RSS 생중계

Security updates for Thursday

lwn.net - 목, 2024/02/01 - 10:57오후
Security updates have been issued by Debian (debian-security-support, firefox-esr, openjdk-11, and python-asyncssh), Fedora (glibc, python-templated-dictionary, thunderbird, and xorg-x11-server-Xwayland), Gentoo (Chromium, Google Chrome, Microsoft Edge and WebKitGTK+), Red Hat (firefox, gnutls, libssh, thunderbird, and tigervnc), SUSE (mbedtls, rear116, rear1172a, runc, squid, and tinyssh), and Ubuntu (glibc and runc).
카테고리:

Biogen Dumps Dubious Alzheimer's Drug After Profit-Killing FDA Scandal

Slashdot - 목, 2024/02/01 - 10:00오후
An anonymous reader quotes a report from Ars Technica: Biotechnology company Biogen is abandoning Aduhelm, its questionable Alzheimer's drug that has floundered on the market since its scandal-plagued regulatory approval in 2021 and brow-raising pricing. On Wednesday, the company announced it had terminated its license for Aduhelm (aducanumab) and will stop all development and commercialization activities. The rights to Aduhelm will revert back to the Neurimmune, the Swiss biopharmaceutical company that discovered it. Biogen will also end the Phase 4 clinical trial, ENVISION, that was required by the Food and Drug Administration to prove Biogen's claims that Aduhelm is effective at slowing progression of Alzheimer's in its early stages -- something two Phase 3 trials failed to do with certainty. In the announcement, Biogen noted it took a financial hit of $60 million in the fourth quarter of 2023 to close out its work on Aduhelm, which the company at one point reportedly estimated would bring in as much as $18 billion in revenue per year.

Read more of this story at Slashdot.

카테고리:

Hulu Is Cracking Down On Password Sharing, Just Like Disney Plus and Netflix

Slashdot - 목, 2024/02/01 - 7:00오후
Hulu updated its Terms of Service to explicitly ban password sharing outside of "your primary personal residence." Subscribers will need to comply by March 14th, 2024. Here's the new ToS section in full: m. Account Sharing. Unless otherwise permitted by your Service Tier, you may not share your subscription outside of your household. "Household" means the collection of devices associated with your primary personal residence that are used by the individuals who reside therein. Additional usage rules may apply for certain Service Tiers. For more details on our account sharing policy, please visit our Help Center. We may, in our sole discretion, analyze the use of your account to determine compliance with this Agreement. If we determine, in our sole discretion, that you have violated this Agreement, we may limit or terminate access to the Service and/or take any other steps as permitted by this Agreement (including those set forth in Section 6 of this Agreement). You will be responsible for any use of your account by your household, including compliance with this section. The Verge reports: The new ToS is dated January 25th, 2024; previous versions of the ToS didn't mention account sharing at all. "We're adding limitations on sharing your account outside of your household, and explaining how we may assess your compliance with these limitations," the most important paragraph reads. Neither the email nor the ToS say how Hulu will measure compliance or how quickly it'll take action, but Hulu will apparently "analyze the use of your account" and it reserves the right to "limit or terminate access" if it decides you've broken the policy. The ToS also suggests there's more info about its account sharing policy at the Hulu Help Center, but we're not seeing any help articles about account sharing right now. Netflix started cracking down on password sharing in the U.S. last May, resulting in the "four single largest days of U.S. user sign-ups since January 2019." The streaming giant later went on to add 2.6 million U.S. subscribers. Disney Plus enacted a similar plan a few months later.

Read more of this story at Slashdot.

카테고리:

SpaceX's Starship To Launch 'Starlab' Private Space Station In Late 2020s

Slashdot - 목, 2024/02/01 - 4:00오후
SpaceX's Starship rocket has been selected by Starlab to launch its private space station into orbit. "SpaceX's history of success and reliability led our team to select Starship to orbit Starlab," Dylan Taylor, chairman and CEO of Voyager Space, said in a statement. "SpaceX is the unmatched leader for high-cadence launches, and we are proud Starlab will be launched to orbit in a single flight by Starship." Space.com reports: Today's announcement didn't give a target launch date. But NASA and Starlab's developers want the four-person commercial station to be up and running before 2030, when the International Space Station (ISS) is expected to cease operations (though that retirement date is apparently not set in stone). [...] The 400-foot-tall (122 meters) Starship is the biggest and most powerful rocket ever built, capable of hauling up to 150 tons to low Earth orbit. It will send the fully outfitted Starlab up in just one launch, as Taylor noted above. "Starlab's single-launch solution continues to demonstrate not only what is possible, but how the future of commercial space is happening now," Tom Ochinero, senior vice president of commercial business at SpaceX, said in the same statement. "The SpaceX team is excited for Starship to launch Starlab to support humanity's continued presence in low Earth orbit on our way to making life multiplanetary," Ochinero added.

Read more of this story at Slashdot.

카테고리:

Fiber Optics Bring You Internet. Now They're Also Listening To Trains

Slashdot - 목, 2024/02/01 - 12:30오후
An anonymous reader quotes a report from Wired: Stretching thousands upon thousands of miles under your feet, a web of fibrous ears is listening. Whether you walk over buried fiber optics or drive a car across them, above-ground activity creates a characteristic vibration that ever-so-slightly disturbs the way light travels through the cables. With the right equipment, scientists can parse that disturbance to identify what the source was and when exactly it was roaming there. This quickly proliferating technique is known as distributed acoustic sensing, or DAS, and it's so sensitive that researchers recently used it to monitor the cacophony of a mass cicada emergence. Others are using the cables as an ultra-sensitive instrument for detecting volcanic eruptions and earthquakes: Unlike a traditional seismometer stuck in one place, a web of fiber optic cables can cover a whole landscape, providing unprecedented detail of Earth's rumblings at different locations. Now scientists are experimenting with bringing DAS to a railroad near you. When a train runs along a section of track, it creates vibrations that analysts can monitor over time -- if that signal suddenly changes, it might indicate a problem with the rail, like a crack, or a snapped tie. Or if on a mountain pass a rockslide blasts across the track, DAS might "hear" that too, warning railroad operators of a problem that human eyes hadn't yet glimpsed. More gradual changes in the signal might betray the development of faults in track alignment. It just so happens that fiber optic cables already run along many railways to connect all the signaling equipment or for telecommunications. "You're utilizing the already available facilities and infrastructure for that, which can reduce the cost," says engineer Hossein Taheri, who is studying DAS for railroads at Georgia Southern University. "There could be some railroads where they don't have the fiber, and you need to lay down. But yes, most of them, usually they do already have it." To tap into that fiber, you need a device called an interrogator, which fires laser pulses down the cables and analyzes the tiny bits of light that bounce back. So, say a rock hits the track 20 miles away from the interrogator. That creates a characteristic ground vibration that disturbs the fiber optics near the track, which shows up in the light signal. Because scientists know the speed of light, they can precisely measure the time it took for that signal to travel back to their interrogator, pinpointing the distance to the disturbance to within 10 meters, or about 30 feet. For a given stretch of track, you'd have already analyzed the DAS signals for a length of time, building a vibration profile for a normal, healthy railway. When the DAS data suddenly starts showing something different, you might have an issue, which shows up like an EKG picking up a problem with a human heartbeat. "What we're doing is profiling the track, looking for changes in the acoustic signature," says Daniel Pyke, a rail expert and spokesperson for Sensonic, which develops DAS technology for railroads. "We know what track should sound like, we know what a train should sound like. And we know that if it's changing -- so let's say this joint is coming loose -- that needs someone to go and fix it before it becomes a problem."

Read more of this story at Slashdot.

카테고리:

Investors Threw 50% Less Money At Quantum Last Year

Slashdot - 목, 2024/02/01 - 11:02오전
Dan Robinson reports via The Register: Quantum companies received 50 percent less venture cap funding last year as investors switched to generative AI or shied away from risky bets on Silicon Valley startups. Progress in quantum computing is being made, but practical applications of the technology are still likely years away. Investment in quantum technology reached a high of $2.2 billion in 2022, as confidence (or hype) grew in this emerging market, but that funding fell to about $1.2 billion last year, according to the latest State of Quantum report, produced by The Quantum Insider, with quantum computing company IQM, plus VCs OpenOcean and Lakestar. The picture is even starker in the US, where there was an 80 percent decline in venture capital for quantum, while the APAC region dropped by 17 percent, and EMEA grew slightly by three percent. But the report denies that we have reached a "quantum winter," comparable with the "AI winter" periods of scarce funding and little progress. Instead, the quantum industry continues to progress towards useful quantum systems, just at a slower pace, and the decline in funding must be seen as part of broader venture capital trends, it insists. "Calendar year 2023 was an interesting year with regards to quantum," Heather West, research manager for Quantum Computing, Infrastructure Systems, Platforms, and Technology at IDC told The Register. "With the increased interest in generative AI, we started to observe that some of the funding that was being invested into quantum was transferred to AI initiatives and companies. Generative AI was seen as the new disruptive technology which end users could use immediately to gain an advantage or value, whereas quantum, while expected to be a disruptive technology, is still very early in development," West told The Register. Gartner Research vice president Matthew Brisse agreed. "It's due to the slight shift of CIO priorities toward GenAI. If organizations were spending 10 innovation dollars on quantum, now they are spending five. Not abandoning it, but looking at GenAI to provide value sooner to the organization than quantum," he told us. Meanwhile, venture capitalists in America are fighting shy of risky bets on Silicon Valley startups and instead keeping their powder dry as they look to more established technology companies or else shore up their existing portfolio of investments, according to the Financial Times.

Read more of this story at Slashdot.

카테고리:

FBI Director Warns Chinese Hackers Aim To 'Wreak Havoc' On US Critical Infrastructure

Slashdot - 목, 2024/02/01 - 10:25오전
"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike," said FBI Director Christopher Wray in a prepared testimony before the House Select Committee on the Chinese Communist Party. NBC News reports: Wray also argued that "there has been far too little public focus" that Chinese hackers are targeting critical infrastructure in the U.S. such as water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems, according to the prepared remarks. "And the risk that poses to every American requires our attention -- now," his prepared testimony said. As Wray testified, the Justice Department and FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with botnet malware that targeted critical infrastructure. The DOJ said the hackers, known to the private sector as "Volt Typhoon," used privately owned small routers that were infected with "KV botnet" malware to conceal further Chinese hacking activities against U.S. and foreign victims. Wray addressed the malware in his testimony, emphasizing that it targets critical infrastructure in the U.S. [...] At Wednesday's hearing, the director of the federal Cybersecurity and Infrastructure Security Agency, Jen Easterly, testified that Americans should expect efforts by China to wage influence campaigns online relating to the 2024 election. However, Easterly added that she was confident that voting systems and other election infrastructure are well-defended. "To be very clear, Americans should have confidence in the integrity of our election infrastructure because of the enormous amount of work that's been done by state and local election officials, by the federal government, by vendors, by the private sector since 2016," Easterly said in her testimony. Wray emphasized in the remarks that the "cyber onslaught" of Chinese hackers "goes way beyond prepositioning for future conflict," saying in the prepared remarks that every day the hackers are "actively attacking" U.S. economic security, engaging in "wholesale theft of our innovation, and our personal and corporate data." "And they don't just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents," the excerpts said.

Read more of this story at Slashdot.

카테고리:

[$] LWN.net Weekly Edition for February 1, 2024

lwn.net - 목, 2024/02/01 - 9:57오전
The LWN.net Weekly Edition for February 1, 2024 is available.
카테고리:

Key Rugged Phone Manufacturer Shuts Down

Slashdot - 목, 2024/02/01 - 9:45오전
Jess Weatherbed reports via The Verge: Bullitt Group, the UK-based smartphone manufacturer behind the rugged handsets of Cat, Land Rover, and Motorola, has seemingly shut down. On Monday, Mobile World Live spotted several Bullitt Group employees on LinkedIn saying that the company folded on January 26th after a "critical planned restructuring" failed. The Telegraph reported earlier this month that the company was on the brink of insolvency. Bullitt Group has yet to issue an official statement confirming the closure. The manufacturer previously told The Telegraph that it planned to transfer its satellite connectivity business and all 100 of its employees to a new company owned by its creditors, though one former employee now claims the entire workforce has been laid off. Founded in 2009, Bullitt found its niche producing mobile devices and accessories for other companies. The most notable are the hardy, rugged handsets like the Land Rover Explore and Motorola Defy series, though it also made more traditional smartphones like the Kodak Ektra. In recent years, the company placed greater focus on satellite connectivity projects like the Motorola Defy Satellite Link as it struggled to compete against larger phone providers like Apple and Samsung.

Read more of this story at Slashdot.

카테고리:

Mistral Confirms New Open Source AI Model Nearing GPT-4 Performance

Slashdot - 목, 2024/02/01 - 9:02오전
An anonymous reader quotes a report from VentureBeat: The past few days have been a wild ride for the growing open source AI community -- even by its fast-moving and freewheeling standards. Here's the quick chronology: on or about January 28, a user with the handle "Miqu Dev" posted a set of files on HuggingFace, the leading open source AI model and code sharing platform, that together comprised a seemingly new open source large language model (LLM) labeled "miqu-1-70b." The HuggingFace entry, which is still up at the time of this article's posting, noted that new LLM's "Prompt format," how users interact with it, was the same as Mistral, the well-funded open source Parisian AI company behind Mixtral 8x7b, viewed by many to be the top performing open source LLM presently available, a fine-tuned and retrained version of Meta's Llama 2. The same day, an anonymous user on 4chan (possibly "Miqu Dev") posted a link to the miqu-1-70b files on 4chan, the notoriously longstanding haven of online memes and toxicity, where users began to notice it. Some took to X, Elon Musk's social network formerly known as Twitter, to share the discovery of the model and what appeared to be its exceptionally high performance at common LLM tasks (measured by tests known as benchmarks), approaching the previous leader, OpenAI's GPT-4 on the EQ-Bench. Machine learning (ML) researchers took notice on LinkedIn, as well. "Does 'miqu' stand for MIstral QUantized? We don't know for sure, but this quickly became one of, if not the best open-source LLM," wrote Maxime Labonne, an ML scientist at JP Morgan & Chase, one of the world's largest banking and financial companies. "Thanks to @152334H, we also now have a good unquantized version of miqu here: https://lnkd.in/g8XzhGSM. Quantization in ML refers to a technique used to make it possible to run certain AI models on less powerful computers and chips by replacing specific long numeric sequences in a model's architecture with shorter ones. Users speculated "Miqu" might be a new Mistral model being covertly "leaked" by the company itself into the world -- especially since Mistral is known for dropping new models and updates without fanfare through esoteric and technical means -- or perhaps an employee or customer gone rouge. Well, today it appears we finally have confirmation of the latter of those possibilities: Mistral co-founder and CEO Arthur Mensch took to X to clarify: "An over-enthusiastic employee of one of our early access customers leaked a quantized (and watermarked) version of an old model we trained and distributed quite openly... To quickly start working with a few selected customers, we retrained this model from Llama 2 the minute we got access to our entire cluster -- the pretraining finished on the day of Mistral 7B release. We've made good progress since -- stay tuned!" Hilariously, Mensch also appears to have taken to the illicit HuggingFace post not to demand a takedown, but leaving a comment that the poster "might consider attribution." Still, with Mensch's note to "stay tuned!" it appears that not only is Mistral training a version of this so-called "Miqu" model that approaches GPT-4 level performance, but it may, in fact, match or exceed it, if his comments are to be interpreted generously.

Read more of this story at Slashdot.

카테고리:

GNU C Library 2.39 released

lwn.net - 목, 2024/02/01 - 8:41오전
Version 2.39 of the GNU C Library has been released. Changes include integration with the x86 shadow-stack mechanism, a couple of new posix_spawn() variants for working with control groups, pidfd_spawn() and pidfd_spawnp(), the C2X stdbit.h header, the removal of the libcrypt library, and more. See the release notes for details.
카테고리:

FTX Scraps Plans To Revive Exchange, Will Repay Billions To Customers

Slashdot - 목, 2024/02/01 - 8:20오전
A lawyer for FTX said the defunct crypto exchange has abandoned its plans to relaunch, instead opting to liquidate all assets and return funds to customers. The Guardian reports: The exchange, founded by Sam Bankman-Fried, has been negotiating for months with potential bidders and investors, but none were willing to put in enough money to rebuild it, FTX attorney Andy Dietderich said at a bankruptcy court hearing in Delaware. The failed negotiations underscored the fact that FTX was never what it appeared to be, and that Bankman-Fried never built the underlying technology or administration necessary to run the company as a viable business, Dietderich said. Bankman-Fried has been convicted on fraud charges related to his operation of FTX. He faces decades in prison. "FTX was an irresponsible sham created by a convicted felon," Dietderich said. "The costs and risks of creating a viable exchange from what Mr Bankman-Fried left in a dumpster were simply too high." The company will instead focus on liquidating its assets to repay customers whose cryptocurrency deposits were locked when the company filed for bankruptcy in November 2022. FTX has recovered over $7 billion in assets to repay customers, and it has reached agreements with government regulators who have agreed to wait until customers are fully repaid before attempting to collect on about $9 billion in claims, Dietderich said. While FTX plans to repay its customers, the exchange will calculate their repayment based on cryptocurrency prices from November 2022, when the crypto market was suffering a prolonged slump. "The price of bitcoin has risen to about $43,300 from its November 2022 price of $16,872," notes the report.

Read more of this story at Slashdot.

카테고리:

'Cory Doctorow Has a Plan To Wipe Away the Enshittification of Tech'

Slashdot - 목, 2024/02/01 - 7:40오전
In an interview with The Register, author and activist Cory Doctorow offers potential solutions to stop "enshittification," an age-old phenomenon that has become endemic in the tech industry. It's when a platform that was once highly regarded and user-friendly gradually deteriorates in quality, becoming less appealing and more monetized over time. Then, it dies. Here's an excerpt from the interview, conducted by The Register's Iain Thomson: [...] Doctorow explained that the reasons for enshittification are complex, and not necessarily directly malicious -- but a product of the current business environment and the state of regulation. He thinks the way to flush enshittification is enforcing effective competition. "We need to have prohibition and regulation that prohibits the capital markets from funding predatory pricing," he explained. "It's very hard to enter the market when people are selling things below cost. We need to prohibit predatory acquisitions. Look at Facebook: buying Instagram, and Mark Zuckerberg sending an email saying we're buying Instagram because people don't like Facebook and they're moving to Instagram, and we just don't want them to have anywhere else to go." The frustrating part of this is that the laws needed to break up the big tech monopolies that allow enshittification, and encourage competition, are already on the books. Doctorow lamented those laws haven't been enforced. In the US, the Clayton Act, the Federal Trade Act, and the Sherman Act are all valid, but have either not been enforced or are being questioned in the courts. However, in the last few years that appears to be changing. Recent actions by increasingly muscular regulatory agencies like the FTC and FCC are starting to move against the big tech monopolies, as well as in other industry sectors. What's more, Doctorow pointed out, these are not just springing from the Democratic administration but are being actively supported by an increasing number of Republicans. He cited Lina Khan, appointed as chair of the FTC in part thanks to the support of Republican politicians seeking change (although the GOP now regularly criticizes her positions). The sheer size of the largest tech companies certainly gives them an advantage in cases like these, Doctorow opined, noting that we've seen this in action more than 20 years ago. "Think back to the Napster era, and compare tech and entertainment. Entertainment was very concentrated into about seven big firms and they had total unity and message discipline," Doctorow recalled. "Tech was a couple of hundred firms, and they were much larger -- like an order of magnitude larger in aggregate than entertainment. But their messages were all over the place, and they were contradicting each other. And so they just lost, and they lost very badly." Doctorow discusses the detrimental effects of mega-companies on innovation and security, noting how growth strategies focused on raising costs and reducing value can lead to vulnerabilities and employee demoralization. "Remember when tech workers dreamed of working for a big company before striking out on their own to put that big company out of business? Then that dream shrank to working for a few years, quitting and doing a fake startup to get hired back by your old boss in the world's most inefficient way to get a raise," he told the Def Con crowd last August. "Next it shrank even further. You're working for a tech giant your whole life but you get free kombucha and massages. And now that dream is over and all that's left is work with a tech giant until they fire your ass -- like those 12,000 Googlers who got fired six months after a stock buyback that would have paid their salaries for the next 27 years. We deserve better than this." Additionally, Doctorow emphasizes the growing movement toward labor organizing in the tech industry, which could be a pivotal factor in reversing the trend of enshittification. "We're so much closer to tech unionization than we were just a few years ago. Yeah, it's still nascent, and yes, it's easy to double small numbers, but the strength is doubling very quickly and in a very heartening way," Doctorow told The Register. "We're really at a turning point. And some of it is coming from the kind of solidarity like you see with warehouse workers and tech workers." Ultimately, Doctorow argues it should be possible to reintroduce a more competitive and innovative tech industry environment, where the interests of users, employees, and investors are better balanced.

Read more of this story at Slashdot.

카테고리:

Comcast Reluctantly Agrees To Stop Its Misleading '10G Network' Claims

Slashdot - 목, 2024/02/01 - 7:00오전
An anonymous reader quotes a report from Ars Technica: Comcast has reluctantly agreed to discontinue its "Xfinity 10G Network" brand name after losing an appeal of a ruling that found the marketing term was misleading. It will keep using the term 10G in other ways, however. Verizon and T-Mobile both challenged Comcast's advertising of 10G, a term used by cable companies since it was unveiled in January 2019 by industry lobby group NCTA-The Internet & Television Association. We wrote in 2019 that the cable industry's 10G marketing was likely to confuse consumers and seemed to be a way of countering 5G hype generated by wireless companies. 10G doesn't refer to the 10th generation of a technology. It is a reference to potential 10Gbps broadband connections, which would be much faster than the actual speeds on standard cable networks today. The challenges lodged against Comcast marketing were filed with the advertising industry's self-regulatory system run by BBB National Programs. BBB's National Advertising Division (NAD) ruled against Comcast in October 2023, but Comcast appealed to the National Advertising Review Board (NARB). The NARB announced its ruling today, agreeing with the NAD that "Comcast should discontinue use of the term 10G, both when used in the name of the service itself ('Xfinity 10G Network') as well as when used to describe the Xfinity network. The use of 10G in a manner that is not false or misleading and is consistent with the panel decision is not precluded by the panel recommendations." Comcast agreed to make the change in an advertiser's statement that it provided to the NARB. "Although Comcast strongly disagrees with NARB's analysis and approach, Comcast will discontinue use of the brand name 'Xfinity 10G Network' and will not use the term '10G' in a manner that misleadingly describes the Xfinity network itself," Comcast said. Comcast said it disagrees with "the recommendation to discontinue the brand name" because the company "makes available 10Gbps of Internet speed to 98 percent of its subscribers upon request." But those 10Gbps speeds aren't available in Comcast's typical service plans and require a fiber-to-the-home connection instead of a standard cable installation. Comcast said it may still use 10G in ways that are less likely to confuse consumers. "Consistent with the panel's recommendation... Comcast reserves the right to use the term '10G' or 'Xfinity 10G' in a manner that does not misleadingly describe the Xfinity network itself," the company said.

Read more of this story at Slashdot.

카테고리:

OpenAI Says GPT-4 Poses Little Risk of Helping Create Bioweapons

Slashdot - 목, 2024/02/01 - 6:20오전
OpenAI's most powerful AI software, GPT-4, poses "at most" a slight risk of helping people create biological threats, according to early tests the company carried out to better understand and prevent potential "catastrophic" harms from its technology. From a report: In October, President Joe Biden signed an executive order on AI that directed the Department of Energy to ensure AI systems don't pose chemical, biological or nuclear risks. That same month, OpenAI formed a "preparedness" team, which is focused on minimizing these and other risks from AI as the fast-developing technology gets more capable. As part of the team's first study, released Wednesday, OpenAI's researchers assembled a group of 50 biology experts and 50 students who had taken college-level biology. Half of the participants were told to carry out tasks related to making a biological threat using the internet along with a special version of GPT-4 -- one of the large language models that powers ChatGPT -- that had no restrictions placed on which questions it could answer. The other group was just given internet access to complete the exercise. OpenAI's team asked the groups to figure out how to grow or culture a chemical that could be used as a weapon in a large enough quantity, and how to plan a way to release it to a specific group of people.

Read more of this story at Slashdot.

카테고리:

Ivanti Patches Two Zero-Days Under Attack, But Finds Another

Slashdot - 목, 2024/02/01 - 5:42오전
Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. From a report: Since early December, ââChinese state-backed hackers have been exploiting Ivanti Connect Secure's flaws -- tracked as CVE-2023-46805 and CVE-2024-21887 -- to break into customer networks and steal information. Ivanti is now warning that it has discovered two additional flaws -- tracked as CVE-2024-21888 and CVE-2024-21893 -- affecting its Connect Secure VPN product. The former is described as a privilege escalation vulnerability, while the latter -- known as a zero-day because Ivanti had no time to fix the bug before hackers began exploiting it -- is a server-side bug that allows an attacker access to certain restricted resources without authentication. In its updated disclosure, Ivanti said it has observed "targeted" exploitation of the server-side bug. Germany's Federal Office for Information Security, known as the BSI, said in a translated advisory on Wednesday that it has knowledge of "multiple compromised systems."

Read more of this story at Slashdot.

카테고리:

LibreOffice 24.2 Community released

lwn.net - 목, 2024/02/01 - 5:41오전
Version 24.2 of the LibreOffice office suite is available. Changes include AutoRecovery enabled by default, styling of comments, better floating-table support, improved accessibility, and more. See the release notes for details.
카테고리:

California And Big Oil Are Splitting After Century-Long Affair

Slashdot - 목, 2024/02/01 - 5:00오전
It is the end of an era for Big Oil in California, as the most populous U.S. state divorces itself from fossil fuels in its fight against climate change. From a report: California's oil output a century ago amounted to it being the fourth-largest crude producer in the U.S., and spawned hundreds of oil drillers, including some of the largest still in existence. Oil led to its car culture of iconic highways, drive-in theaters, banks and restaurants that endures today. On Friday, however, the marriage will officially end. The two largest U.S. oil producers, Exxon Mobil and Chevron will formally disclose a combined $5 billion writedown of California assets when they report fourth-quarter results. "They are definitely getting a divorce," said Jamie Court, president of advocacy group Consumer Watchdog, which said the companies long ago stopped investing in California production, and now want to hive off their old wells there. "They've been separated for more than a decade, now they are just signing the papers," he said. Exxon Mobil last year exited onshore production in the state, ending a 25-year-long partnership with Shell when they sold their joint-venture properties. The state's regulatory environment has impeded efforts to restart offshore production, Exxon said this month, leading to an exit that includes financing a Texas company's purchase of its offshore properties. The No.1 U.S. oil producer's asset writedown will cost about $2.5 billion and officially end five decades of oil production off the coast of Southern California.

Read more of this story at Slashdot.

카테고리:

[$] OpenBSD system-call pinning

lwn.net - 목, 2024/02/01 - 4:46오전

Return-oriented programming (ROP) attacks are hard to defend against. Partial mitigations such as address-space layout randomization, stack canaries, and other techniques are commonly deployed to try and frustrate ROP attacks. Now, OpenBSD is experimenting with a new mitigation that makes it harder for attackers to make system calls, although some security researchers have expressed doubt that it will prove effective at stopping real-world attacks. In his announcement message, Theo de Raadt said that this work "makes some specific low-level attack methods unfeasable on OpenBSD, which will force the use of other methods."

카테고리:

Cruise Faces Long Road Back To City Streets in Wake of Safety Review

Slashdot - 목, 2024/02/01 - 4:24오전
General Motors' Cruise self-driving car unit faces a trip that could last the better part of this year to convince regulators and a wary public that its robotaxis are fit to share the road with human drivers, industry officials said. From a report: After releasing a withering safety report last week that Cruise commissioned, GM said on Tuesday it slashed about $1 billion from Cruise's annual budget and promised to "soon" release a timeline for the unit's return to operations. The U.S. automaker also delayed indefinitely a March update when it was expected to lay out plans. That has raised questions about when Cruise might get its vehicles back on the road, particularly as it faces various government probes including from the National Highway Traffic Safety Administration. "Investigating defects is a highly deliberative process," said Mark Rosekind, a former NHTSA chief who has also worked for Amazon.com's Zoox autonomous vehicle unit. "It would be months, easily, and for bigger problems up to a year or more to resolve an investigation."

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기