Tech enthusiast Matt Cole has created a comprehensive MicroSD card testing database, writing over 18 petabytes of data across nearly 200 cards since July 2023. Cole's "Great MicroSD Card Survey" uses eight machines running 70 card readers around the clock, writing 101 terabytes daily to test authenticity, performance, and endurance.

The 15,000-word report covering over 200 different cards reveals significant quality disparities. Name-brand cards purchased from Amazon performed markedly better than identical models from AliExpress, while cards with "fake flash" -- inflated capacity ratings -- performed significantly worse than authentic storage. Sandisk and Kingston cards averaged 4,634 and 3,555 read/write cycles before first error, respectively, while Lenovo cards averaged just 291 cycles. Some off-brand cards failed after only 27 cycles. Cole tested 51 cards to complete destruction during the endurance testing phase.

AT&T has launched a new Account Lock feature designed to protect customers from SIM swapping attacks. The security tool, available through the myAT&T app, prevents unauthorized changes to customer accounts including phone number transfers, SIM card changes, billing information updates, device upgrades, and modifications to authorized users.

SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features.

An anonymous reader shares a report: A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.

According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.

The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.

An anonymous reader quotes a report from TechCrunch: The U.S. Department of Justice announced on Monday that it had taken several enforcement actions against North Korea's money-making operations, which rely on undercover remote IT workers inside American tech companies to raise funds for the regime's nuclear weapons program, as well as to steal data and cryptocurrency. As part of the DOJ's multi-state effort, the government announced the arrest and indictment of U.S. national Zhenxing "Danny" Wang, who allegedly ran a years-long fraud scheme from New Jersey to sneak remote North Korean IT workers inside U.S. tech companies. According to the indictment, the scheme generated more than $5 million in revenue for the North Korean regime. [...]

From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more. The group is said to have run laptop farms inside the United States, which the North Korean IT workers could essentially use as proxies to hide their provenance, according to the DOJ. At times, they used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers from a single keyboard and mouse. The group allegedly also ran shell companies inside the U.S. to make it seem like the North Korean IT workers were affiliated with legitimate local companies, and to receive money that would then be transferred abroad, the DOJ said.

The fraudulent scheme allegedly also involved the North Korean workers stealing sensitive data, such as source code, from the companies they were working for, such as from an unnamed California-based defense contractor "that develops artificial intelligence-powered equipment and technologies."

Avantare writes: Microsoft Authenticator houses your passwords and lets you sign into all of your Microsoft accounts using a PIN, facial recognition such as Windows Hello, or other biometric data, like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your Microsoft accounts.
In June, Microsoft stopped letting users add passwords to Authenticator, but here's a timeline of other changes you can expect, according to Microsoft:

July 2025: You won't be able to use the autofill password function.
August 2025: You'll no longer be able to use saved passwords.

Companies deliberately design customer service friction to discourage refunds and claims, according to research into a practice academics call "sludge." The term, coined by legal scholar Cass R. Sunstein and economist Richard H. Thaler in their updated version of "Nudge," describes tortuous administrative demands, endless wait times, and excessive procedural fuss that impede customers.

ProPublica reported in 2023 that Cigna saved millions of dollars by rejecting claims without having doctors read them. The Consumer Financial Protection Bureau ordered Toyota's motor-financing arm to pay $60 million for alleged misdeeds including deliberately setting up dead-end hotlines for canceling products and services. The 2023 National Customer Rage Survey found that the percentage of American consumers seeking revenge for customer service hassles had tripled in three years.

An anonymous reader shared this report from the tech news site The Register: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week published guidance urging software developers to adopt memory-safe programming languages. "The importance of memory safety cannot be overstated," the inter-agency report says...

The CISA/NSA report revisits the rationale for greater memory safety and the government's calls to adopt memory-safe languages (MSLs) while also acknowledging the reality that not every agency can change horses mid-stream. "A balanced approach acknowledges that MSLs are not a panacea and that transitioning involves significant challenges, particularly for organizations with large existing codebases or mission-critical systems," the report says. "However, several benefits, such as increased reliability, reduced attack surface, and decreased long-term costs, make a strong case for MSL adoption."

The report cites how Google by 2024 managed to reduce memory safety vulnerabilities in Android to 24 percent of the total. It goes on to provide an overview of the various benefits of adopting MSLs and discusses adoption challenges. And it urges the tech industry to promote memory safety by, for example, advertising jobs that require MSL expertise.

It also cites various government projects to accelerate the transition to MSLs, such as the Defense Advanced Research Projects Agency (DARPA) Translating All C to Rust (TRACTOR) program, which aspires to develop an automated method to translate C code to Rust. A recent effort along these lines, dubbed Omniglot, has been proposed by researchers at Princeton, UC Berkeley, and UC San Diego. It provides a safe way for unsafe libraries to communicate with Rust code through a Foreign Function Interface....

"Memory vulnerabilities pose serious risks to national security and critical infrastructure," the report concludes. "MSLs offer the most comprehensive mitigation against this pervasive and dangerous class of vulnerability."
"Adopting memory-safe languages can accelerate modern software development and enhance security by eliminating these vulnerabilities at their root," the report concludes, calling the idea "an investment in a secure software future."

"By defining memory safety roadmaps and leading the adoption of best practices, organizations can significantly improve software resilience and help ensure a safer digital landscape."

"The potential threat of bosses attempting to replace human workers with AI agents is just one of many compounding reasons people are critical of generative AI..." writes Wired, arguing that there's an AI backlash that "keeps growing strong."

"The pushback from the creative community ramped up during the 2023 Hollywood writer's strike, and continued to accelerate through the current wave of copyright lawsuits brought by publishers, creatives, and Hollywood studios." And "Right now, the general vibe aligns even more with the side of impacted workers." "I think there is a new sort of ambient animosity towards the AI systems," says Brian Merchant, former WIRED contributor and author of Blood in the Machine, a book about the Luddites rebelling against worker-replacing technology. "AI companies have speedrun the Silicon Valley trajectory." Before ChatGPT's release, around 38 percent of US adults were more concerned than excited about increased AI usage in daily life, according to the Pew Research Center. The number shot up to 52 percent by late 2023, as the public reacted to the speedy spread of generative AI. The level of concern has hovered around that same threshold ever since...

[F]rustration over AI's steady creep has breached the container of social media and started manifesting more in the real world. Parents I talk to are concerned about AI use impacting their child's mental health. Couples are worried about chatbot addictions driving a wedge in their relationships. Rural communities are incensed that the newly built data centers required to power these AI tools are kept humming by generators that burn fossil fuels, polluting their air, water, and soil. As a whole, the benefits of AI seem esoteric and underwhelming while the harms feel transformative and immediate.

Unlike the dawn of the internet where democratized access to information empowered everyday people in unique, surprising ways, the generative AI era has been defined by half-baked software releases and threats of AI replacing human workers, especially for recent college graduates looking to find entry-level work. "Our innovation ecosystem in the 20th century was about making opportunities for human flourishing more accessible," says Shannon Vallor, a technology philosopher at the Edinburgh Futures Institute and author of The AI Mirror, a book about reclaiming human agency from algorithms. "Now, we have an era of innovation where the greatest opportunities the technology creates are for those already enjoying a disproportionate share of strengths and resources."

The impacts of generative AI on the workforce are another core issue that critics are organizing around. "Workers are more intuitive than a lot of the pundit class gives them credit for," says Merchant. "They know this has been a naked attempt to get rid of people."
The article suggests "the next major shift in public opinion" is likely "when broad swaths of workers feel further threatened," and organize in response...

The problem? "Companies want their products and brands to appear in chatbot results," reports 9to5Mac. And "Since Reddit forms a key part of the training material for Google's AI, then one effective way to make that happen is to spam Reddit." Huffman has confirmed to the Financial Times that this is happening, with companies using AI bots to create fake posts in the hope that the content will be regurgitated by chatbots:

"For 20 years, we've been fighting people who have wanted to be popular on Reddit," Huffman said... "If you want to show up in the search engines, you try to do well on Reddit, and now the LLMs, it's the same thing. If you want to be in the LLMs, you can do it through Reddit."

Multiple ad agency execs confirmed to the FT that they are indeed "posting content on Reddit to boost the likelihood of their ads appearing in the responses of generative AI chatbots." Huffman says that AI bots are increasingly being used to make spam posts, and Reddit is trying to block them: For Huffman, success comes down to making sure that posts are "written by humans and voted on by humans [...] It's an arms race, it's a never ending battle." The company is exploring a number of new ways to do this, including the World ID eyeball-scanning device being touted by OpenAI's Sam Altman.
It's Reddit's 20th anniversary, notes CNBC. And while "MySpace, Digg and Flickr have faded into oblivion," Reddit "has refused to die, chugging along and gaining an audience of over 108 million daily users..."

But now Reddit "faces a gargantuan challenge gaining new users, particularly if Google's search floodgates dry up." [I]n the age of AI, many users simply "go the easiest possible way," said Ann Smarty, a marketing and reputation management consultant who helps brands monitor consumer perception on Reddit. And there may be no simpler way of finding answers on the internet than simply asking ChatGPT a question, Smarty said. "People do not want to click," she said. "They just want those quick answers."
But in response, CNBC's headline argues that Reddit "is fighting AI with AI." It launched its own Reddit Answers AI service in December, using technology from OpenAI and Google. Unlike general-purpose chatbots that summarize others' web pages, the Reddit Answers chatbot generates responses based purely on the social media service, and it redirects people to the source conversations so they can see the specific user comments. A Reddit spokesperson said that over 1 million people are using Reddit Answers each week.

"Duolingo stock fell for the fourth straight trading day on Wednesday," reported Investor's Business Daily, "as data shows user growth slowing for the language-learning software provider."

Jefferies analyst John Colantuoni said he was "concerned" by this drop — saying it "may be the result of Duolingo's poorly received AI-driven hiring announcement in late April (later clarified in late May)." Also Wednesday, DA Davidson analyst Wyatt Swanson slashed his price target on Duolingo stock to 500 from 600, but kept his buy rating. He noted that the "'AI-first' backlash" on social media is hurting Duolingo's brand sentiment. However, he expects the impact to be temporary.
Colantuoni also maintained a "hold" rating on Duolingo stock — though by Monday Duolingo fell below its 50-day moving average line (which Investor's Business Daily calls "a key sell signal.")

And Thursday afternoon (2:30 p.m. EST) Duolingo's stock had dropped 14% for the week, notes The Motley Fool: While 30 days' worth of disappointing daily active user (DAU) data isn't bad in and of itself, it extends a worrying trend. Over the last five months, the company's DAU growth declined from 56% in February to 53% in March, 41% in April, 40% in May [the month after the "AI-first" announcement], and finally 37% in June.

This deceleration is far from a death knell for Duolingo's stock. But the market may be justified in lowering the company's valuation until it sees improving data. Even after this drop, the company trades at 106 times free cash flow, including stock-based compensation.
Maybe everyone's just practicing their language skills with ChatGPT?

Bloomberg reports: By the time Jessica Lindsey's customers accuse her of being an AI, they are often already shouting. For the past two years, her work as a call center agent for outsourcing company Concentrix has been punctuated by people at the other end of the phone demanding to speak to a real human. Sometimes they ask her straight, 'Are you an AI?' Other times they just start yelling commands: 'Speak to a representative! Speak to a representative...!' Skeptical customers are already frustrated from dealing with the automated system that triages calls before they reach a person. So when Lindsey starts reading from her AmEx-approved script, callers are infuriated by what they perceive to be another machine. "They just end up yelling at me and hanging up," she said, leaving Lindsey sitting in her home office in Oklahoma, shocked and sometimes in tears. "Like, I can't believe I just got cut down at 9:30 in the morning because they had to deal with the AI before they got to me...."

In Australia, Canada, Greece and the US, call center agents say they've been repeatedly mistaken for AI. These people, who spend hours talking to strangers, are experiencing surreal conversations, where customers ask them to prove they are not machines... [Seth, a US-based Concentrix worker] said he is asked if he's AI roughly once a week. In April, one customer quizzed him for around 20 minutes about whether he was a machine. The caller asked about his hobbies, about how he liked to go fishing when not at work, and what kind of fishing rod he used. "[It was as if she wanted] to see if I glitched," he said. "At one point, I felt like she was an AI trying to learn how to be human...."

Sarah, who works in benefits fraud-prevention for the US government — and asked to use a pseudonym for fear of being reprimanded for talking to the media — said she is mistaken for AI between three or four times every month... Sarah tries to change her inflections and tone of voice to sound more human. But she's also discovered another point of differentiation with the machines. "Whenever I run into the AI, it just lets you talk, it doesn't cut you off," said Sarah, who is based in Texas. So when customers start to shout, she now tries to interrupt them. "I say: 'Ma'am (or Sir). I am a real person. I'm sitting in an office in the southern US. I was born.'"

Tech companies Google and Palo Alto Networks are sounding the alarm over the "Scattered Spider" hacking group's interest in the aviation sector. From a report: In a statement posted on LinkedIn, Sam Rubin, an executive at Palo Alto's cybersecurity-focused Unit 42, said his company had "observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry."

In a similar statement, Charles Carmakal, an executive with Alphabet-owned Google's cybersecurity-focused Mandiant unit, said his company was "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider." Axios adds: The group of mostly Western, English-speaking hackers has been on a months-long spree that's prompted operational disruptions at grocery suppliers, major retail storefronts and insurance companies in the U.S. and U.K.

Hawaiian Airlines said Thursday it's addressing a "cybersecurity incident" that affected some of its IT systems. Canadian airline WestJet faced a similar incident last week that caused outages for some of its systems and mobile app. A source familiar with the incidents told Axios that Scattered Spider was likely behind the WestJet incident.

Android 16 will include a new security feature that warns users when their phones connect to fake cell towers designed for surveillance. The "network notification" setting alerts users when devices connect to unencrypted networks or when networks request phone identifiers, helping protect against "stingray" devices that mimic legitimate cell towers to collect data and force phones onto insecure communication protocols.

An anonymous reader quotes a report from SecurityWeek: Hundreds of printer models from Brother and other vendors are impacted by potentially serious vulnerabilities discovered by researchers at Rapid7. The cybersecurity firm revealed on Wednesday that its researchers identified eight vulnerabilities affecting multifunction printers made by Brother. The security holes have been found to impact 689 printer, scanner and label maker models from Brother, and some or all of the flaws also affect 46 Fujifilm Business Innovation, five Ricoh, six Konica Minolta, and two Toshiba printers. Overall, millions of enterprise and home printers are believed to be exposed to hacker attacks due to these vulnerabilities.

The most serious of the flaws, tracked as CVE-2024-51978 and with a severity rating of 'critical', can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device's default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device's serial number. This serial number is needed to generate the default admin password. "This is due to the discovery of the default password generation procedure used by Brother devices," Rapid7 explained. "This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process."

Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users. The remaining vulnerabilities, which have severity ratings of 'medium' and 'high', can be exploited for DoS attacks, forcing the printer to open a TCP connection, obtain the password of a configured external service, trigger a stack overflow, and perform arbitrary HTTP requests. Six of the eight vulnerabilities found by Rapid7 can be exploited without authentication. Brother has patched most of the flaws, but CVE-2024-51978 requires a new manufacturing process to fully resolve, which will apply only to future devices.

The Blue Screen of Death (BSOD) has held strong in Windows for nearly 40 years, but that's about to change. From a report: Microsoft revealed earlier this year that it was overhauling its BSOD error message in Windows 11, and the company has now confirmed that it will soon be known as the Black Screen of Death. The new design drops the traditional blue color, frowning face, and QR code in favor of a simplified black screen.

The simplified BSOD looks a lot more like the black screen you'd see during a Windows update. But it will list the stop code and faulty system driver that you wouldn't always see during a crash dump. IT admins shouldn't need to pull crash dumps off PCs and analyze them with tools like WinDbg just to find out what could be causing issues. The company will roll out this new BSOD design in an update to Windows 11 "later this summer."

Microsoft is preparing to release a private preview of Windows changes that will move antivirus and endpoint detection and response apps out of the Windows kernel, nearly a year after a faulty CrowdStrike update crashed 8.5 million Windows-based machines worldwide.

The new Windows endpoint security platform is being developed in cooperation with CrowdStrike, Bitdefender, ESET, Trend Micro, and other security vendors. David Weston, Microsoft's vice president of enterprise and OS security, said dozens of partners have submitted papers detailing design requirements, some hundreds of pages long. The private preview will allow security vendors to request changes before the platform is finalized.

The HDMI Forum has officially finalized HDMI 2.2, doubling bandwidth from 48 GB/s to 96 GB/s compared to the current HDMI 2.1 standard. The specification enables 16K resolution at 60 Hz and 12K at 120 Hz with chroma subsampling, while supporting uncompressed 4K at 240 Hz with 12-bit color depth and uncompressed 8K at 60 Hz.

The new standard requires "Ultra96" certified cables with clear HDMI Forum branding to achieve full bandwidth capabilities. HDMI 2.2's 96 GB/s throughput surpasses DisplayPort 2.1b UHBR20's 80 GB/s maximum. The specification maintains backwards compatibility with existing devices and cables, operating at the lowest common denominator when mixed with older hardware. HDMI 2.2 introduces a Latency Indication Protocol to improve audio-video synchronization in complex home theater setups.

Google has begun rolling out a feature that allows Chrome users on Android to move the browser's address bar to the bottom of the screen. This capability has been available to iOS Chrome users since 2023 and aims to improve accessibility for users with larger devices.

Users can relocate the address bar by pressing and holding on it and selecting the move option, or by adjusting the setting through Chrome's settings menu. The feature addresses usability concerns for users of phones with bigger screens, where reaching the top of the display can prove difficult during one-handed operation.

Western Digital has succeeded in having the sum it owed from a patent infringement case reduced from $553 million down to just $1 in post-trial motions, when the judge found the plaintiff's claims had shifted during the course of the litigation. From a report: The storage biz was held by a California jury to have infringed on data encryption patents owned by SPEX Technologies Inc in October, relating to several of its self-encrypting hard drive products.

WD was initially told to pay $316 million in damages, but District Judge James Selna ruled the company owed a further $237 million in interest charges earlier this year, bringing the total to more than half a billion dollars. In February, WD was given a week to file a bond or stump up the entire damages payment. Selna granted Western Digital's post-trial motion to reduce damages, writing that "SPEX's damages theory changed as certain evidence and theories became unavailable" and there was "insufficient evidence from which the Court could determine a reasonable royalty."

Microsoft will offer free Windows 10 security updates through October 2026 to consumers who enable Windows Backup or spend 1,000 Microsoft Rewards points, the company said today. The move provides alternatives to the previously announced $30-per-PC Extended Security Update program for individuals wanting to continue using Windows 10 past its October 14, 2025 end-of-support date.

The company will notify Windows 10 users about the ESU program through the Settings app and notifications starting in July, with full rollout by mid-August. Both free options require a Microsoft Account, which the company has increasingly pushed in Windows 11. Business and organizational customers can still purchase up to three years of ESU updates but must pay for the service.

Windows 10 remains installed on 53% of Windows PCs worldwide, according to Statcounter data.