Crooks Bypassed Google’s Email Verification To Create Workspace Accounts, Access 3rd-Party Services

Brian Krebs writes via KrebsOnSecurity: Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. […] Google Workspace offers a free trial that people can use to access services like Google Docs, but other services such as Gmail are only available to Workspace users who can validate control over the domain name associated with their email address. The weakness Google fixed allowed attackers to bypass this validation process. Google emphasized that none of the affected domains had previously been associated with Workspace accounts or services.

“The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification during the signup process,” [said Anu Yamunan, director of abuse and safety protections at Google Workspace]. “The vector here is they would use one email address to try to sign in, and a completely different email address to verify a token. Once they were email verified, in some cases we have seen them access third party services using Google single sign-on.” Yamunan said none of the potentially malicious workspace accounts were used to abuse Google services, but rather the attackers sought to impersonate the domain holder to other services online.

Read more of this story at Slashdot.

ServiceNow Embroiled In DOJ Probe of Government Contract Award

snydeq shares a report from CIO.com: ServiceNow has reported potential compliance issues to the US Department of Justice “related to one of its government contracts” as well as the hiring of the then-CIO of the US Army to be its head of global public sector, the company said in regulatory filings on Wednesday. The DOJ is looking into the matter. Following an internal investigation, ServiceNow said, its President and COO, CJ Desai, has resigned, while “the other individual has also departed the company.” That executive, Raj Iyer, told CIO.com, “I resigned because I didn’t want to be associated with this fiasco in any way. It’s not my fault.”

CEO Bill McDermott told financial analysts in a conference call Wednesday that someone within ServiceNow had complained about the situation and that an internal probe “determined that our company policy was violated.”

“Acting with total transparency, the company proactively disclosed the findings of the investigation to the proper government entities. And as a result, today, we’re announcing the departure of the individual whose hiring was the subject of the original complaint,” McDermott said. “We also came to a mutual agreement that CJ Desai, our President and COO, would offer his resignation from the company effective immediately. While we believe this was an isolated incident, we are further sharpening our hiring policies and procedures as a result of the situation.”

Read more of this story at Slashdot.

California Supreme Court Upholds Gig Worker Law In a Win For Ride-Hail Companies

In a major victory for ride-hail companies, California Supreme Court upheld a law classifying gig workers as independent contractors, maintaining their ineligibility for benefits such as sick leave and workers’ compensation. This decision concludes a prolonged legal battle and supports the 2020 ballot measure Proposition 22, despite opposition from labor groups who argued it was unconstitutional. Politico reports: Thursday’s ruling capped a yearslong battle between labor and the companies over the status of workers who are dispatched by apps to deliver food, buy groceries and transport customers. A 2018 Supreme Court ruling and a follow-up bill would have compelled the gig companies to treat those workers as employees. A collection of five firms then spent more than $200 million to escape that mandate by passing the 2020 ballot measure Proposition 22 in one of the most expensive political campaigns in American history. The unanimous ruling on Thursday now upholds the status quo of the gig economy in California.

As independent contractors, gig workers are not entitled to benefits like sick leave, overtime and workers’ compensation. The SEIU union and four gig workers, ultimately, challenged Prop 22 based on its conflict with the Legislature’s power to administer workers’ compensation, specifically. The law, which passed with 58 percent of the vote in 2020, makes gig workers ineligible for workers’ comp, which opponents of Prop 22 argued rendered the entire law unconstitutional. […] Beyond the implications for gig workers, the heavily-funded Prop 22 ballot campaign pushed the limits of what could be spent on an initiative, ultimately becoming the most expensive measure in California history. Uber and Lyft have both threatened to leave any states that pass laws not classifying their drivers as independent contractors. The decision Thursday closes the door to that possibility for California.

Read more of this story at Slashdot.

AI Models Face Collapse If They Overdose On Their Own Output

According to a new study published in Nature, researchers found that training AI models using AI-generated datasets can lead to “model collapse,” where models produce increasingly nonsensical outputs over generations. “In one example, a model started with a text about European architecture in the Middle Ages and ended up — in the ninth generation — spouting nonsense about jackrabbits,” writes The Register’s Lindsay Clark. From the report: [W]ork led by Ilia Shumailov, Google DeepMind and Oxford post-doctoral researcher, found that an AI may fail to pick up less common lines of text, for example, in training datasets, which means subsequent models trained on the output cannot carry forward those nuances. Training new models on the output of earlier models in this way ends up in a recursive loop. In an accompanying article, Emily Wenger, assistant professor of electrical and computer engineering at Duke University, illustrated model collapse with the example of a system tasked with generating images of dogs. “The AI model will gravitate towards recreating the breeds of dog most common in its training data, so might over-represent the Golden Retriever compared with the Petit Basset Griffon Vendéen, given the relative prevalence of the two breeds,” she said.

“If subsequent models are trained on an AI-generated data set that over-represents Golden Retrievers, the problem is compounded. With enough cycles of over-represented Golden Retriever, the model will forget that obscure dog breeds such as Petit Basset Griffon Vendeen exist and generate pictures of just Golden Retrievers. Eventually, the model will collapse, rendering it unable to generate meaningful content.” While she concedes an over-representation of Golden Retrievers may be no bad thing, the process of collapse is a serious problem for meaningful representative output that includes less-common ideas and ways of writing. “This is the problem at the heart of model collapse,” she said.

Read more of this story at Slashdot.