Slashdot: IT
https://it.slashdot.org/
News for nerds, stuff that mattersen-usCopyright 1997-2016, SlashdotMedia. All Rights Reserved.2024-03-19T07:47:23+00:00Dicehelp@slashdot.orgTechnology1970-01-01T00:00+00:001hourlySlashdot: IThttps://a.fsdn.com/sd/topics/topicslashdot.gif
https://it.slashdot.org/
Commercial Bank of Ethiopia Glitch Lets Customers Withdraw Millions
https://it.slashdot.org/story/24/03/19/0626215/commercial-bank-of-ethiopia-glitch-lets-customers-withdraw-millions?utm_source=rss1.0mainlinkanon&utm_medium=feed
Ethiopia's biggest commercial bank is scrambling to recoup large sums of money withdrawn by customers after a "systems glitch." From a report: The customers discovered early on Saturday that they could take out more cash than they had in their accounts at the Commercial Bank of Ethiopia (CBE). More than $40m was withdrawn or transferred to other banks, local media reported.
It took several hours for the institution to freeze transactions. Much of the money was withdrawn from state-owned CBE by students, bank president Abe Sano told journalists on Monday. News of the glitch spread across universities largely via messaging apps and phone calls. Long lines formed at campus ATMs, with a student in western Ethiopia telling BBC Amharic people were withdrawing money until police officers arrived on campus to stop them.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Commercial+Bank+of+Ethiopia+Glitch+Lets+Customers+Withdraw+Millions%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F19%2F0626215%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F19%2F0626215%2Fcommercial-bank-of-ethiopia-glitch-lets-customers-withdraw-millions%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/19/0626215/commercial-bank-of-ethiopia-glitch-lets-customers-withdraw-millions?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-19T06:26:00+00:00itoh-noit88,8,6,6,2,0,0Investment Advisors Pay the Price For Selling What Looked a Lot Like AI Fairy Tales
https://tech.slashdot.org/story/24/03/18/1743247/investment-advisors-pay-the-price-for-selling-what-looked-a-lot-like-ai-fairy-tales?utm_source=rss1.0mainlinkanon&utm_medium=feed
Two investment advisors have reached settlements with the US Securities and Exchange Commission for allegedly exaggerating their use of AI, which in both cases were purported to be cornerstones of their offerings. From a report: Canada-based Delphia and San Francisco-headquartered Global Predictions will cough up $225,000 and $175,000 respectively for telling clients that their products used AI to improve forecasts. The financial watchdog said both were engaging in "AI washing," a term used to describe the embellishment of machine-learning capabilities.
"We've seen time and again that when new technologies come along, they can create buzz from investors as well as false claims by those purporting to use those new technologies," said SEC chairman Gary Gensler. "Delphia and Global Predictions marketed to their clients and prospective clients that they were using AI in certain ways when, in fact, they were not." Delphia claimed its system utilized AI and machine learning to incorporate client data, a statement the SEC said it found to be false.
"Delphia represented that it used artificial intelligence and machine learning to analyze its retail clients' spending and social media data to inform its investment advice when, in fact, no such data was being used in its investment process," the SEC said in a settlement order. Despite being warned about suspected misleading practices in 2021 and agreeing to amend them, Delphia only partially complied, according to the SEC. The company continued to market itself as using client data as AI inputs but never did anything of the sort, the regulator said.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Investment+Advisors+Pay+the+Price+For+Selling+What+Looked+a+Lot+Like+AI+Fairy+Tales%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F03%2F18%2F1743247%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F03%2F18%2F1743247%2Finvestment-advisors-pay-the-price-for-selling-what-looked-a-lot-like-ai-fairy-tales%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://tech.slashdot.org/story/24/03/18/1743247/investment-advisors-pay-the-price-for-selling-what-looked-a-lot-like-ai-fairy-tales?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-18T19:21:00+00:00aiholding-accountabletechnology1313,13,12,12,4,1,0Apex Legends Streamers Warned To 'Perform a Clean OS Reinstall as Soon as Possible' After Hacks During NA Finals Match
https://tech.slashdot.org/story/24/03/18/1734223/apex-legends-streamers-warned-to-perform-a-clean-os-reinstall-as-soon-as-possible-after-hacks-during-na-finals-match?utm_source=rss1.0mainlinkanon&utm_medium=feed
An anonymous reader shares a report: The Apex Legends Global Series is currently in regional finals mode, but the North America finals have been delayed after two players were hacked mid-match. First, Noyan "Genburten" Ozkose of DarkZero suddenly found himself able to see other players through walls, then Phillip "ImperialHal" Dosen of TSM was given an aimbot. Genburten's hack happened part of the way through the day's third match. A Twitch clip of the moment shows the words "Apex hacking global series by Destroyer2009 & R4ndom" repeating over chat as he realizes he's been given a cheat and takes his hands off the controls. "I can see everyone!" he says, before leaving the match.
ImperialHal was hacked in the game immediately after that. "I have aimbot right now!" he shouts in a clip of the moment, before declaring "I can't shoot." Though he continued attempting to play out the round, the match was later abandoned. The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, "There is currently an RCE exploit being abused in [Apex Legends]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles", they went on to say.
As for players of the tournament, they strongly recommended taking protective measures. "It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet", they said, "perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage." The rest of the series has now been postponed, "Due to the competitive integrity of this series being compromised," as the official Twitter account announced. They finished by saying, "We will share more information soon."<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Apex+Legends+Streamers+Warned+To+'Perform+a+Clean+OS+Reinstall+as+Soon+as+Possible'+After+Hacks+During+NA+Finals+Match%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F03%2F18%2F1734223%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F03%2F18%2F1734223%2Fapex-legends-streamers-warned-to-perform-a-clean-os-reinstall-as-soon-as-possible-after-hacks-during-na-finals-match%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://tech.slashdot.org/story/24/03/18/1734223/apex-legends-streamers-warned-to-perform-a-clean-os-reinstall-as-soon-as-possible-after-hacks-during-na-finals-match?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-18T18:40:00+00:00itsecurity-woestechnology4848,48,47,45,8,4,4Fujitsu Says It Was Hacked, Warns of Data Breach
https://it.slashdot.org/story/24/03/18/1642246/fujitsu-says-it-was-hacked-warns-of-data-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed
Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. From a report: "We confirmed the presence of malware on multiple work computers at our company, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be illegally taken out," said Fujitsu in its statement on its website, translated from Japanese.
Fujitsu said it disconnected the affected systems from its network, and is investigating how its network was compromised by malware and "whether information has been leaked." The tech conglomerate did not specify what kind of malware was used, or the nature of the cyberattack. Fujitsu also did not say what kind of personal information may have been stolen, or who the personal information pertains to -- such as its employees, corporate customers, or citizens whose governments use the company's technologies.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Fujitsu+Says+It+Was+Hacked%2C+Warns+of+Data+Breach%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F18%2F1642246%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F18%2F1642246%2Ffujitsu-says-it-was-hacked-warns-of-data-breach%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/18/1642246/fujitsu-says-it-was-hacked-warns-of-data-breach?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-18T17:20:00+00:00securitysecurity-woesit88,7,7,3,3,0,0 Microsoft Office 2024 Will Be Available Without Subscription
https://it.slashdot.org/story/24/03/18/1355259/microsoft-office-2024-will-be-available-without-subscription?utm_source=rss1.0mainlinkanon&utm_medium=feed
SofiaWW writes: Microsoft has announced that the next subscription-free version of its Office suite will launch later this year. A commercial preview of Office LTSC 2024 will be available from next month, with a full launch scheduled for later in the year.
The Office Long-Term Servicing Channel is supported for five years, and it holds great appeal for the many businesses that are not keen on the idea of software subscriptions. There will also be a consumer-focused version of the suite, Office 2024, available via a traditional 'one-time purchase' model. Further reading: Microsoft Really Doesn't Want You To Buy Office 2019 (From 2019).<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=+Microsoft+Office+2024+Will+Be+Available+Without+Subscription%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F18%2F1355259%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F18%2F1355259%2Fmicrosoft-office-2024-will-be-available-without-subscription%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/18/1355259/microsoft-office-2024-will-be-available-without-subscription?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-18T14:00:00+00:00microsoftup-nextit3131,31,27,24,12,8,432-Hour Workweek for America Proposed by Senator Bernie Sanders
https://it.slashdot.org/story/24/03/17/0421228/32-hour-workweek-for-america-proposed-by-senator-bernie-sanders?utm_source=rss1.0mainlinkanon&utm_medium=feed
The Guardian reports that this week "Bernie Sanders, the independent senator from Vermont who twice ran for the Democratic presidential nomination, introduced a bill to establish a four-day US working week."
"Moving to a 32-hour workweek with no loss of pay is not a radical idea," Sanders said on Thursday. "Today, American workers are over 400% more productive than they were in the 1940s. And yet millions of Americans are working longer hours for lower wages than they were decades ago. "That has got to change. The financial gains from the major advancements in artificial intelligence, automation and new technology must benefit the working class, not just corporate chief executives and wealthy stockholders on Wall Street.
"It is time to reduce the stress level in our country and allow Americans to enjoy a better quality of life. It is time for a 32-hour workweek with no loss in pay."
The proposed bill "has received the endorsement of the American Federation of Labor and Congress of Industrial Organizations, United Auto Workers, the Service Employees International Union, the Association of Flight Attendants" — as well as several other labor unions, reports USA Today:
More than half of adults employed full time reported working more than 40 hours per week, according to a 2019 Gallup poll... More than 70 British companies started to test a four-day workweek last year, and most respondents reported there has been no loss in productivity.
A statement from Senator Sanders:
Bill Gates, the founder of Microsoft, and Jamie Dimon, the CEO of JP Morgan Chase, predicted last year that advancements in technology would lead to a three or three-and-a-half-day workweek in the coming years. Despite these predictions, Americans now work more hours than the people of most other wealthy nations, but are earning less per week than they did 50 years ago, after adjusting for inflation.
"Sanders also pointed to other countries that have reduced their workweeks, such as France, Norway and Denmark," adds NBC News.
USA Today notes that "While Sanders' role as chair of the Senate Health, Education, Labor, and Pensions Committee places a greater focus on shortening the workweek, it is unlikely the bill will garner enough support from Republicans to become federal law and pass in both chambers."
And political analysts who spoke to ABC News "cast doubt on the measure's chances of passage in a divided Congress where opposition from Republicans is all but certain," reports ABC News, "and even the extent of support among Democrats remains unclear."<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=32-Hour+Workweek+for+America+Proposed+by+Senator+Bernie+Sanders%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F17%2F0421228%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F17%2F0421228%2F32-hour-workweek-for-america-proposed-by-senator-bernie-sanders%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/17/0421228/32-hour-workweek-for-america-proposed-by-senator-bernie-sanders?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>EditorDavid2024-03-18T07:34:00+00:00businessthank-god-it's-Thursdayit347347,339,287,258,44,22,14Dell Workers Can Stay Remote - But They're Not Going to Get Promoted
https://it.slashdot.org/story/24/03/17/2015213/dell-workers-can-stay-remote---but-theyre-not-going-to-get-promoted?utm_source=rss1.0mainlinkanon&utm_medium=feed
"Dell's strict new RTO mandate excludes fully remote workers from promotion," reports Business Insider.
The site calls it "one of the most abrupt changes to remote work policies," noting that Dell "has had a hybrid working culture in place for more than a decade — long before the pandemic struck."
"Dell cared about the work, not the location," a senior employee at Dell who's worked remotely for more than a decade, told Business Insider last month. "I would say 10% to 15% of every team was remote." That flexibility has enabled staff to sustain their careers in the face of major life changes, several employees told BI. It has also helped Dell to be placed on the "Best Place to Work for Disability Equality Index" since 2018. But in February Dell introduced a strict return-to-office mandate, with punitive measures for those who want to stay at home.
Under the new policy, staff were told that from May almost all will be classified as either "hybrid," or "remote." Hybrid workers will be required to come into an "approved" office at least 39 days a quarter — the equivalent of about three days a week, internal documents seen by BI show. If they want to keep working from home, staff can opt to go fully remote. But that option has a downside: fully remote workers will not be considered for promotion, or be able to change roles.
Workers have said Dell's approach might be intended to lower headcount without having to pay severance by inducing some employees to quit. But reached by Business Insider for a comment, Dell defended their approach as instead "critical to drive innovation and value differentiation."
But Professor Cary Cooper, an organizational psychologist and cofounder of the National Forum for Health and Wellbeing at work, tells the site Dell could be following a "pack mentality" among tech companies — or reacting to a sluggish world economy. "Senior execs somehow think that people in the office are more productive than at home, even though there's no evidence to back that up."
Business Insider added that Dell's approach "differs from founder and CEO Michael Dell's previous support for remote workers," who famously said "If you are counting on forced hours spent in a traditional office to create collaboration and provide a feeling of belonging within your organization, you're doing it wrong."<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Dell+Workers+Can+Stay+Remote+-+But+They're+Not+Going+to+Get+Promoted%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F17%2F2015213%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F17%2F2015213%2Fdell-workers-can-stay-remote---but-theyre-not-going-to-get-promoted%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/17/2015213/dell-workers-can-stay-remote---but-theyre-not-going-to-get-promoted?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>EditorDavid2024-03-17T20:54:00+00:00itremote-chancesit8686,84,74,71,16,6,4McDonald's IT Systems Outage Shuts Some Restaurants Globally
https://it.slashdot.org/story/24/03/15/2033201/mcdonalds-it-systems-outage-shuts-some-restaurants-globally?utm_source=rss1.0mainlinkanon&utm_medium=feed
An anonymous reader quotes a report from BleepingComputer: McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. The outages started overnight and are impacting restaurants globally, including those in the USA, Japan, Australia, Canada, the Netherlands, Italy, New Zealand, and the UK. "We are aware of a technology outage, which impacted our restaurants; the issue is now being resolved," McDonald's said in a statement to BleepingComputer. "We thank customers for their patience and apologize for any inconvenience this may have caused. Notably, the issue is not related to a cybersecurity event." In an updated statement, McDonald's says that the outage was caused by a third-party provider during a configuration change. "Many markets are back online, and the rest are in the process of coming back online. This issue was not directly caused by a cybersecurity event; rather, it was caused by a third-party provider during a configuration change."<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=McDonald's+IT+Systems+Outage+Shuts+Some+Restaurants+Globally%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F15%2F2033201%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F15%2F2033201%2Fmcdonalds-it-systems-outage-shuts-some-restaurants-globally%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/15/2033201/mcdonalds-it-systems-outage-shuts-some-restaurants-globally?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>BeauHD2024-03-16T00:10:00+00:00itworld-we-live-init3232,30,28,24,8,3,1Microsoft is Once Again Asking Chrome Users To Try Bing Through Unblockable Pop-ups
https://it.slashdot.org/story/24/03/15/1934250/microsoft-is-once-again-asking-chrome-users-to-try-bing-through-unblockable-pop-ups?utm_source=rss1.0mainlinkanon&utm_medium=feed
Microsoft has been pushing Bing pop-up ads in Chrome on Windows 10 and 11. The new ad once again encourages Chrome users (in bold lettering) to use Bing instead of Google search. From a report: "Chat with GPT-4 for free on Chrome! Get hundreds of daily chat turns with Bing Al," the ad reads. If you click "Yes," the pop-up will install the "Bing Search" Chrome extension while making Microsoft's search engine the default.
If you click "Yes" on the ad to switch to Bing, a Chrome pop-up will appear, asking you to confirm that you want to change the browser's default search engine. "Did you mean to change your search provider?" the pop-up asks. "The âMicrosoft Bing Search for Chrome' extension changed search to use bing.com,'" Chrome's warning states. Directly beneath that alert, seemingly in anticipation of Chrome's pop-up, another Windows notification warns, "Wait -- don't change it back! If you do, you'll turn off Microsoft Bing Search for Chrome and lose access to Bing Al with GPT-4 and DALL-E 3. Select Keep it to stay with Microsoft Bing."<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Microsoft+is+Once+Again+Asking+Chrome+Users+To+Try+Bing+Through+Unblockable+Pop-ups%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F15%2F1934250%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F15%2F1934250%2Fmicrosoft-is-once-again-asking-chrome-users-to-try-bing-through-unblockable-pop-ups%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/15/1934250/microsoft-is-once-again-asking-chrome-users-to-try-bing-through-unblockable-pop-ups?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-15T19:35:00+00:00microsoftsomethings-never-changeit142142,139,122,114,25,15,11Massively Popular Safe Locks Have Secret Backdoor Codes
https://it.slashdot.org/story/24/03/14/1820202/massively-popular-safe-locks-have-secret-backdoor-codes?utm_source=rss1.0mainlinkanon&utm_medium=feed
Two of the biggest manufacturers of locks used in commercial safes have been accused of essentially putting backdoors in at least some of their products in a new letter by Senator Ron Wyden. 404 Media: Wyden is urging the U.S. government to explicitly warn the public about the vulnerabilities, which Wyden says could be exploited by foreign adversaries to steal what U.S. businesses store in safes, such as trade secrets. The little known "manufacturer" or "manager" reset codes could let third parties -- such as spies or criminals -- bypass locks without the owner's consent and are sometimes not disclosed to customers. Wyden's office also found that while the U.S. Department of Defense (DoD) bans such locks for sensitive and classified U.S. government use in part due to the security vulnerability reset codes pose, the government has deliberately not warned the public about the existence of these backdoors.
The specific companies named in Wyden's letter are China-based SECURAM and U.S.-based Sargent and Greenleaf (S&G). Each produces keypad locks which are then implemented into safes by other manufacturers. The full list of locks that contain backdoor codes is unknown, but documentation available online points to multiple SECURAM products which do include them, and S&G confirmed to Wyden's office that some of its own locks also have similar codes.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Massively+Popular+Safe+Locks+Have+Secret+Backdoor+Codes%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F14%2F1820202%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F14%2F1820202%2Fmassively-popular-safe-locks-have-secret-backdoor-codes%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/14/1820202/massively-popular-safe-locks-have-secret-backdoor-codes?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-14T20:40:00+00:00securitysecurity-woesit6262,61,57,50,21,14,8Record Breach of French Government Exposes Up To 43 Million People's Data
https://it.slashdot.org/story/24/03/14/187223/record-breach-of-french-government-exposes-up-to-43-million-peoples-data?utm_source=rss1.0mainlinkanon&utm_medium=feed
France Travail, the government agency responsible for assisting the unemployed, has fallen victim to a massive data breach exposing the personal information of up to 43 million French citizens dating back two decades, the department announced on Wednesday. The incident, which has been reported to the country's data protection watchdog (CNIL), is the latest in a series of high-profile cyber attacks targeting French government institutions and underscores the growing threat to citizens' private data. From a report: The department's statement reveals that names, dates of birth, social security numbers, France Travail identifiers, email addresses, postal addresses, and phone numbers were exposed. Passwords and banking details aren't affected, at least. That said, CNIL warned that the data stolen during this incident could be linked to stolen data in other breaches and used to build larger banks of information on any given individual. It's not clear whether the database's entire contents were stolen by attackers, but the announcement suggests that at least some of the data was extracted.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Record+Breach+of+French+Government+Exposes+Up+To+43+Million+People's+Data%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F14%2F187223%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F14%2F187223%2Frecord-breach-of-french-government-exposes-up-to-43-million-peoples-data%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/14/187223/record-breach-of-french-government-exposes-up-to-43-million-peoples-data?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-14T19:20:00+00:00securityprivacy-woesit1111,11,10,10,0,0,0Google's Safe Browsing Protection in Chrome Goes Real-Time
https://tech.slashdot.org/story/24/03/14/1624218/googles-safe-browsing-protection-in-chrome-goes-real-time?utm_source=rss1.0mainlinkanon&utm_medium=feed
Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list -- all without sharing your browsing habits with Google. From a report: Previously, Chrome downloaded a list of known sites that harbor malware, unwanted software and phishing scams once or twice per hour. Now, Chrome will move to a system that will send the URLs you are visiting to its servers and check against a rapidly updated list there. The advantage of this is that it doesn't take up to an hour to get an updated list because, as Google notes, the average malicious site doesn't exist for more than 10 minutes.
The company claims that this new server-side system can catch up to 25 percent more phishing attacks than using local lists. These local lists have also grown in size, putting more of a strain on low-end machines and low-bandwidth connections. Google is rolling out this new system to desktop and iOS users now, with Android support coming later this month.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Google's+Safe+Browsing+Protection+in+Chrome+Goes+Real-Time%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F03%2F14%2F1624218%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F03%2F14%2F1624218%2Fgoogles-safe-browsing-protection-in-chrome-goes-real-time%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://tech.slashdot.org/story/24/03/14/1624218/googles-safe-browsing-protection-in-chrome-goes-real-time?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>msmash2024-03-14T16:45:00+00:00googlemoving-forwardtechnology4949,49,45,42,15,6,1Modern Workplace Tech Linked To Lower Employee Well-Being, Study Finds
https://it.slashdot.org/story/24/03/13/2246235/modern-workplace-tech-linked-to-lower-employee-well-being-study-finds?utm_source=rss1.0mainlinkanon&utm_medium=feed
According to a new study from the Institute for the Future of Work, contemporary technology often has a negative impact on workers' quality of life. The think tank surveyed over 6,000 people to learn how four categories of workplace technologies affected their wellbeing. TechSpot reports the findings: The study found that increased exposure to three of the categories tended to worsen workers' mental state and health. The three areas that negatively impact people most are wearable and remote sensing technologies, which covers CCTV cameras and wearable trackers; robotics, consisting of automated machines, self-driving vehicles, and other equipment; and, unsurprisingly, technologies relating to AI and ML, which includes everything from decision management to biometrics. Only one of the categories was found to be beneficial to employees, and it's one that has been around for decades: ICT tech such as laptops, tablets, phones, and real-time messaging tools.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Modern+Workplace+Tech+Linked+To+Lower+Employee+Well-Being%2C+Study+Finds%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F13%2F2246235%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F13%2F2246235%2Fmodern-workplace-tech-linked-to-lower-employee-well-being-study-finds%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/13/2246235/modern-workplace-tech-linked-to-lower-employee-well-being-study-finds?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>BeauHD2024-03-14T00:02:00+00:00itwould-you-look-at-thatit3636,33,31,30,6,4,2Stanford University Failed To Detect Ransomware Intruders For 4 Months
https://yro.slashdot.org/story/24/03/13/2053224/stanford-university-failed-to-detect-ransomware-intruders-for-4-months?utm_source=rss1.0mainlinkanon&utm_medium=feed
Connor Jones reports via The Register: Stanford University says the cybersecurity incident it dealt with last year was indeed ransomware, which it failed to spot for more than four months. Keen readers of El Reg may remember the story breaking toward the end of October 2023 after Akira posted Stanford to its shame site, with the university subsequently issuing a statement simply explaining that it was investigating an incident, avoiding the dreaded R word. Well, surprise, surprise, ransomware was involved, according to a data breach notice sent out to the 27,000 people affected by the attack.
Akira targeted the university's Department of Public Safety (DPS) and this week's filing with the Office of the Maine Attorney General indicates that Stanford became aware of the incident on September 27, more than four months after the initial breach took place. According to Monday's filing, the data breach occurred on May 12 2023 but was only discovered on September 27 of last year, raising questions about whether the attacker(s) was inside the network the entire time and why it took so long to spot the intrusion.
It's not fully clear what information was compromised, but the draft letters include placeholders for three different variables. However, the filing with Maine's AG suggests names and social security numbers are among the data types to have been stolen. All affected individuals have been offered 24 months of free credit monitoring, including access to a $1 million insurance reimbursement policy and ID theft recovery services. Akira's post dedicated to Stanford on its leak site claims it stole 430 GB worth of data, including personal information and confidential documents. It's all available to download via a torrent file and the fact it remains available for download suggests the research university didn't pay whatever ransom the attackers demanded.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Stanford+University+Failed+To+Detect+Ransomware+Intruders+For+4+Months%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F03%2F13%2F2053224%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F03%2F13%2F2053224%2Fstanford-university-failed-to-detect-ransomware-intruders-for-4-months%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://yro.slashdot.org/story/24/03/13/2053224/stanford-university-failed-to-detect-ransomware-intruders-for-4-months?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>BeauHD2024-03-13T22:00:00+00:00privacyanother-day-another-breachyro2222,21,17,14,3,0,0Google Paid $10 Million In Bug Bounty Rewards Last Year
https://it.slashdot.org/story/24/03/12/2246256/google-paid-10-million-in-bug-bounty-rewards-last-year?utm_source=rss1.0mainlinkanon&utm_medium=feed
Bill Toulas reports via BleepingComputer: Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.
The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million. For Android, the world's most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables. Google's other big software project, the Chrome browser, was the subject of 359 security bug reports that paid out a total of $2.1 million.<p><div class="share_submission" style="position:relative;">
<a class="slashpop" href="http://twitter.com/home?status=Google+Paid+%2410+Million+In+Bug+Bounty+Rewards+Last+Year%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F12%2F2246256%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F03%2F12%2F2246256%2Fgoogle-paid-10-million-in-bug-bounty-rewards-last-year%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
</div></p><p><a href="https://it.slashdot.org/story/24/03/12/2246256/google-paid-10-million-in-bug-bounty-rewards-last-year?utm_source=rss1.0moreanon&utm_medium=feed">Read more of this story</a> at Slashdot.</p>BeauHD2024-03-13T02:02:00+00:00bugsignificant-rewardsit1717,16,15,14,4,3,1Search SlashdotSearch Slashdot storiesquery
https://it.slashdot.org/search.pl