This Year’s Super Bowl Broadcast May Seem ‘Crypto-Happy’. But the NFL Isn’t

During today’s telecast of the Super Bowl, 100 million Americans will see at least three commercials promoting cryptocurrency, reports the Washington Post, “and though Tom Brady may be gone from the game, he hovers over it, hawking crypto exchange FTX.”

“Yet the hype belies a more complicated relationship. Unlike the National Basketball Association, the National Football League, the country’s most popular sports league, has essentially prohibited its teams from using crypto.”

It’s a microcosm of the broader cultural battle between those touting the currency as the shiny future and others warning of its dangers…. [T]he headlines often come with a negative tint. New York Times columnist and economist Paul Krugman warned last month about crypto’s parallels to the subprime mortgage crisis. This week, the FBI arrested a New York couple for allegedly conspiring to launder billions in crypto. That can scare the large corporate entities of professional sports, particularly the NFL, whose love of fresh revenue sources is matched only by its fear of public relations disasters…. In September, a memo revealed by the Athletic showed the league’s restrictive attitude toward crypto… “Clubs are prohibited from selling, or otherwise allowing within club controlled media, advertisements for specific cryptocurrencies, initial coin offerings, other cryptocurrency sales or any other media category as it relates to blockchain, digital asset or as blockchain company, except as outlined in this policy,” it said.

The NFL has made some forays into NFTs, or non-fungible tokens, the digitally watermarked tools that are crypto’s less controversial cousin, signing up for a partnership with Ticketmaster for NFTs of Super Bowl tickets and an NFT video highlight program with Dapper Labs, one of the leaders in the space. And of course the Super Bowl is taking place at SoFi Stadium, named for the digitally minded financial firm. But sponsorships from crypto exchanges remain off-limits, and the idea of the NFL creating a cryptocurrency, which some enthusiasts have advocated, is the stuff of fantasy. Even the Super Bowl commercials going for as much as $7 million for 30 seconds — which the league authorizes — include only exchanges such as FTX and not currencies themselves….

The NFL has formed an internal working group to study the regulatory, brand and other consequences of partnering with crypto companies but has set no timetable for when its rules could be revised. Renie Anderson, the NFL’s chief revenue officer, said the league is moving slowly by design. “We don’t want to put everything and the kitchen sink into this,” she said by phone from the site of Super Bowl events in Los Angeles. “We don’t know where a lot of this is going, so what we’re trying to do is testing and learning so we can understand.” She cited regulatory and market forces that are still coming into focus. (The Treasury Department and other federal agencies have been ramping up their efforts to create a regulatory framework for crypto, but there remains a degree of murkiness around what the future limits might be.) The NFL, Anderson said, would rather act after there’s clarity. “It’s hard to unwind something like a naming rights deal,” she said, “and I’d rather not have to undo opportunities two years later because there are rules against advertising or marketing certain things.”

National Basketball Association executives, however, say they see a major opportunity right now.

The article also points out that one football star even says he converted his $750,000 salary to Bitcoin. Though one sports analyst calculates that if the purchase was made on November 12th, after federal and state taxes it’s now worth about $35,000.

Read more of this story at Slashdot.

Journalist Labeled ‘Hacker’ By Missouri’s Governor Will Not Be Prosecuted

Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state web site? The St. Louis Post-Dispatch’s reporter informed the state government and delayed publishings his findings until they’d fixed the hole — but the state’s governor then demanded the reporter’s prosecution, labelling him “a hacker.” In the months that followed, throughout a probe — which for some reason was run by the state’s Highway Patrol — the governor had continued to suggest that prosecution of that reporter was imminent.

But it’s not. The St. Louis Post-Dispatch reports:
A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges….

Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson’s office believed the decision “was properly addressed….” Post-Dispatch Publisher Ian Caso said in a statement Friday: “We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state’s failures and for political purposes….”

There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they’re exploited….
A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was “standing up to the fake news media.”
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.

Read more of this story at Slashdot.

America’s Cybersecurity Agency is Now Urging ‘Heightened Posture’ Against Russian Cyberattacks

America’s Cybersecurity and Infrastructure Agency (CISA) “says that American companies should be extra wary about potential hacking attempts from Russia as tensions with the country rise,” reports PC Magazine:

Even if Russia doesn’t invade Ukraine, it has often targeted the country with what Wired has characterized as “many of the most costly cyberattacks in history.” Those attacks might not always be confined to Ukraine, however, which is where CISA’s new Shields Up campaign comes in…. CISA says that it “recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.” It also says that it’s collaborated with its “critical infrastructure partners” to raise awareness of these risks.
The agency wants everyone to “reduce the likelihood of a damaging cyber intrusion,” “take steps to quickly detect a potential intrusion,” “ensure that the organization is prepared to respond if an intrusion occurs,” and “maximize the organization’s resilience to a destructive cyber incident.” CISA offers advice related to each of those focus areas on its website.

Earlier this week CISA also added 15 “known exploited” vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft:

The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. “It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria,” Parkin said. “With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline.”

Read more of this story at Slashdot.

US Nuclear Power Plants Contain Dangerous Counterfeit Parts, Report Finds

At least some nuclear power plants in the US contain counterfeit parts that could pose significant risks, an investigation by the inspector general’s office of the Nuclear Regulatory Commission has found. Those parts “present nuclear safety and security concerns that could have serious consequences,” says the resulting report (PDF) published on February 9th. The Verge reports: The investigation was conducted after unnamed individuals alleged that “most, if not all,” nuclear plants in the US have fake or faulty parts. The inspector general’s office uncovered problems with counterfeit parts at a few different plants as part of its investigation. The report also says that the DOE had separately flagged 100 “incidents” involving counterfeit parts just last year. It’s a problem that the US will have to crack down on if it moves forward with plans to include nuclear power in its transition to clean energy. Without greater oversight at the NRC, the report warns, the risk of counterfeit parts going unnoticed in the nation’s nuclear power plants could rise.

As part of its inquiry, the inspector general’s office looked for parts that are illegally altered to look like legitimate products, parts that are “intentionally misrepresented to deceive,” and parts that don’t meet product specifications. It sampled four power plants across the US and found evidence of counterfeit parts at one of those plants in the midwest. It also points to nuclear power plants in the Northeast, separate from those it sampled, where a “well-placed NRC principal” found that counterfeit parts were involved in two separate component failures.

The NRC might be underestimating the prevalence of counterfeit parts, the report warns, because the regulatory agency doesn’t have a robust system in place for tracking problematic parts. It only requires plants to report counterfeits in extraordinary circumstances, like if they lead to an emergency shutdown of a reactor. The report also notes that the NRC hasn’t thoroughly investigated all counterfeit allegations. There were 55 nuclear power plants operating in the US as of September 2021, and the inspector general’s office sampled just four for its report. NRC Public Affairs Officer Scott Burnell told The Verge in an email that “nothing in the report suggests an immediate safety concern. The NRC’s office of the Executive Director for Operations is thoroughly reviewing the report and will direct the agency’s program offices to take appropriate action.”

Read more of this story at Slashdot.

Intel’s Pay-As-You-Go CPU Feature Gets Launch Window

Intel’s mysterious Software Defined Silicon (SDSi) mechanism for adding features to Xeon CPUs will be officially supported in Linux 5.18, the next major release of the operating system. Tom’s Hardware reports: SDSi allows users to add features to their CPU after they’ve already purchased it. Formal SDSi support means that the technology is coming to Intel’s Xeon processors that will be released rather shortly, implying Sapphire Rapids will be the first CPUs with SDSi. Intel started to roll out Linux patches to enable its SDSi functionality in the OS last September. By now, several sets of patches have been released and it looks like they will be added to Linux 5.18, which is due this Spring. Hans de Goede, a long-time Linux developer who works at Red Hat on a wide array of hardware enablement related projects, claims that SDSi will land in Linux 5.18 if no problems emerge, reports Phoronix. “Assuming no major issues are found, the plan definitely is to get this in before the 5.18 merge window,” said de Goede.

Intel Software Defined Silicon (SDSi) is a mechanism for activating additional silicon features in already produced and deployed server CPUs using the software. While formal support for the functionality is coming to Linux 5.18 and is set to be available this spring, Intel hasn’t disclosed what exactly it plans to enable using its pay-as-you-go CPU upgrade model. We don’t know how it works and what it enables, but we can make some educated guesses. […]

Read more of this story at Slashdot.