RSS 생중계

An anonymous reader quotes a report from Ars Technica: Hacking is hard. Well, sometimes. Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity. So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed. So you log in to the network with these new credentials and set about planting ransomware or exfiltrating data in the target network, eventually doing an estimated $380 million in damage. Easy, right? According to The Clorox Company, which makes everything from lip balm to cat litter to charcoal to bleach, this is exactly what happened to it in 2023. But Clorox says that the "debilitating" breach was not its fault. It had outsourced the "service desk" part of its IT security operations to the massive services company Cognizant -- and Clorox says that Cognizant failed to follow even the most basic agreed-upon procedures for running the service desk. In the words of a new Clorox lawsuit, Cognizant's behavior was "all a devastating lie," it "failed to show even scant care," and it was "aware that its employees were not adequately trained." "Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," says the lawsuit, using italics to indicate outrage emphasis. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over. Cognizant is on tape handing over the keys to Clorox's corporate network to the cybercriminal -- no authentication questions asked." [...] The new lawsuit, filed in California state courts, wants Cognizant to cough up millions of dollars to cover the damage Clorox says it suffered after weeks of disruption to its factories and ordering systems. (You can read a brief timeline of the disruption here.)

Read more of this story at Slashdot.

The New York Stock Exchange and Nasdaq have applied for regulatory permission to extend their trading hours to 22 and 24 hours daily, respectively. Nasdaq expects to implement round-the-clock trading from the second half of 2026. The London Stock Exchange is considering similar extensions, according to Financial Times. Several retail brokers already facilitate overnight trading through alternative platforms and "dark pools" -- off-exchange venues that operate during non-standard hours. Robinhood began offering all-night trading for select stocks in May 2023, while Charles Schwab announced plans to expand its overnight trading service to 1,100 securities this July. Economist argues that 24/7 trading is a bad idea. The publication writes: The problem with such trading is that price discovery can be fraught with difficulty. In fact, this is partly why institutional investors like dark pools: their lighter reporting requirements, compared with exchanges, allow big orders to be executed without alerting the wider market beforehand, which would move the price. Professionals taking the other side of these trades accept the risks and know how to navigate them. Amateurs, getting a worse price than they might have done in daylight, often do not. The witching hours are currently when all manner of dull, but vital, post-trade processes take place, from settlement and valuation to the reconciliation of mistakes. Once trading is non-stop, there will be no pause for the financial plumbing to clear. Nor for traders to rest in the knowledge that the market is resting with them, so there is no need to refresh their screens. In today's always-on world, stock exchanges' limited opening hours might seem old-fashioned. But get ready to miss them once they're gone.

Read more of this story at Slashdot.

Internet outages spiked during the second quarter of 2025, driven by government-mandated shutdowns, infrastructure failures, and technical glitches, according to Cloudflare's quarterly disruption report. Government restrictions returned after a quiet first quarter, with Libya, Iran, Iraq, Syria, and Panama imposing internet cutoffs for reasons ranging from protest suppression to exam security. A massive power outage on April 28 knocked Spain's internet traffic down 80% and Portugal's by 90%, with service restored around 1 a.m. the following day. Cable damage caused complete outages for Digicel in Haiti and a 90-minute disruption for Airtel in Malawi. Several major outages went unexplained, including an eight-hour blackout at SkyCable in the Philippines and a nationwide outage at Thai provider TrueMove H, with companies providing no official explanations for the service failures.

Read more of this story at Slashdot.

ItsJustAPseudonym shares a Reuters story:The International Cycling Union (UCI) has intensified its fight against mechanical doping, employing intelligence-driven methods to combat increasingly sophisticated alleged cheating in professional cycling. ItsJustAPseudonym adds: They call the use of hidden motors "mechanical doping". In 2010 it led to the ban of a rider from Belgium who had a hidden motor in her seat-tube during a cyclocross event. "It's a bit of a technological arms race. Components are getting lighter, smaller. Easier to conceal, which is harder to detect", according to Nick Raudenski, the UCI Head of the Fight Against Technological Fraud.

Read more of this story at Slashdot.

An anonymous reader shares a report: Sony is testing a Power Saver mode for the PlayStation 5, explaining in a new PlayStation Blog update that the option will permit games to run with lower power consumption. While the upcoming feature was revealed as part of the system update beta, the feature will not be available during the beta phase. However, when the feature does hit your console, players will gain access to a new option called Power Saver. With Power Saver enabled, "supported PS5 games will scale back performance and will allow your PS5 to reduce its power consumption," explained Shuzo Kikuchi, VP of product management at Sony Interactive Entertainment. "If not enabled, or if games do not support the feature, the performance will not be scaled back and power consumption will not be reduced." As for what scaled-back performance actually means, SIE indicates that VR mode will be unavailable and that "some gameplay features may be limited." So that's one very clear change, and one vague, game-specific change.

Read more of this story at Slashdot.

A landmark decision by a top UN court has cleared the way for countries to sue each other over climate change, including over historic emissions of planet-warming gases. BBC: But the judge at the International Court of Justice in the Hague, Netherlands on Wednesday said that untangling who caused which part of climate change could be difficult. The ruling is non-binding but legal experts say it could have wide-ranging consequences. It will be seen as a victory for countries that are very vulnerable to climate change, who came to court after feeling frustrated about lack of global progress in tackling the problem.

Read more of this story at Slashdot.

Richard van der Hoff, a member of the team that runs the Matrix.org homeserver, has written a detailed blog post about diagnosing and fixing a problem where Matrix rooms would simply stop working:

We know that there are plenty of users out there who will have been affected by the problem, and found themselves unable to communicate as a result. We very much share your frustration, and we'd like to apologise for the disruption to service.

With that said, we're glad that we were able to get to the bottom of most of the problem, and get the lost data restored within a relatively short time. If nothing else, hopefully this blog post will be of use to future generations faced with Postgres index corruption!

Meta researchers published findings in Nature Wednesday detailing a wristband prototype that controls computers through hand gestures by reading electrical signals from forearm muscles. The device uses surface electromyography to detect signals from alpha motor neurons in the spinal cord that connect to muscle fibers, allowing users to move cursors with wrist turns, open applications with thumb-to-forefinger taps, and write text by tracing letters in the air. The technology, developed at Meta's Reality Labs, trained neural networks on data from 10,000 participants to identify common muscle signal patterns. The wristband works without individual calibration across most users and can detect intended movements before physical motion occurs. Meta demonstrated the device controlling its Orion augmented reality glasses last fall and plans product integration over the next few years.

Read more of this story at Slashdot.

A cyber-espionage campaign exploiting unpatched Microsoft SharePoint vulnerabilities has breached approximately 400 organizations worldwide, including the US National Nuclear Security Administration, according to Netherlands-based cybersecurity firm Eye Security. The figure represents a four-fold increase from 100 organizations cataloged over the weekend, with researchers calling it likely an undercount since not all attack vectors leave detectable artifacts. Microsoft identified three Chinese groups -- state-backed Linen Typhoon and Violet Typhoon, plus China-based Storm-2603 -- as exploiting the vulnerabilities in on-premises SharePoint servers to steal authentication credentials and execute malicious code remotely. The campaign began July 7 and was first detected July 18 when Eye Security found unusual activity on a customer's server. Victims include the US Energy Department, Education Department, Florida's Department of Revenue, Rhode Island General Assembly, and European and Middle Eastern governments.

Read more of this story at Slashdot.

Providing security updates for a Linux distribution, such as Debian, involves a lot of work behind the scenes—and requires much more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France, Samuel Henrique walked through the process of providing security updates to users; he discussed how Debian learns about security vulnerabilities, decides on the best response, and the process of sending out updates to keep its users safe. He also provided guidance on how others could get involved.

Australia is offering visas to Tuvalu citizens each year under a climate migration deal Canberra has billed as "the first agreement of its kind anywhere in the world." From a report: "We received extremely high levels of interest in the ballot with 8,750 registrations, which includes family members of primary registrants," the Australian high commission in Tuvalu said in a statement. The figure is equal to 82 percent of the country's 10,643 population, according to census figures collected in 2022. "With 280 visas offered this program year, it means that many will miss out," the commission said. One of the most climate-threatened corners of the planet, scientists fear Tuvalu will be uninhabitable within the next 80 years. Two of the archipelago's nine coral atolls have already largely disappeared under the waves.

Read more of this story at Slashdot.

The Home Assistant project has published an update on improvements in its Android app, and plans for upcoming releases:

In our latest update of the Android app 2025.7.1, we've added a couple of useful features. Including a new basic invite flow, which will be shared between Android and iOS, adding a good layer of consistency between our most-used companion apps. The idea is to make it much more seamless to add new users or set up new devices (no need to type the URL in your Android Automotive device!).

We've also made My Links work better. If you're unfamiliar with My Links, they're those cool links (that anyone can make) that bring you right to an integration, blueprint, add-on, or settings page. They have always worked great on desktop, but up until recently, they were a bit clunky to use on mobile. Now you can get to the link's destination with a single click.

LWN looked at Home Assistant in May.

The Trump administration on Wednesday unveiled a 23-page "AI Action Plan" [PDF] designed to accelerate American AI development through deregulation and infrastructure expansion while countering Chinese influence in the technology sector. The plan, mandated by President Trump in January with a six-month deadline, establishes three core pillars: innovation acceleration, infrastructure development, and international AI diplomacy. Central provisions include removing federal regulations that hinder AI development and directing agencies to withhold AI-related funding from states with "burdensome" AI regulations. The administration will streamline environmental permitting for data centers and energy infrastructure while expanding use of coal, natural gas, and nuclear power to meet AI's electricity demands. The plan mandates that government-procured large language models be "neutral and unbiased," addressing conservative concerns about perceived liberal bias in AI systems. Trump signed accompanying executive orders requiring the US International Development Finance Corporation and Export-Import Bank to support global deployment of American AI technology. "To win the AI race, the U.S. must lead in innovation, infrastructure, and global partnerships," Sacks stated, emphasizing worker protection and avoiding "Orwellian uses of AI." The initiative represents Trump's campaign promise to position America as the dominant global AI leader while dismantling Biden-era AI safety requirements rescinded on Trump's first day in office.

Read more of this story at Slashdot.

Apple today announced AppleCare One, a insurance subscription service that covers multiple products under a single plan for $19.99 per month. The service protects up to three devices, with additional products costing $5.99 monthly each. AppleCare One provides identical coverage to AppleCare Plus, including battery protection, unlimited accidental damage repairs, and priority support. The service accepts products up to four years old, compared to AppleCare Plus's 60-day enrollment window, though Apple requires older devices to be in "good condition" and may conduct diagnostic testing. Headphones must be less than one year old for eligibility. Theft and Loss coverage comes standard for iPhone, iPad, and Apple Watch. The service goes live tomorrow.

Read more of this story at Slashdot.

A record-breaking heat wave across Western Europe in June and July has triggered a political battle over air conditioning installation, with right-wing parties demanding widespread adoption while government officials warn of environmental consequences. More than 1,000 French schools closed partially or completely due to lack of air conditioning during the heat wave. Marine Le Pen's far-right National Rally party proposed a major campaign to install air conditioning in schools, hospitals and other institutions. UK Conservatives urged London's Labour mayor to eliminate restrictions on air conditioning in new housing, while Spain's Vox party highlighted air-conditioning breakdowns to criticize establishment parties. French Energy Minister Agnes Pannier-Runacher countered that large-scale air conditioning would heat streets with exhaust, worsening heat waves. Europe is the fastest-warming continent, heating twice the global average since the 1980s. One study predicts air conditioning will increase Italy's annual power demand by 10% by 2050.

Read more of this story at Slashdot.

Michael Prokop has posted a lengthy list of changes coming in the Debian "trixie" release, due in early August. "As usual with major upgrades, there are some things to be aware of, and hereby I'm starting my public notes on trixie that might be worth for other folks. My focus is primarily on server systems and looking at things from a sysadmin perspective."

Python has recently seen a number of experiments to improve its parallel performance, including exposing subinterpreters as part of the standard library. These allow separate threads within the same Python process to run simultaneously, as long as any data sent between them is copied, rather than shared. PEP 795 ("Deep Immutability in Python") seeks to make efficient sharing of data between subinterpreters possible by allowing Python objects to be "frozen", so that they can be accessed from multiple subinterpreters without copying or synchronization. That task is more difficult than it seems, and the PEP prompted a good deal of skepticism from the Python community.

Security updates have been issued by AlmaLinux (cloud-init, fence-agents, git, kernel, and kernel-rt), Debian (openjdk-11), Fedora (firefox, golang, libinput, transfig, and yasm), Mageia (qtbase5, qtbase6), Red Hat (fence-agents, go-toolset:rhel8, golang, kernel, and python-setuptools), Slackware (mozilla), SUSE (cyradm, gstreamer-plugins-base, and xen), and Ubuntu (gdk-pixbuf, jq, linux-gcp, linux-gcp-6.8, linux-oracle, ruby-sinatra, thunderbird, and unbound).

An anonymous reader quotes a report from The Guardian: During his latest trip to Washington, OpenAI's chief executive, Sam Altman, painted a sweeping vision of an AI-dominated future in which entire job categories disappear, presidents follow ChatGPT's recommendations and hostile nations wield artificial intelligence as a weapon of mass destruction, all while positioning his company as the indispensable architect of humanity's technological destiny. Speaking at the Capital Framework for Large Banks conference at the Federal Reserve board of governors, Altman told the crowd that certain job categories would be completely eliminated by AI advancement. "Some areas, again, I think just like totally, totally gone," he said, singling out customer support roles. "That's a category where I just say, you know what, when you call customer support, you're on target and AI, and that's fine." The OpenAI founder described the transformation of customer service as already complete, telling the Federal Reserve vice-chair for supervision, Michelle Bowman: "Now you call one of these things and AI answers. It's like a super-smart, capable person. There's no phone tree, there's no transfers. It can do everything that any customer support agent at that company could do. It does not make mistakes. It's very quick. You call once, the thing just happens, it's done." The OpenAI founder then turned to healthcare, making the suggestion that AI's diagnostic capabilities had surpassed human doctors, but wouldn't go so far as to accept the superior performer as the sole purveyor of healthcare. "ChatGPT today, by the way, most of the time, can give you better -- it's like, a better diagnostician than most doctors in the world," he said. "Yet people still go to doctors, and I am not, like, maybe I'm a dinosaur here, but I really do not want to, like, entrust my medical fate to ChatGPT with no human doctor in the loop." [...] At the fireside chat, he said one of his biggest worries was over AI's rapidly advancing destructive capabilities, with one scenario that kept him up at night being a hostile nation using these weapons to attack the US financial system. And despite being in awe of advances in voice cloning, Altman warned the crowd about how that same benefit could enable sophisticated fraud and identity theft, considering that "there are still some financial institutions that will accept the voiceprint as authentication".

Read more of this story at Slashdot.

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. From a report: The list of entities that would have to follow the new proposed legislation includes local councils, schools, and the publicly funded National Health Service (NHS). "Ransomware is estimated to cost the UK economy millions of pounds each year, with recent high-profile ransomware attacks highlighting the severe operational, financial, and even life-threatening risks. The ban would target the business model that fuels cyber criminals' activities and makes the vital services the public rely on a less attractive target for ransomware groups," the UK government said. "We're determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change. By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware," Security Minister Dan Jarvis added.

Read more of this story at Slashdot.