Android

Android Earthquake Alerts Now Available Across All 50 States, 6 US Territories (droid-life.com) 29

Google's Android Earthquake Alerts System, initially launched in 2020, is now available in all 50 U.S. states and 6 territories. Droid Life reports: For users in California, Oregon and Washington, users will continue to have their alerts powered by the ShakeAlert system, utilizing traditional seismometers to detect earthquakes. For all out states and supported territories, "this expansion uses the built-in accelerometers in Android phones to bring another layer of preparedness and potentially life-saving information to people across every state," the company explained in a blog post.

Using the accelerometer to sense vibrations and an apparent earthquake, the system quickly analyzes the crowdsourced data to determine if an earthquake is occurring. Google says it has been working with many experts to continue the system's improvement. Depending on the severity of the earthquake, you'll get two types of notifications. A little pop up on your screen if it's pretty weak with light shaking or a complete screen takeover for moderate to extreme shaking. These are called Take Action alerts, complete with the classic drop, cover, and hold instructions.

AT&T

AT&T Sues Broadcom For Breaching VMware Support Extension Contract (theregister.com) 76

AT&T has filed a lawsuit against Broadcom, alleging that Broadcom is refusing to honor an extended support agreement for VMware software unless AT&T purchases additional subscriptions it doesn't need. The company warns the consequences could risk massive outages for AT&T's customer support operations and critical federal services, including the U.S. President's office. The Register reports: A complaint [PDF] filed last week in the Supreme Court of New York State explains that AT&T holds perpetual licenses for VMware software and paid for support services under a contract that ends on September 8. The complaint also alleges that AT&T has an option to extend that support deal for two years -- provided it activates the option before the end of the current deal. AT&T's filing claims it exercised that option, but that Broadcom "is refusing to honor" the contract. Broadcom has apparently told AT&T it will continue to provide support if the comms giant "agrees to purchase scores of subscription services and software." AT&T counters that it "does not want or need" those subscriptions, because they:

- Would impose significant additional contractual and technological obligations on AT
- Would require AT&T to invest potentially millions to develop its network to accommodate the new software;
- May violate certain rights of first refusal that AT&T has granted to third parties;
- Would cost AT&T tens of millions more than the price of the support services alone.

[...] The complaint also suggests Broadcom's refusal to extend support creates enormous risk for US national security -- some of the ~8,600 servers that host AT&T's ~75,000 VMs "are dedicated to various national security and public safety agencies within the federal government as well as the Office of the President." Other VMs are relied upon by emergency responders, and still more "deliver services to millions of AT&T customers worldwide" according to the suit. Without support from Broadcom, AT&T claims it fears "widespread network outages that could cripple the operations of millions of AT&T customers worldwide" because it may not be able to fix VMware's software.

The Courts

Snap Sued Over 'Sextortion' of Kids By Predators (cnbc.com) 41

New Mexico Attorney General Raul Torrez has filed a lawsuit against Snap, accusing Snapchat of fostering and promoting illicit sexual material involving children, facilitating sextortion, and enabling trafficking of children, drugs, and guns. CNBC reports: The suit alleges that Snap "repeatedly made statements to the public regarding the safety and design of its platforms that it knew were untrue," or that were contradicted by the company's own internal findings. "Snap was specifically aware, but failed to warn children and parents, of 'rampant' and 'massive' sextortion on its platform -- a problem so grave that it drives children facing merciless and relentless blackmail demands or disclosure of intimate images to their families and friends to suicide," the suit says.

New Mexico's Department of Justice, which Torrez leads, in recent months conducted an investigation that found that there was a "vast network of dark web sites dedicated to sharing stolen, non-consensual sexual images from Snap" and that there were more than 10,000 records related to SNAP and child sexual abuse material "in the last year alone," the department said. The suit alleges violations of New Mexico's unfair trade practices law.

Apple

Apple Announces 'Find My' For South Korea (appleinsider.com) 8

Apple announced it is planning to bring its Find My service to South Korea in early 2025. Originally released in 2010, the Find My service has been unavailable in South Korea, making it the last country without access to Apple's tracking feature. AppleInsider reports: In July 2024, complaints from users in South Korea reached a point where they were finally petitioning the government to allow Apple's Find My feature to work. Any iPhone made for sale in South Korea had Find My permanently disabled, so it wouldn't work even when the owner was in a different country. Now in a statement on its Korean website, Apple has announced that it plans to bring Find My to the country shortly.

"Apple plans to introduce the 'Find My' network in Korea in the spring of 2025," says a brief statement (in translation). "Users in Korea will soon be able to use the Find My app to find their Apple devices and personal belongings with their personal information protected, and check the location of friends and family." [...] According to the user petition submitted to the National Assembly Petition website of South Korea, Apple has said that Find My is disabled "because of internal policy."

Verizon

Verizon To Buy Frontier For $9.6 Billion, Says It Will Expand Fiber Network 45

An anonymous reader quotes a report from Ars Technica: Verizon today announced a deal to acquire Frontier Communications, an Internet service provider with about 3 million customers in 25 states. Verizon said the all-cash transaction is valued at $20 billion. Verizon agreed to pay $9.6 billion and is taking on over $10 billion in debt (PDF) held by Frontier. Verizon said the deal is subject to regulatory approval and a vote by Frontier shareholders and is expected to be completed in 18 months.

"Under the terms of the agreement, Verizon will acquire Frontier for $38.50 per share in cash, representing a premium of 43.7 percent to Frontier's 90-Day volume-weighted average share price (VWAP) on September 3, 2024, the last trading day prior to media reports regarding a potential acquisition of Frontier," Verizon said. Assuming regulatory and shareholder approval, Verizon will be buying back a former portion of its network that it sold to Frontier eight years ago. In 2016, Frontier bought Verizon's FiOS and DSL operations in Florida, California, and Texas. The 2016 changeover was marred by technical problems that caused weeks of outages for tens of thousands of customers.
"Frontier's 2.2 million fiber subscribers across 25 states will join Verizon's approximately 7.4 million FiOS connections in 9 states and Washington, D.C.," Verizon said. "In addition to Frontier's 7.2 million fiber locations, the company is committed to its plan to build out an additional 2.8 million fiber locations by the end of 2026."
Verizon

Verizon Nearing Deal for Frontier Communications (msn.com) 23

Verizon is in advanced talks to acquire Frontier Communications in a deal that would bolster the company's fiber network to compete with rivals including AT&T, WSJ reported Wednesday, citing people familiar with the matter. From the report: An announcement could come this week, granted the talks don't hit any last-minute snags, the people said. A deal would be sizable, given Frontier's market value of over $7 billion. The company, cobbled together by several deals over the years, provides broadband connections to about three million locations across 25 states.

Verizon, the top cellphone carrier by subscribers, has faced increased pressure from competitors and from cable-TV companies that offer discounted wireless service backed by Verizon's own cellular network. Verizon has its Fios-branded fiber network, and AT&T has focused on expanding its fiber network since shedding its WarnerMedia assets in 2022. Fiber M&A has heated up as telecom companies and financial firms pour capital into neighborhoods that lack high-speed broadband or offer only one internet provider, usually from a cable-TV company.

The Military

Navy Chiefs Conspired To Get Themselves Illegal Warship Wi-Fi (navytimes.com) 194

During a 2023 deployment, senior enlisted leaders aboard the Navy ship USS Manchester secretly installed a Starlink Wi-Fi network, allowing them exclusive internet access in violation of Navy regulations. "Unauthorized Wi-Fi systems like the one [then-Command Senior Chief Grisel Marrero] set up are a massive no-no for a deployed Navy ship, and Marrero's crime occurred as the ship was deploying to the West Pacific, where such security concerns become even more paramount among heightened tensions with the Chinese," reports Navy Times. From the report: As the ship prepared for a West Pacific deployment in April 2023, the enlisted leader onboard conspired with the ship's chiefs to install the secret, unauthorized network aboard the ship, for use exclusively by them. So while rank-and-file sailors lived without the level of internet connectivity they enjoyed ashore, the chiefs installed a Starlink satellite internet dish on the top of the ship and used a Wi-Fi network they dubbed "STINKY" to check sports scores, text home and stream movies. The enjoyment of those wireless creature comforts by enlisted leaders aboard the ship carried serious repercussions for the security of the ship and its crew. "The danger such systems pose to the crew, the ship and the Navy cannot be understated," the investigation notes.

Led by the senior enlisted leader of the ship's gold crew, then-Command Senior Chief Grisel Marrero, the effort roped in the entire chiefs mess by the time it was uncovered a few months later. Marrero was relieved in late 2023 after repeatedly misleading and lying to her ship's command about the Wi-Fi network, and she was convicted at court-martial this spring in connection to the scheme. She was sentenced to a reduction in rank to E-7 after the trial and did not respond to requests for comment for this report. The Navy has yet to release the entirety of the Manchester investigation file to Navy Times, including supplemental enclosures. Such records generally include statements or interview transcripts with the accused.

But records released so far show the probe, which wrapped in November, found that the entire chiefs mess knew about the secret system, and those who didn't buy into it were nonetheless culpable for not reporting the misconduct. Those chiefs and senior chiefs who used, paid for, helped hide or knew about the system were given administrative nonjudicial punishment at commodore's mast, according to the investigation. All told, more than 15 Manchester chiefs were in cahoots with Marrero to purchase, install and use the Starlink system aboard the ship. "This agreement was a criminal conspiracy, supported by the overt act of bringing the purchased Starlink onboard USS MANCHESTER," the investigation said. "Any new member of the CPO Mess which then paid into the services joined that conspiracy following the system's operational status."

Records obtained by Navy Times via a Freedom of Information Act request reveal a months-long effort by Marrero to obtain, install and then conceal the chiefs Wi-Fi network from superiors, including the covert installation of a Starlink satellite dish on the outside of the Manchester. When superiors became suspicious about the existence of the network and confronted her about it, Marrero failed to come clean on multiple occasions and provided falsified documents to further mislead Manchester's commanding officer, the investigation states. "The installation and usage of Starlink, without the approval of higher headquarters, poses a serious risk to mission, operational security, and information security," the investigation states.

Social Networks

Bluesky Adds 2 Million New Users After Brazil's X Ban (techcrunch.com) 94

In the days following Brazil's shutdown of X, the decentralized social networking startup Bluesky added over 2 million new users, up from just half a million as of Friday. "This rapid growth led some users to encounter the occasional error that would state there were 'Not Enough Resources' to handle requests, as Bluesky engineers scrambled to keep the servers stable under the influx of new sign-ups," reports TechCrunch's Sarah Perez. From the report: As new users downloaded the app, Bluesky jumped to becoming the app to No. 1 in Brazil over the weekend, ahead of Meta's X competitor, Instagram Threads. According to app intelligence firm Appfigures, Bluesky's total downloads soared by 10,584% this weekend compared to last, and its downloads in Brazil were up by a whopping 1,018,952%. The growth seems to be having a halo effect, as downloads outside Brazil also rose by 584%, the firm noted. In part, this is due to Bluesky receiving downloads in 22 countries where it had barely seen any traction before.

In terms of absolute downloads, countries that saw the most installs outside Brazil included the U.S., Portugal, the U.K., Canada and Spain. Those with the most download growth, however, were Portugal, Chile, Argentina, Colombia and Romania. Most of the latter group jumped from single-digit growth to growth in the thousands. Bluesky's newcomers have actively engaged on the platform, too, driving up other key metrics.

As one Bluesky engineer remarked, the number of likes on the social network grew to 104.6 million over the past four-day period, up from just 13 million when compared with a similar period just a week ago. Follows also grew from 1.4 million to 100.8 million while reposts grew from 1.3 million to 11 million. As of Monday, Bluesky said it had added 2.11 million users during the past four days, up from 26,000 users it had added in the week-ago period. In addition, the company noted it had seen "significantly more than a 100% [daily active users] increase." On Tuesday, Bluesky told TechCrunch the number is now 2.4 million and continues to grow "by the minute."

The Courts

Shrinkwrap 'Contract' Found At Costco On... Collagen Peptides (mastodon.social) 74

Slashdot covered shrinkwrap licenses on software back in 2000 and 2002. But now ewhac (Slashdot reader #5,844) writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the "Service")...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract.

The same contract has been spotted by numerous others — including someone who posted about it on Reddit two years ago. ("When I opened it, encountered a vacuum seal with the following 'READ THIS: by opening and using this product, you agree to...'") But the same verbiage still appears in online listings today for the product from Albertsons, Walgreens, and CVS.

Shrinkwrap contracts. They're not just for software any more...
IT

How Not To Hire a North Korean IT Spy (csoonline.com) 17

CSO Online reports that North Korea "is actively infiltrating Western companies using skilled IT workers who use fake identities to pose as remote workers with foreign companies, typically but not exclusively in the U.S."

Slashdot reader snydeq shares their report, which urges information security officers "to carry out tighter vetting of new hires to ward off potential 'moles' — who are increasingly finding their way onto company payrolls and into their IT systems." The schemes are part of illicit revenue generation efforts by the North Korean regime, which faces financial sanctions over its nuclear weapons program, as well as a component of the country's cyberespionage activities.

The U.S. Treasury department first warned about the tactic in 2022. Thosands of highly skilled IT workers are taking advantage of the demand for software developers to obtain freelance contracts from clients around the world, including in North America, Europe, and East Asia. "Although DPRK [North Korean] IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK's malicious cyber intrusions," the Treasury department warned... North Korean IT workers present themselves as South Korean, Chinese, Japanese, or Eastern European, and as U.S.-based teleworkers. In some cases, DPRK IT workers further obfuscate their identities by creating arrangements with third-party subcontractors.

Christina Chapman, a resident of Arizona, faces fraud charges over an elaborate scheme that allegedly allowed North Korean IT workers to pose as U.S. citizens and residents using stolen identities to obtain jobs at more than 300 U.S. companies. U.S. payment platforms and online job site accounts were abused to secure jobs at more than 300 companies, including a major TV network, a car manufacturer, a Silicon Valley technology firm, and an aerospace company... According to a U.S. Department of Justice indictment, unsealed in May 2024, Chapman ran a "laptop farm," hosting the overseas IT workers' computers inside her home so it appeared that the computers were located in the U.S. The 49-year-old received and forged payroll checks, and she laundered direct debit payments for salaries through bank accounts under her control. Many of the overseas workers in her cell were from North Korea, according to prosecutors. An estimated $6.8 million were paid for the work, much of which was falsely reported to tax authorities under the name of 60 real U.S. citizens whose identities were either stolen or borrowed...

Ukrainian national Oleksandr Didenko, 27, of Kyiv, was separately charged over a years-long scheme to create fake accounts at U.S. IT job search platforms and with U.S.-based money service transmitters. "Didenko sold the accounts to overseas IT workers, some of whom he believed were North Korean, and the overseas IT workers used the false identities to apply for jobs with unsuspecting companies," according to the U.S. Department of Justice. Didenko, who was arrested in Poland in May, faces U.S. extradition proceedings...

How this type of malfeasance plays out from the perspective of a targeted firm was revealed by security awareness vendor KnowBe4's candid admission in July that it unknowingly hired a North Korean IT spy... A growing and substantial body of evidence suggests KnowBe4 is but one of many organizations targeted by illicit North Korean IT workers. Last November security vendor Palo Alto reported that North Korean threat actors are actively seeking employment with organizations based in the U.S. and other parts of the world...

Mandiant, the Google-owned threat intel firm, reported last year that "thousands of highly skilled IT workers from North Korea" are hunting work. More recently, CrowdStrike reported that a North Korean group it dubbed "Famous Chollima" infiltrated more than 100 companies with imposter IT pros.

The article notes the infiltrators use chatbots to tailor the perfect resume "and further leverage AI-created deepfakes to pose as real people." And the article includes this quote from a former intelligence analyst for the U.S. Air Force turned cybersecurity strategist at Sysdig. "In some cases, they may try to get jobs at tech companies in order to steal their intellectual property before using it to create their own knock-off technologies."

The article closes with its suggested "countermeasures," including live video-chats with prospective remote-work applicants — and confirming an applicant's home address.
Verizon

Verizon Taps Another Satellite Operator To Make Texting From the Middle of Nowhere Easier (theregister.com) 20

Verizon has teamed up with another satellite operator to offer US customers a commercial direct-to-device messaging service for when a terrestrial cell network is not available, starting this fall. From a report: The telecoms giant says that US customers with compatible smartphones will have access to emergency messaging and location sharing, even when out of range of a cell tower, and from early next year it will offer the ability to text anywhere via a satellite connection, again with compatible devices. Verizon told The Register that there are no additional costs planned for this service, and any customer with a capable device can take advantage of it, irrespective of price plan.

It will be available on the Pixel 9 family of devices out of the box, with the Galaxy S25 to follow, a Verizon spokesperson told us. "Next year we will add text anywhere functionality to the emergency text and location services available this year," they added. This sounds somewhat similar to the Emergency SOS feature introduced by Apple with the iPhone 14 two years ago, which also enabled users to contact emergency services via a satellite link. Verizon says its service will complement Apple's iOS 18 satellite features, so customers using different devices will also have the ability to text anywhere. As partner for this service, Verizon has picked Skylo, a company that styles itself as a pioneer in Non-Terrestrial Network (NTN) communications for smartphones and other devices.

Power

Publicly Available EV Charger Network Doubles Under Biden-Harris Administration (electrek.co) 247

An anonymous reader quotes a report from Electrek: Over 192,000 publicly available charging ports are now online, and approximately 1,000 new chargers are being added each week. To build on this momentum, the federal government has awarded $521 million in grants to further expand the national network, with new chargers being deployed across 29 states, two Federally Recognized Tribes, and the District of Columbia.

The $521 million investment is divided into two key areas: 41 community projects ($321 million) and 10 corridor fast-charging projects ($200 million). The grant awards also support President Biden's Justice40 Initiative, which aims for 40% of the overall benefits of federal investments to flow to disadvantaged communities, with over half of the funding going to sites in disadvantaged communities.
US Transportation Secretary Pete Buttigieg emphasized the importance of this initiative, stating, "The Biden-Harris Administration has been clear about America leading the EV revolution, and thanks to the historic [Bipartisan Infrastructure Law] package, we're building a nationwide EV charger network to make sure all drivers have an accessible, reliable, and convenient way to charge their vehicles."
China

Chinese Hackers Breach US Internet Firms via Startup, Lumen Says (msn.com) 16

The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers. From a report: Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen's unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with "moderate confidence" that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.

Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.

AI

Hobbyists Discover How To Insert Custom Fonts Into AI-Generated Images (arstechnica.com) 33

An anonymous reader quotes a report from Ars Technica: Last week, a hobbyist experimenting with the new Flux AI image synthesis model discovered that it's unexpectedly good at rendering custom-trained reproductions of typefaces. While far more efficient methods of displaying computer fonts have existed for decades, the new technique is useful for AI image hobbyists because Flux is capable of rendering depictions of accurate text, and users can now directly insert words rendered in custom fonts into AI image generations. [...] Since Flux is an open model available for download and fine-turning, this past month has been the first time training a typeface LoRA might make sense. That's exactly what an AI enthusiast named Vadim Fedenko (who did not respond to a request for an interview by press time) discovered recently. "I'm really impressed by how this turned out," Fedenko wrote in a Reddit post. "Flux picks up how letters look in a particular style/font, making it possible to train Loras with specific Fonts, Typefaces, etc. Going to train more of those soon."

For his first experiment, Fedenko chose a bubbly "Y2K" style font reminiscent of those popular in the late 1990s and early 2000s, publishing the resulting model on the Civitai platform on August 20. Two days later, a Civitai user named "AggravatingScree7189" posted a second typeface LoRA that reproduces a font similar to one found in the Cyberpunk 2077 video game. "Text was so bad before it never occurred to me that you could do this," wrote a Reddit user named eggs-benedryl when reacting to Fedenko's post on the Y2K font. Another Redditor wrote, "I didn't know the Y2K journal was fake until I zoomed it." It's true that using a deeply trained image synthesis neural network to render a plain old font on a simple background is probably overkill. You probably wouldn't want to use this method to replace Adobe Illustrator while designing a document. "This looks good but it's kinda funny how we're reinventing the idea of fonts as 300MB LoRAs," wrote one Reddit commenter on a thread about the Cyberpunk 2077 font.

Social Networks

Far-Right 'Terrorgram' Chatrooms Are Fueling a Wave of Power Grid Attacks (bloomberg.com) 396

An anonymous reader quotes a report from Bloomberg: People in a quiet neighborhood in Carthage, a town in Moore County, North Carolina, heard a series of six loud pops a few minutes before 8:00 p.m. on Dec. 3, 2022. A resident named Michael Campbell said he ducked at the sound. Another witness told police they thought they were hearing fireworks. The noise turned out to be someone shooting a rifle at a power substation next door to Campbell's home. The substation, operated by the utility Duke Energy Corp., consists of equipment that converts electricity into different voltages as it's transported to the area and then steered into individual houses. The shots hit the radiator of an electrical transformer, a sensitive piece of technology whose importance would likely be understood only by utility company employees. It began dumping a "vast amount" of oil, according to police reports. A subsequent investigation has pointed to a local right-wing group, one of a wave of attacks or planned attacks on power infrastructure.

By 8:10 the lights in Carthage went out. Minutes later, a security alarm went off at a Duke Energy substation 10 miles away, this one protected from view by large pine trees. When company personnel responded, they found that someone had shot its transformer radiator, too. Police found shell casings on the ground at the site and noticed someone had slashed the tires on nearby service trucks. The substations were designed to support each other, with one capable of maintaining service if the other went down. Knocking out both facilities prevented the company from rerouting power. Police described the two incidents as a coordinated attack. About 45,000 families and businesses remained dark for four days. This was a burden for area grocery stores and local emergency services. One woman, 87-year-old Karin Zoanelli, died in the hours after the shooting when the blackout caused her oxygen machine to stop operating. The North Carolina Medical Examiner's office classified the death as a homicide.

The attack on Duke's facilities in Moore County remains unsolved, but law enforcement officials and other experts suspect it's part of a rising trend of far-right extremists targeting power infrastructure in an attempt to sow chaos. The most ambitious of these saboteurs hope to usher in societal collapse, paving the way for the violent overthrow of the US government, according to researchers who monitor far-right communities. Damaging the power grid has long been a fixation of right-wing extremists, who have plotted such attacks for many years. They've been getting a boost recently from online venues such as "Terrorgram," a loose network of channels on the social media platform Telegram where users across the globe advocate violent white supremacism. In part, people use Terrorgram to egg one another on -- a viral meme shows a stick figure throwing a Molotov cocktail at electrical equipment. People on the forum have also seized on recent anti-immigration riots in the UK, inciting people there to clash with police. In June 2022, months before the Moore County shootings, users on the forum began offering more practical support in the form of a 261-page document titled "Hard Reset," which includes specific directions on how to use automatic weapons, explosives and mylar balloons to disrupt electricity. One of the document's suggestions is to shoot high-powered firearms at substation transformers.

Crime

ARRL Pays $1 Million Ransom To Decrypt Their Systems After Attack (bleepingcomputer.com) 95

The nonprofit American Radio Relay League — founded in 1914 — has approximately 161,000 members, according to Wikipedia (with over 7,000 members outside the U.S.)

But sometime in early May its systems network was compromised, "by threat actors using information they had purchased on the dark web," the nonprofit announced this week. The attackers accessed the ARRL's on-site systems — as well as most of its cloud-based systems — using "a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers." Despite the wide variety of target configurations, the threat actors seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system... The FBI categorized the attack as "unique" as they had not seen this level of sophistication among the many other attacks, they have experience with.

Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President... [R]ansom demands were dramatically weakened by the fact that they did not have access to any compromising data. It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment. After days of tense negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That payment, along with the cost of restoration, has been largely covered by our insurance policy...

Today, most systems have been restored or are waiting for interfaces to come back online to interconnect them. While we have been in restoration mode, we have also been working to simplify the infrastructure to the extent possible. We anticipate that it may take another month or two to complete restoration under the new infrastructure guidelines and new standards.

ARRL's called the attack "extensive", "sophisticated", "highly coordinated" and "an act of organized crime". And tlhIngan (Slashdot reader #30335) shared this detail from BleepingComputer.

"While the organization has not yet linked the attack to a specific ransomware operation, sources told BleepingComputer that the Embargo ransomware gang was behind the breach."
The Internet

Quantum Internet Prototype Runs For 15 Days Under New York City (phys.org) 27

Under the streets of New York City, they're testing a "quantum network," reports Phys.org — where engineers from a Brooklyn company named Qunnect Inc are taking steps to "overcome the fragility of entangled states in a fiber cable and ensure the efficiency of signal delivery." For their prototype network, the Qunnect researchers used a leased 34-kilometer-long fiber circuit they called the GothamQ loop. Using polarization-entangled photons, they operated the loop for 15 continuous days, achieving an uptime of 99.84% and a compensation fidelity of 99% for entangled photon pairs transmitted at a rate of about 20,000 per second. At a half-million entangled photon pairs per second, the fidelity was still nearly 90%...

They sent 1,324 nm polarization-entangled photon pairs in quantum superpositions through the fiber, one state with both polarizations horizontal and the other with both vertical — a two-qubit configuration more generally known as a Bell state. In such a superposition, the quantum mechanical photon pairs are in both states at the same time.

"While others have transmitted entangled photons before, there has been too much noise and polarization drift in the fiber environment for entanglement to survive," the article points out, "particularly in a long-term stable network." So the Qunnect team built "automated polarization compensation" devices to correct the polarization of the entangled pairs: In their design, an infrared photon [with a wavelength of 1,324 nanometers] is entangled with a near-infrared photon of 795 nanometers. The latter photon is compatible in wavelength and bandwidth with the rubidium atomic systems, such as are used in quantum memories and quantum processors. It was found that polarization drift was both wavelength- and time-dependent, requiring Qunnect to design and build equipment for active compensation at the same wavelengths...

Qunnect's GothamQ loop demonstration was especially noteworthy for its duration, the hands-off nature of the operation time, and its uptime percentage. It showed, they wrote, "progress toward a fully automated practical entanglement network" that would be required for a quantum internet.

And Qunnect's co-founder/chief science officer says "since we finished this work, we have already made all the parts rack-mounted, so they can be used everywhere..."

Their network design and results are published in PRX Quantum.
The Courts

US Sues Georgia Tech Over Alleged Cybersecurity Failings As a Pentagon Contractor (theregister.com) 37

The Register's Connor Jones reports: The U.S. is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged (PDF) failures to protect controlled unclassified information (CUI). The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.

Among the allegations is the suggestion that between May 2019 and February 2020, Georgia Tech's Astrolavos Lab -- ironically a group that focuses on cybersecurity issues affecting national security -- failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171). When the plan was implemented in February 2020, the lawsuit alleges that it wasn't properly scoped -- not all the necessary endpoints were included -- and that for years afterward, Georgia Tech failed to maintain that plan in line with regulations. Additionally, the Astrolavos Lab was accused of failing to implement anti-malware solutions across devices and the lab's network. The lawsuit alleges that the university approved the lab's refusal to deploy the anti-malware software "to satisfy the demands of the professor that headed the lab," the DoJ said. This is claimed to have occurred between May 2019 and December 2021. Refusing to install anti-malware solutions at a contractor like this is not allowed. In fact, it violates federal requirements and Georgia Tech's own policies, but allegedly happened anyway.

The university and the GTRC also, it is claimed, submitted a false cybersecurity assessment score in December 2020 -- a requirement for all DoD contractors to demonstrate they're meeting compliance standards. The two organizations are accused of issuing themselves a score of 98, which was later deemed to be fraudulent based on various factors. To summarize, the issue centers around the claim that the assessment was carried out on a "fictitious" environment, so on that basis the score wasn't given to a system related to the DoD contract, the US alleges. The claims are being made under the False Claims Act (FCA), which is being utilized by the Civil Cyber-Fraud Initiative (CCFI), which was introduced in 2021 to punish entities that knowingly risk the safety of United States IT systems. It's a first-of-its-kind case being pursued as part of the CCFI. All previous cases brought under the CCFI were settled before they reached the litigation stage.

Microsoft

Microsoft Says It's Getting Rid of Control Panel in Windows 197

Microsoft plans to phase out Windows Control Panel, a feature dating back to the 1980s, in favor of the modern Settings app, according to a recent support page. The tech giant has been gradually shifting functions to Settings since 2015, aiming for a more streamlined user experience. However, no specific timeline for Control Panel's complete removal has been announced. Microsoft writes in the support page: The Control Panel is a feature that's been part of Windows for a long time. It provides a centralized location to view and manipulate system settings and controls. Through a series of applets, you can adjust various options ranging from system time and date to hardware settings, network configurations, and more. The Control Panel is in the process of being deprecated in favor of the Settings app, which offers a more modern and streamlined experience.
Transportation

Cruise Partners With Uber To Offer Driverless Rides (cnbc.com) 14

Uber and General Motors' Cruise have partnered to offer driverless rides to Uber users as early as soon as next year. CNBC reports: Both Cruise CEO Marc Whitten and Uber CEO Dara Khosrowshahi hailed the partnership in a press release, stressing that the companies believe autonomous vehicles can be deployed safely. "Cruise is on a mission to leverage driverless technology to create safer streets and redefine urban life," Whitten said in the release. "We are excited to partner with Uber to bring the benefits of safe, reliable, autonomous driving to even more people, unlocking a new era of urban mobility." Khosrowshahi said in the release that Uber is "thrilled to partner with Cruise and look forward to launching next year."

On Uber's most recent earnings call, analysts asked the company how the emergence of robotaxis would likely impact the ridehailing giant's business long-term. Khosrowshahi said on the call that "AV players" experience much higher utilization with Uber than they do "without a network on a first-party basis." He also predicted there will be a "pretty long hybrid period as autonomous is developing and regulators are trying to figure out exactly how to regulate it." He added, "We don't think this will be a winner-take-all market."

Slashdot Top Deals