Slashdot

The CVE and CWE programs are at risk of shutdown as MITRE's DHS contract expires on April 16, 2025, with no confirmed renewal. Without continued funding, the ability to standardize, track, and respond to software vulnerabilities could collapse, leaving the cybersecurity community scrambling in a fragmented and dangerously opaque environment. Forbes reports: "Failure to renew MITRE's contract for the CVE program, seemingly set to expire on April 16, 2025, risks significant disruption," said Jason Soroko, Senior Fellow at Sectigo. "A service break would likely degrade national vulnerability databases and advisories. This lapse could negatively affect tool vendors, incident response operations, and critical infrastructure broadly. MITRE emphasizes its continued commitment but warns of these potential impacts if the contracting pathway is not maintained." MITRE has indicated that historical CVE records will remain accessible via GitHub, but without continued funding, the operational side of the program -- including assignment of new CVEs -- will effectively go dark. That's not a minor inconvenience. It could upend how the global cybersecurity community identifies, communicates, and responds to new threats. [...] MITRE has said that discussions with the U.S. government are active and that it remains committed to the CVE mission. But with the expiration date looming, time is running short -- and the consequences of even a temporary gap are severe.

Read more of this story at Slashdot.

Limited Run Games is releasing physical editions of Doom and Doom II, including a $666 "Will it Run Edition" that features a literal game box capable of playing Doom. Engadget reports: It costs $666, which is a nod to the devilish source material, and is being kept to a limited run of 666 copies. It comes with the aforementioned screen-enabled game box that runs Doom, but that's just the beginning. The combo pack ships with the soundtrack on cassette, a certificate of authenticity and a trading card park with five cards. It comes with a couple of toys based on one of the franchise's most iconic enemies. There's a detailed three-inch Cacodemon that connects to a five-inch base, which looks pretty nifty. There's a smaller handheld Cacodemon that, you'll never guess, also runs Doom. This edition is available for Switch, PS5, Xbox Series X/S and PC. The PC version, however, ships with a download code and not physical copies of both games. Preorders start on April 18 and end on May 18, with a release sometime after that.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Fears that smartphones, tablets and other devices could drive dementia in later life have been challenged by research that found lower rates of cognitive decline in older people who used the technology. An analysis of published studies that looked at technology use and mental skills in more than 400,000 older adults found that over-50s who routinely used digital devices had lower rates of cognitive decline than those who used them less. It is unclear whether the technology staves off mental decline, or whether people with better cognitive skills simply use them more, but the scientists say the findings question the claim that screen time drives what has been called "digital dementia". "For the first generation that was exposed to digital tools, their use is associated with better cognitive functioning," said Dr Jared Benge, a clinical neuropsychologist in UT Health Austin's Comprehensive Memory Center. "This is a more hopeful message than one might expect given concerns about brain rot, brain drain, and digital dementia." Benge and his colleague Dr Michael Scullin, a cognitive neuroscientist at Baylor University in Texas, analysed 57 published studies that examined the use of digital technology in 411,430 adults around the world. The average age was 69 years old and all had a cognitive test or diagnosis. The scientists found no evidence for the digital dementia hypothesis, which suggests that a lifetime of using digital technology drives mental decline. Rather, they found that using a computer, smartphone, the internet or some combination of these was associated with a lower risk of cognitive impairment. The details have been published in Nature Human Behaviour. "Using digital devices in the way that we use televisions -- passive and sedentary, both physically and mentally -- is not likely to be beneficial," said Scullin. "But, our computers and smartphones also can be mentally stimulating, afford social connections, and provide compensation for cognitive abilities that are declining with ageing. These latter types of uses have long been regarded as beneficial for cognitive ageing."

Read more of this story at Slashdot.

American Airlines announced today that it will add free in-flight Wi-Fi starting in 2026. However, Axios notes you'll need to be an AAdvantage member (American's loyalty program) to access it. From the report: American is partnering with AT&T to introduce free WiFi in January. It will be available on about 90% of the airlines' fleet, which will be planes equipped with Viasat and Intelsat high-speed satellite connectivity, per a press release. More than 500 of the airlines regional planes are expected to have high-speed WiFi capabilities by the end of the year.

Read more of this story at Slashdot.

Google is rolling out Veo 2 video generation in the Gemini app for Advanced subscribers, allowing users to create eight-second, 720p cinematic-style videos from text prompts. 9to5Google reports: Announced at the end of last year, Veo 2 touts "fluid character movement, lifelike scenes, and finer visual details across diverse subjects and styles," as well as "cinematic realism," thanks to an understanding of real-world physics and human motion. In Gemini, Veo 2 can create eight-second video clips at 720p resolution. Specifically, you'll get an MP4 download in a 16:9 landscape format. There's also the ability to share via a g.co/gemini/share/ link. To enter your prompt, select Veo 2 from the model dropdown on the web and mobile apps. Just describe the scene you want to create: "The more detailed your description, the more control you have over the final video." It takes 1-2 minutes for the clip to generate. [...] On the safety front, each frame features a SynthID digital watermark. Only available to Gemini Advanced subscribers ($19.99 per month), there is a "monthly limit" on how many videos you can generate, with Google notifying users when they're close. It is rolling out globally -- in all languages supported by Gemini -- starting today and will be fully available in the coming weeks.

Read more of this story at Slashdot.

4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.

Read more of this story at Slashdot.

An anonymous reader quotes a report from SecurityWeek: Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver's license numbers were likely exposed due to a technical glitch. Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies. According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver's license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says. Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver's license numbers to be accessed without authorization. "We have no evidence to suggest that your driver's license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself," the company's notification letter reads. The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

Read more of this story at Slashdot.

Alamo Drafthouse will not implement Meta's new Movie Mate technology during the April 30 nationwide rerelease of Blumhouse's "M3GAN," Variety reports. The specialty theater chain confirmed it will maintain its strict no-phones policy despite Universal's promotion of the second-screen experience, with staff instructed to remove patrons attempting to access the feature during screenings. Movie Mate represents Meta's first integration of its interactive movie technology, which operates via Instagram direct messaging. Users message the film's official account to activate a chatbot delivering "sneak peeks, exclusive recorded messages from directors and talent" synchronized with the screening. The "M3GAN" event serves as Meta's technological debut ahead of potential wider theatrical implementation.

Read more of this story at Slashdot.

China's outing of alleged US National Security Agency hackers marks a major escalation in the ongoing tit-for-tat between Chinese and American intelligence agencies, according to analysts. From a report: Chinese authorities Tuesday said three NSA employees hacked the Asian Winter Games held this year in Harbin, accusing them of targeting systems that held vast amounts of personal information on people involved in the event. The hacks "severely endangered the security of China's critical information infrastructure, national defense, finance, society, production, as well as citizens' personal information," Chinese foreign ministry spokesman Lin Jian told reporters. While the US has repeatedly published names of alleged Chinese hackers and filed criminal charges against them, China has historically refrained from making similar accusations against American spies. Rafe Pilling, director of threat intelligence at the cyber firm Sophos' Secureworks unit, said the development may signal a broader policy change from Chinese security agencies, with allegations of US cyberattacks becoming more specific and timely. "This is an escalation in China's experimentation with 'name and shame' policies for the alleged perpetrators of cyberattacks, mirroring US pursuit of a similar policy for a number of years now," said Pilling.

Read more of this story at Slashdot.

A Canadian math prodigy is accused of stealing over $65 million through complex exploits on decentralized finance platforms and is currently a fugitive from U.S. authorities. Despite facing criminal charges for fraud and money laundering, he has evaded capture by moving internationally, embracing the controversial "Code is Law" philosophy, and maintaining that his actions were legal under the platforms' open-source rules. The Globe and Mail reports: Andean Medjedovic was 18 years old when he made a decision that would irrevocably alter the course of his life. In the fall of 2021, shortly after completing a master's degree at the University of Waterloo, the math prodigy and cryptocurrency trader from Hamilton had conducted a complex series of transactions designed to exploit a vulnerability in the code of a decentralized finance platform. The maneuver had allegedly allowed him to siphon approximately $16.5-million in digital tokens out of two liquidity pools operated by the platform, Indexed Finance, according to a U.S. court document. Indexed Finance's leaders traced the attack back to Mr. Medjedovic, and made him an offer: Return 90 per cent of the funds, keep the rest as a so-called "bug bounty" -- a reward for having identified an error in the code -- and all would be forgiven. Mr. Medjedovic would then be free to launch his career as a white hat, or ethical, hacker. Mr. Medjedovic didn't take the deal. His social media posts hinted, without overtly stating, that he believed that because he had operated within the confines of the code, he was entitled to the funds -- a controversial philosophy in the world of decentralized finance known as "Code is Law." But instead of testing that argument in court, Mr. Medjedovic went into hiding. By the time authorities arrived on a quiet residential street in Hamilton to search his parents' townhouse less than two months later, Mr. Medjedovic had moved out, taking his electronic devices with him. Then, roughly two years later, he struck again, netting an even larger sum -- approximately $48.4-million -- by conducting a similar exploit on another decentralized finance platform, U.S. authorities allege. Mr. Medjedovic, now 22, faces five criminal charges -- including wire fraud, attempted extortion and money laundering -- according to a U.S. federal court document that was unsealed earlier this year. If convicted, he could be facing decades in prison. First, authorities will have to find him.

Read more of this story at Slashdot.

Apple has officially designated all Intel-based Mac minis as "vintage" or "obsolete," marking the end of an era. This means Apple no longer guarantees parts or service for these devices, as they've surpassed the 5- to 7-year support window. 9to5Mac reports: Apple periodically adds devices to its ever-growing list of vintage and obsolete products. That happened today, as spotted by MacRumors, with two noteworthy "vintage" additions: iPhone 6s and Mac mini (2018). The latter product is especially significant, because the 2018 Mac mini was the last remaining Intel model that was not yet labeled either vintage or obsolete. So what are those timelines exactly? Per Apple's definitions: Vintage: "Apple stopped distributing them for sale more than 5 and less than 7 years ago." Obsolete: "Apple stopped distributing them for sale more than 7 years ago." [...] Since these products are now considered vintage, Apple no longer guarantees that parts for repairs will be readily available.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Figma has sent a cease-and-desist letter to popular no-code AI startup Lovable, Figma confirmed to TechCrunch. The letter tells Lovable to stop using the term "Dev Mode" for a new product feature. Figma, which also has a feature called Dev Mode, successfully trademarked that term last year, according to the U.S. Patent and Trademark office. What's wild is that "dev mode" is a common term used in many products that cater to software programmers. It's like an edit mode. Software products from giant companies like Apple's iOS, Google's Chrome, Microsoft's Xbox have features formally called "developer mode" that then get nicknamed "dev mode" in reference materials. Even "dev mode" itself is commonly used. For instance Atlassian used it in products that pre-date Figma's copyright by years. And it's a common feature name in countless open source software projects. Figma tells TechCrunch that its trademark refers only to the shortcut "Dev Mode" -- not the full term "developer mode." Still, it's a bit like trademarking the term "bug" to refer to "debugging." Since Figma wants to own the term, it has little choice but send cease-and-desist letters. (The letter, as many on X pointed out, was very polite, too.) If Figma doesn't defend the term, it could be absorbed as a generic term and the trademarked becomes unenforceable.

Read more of this story at Slashdot.

Uber cofounder Travis Kalanick thinks AI is about to shake up consulting -- and for "traditional" professionals, not in a good way. From a report: The former Uber CEO said consultants who mostly follow instructions or do repetitive tasks are at risk of being replaced by AI. "If you're a traditional consultant and you're just doing the thing, you're executing the thing, you're probably in some big trouble," he said. He joked about what that future of consultancy might look like: "Push a button. Get a consultant." However, Kalanick said the professionals who would come out ahead would be the ones who build tools rather than just use them. "If you are the consultant that puts the things together that replaces the consultant, maybe you got some stuff," he said. "You're going to profitable companies with competitive moats, making that moat bigger," he explained. "Making their profit bigger is probably pretty interesting from a financial point of view."

Read more of this story at Slashdot.

You should still learn to code, says GitHub's CEO. And you should start as soon as possible. From a report: "I strongly believe that every kid, every child, should learn coding," Thomas Dohmke said in a recent podcast interview with EO. "We should actually teach them coding in school, in the same way that we teach them physics and geography and literacy and math and what-not." Coding, he added, is one such fundamental skill -- and the only reason it's not part of the curriculum is because it took "us too long to actually realize that." Dohmke, who's been a programmer since the 90s, said he's never seen "anything more exciting" than the current moment in engineering -- the advent of AI, he believes, has made the field that much easier to break into, and is poised to make software more ubiquitous than ever. "It's so much easier to get into software development. You can just write a prompt into Copilot or ChatGPT or similar tools, and it will likely write you a basic webpage, or a small application, a game in Python," Dohmke said. "And so, AI makes software development so much more accessible for anyone who wants to learn coding." AI, Dohmke said, helps to "realize the dream" of bringing an idea to life, meaning that fewer projects will end up dead in the water, and smaller teams of developers will be enabled to tackle larger-scale projects. Dohmke said he believes it makes the overall process of creation more efficient. "You see some of the early signs of that, where very small startups -- sometimes five developers and some of them actually only one developer -- believe they can become million, if not billion dollar businesses by leveraging all the AI agents that are available to them," he added.

Read more of this story at Slashdot.

An anonymous reader shares a report: None of the frontier AI research labs have presented any evidence that they are on the brink of achieving artificial general intelligence, no matter how they define that goal, but Google is already planning for a "Post-AGI" world by hiring a scientist for its DeepMind AI lab to research the "profound impact" that technology will have on society. "Spearhead research projects exploring the influence of AGI on domains such as economics, law, health/wellbeing, AGI to ASI [artificial superintelligence], machine consciousness, and education," Google says in the first item on a list of key responsibilities for the job. Artificial superintelligence refers to a hypothetical form of AI that is smarter than the smartest human in all domains. This is self explanatory, but just to be clear, when Google refers to "machine consciousness" it's referring to the science fiction idea of a sentient machine. OpenAI CEO Sam Altman, DeepMind CEO Demis Hassabis, Elon Musk, and other major and minor players in the AI industry are all working on AGI and have previously talked about the likelihood of humanity achieving AGI, when that might happen, and what the consequences might be, but the Google job listing shows that companies are now taking concrete steps for what comes after, or are at least are continuing to signal that they believe it can be achieved.

Read more of this story at Slashdot.

An anonymous reader shares a report: OpenAI is working on its own X-like social network, according to multiple sources familiar with the matter. While the project is still in early stages, we're told there's an internal prototype focused on ChatGPT's image generation that has a social feed. CEO Sam Altman has been privately asking outsiders for feedback about the project, our sources say. It's unclear if OpenAI's plan is to release the social network as a separate app or integrate it into ChatGPT, which became the most downloaded app globally last month. Launching a social network in or around ChatGPT would likely increase Altman's already-bitter rivalry with Elon Musk. In February, after Musk made an unsolicited offer to purchase OpenAI for $97.4 billion, Altman responded: "no thank you but we will buy twitter for $9.74 billion if you want." Entering the social media market also puts OpenAI on more of a collision course with Meta, which we're told is planning to add a social feed to its coming standalone app for its AI assistant. When reports of Meta building a rival to the ChatGPT app first surfaced a couple of months ago, Altman shot back on X again by saying, "ok fine maybe we'll do a social app."

Read more of this story at Slashdot.

An anonymous reader shares a report: A silent update rolling out to virtually all Android devices will make your phone more secure, and all you have to do is not touch it for a few days. The new feature implements auto-restart of a locked device, which will keep your personal data more secure. It's coming as part of a Google Play Services update, though, so there's nothing you can do to speed along the process. Google is preparing to release a new update to Play Services (v25.14), which brings a raft of tweaks and improvements to myriad system features. First spotted by 9to5Google, the update was officially released on April 14, but as with all Play Services updates, it could take a week or more to reach all devices. When 25.14 arrives, Android devices will see a few minor improvements, including prettier settings screens, improved connection with cars and watches, and content previews when using Quick Share.

Read more of this story at Slashdot.

Meta CEO Mark Zuckerberg considered resetting all Facebook users' friend connections to boost the platform's declining relevance, according to internal emails revealed Monday in a landmark FTC antitrust trial. In a 2022 message to executives, Zuckerberg proposed "wiping everyone's graphs and having them start again," referring to users' friend networks. Facebook head Tom Alison questioned the idea's viability, citing Instagram's reliance on friend connections. Zuckerberg later testified that the plan was never implemented and that Facebook has "evolved" from its original purpose. The FTC argues Meta violated competition laws by acquiring Instagram ($1B) and WhatsApp ($19B) as part of a "buy or bury" strategy outlined in Zuckerberg's 2008 email stating, "It is better to buy than compete."

Read more of this story at Slashdot.

FCC Chairman Brendan Carr has issued a stark ultimatum to European allies, telling them to choose between US and Chinese communications technology. In an interview with Financial Times, Carr urged "allied western democracies" to "focus on the real long-term bogey: the rise of the Chinese Communist party." The warning comes as European governments question Starlink's reliability after Washington threatened to switch off its services in Ukraine. UK telecoms BT and Virgin Media O2 are currently trialing Starlink's satellite internet technology but haven't signed full agreements. "If you're concerned about Starlink, just wait for the CCP's version, then you'll be really worried," said Carr. Carr claimed Europe is "caught" between Washington and Beijing, with a "great divide" emerging between "CCP-aligned countries and others" in AI and satellite technology. He also accused the European Commission of "protectionism" and an "anti-American" attitude while suggesting Nokia and Ericsson should relocate manufacturing to the US to avoid Trump's import tariffs.

Read more of this story at Slashdot.

Publishers and law professors have filed amicus briefs supporting authors who sued Meta over its AI training practices, arguing that the company's use of "thousands of pirated books" fails to qualify as fair use under copyright law. The filings [PDF] in California's Northern District federal court came from copyright law professors, the International Association of Scientific, Technical and Medical Publishers (STM), Copyright Alliance, and Association of American Publishers. The briefs counter earlier support for Meta from the Electronic Frontier Foundation and IP professors. While Meta's defenders pointed to the 2015 Google Books ruling as precedent, the copyright professors distinguished Meta's use, arguing Google Books told users something "about" books without "exploiting expressive elements," whereas AI models leverage the books' creative content. "Meta's use wasn't transformative because, like the AI models, the plaintiffs' works also increased 'knowledge and skill,'" the professors wrote, warning of a "cascading effect" if Meta prevails. STM is specifically challenging Meta's data sources: "While Meta attempts to label them 'publicly available datasets,' they are only 'publicly available' because those perpetuating their existence are breaking the law."

Read more of this story at Slashdot.