DraftKings Warns Data of 67,000 People Was Exposed In Account Hacks

Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November. BleepingComputer reports: In credential stuffing attacks, automated tools are used to make a massive number of attempts to sign into accounts using credentials (user/password pairs) stolen from other online services. […] In a data breach notification filed with the Main Attorney General’s office, DraftKings disclosed that the data of 67,995 people was exposed in last month’s incident. The company said the attackers obtained the credentials needed to log into the customers’ accounts from a non-DraftKings source.

“In the event an account was accessed, among other things, the attacker could have viewed the account holder’s name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change,” the breach notification reads. “At this time, there is currently no evidence that the attackers accessed your Social Security number, driver’s license number or financial account number. While bad actors may have viewed the last four digits of your payment card, your full payment card number, expiration date, and your CVV are not stored in your account.”

After detecting the attack, DraftKings reset the affected accounts’ passwords and said it implemented additional fraud alerts. It also restored the funds withdrawn as a result of the credential attack, refunding up to $300,000 identified as stolen during the incident, as DraftKings President and Cofounder Paul Liberman said in November. The common denominator for user accounts that got hijacked seems to be an initial $5 deposit followed by a password change, enabling two-factor authentication (2FA) on a different phone number and then withdrawing as much as possible from the victims’ linked bank accounts. While DraftKings has not shared additional info on how the attackers stole funds, BleepingComputer has since learned that the attack was conducted by a threat actor selling stolen accounts with deposit balances on an online marketplace for $10 to $35. The sales included instructions on how the buyers could make $5 deposits and withdraw all of the money from hijacked DraftKings user accounts.
“After DraftKings announced the credential stuffing attack, they locked down the breached accounts, with the threat actors warning that their campaign was no longer working,” adds the report.

“The company is now advising customers never to use the same password for multiple online services, never share their credentials with third-party platforms, turn on 2FA on their accounts immediately, and remove banking details or unlink their bank accounts to block future fraudulent withdrawal requests.”

Read more of this story at Slashdot.

OneCoin Co-Founder Pleads Guilty To $4 Billion Fraud

Karl Sebastian Greenwood, co-founder of sham “Bitcoin-killer” OneCoin, pleaded guilty in Manhattan federal court to charges of conspiring to defraud investors and to launder money. “Greenwood was arrested in Thailand in July 2018 and subsequently extradited to the US,” reports The Register. “OneCoin’s other co-founder, ‘Cryptoqueen’ Ruja Ignatova (Dr. Ruja Ignatova — she has a law degree), remains a fugitive on the FBI’s Ten Most Wanted list and on Europol’s Most Wanted list.” From the report: “As a founder and leader of OneCoin, Karl Sebastian Greenwood operated one of the largest international fraud schemes ever perpetrated,” said US Attorney Damian Williams in a statement. “Greenwood and his co-conspirators, including fugitive Ruja Ignatova, conned unsuspecting victims out of billions of dollars, claiming that OneCoin would be the ‘Bitcoin killer.’ In fact, OneCoins were entirely worthless.” The US has charged at least nine individuals across four related cases, including Greenwood and Ignatova, with fraud charges related to OneCoin. Authorities in China have prosecuted 98 people accused of trying to sell OneCoin. Police in India arrested 18 for pitching the Ponzi scheme.

According to the Justice Department, Greenwood and Ignatova founded OneCoin in Sofia, Bulgaria, in 2014. Until 2017 or so, they’re said to have marketed OneCoin as a cryptocurrency to investors. The OneCoin exchange was shut down in January 2017, but trades evidently continued among affiliated individuals for some time. The OneCoin.eu website remained online until 2019. In fact, OneCoin was a multi-level marketing (MLM) pyramid scheme in which network members received commissions when they managed to recruit people to buy OneCoin. The firm’s own promotional materials claim more than three million people invested. And between Q4 2014 and Q4 2016, company records claim OneCoin generated more than $4.3 billion in revenue and $2.9 billion in purported profits. At the top of the MLM pyramid, Greenwood is said to have earned $21 million per month. Greenwood and others claimed that OneCoin was mined using computing power like BitCoin and recorded on a blockchain. But it wasn’t. As Ignatova allegedly put it in an email to Greenwood, “We are not mining actually — but telling people shit.”

OneCoin’s value, according to the Feds, was simply set by those managing the company — they manipulated the OneCoin exchange to simulate trading volatility but the price of OneCoin always closed higher than it opened. In an August 1, 2015 email, Ignatova allegedly told Greenwood that one of the goals for the OneCoin trade exchange was “always close on a high price end of day open day with high price, build confidence — better manipulation so they are happy.” According to the Justice Department, the value assigned to OneCoin grew steadily from $0.53 to approximately $31.80 per coin and never declined.

Read more of this story at Slashdot.

EU Agrees To the World’s Largest Carbon Border Tax

Longtime Slashdot reader WindBourne writes: EU is creating a tariff on certain imported goods based on their CO2 emissions that went into production and transportation. While many have opposed this, others have been correctly pointing out that little would change until nations started charging other nations for their polluting the world. In some ways, this already has a number of attributes going for it. With Kyoto, Europe forced that emissions from bio would count at the point where it was harvested and not where it was burned/utilized. This was because Europe is a major importer of bio products for heating and electricity. With this tariff, it will apply any use of bio, including H2, at point of usage, not of production.

What remains to be seen is:
1) How they will apply it to size (Nation? State? City?)?
2) What data will be used (Information from the local government? Satellite?)?
3) How the data will be normalized (GDP? Per capita?)?
4) How to calculate emissions per good (Total emissions? Worst item? Certain parts?)?
This will no doubt cause a number of nations to scream about it, as well as smaller nations, but hopefully, more nations will join in as well. Looks like the world is finally going to get serious about stopping greenhouse gas emissions. “The measure will apply first to iron and steel, cement, aluminum, fertilizers, electricity production and hydrogen before being extended to other goods,” notes CNN. “Under the new mechanism, companies will need to buy certificates to cover emissions generated by the production of goods imported into the European Union based on calculations linked to the EU’s own carbon price.”

Details of the Carbon Border Adjustment Mechanism can be found here.

Read more of this story at Slashdot.

Tumblr Is Launching a Livestreaming Feature

Tumblr is adding support for livestreaming via the video platform Livebox. The Verge reports: Tumblr has supported streaming in the past, but it did so by letting people share streams from other services like YouNow and YouTube. The new option is described as a native Tumblr streaming service powered by Livebox. (Livebox is operated by the Meet Group, a subsidiary of the dating app company ParshipMeet Group.) Livebox allows users to tip streamers, and by the same token, Tumblr will let you pay creators in a virtual currency called “Diamonds.” Livebox provides AI- and human-powered moderation for streams, according to a press release; the service also lets streamers designate trusted viewers as moderators. The streaming service is so far only supported for people’s primary Tumblr blog, not any side blogs under the same account. The feature is being rolled out to US users on iOS and Android now, and a release for global users and the desktop site is planned for the future. More details are outlined in a blog post, which dubs the service Tumblr Live.

Read more of this story at Slashdot.

Binance’s Books Are a Black Box, Filings Show, As It Tries To Rally Confidence

The world’s biggest crypto exchange, Binance, is battling to shore up confidence after a surge in customer withdrawals and a steep drop in the value of its digital token. Reuters reports: The exchange said it dealt with net outflows of around $6 billion over 72 hours last week “without breaking stride” because its finances are solid and “we take our responsibility as a custodian seriously.” After the collapse of rival exchange FTX last month, Binance’s founder Changpeng Zhao promised his company would “lead by example” in embracing transparency. Yet a Reuters analysis of Binance’s corporate filings shows that the core of the business — the giant Binance.com exchange that has processed trades worth over $22 trillion this year — remains mostly hidden from public view.

Binance declines to say where Binance.com is based. It doesn’t disclose basic financial information such as revenue, profit and cash reserves. The company has its own crypto coin, but doesn’t reveal what role it plays on its balance sheet. It lends customers money against their crypto assets and lets them trade on margin, with borrowed funds. But it doesn’t detail how big those bets are, how exposed Binance is to that risk, or the full extent of its reserves to finance withdrawals. Binance is not required to publish detailed financial statements because it is not a public company, unlike U.S. rival Coinbase, which is listed on the Nasdaq. Nor has Binance raised outside capital since 2018, industry data show, which means it hasn’t had to share financial information with external investors since then.

In an effort to look inside Binance’s books, Reuters reviewed filings by Binance units in 14 jurisdictions where the exchange on its website says it has “regulatory licenses, registrations, authorisations and approvals.” These locations include several European Union states, Dubai and Canada. Zhao has described the authorisations as milestones in Binance’s “journey to being fully licensed and regulated around the world.” The filings show that these units appear to have submitted scant information about Binance’s business to authorities. The public filings do not show, for example, how much money flows between the units and the main Binance.com exchange. The Reuters analysis also found that several of the units appear to have little activity. Former regulators and ex-Binance executives say these local businesses serve as window dressing for the main unregulated exchange. Binance Chief Strategy Officer Patrick Hillmann said the Reuters analysis of the units’ filings in the 14 jurisdictions was “categorically false.”

Binance’s Hillmann did not comment on the Reuters estimates. “The vast majority of our revenue is made on transaction fees,” he said, adding that the exchange has been able to “accumulate large corporate reserves” by keeping expenses down. Binance’s “capital structure is debt free” and the company keeps its money made from fees separate from the assets it buys and holds for users, Hillmann said.
Further reading: Binance US To Buy Bankrupt Voyager Digital’s Assets for $1 Billion

Read more of this story at Slashdot.

Op-Ed Argues ‘Put Down the Burger’ to Protect Earth’s Biodiversity

“Earth is in the midst of the worst mass extinction since an asteroid wiped out the dinosaurs 66 million years ago — and this time, the asteroid is us.” So says Michael Grunwald, an environmentalist, in an opinion piece for the New York Times.

But his larger point is that “biodiversity loss is not that complicated a mystery.” The amount of area on planet earth devoted ot agriculture is now more than twice the size of North America.

We’re destroying and degrading the habitats of other species to grow food for our own. This means the fate of the world’s bugs, bunnies and other creatures and critters — and what’s left of the forests, wetlands and other habitats they call home — depends more than anything else on what we put in our mouths and how it gets made….

Humanity needs to start shrinking our agricultural footprint and expanding our natural footprint, after thousands of years of doing the reverse. This will be an extraordinary challenge, because we’ll also need to produce more than 7.4 quadrillion additional calories every year to feed our growing population, in an era when climate-fueled droughts, heat waves, floods and blights could make it harder to grow food…. If we are serious about cleaning up the mess we’re making for less influential species, there are four things individuals as well as nations and corporations can do. The first is to eat less meat, which would be a lot easier if meat weren’t so beloved and delicious….

But the inconvenient truth is that when we eat cows, chickens and other livestock, we might as well be eating macaws, jaguars and other endangered species. That’s because livestock chew up far more land per calorie than crops. Producing beef is 100 times as land-intensive as cultivating potatoes and 55 times as land-intensive as peas or nuts. Livestock now use nearly 80 percent of agricultural land while producing less than 20 percent of calories. Cattle are the leading driver of deforestation in the Amazon, followed by soybeans, another commodity, which get fed to pigs and chickens…. If Americans continue to average three burgers a week while the developing world starts to follow our path, it’s hard to see how the Amazon survives.

But it’s at least possible that we could shrink agricultural footprints by shifting our diets toward meat made without livestock, like the plant-based substitutes offered by companies such as Impossible Foods and Beyond Meat or maybe someday cultured meat grown from animal cells.
Grunwald also recommends wasting less food. “About a third of the food grown on Earth is lost or tossed before it reaches our mouths, which means a third of the land (as well as the water, fertilizer and other resources) used to grow that food is also wasted.”

The third way to ease the global land squeeze “would be to stop using productive farmland for biofuels like ethanol and biodiesel — and to stop burning trees for power.” And finally, “farmers will have to supersize their yields enough to make a lot more food with a lot less land.

Read more of this story at Slashdot.

New Nonprofit ‘Flickr Foundation’ Hopes to Preserve Its Billions of Photos For 100 Years

“Content of every type disappears from the internet all the time…” writes Popular Photography’s long-time “gear editor” (for photography equipment).

But someone’s doing something about it: the newly-founded Flickr Foundation, which has announced plans “to make sure Flickr will be preserved for future generations.” Or, as Popular Photography puts it, to stop photos “from suffering the same ill fate as our MySpace photos” — providing the example of important historical photos.

One particular collection their article notes is The Flickr Commons, “started back in 2008 as a collaborative effort with the Library of Congress to make publicly held photography collections readily available online for people seeking them out.”

It’s a massive, eclectic, fascinating archive that pulls images and content from around the world. This new organization hopes to integrate more partners and ensure that everything remains available and easily accessible…. If you’re not already familiar with The Commons, it’s a really fascinating online resource. It grants access to everything from historical portraits to scientific images and everything in between. It’s easy to get lost in the sheer volume of images available on the site, but Flickr relies on curators in order to bring notable images to the forefront and keep things organized and available.

With the establishment of the new foundation, Flickr hopes that it can keep this archive running to 2122 and beyond. It will doubtlessly add countless more images along the way.

Flickr is currently hiring a new archivist, according to their announcement (which also points out that the Flickr API was one of the first public APIs ever).

Among other things, it says that the foundation hopes to “investigate preservation strategies that could last for the next century,”

Read more of this story at Slashdot.

Ask Slashdot: Where Are the Modern Terminal Emulators?

Slashdot reader SoftwareArtist writes:

Terminal emulators have barely changed in 30 years. They’re still just scrolling windows of unstructured text. Why is there so little innovation in an application we use every day?

There are so many ways they could be modernized to help us be more productive. For example:

– If I type ls to show a directory listing, I should be able to right-click on a filename and get a list of operations to perform on that file, just like a file browser.

– If I start to type a filename and press tab twice, it shouldn’t just print a list of possible completions. It should provide a popup to select the one I want.
– Why can’t I cat an image file and see the image right in the terminal window?

Are there any modern terminals that update this important tool for the 21st century? And if not, what prevents them?

Read more of this story at Slashdot.

IBM To Create 24-Core Power Chip So Customers Can Exploit Oracle Database License

IBM has quietly announced it’s planning a 24-core Power 10 processor, seemingly to make one of its servers capable of running Oracle’s database in a cost-effective fashion. From a report: A hardware announcement dated December 13 revealed the chip in the following “statement of general direction” about Big Blue’s Power S1014 technology-based server: “IBM intends to announce a high-density 24-core processor for the IBM Power S1014 system (MTM 9105-41B) to address application environments utilizing an Oracle Database with the Standard Edition 2 (SE2) licensing model. It intends to combine a robust compute throughput with the superior reliability and availability features of the IBM Power platform while complying with Oracle Database SE2 licensing guidelines.”

Read more of this story at Slashdot.

As GitHub Retires ‘Atom’, Open Source ‘Pulsar’ Continues Its Legacy

In June GitHub announced they’d retire their customizable text editor Atom on December 15th — so they could focus their development efforts on the IDEs Microsoft Visual Studio Code and GitHub Codespaces. “As new cloud-based tools have emerged and evolved over the years, Atom community involvement has declined significantly,” according to a post on GitHub’s blog.

So while “GitHub and our community have benefited tremendously from those who have filed issues, created extensions, fixed bugs, and built new features on Atom,” this now means that:

– Atom package management will stop working
– No more security updates
– Teletype will no longer work
– Deprecated redirects that supported downloading Electron symbols and headers will no longer work
– Pre-built Atom binaries can continue to downloaded from the atom repository releases

Fortunately, in 2014 GitHub open sourced the code for Atom. And according to It’s FOSS News:

A community build for it is already available; however, there seems to be a new version (Pulsar) that aims to bring feature parity with the original Atom and introduce modern features and updated architecture….

The reason why they made a separate fork is because of different goals for the projects. Pulsar wants to modernize everything to present a successor to Atom. Of course, the user interface is much of the same. Considering Pulsar hasn’t had a stable release yet, the branding could sometimes seem all over the place. However, the essentials seem to be there with the documentation, packages, and features like the ability to install packages from Git repositories….

As of now, it is too soon to say if Pulsar will become something better than what the Atom community version offers. However, it is something that we can keep an eye on…. You can head to its official download page to get the package required for your system and test it out.

Like Atom, Pulsar is cross-platform support (supporting Linux, macOS, and Windows).

Read more of this story at Slashdot.