Asus, MSI Unveil First 27-inch 4K OLED 240Hz Gaming Monitors (theverge.com) 25

Leading monitor manufacturers Asus, Samsung, and MSI unveiled the world's first 27-inch 4K OLED gaming monitors with 240Hz refresh rates, all featuring Samsung Display's fourth-generation QD-OLED panel technology.

Asus ROG Swift OLED PG27UCDM and MSI MPG 272URX QD-OLED models include DisplayPort 2.1a support, enabling 4K resolution at 240Hz without compression. Both offer DisplayHDR True Black 400 certification and three-year burn-in protection warranties. Samsung's Odyssey OLED G8 specifications remain partially undisclosed. All monitors feature 0.03ms response times and pixel density exceeding 160PPI.

Release dates and pricing details have not been announced.
IT

LA County Sheriff's Computer Dispatch System Crashes on New Year's Eve (msn.com) 33

Bruce66423 writes: A few hours before the ball dropped on New Year's Eve, the computer dispatch system for the Los Angeles County Sheriff's Department crashed, rendering all patrol car computers nearly useless and forcing deputies to handle all calls by radio, according to officials and sources in the department. Department leaders first learned of the problem around 8 p.m., when deputies at several sheriff's stations began having trouble logging onto their patrol car computers, officials told The Times in a statement.

The department said it eventually determined its computer-aided dispatch program -- known as CAD -- was "not allowing personnel to log on with the new year, making the CAD inoperable." It's not clear how long it will take to fix the problem, but in the meantime deputies and dispatchers are handling everything old-school -- using their radios instead of patrol car computers.

"It's our own little Y2K," a deputy who was working Wednesday morning told The Times. The deputy, along with three other department sources who spoke to The Times about the problem, asked not to be named because they were not authorized to speak on the record and feared retaliation.

IT

Tintin, Popeye Enter Public Domain as 1929 Works Released (duke.edu) 109

Thousands of copyrighted works from 1929, including Mickey Mouse's first speaking appearance and original versions of comic characters Popeye and Tintin, entered the U.S. public domain on January 1, 2025, as their 95-year copyright terms expired.

Popeye debuted in E.C. Segar's "Thimble Theatre" comic strip, while Tintin first appeared in Georges Remi's "Les Aventures de Tintin." These original character versions can now be freely used without permission or fees. Literary classics joining the public domain include William Faulkner's "The Sound and the Fury," Ernest Hemingway's "A Farewell to Arms," and Virginia Woolf's "A Room of One's Own."

Musical compositions entering the public domain include George Gershwin's "An American in Paris," Maurice Ravel's "Bolero," and Fats Waller's "Ain't Misbehavin'." The original 1929 recordings remain protected until 2030 under separate copyright rules.

Notable films becoming public domain include the Marx Brothers' first feature "The Cocoanuts," Alfred Hitchcock's first sound film "Blackmail," and several Mickey Mouse animations where the character debuts his white gloves and speaks his first words. Sound recordings from 1924, including performances by Marian Anderson and George Gershwin, also entered the public domain under the Music Modernization Act's 100-year term for historical recordings.

Slashdot Top Deals