Feds Finally Decide To Do Something About Years-Old SS7 Spy Holes In Phone Networks

Jessica Lyons reports via The Register: The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor wireless devices. At issue are the Signaling System Number 7 (SS7) and Diameter protocols, which are used by fixed and mobile network operators to enable interconnection between networks. They are part of the glue that holds today’s telecommunications together. According to the US watchdog and some lawmakers, both protocols include security weaknesses that leave folks vulnerable to unwanted snooping. SS7’s problems have been known about for years and years, as far back as at least 2008, and we wrote about them in 2010 and 2014, for instance. Little has been done to address these exploitable shortcomings.

SS7, which was developed in the mid-1970s, can be potentially abused to track people’s phones’ locations; redirect calls and text messages so that info can be intercepted; and spy on users. The Diameter protocol was developed in the late-1990s and includes support for network access and IP mobility in local and roaming calls and messages. It does not, however, encrypt originating IP addresses during transport, which makes it easier for miscreants to carry out network spoofing attacks. “As coverage expands, and more networks and participants are introduced, the opportunity for a bad actor to exploit SS7 and Diameter has increased,” according to the FCC [PDF].

On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and — if known — the attacker’s identity. This time frame is significant because in 2018, the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC, issued several security best practices to prevent network intrusions and unauthorized location tracking. Interested parties have until April 26 to submit comments, and then the FCC has a month to respond.

Read more of this story at Slashdot.

Scientists Complete Construction of the Biggest Digital Camera Ever

Isaac Schultz reports via Gizmodo: Nine years and 3.2 billion pixels later, it is complete: the LSST Camera stands as the largest digital camera ever built for astronomy and will serve as the centerpiece of the Vera Rubin Observatory, poised to begin its exploration of the southern skies. The Rubin Observatory’s key goal is the 10-year Legacy Survey of Space and Time (LSST), a sweeping, near-constant observation of space. This endeavor will yield 60 petabytes of data on the composition of the universe, the nature and distribution of dark matter, dark energy and the expansion of the universe, the formation of our galaxy, our intimate little solar system, and more. The camera will use its 5.1-foot-wide optical lens to take a 15-second exposure of the sky every 20 seconds, automatically changing filters to view light in every wavelength from near-ultraviolet to the near-infrared. Its constant monitoring of the skies will eventually amount to a timelapse of the heavens; it will highlight fleeting events for other scientists to train their telescopes on, and monitor changes in the southern sky.

To do this, the team needed a Rolls Royce of a digital camera. Mind you, the camera actually cost many million times that of an actual Royce Royce, and at 6,200 pounds (2,812 kilograms), it weighs a lot more than a fancy car. Each of the 21 rafts that makes up the camera’s focal plane is the price of a Maserati, and are worth every penny if they collect the sort of data scientists expect them to. “I’m personally most excited to study the expansion of the Universe using gravitational lenses to better understand Dark Energy,” said Aaron Roodman, a physicist at SLAC and lead on the camera program, in an email to Gizmodo. “That means two things: 1) measuring the brightness in all six of our filters of literally billions of galaxies and very carefully measuring their shape, which has been subtly altered by the bending of light by matter, and 2) discovering and studying very special objects where a distant quasar is almost perfectly lined up with a more nearby galaxy.”

Speaking through a SLAC release, Rodman said the camera’s images could “resolve a golf ball from around 15 miles away, while covering a swath of the sky seven times wider than the full moon.” The first images from the Rubin Observatory are slated to be publicly released in March 2025, which feels like a long way away. But several important agenda items still need to happen. For one, the SLAC team has to ship the LSST camera safely to Chile from its current lodgings in northern California. (Don’t worry — they’ve made a test run of the journey.) Then, the observatory’s mirrors need to be readied for testing and the observatory’s dome has to be completed, among some other tasks. But whenever all that is complete, the legacy survey will launch into a decade’s worth of scientific discovery. Rubin Observatory estimates suggest that LSST could “increase the number of known objects by a factor of 10,” according to a SLAC release.

Read more of this story at Slashdot.

ChatGPT Customers Can Now Use AI To Edit DALL-E Images

Intel Discloses $7 Billion Operating Loss For Chip-Making Unit

Intel on Tuesday disclosed $7 billion in operating losses for its foundry business in 2023, “a steeper loss than the $5.2 billion in operating losses the year before,” reports Reuters. “The unit had revenue of $18.9 billion for 2023, down 31% from $63.05 billion the year before.” From the report: Intel shares were down 4.3% after the documents were filed with the U.S. Securities and Exchange Commission (SEC). During a presentation for investors, Chief Executive Pat Gelsinger said that 2024 would be the year of worst operating losses for the company’s chipmaking business and that it expects to break even on an operating basis by about 2027. Gelsinger said the foundry business was weighed down by bad decisions, including one years ago against using extreme ultraviolet (EUV) machines from Dutch firm ASML. While those machines can cost more than $150 million, they are more cost-effective than earlier chip making tools.

Partially as a result of the missteps, Intel has outsourced about 30% of the total number of wafers to external contract manufacturers such as TSMC, Gelsinger said. It aims to bring that number down to roughly 20%. Intel has now switched over to using EUV tools, which will cover more and more production needs as older machines are phased out. “In the post EUV era, we see that we’re very competitive now on price, performance (and) back to leadership,” Gelsinger said. “And in the pre-EUV era we carried a lot of costs and (were) uncompetitive.”

Read more of this story at Slashdot.

Bitcoin Tumbles $5,000 In 24 Hours As Interest Rates Jump

Bitcoin fell more than 4.76% on Tuesday to $66,134 amid rising Treasury yields and strength in the U.S. dollar. CNBC reports: On Monday morning, it was trading at about $70,000 before data came out showing growth in the manufacturing sector for the first time since September 2022 and investor bets on June rate cuts began to cool. Bitcoin is now off its all-time high, reached on March 14, by about 11%. Ether went down with it, losing 5.6% to trade at $3,240.27. Meanwhile, the 10-year U.S. Treasury yield hit its highest level of the year and the dollar, which has an inverse relationship with bitcoin, hit a five-month high.

Bitcoin’s move may have been exacerbated by a large bitcoin holder, or “whale,” who transferred more than 4,000 bitcoin to the Bitfinex exchange late Monday night. Data from CryptoQuant shows a spike in that exchange’s reserves — which typically signals a boost in selling activity — that coincides with the sudden drop in bitcoin price late Monday night. Stocks tied to the performance of bitcoin were dragged down but traded off their lows to end the day.

Read more of this story at Slashdot.

Jon Stewart Claims Apple Wouldn’t Let Him Interview FTC Chair On His Podcast

Sara Fischer reports via Axios: Jon Stewart on Monday told Federal Trade Commission (FTC) Chair Lina Khan that Apple wouldn’t let him interview her for a podcast. “I wanted to have you on a podcast and Apple asked us not to do it,” “The Daily Show” host said to Khan, in reference to his former podcast that was an extension of his Apple TV+ comedy show “The Problem With Jon Stewart.” “They literally said ‘please don’t talk to her,’ having nothing to do with what you do for a living. I think they just… I didn’t think they cared for you is what happened,” he added during his conversation with Khan. “They wouldn’t let us do even that dumb thing we just did in the first act on AI. Like, what is that sensitivity? Why are they so afraid to even have these conversations out in the public sphere?”

Stewart returned to “The Daily Show” in February after leaving in 2015 as its executive producer and host on Monday evenings through the 2024 election cycle. Stewart’s Apple TV+ show ended late last year after Stewart and Apple executives parted ways over creative differences, including the comedian’s desire to cover topics such as China and AI, the New York Times reported.

Read more of this story at Slashdot.

Yahoo Is Buying Artifact, the AI News App From the Instagram Co-Founders

Yahoo is acquiring Artifact, the AI news app from Instagram’s co-founders that failed to make it big on its own. The Verge reports: The two sides declined to share the cost of the acquisition, but both made clear Yahoo is acquiring Artifact’s tech rather than its team. Mike Krieger and Kevin Systrom, Artifact’s co-founders, will be “special advisors” for Yahoo but won’t be joining the company. Artifact’s remaining five employees have either gotten other jobs or are planning to take some time off. The acquisition comes a bit more than a year after Artifact’s launch and about three months after Systrom and Krieger announced its death. […]

Artifact, the app, will go away once the acquisition is complete. But Artifact’s underlying tech for categorizing, curating, and personalizing content will soon start to show up on Yahoo News — and eventually on other Yahoo platforms, too. “You’ll see that stuff flowing into our products in the coming months,” says Downs Mulder. It sounds like there’s also a good chance that Yahoo’s apps might get a bit of Artifact’s speed and polish over time, too. Both Systrom and Downs Mulder say the integration will take time, that you can’t just drop an Artifact algorithm into Yahoo News and call it a day. But they see a possibility to get everybody into the future a little faster. Yahoo can develop a personalized content ecosystem, the “TikTok for text” that was so alluring to Artifact users. And Artifact can power a news service of the future.

Read more of this story at Slashdot.

VMware By Broadcom Plots Pair of Cloud Foundation Releases

An anonymous reader quotes a report from The Register: VMware by Broadcom will deliver a significant update to its flagship Cloud Foundation bundle in the middle of this year and follow it up with a major update early in 2025. Both releases will show off Broadcom’s plan to make the package easier to implement and operate, and hopefully assuage customer concerns about price rises. More on that later. First, the updates. One release is currently scheduled to debut in July, according to Paul Turner, vice-president of product management and the leader of the VMware Cloud Foundation (VCF) team. The release will allow use of a single license key for all the components of Cloud Foundation, improve OAuth support as a step towards single sign-on across the VMware range, and add an NSX overlay that will allow implementation of software-defined networks without requiring IP address changes.

Turner explained those features as exemplifying the sort of simplification VMware by Broadcom thinks is needed to make Cloud Foundation easier to implement. A bigger release Turner hopes will debut in early 2025 — though he would commit to only a H1 launch — will be a “unified” release in which more of VCF is better integrated. Today, Turner admitted, VMware customers may have implemented vSphere and the Aria management suite, but might still need or choose discrete storage for each. Future VCF releases will increasingly unify the products so that silos aren’t needed. Prashanth Shenoy, vice president for VMware by Broadcom’s cloud platform, infrastructure, and solutions marketing, told The Register the release will be called VCF 9 and will represent “the fullest expression of Broadcom’s vision for product integration.” “When customers deploy VCF there are seams — when they deploy networking and storage, they feel like they do not have a unified developer or operator experience,” Shenoy admitted. VCF 9 will tidy that sort of thing up and make the process “seamless.” Buyers can also expect improved log file analysis, the ability to acquire templates from a marketplace and adopt them as PaaS, and plenty more.

Turner and Shenoy told The Register that the two releases are hoped to make VCF adoption easier, and by doing so demonstrate the value of the bundle. Today, they argue, would-be hybrid cloud adopters using VCF are in reality integrating siloed products — which doesn’t prove the value of the vStack well. VCF 9’s planned integrations, they argue, should demonstrate the power of the stack and the wisdom of Broadcom’s decision to create a VMware unit dedicated to VCF. That team, they explained, means developers for each of the bundle’s components work together on a unified experience, rather than to create their own product. It may also demonstrate the value of VMware by Broadcom’s new licenses – which some users have complained are considerably more expensive now that subscriptions are required, and products are only sold in bundles. Sylvain Cazard, president of Broadcom Software for Asia-Pacific, told The Register that complaints about higher prices are unwarranted since customers using at least two components of VMware’s flagship Cloud Foundation will end up paying less. He also noted that the new pricing includes support, which VMware didn’t include previously.

Read more of this story at Slashdot.

New XZ Backdoor Scanner Detects Implants In Any Linux Binary

Bill Toulas reports via BleepingComputer: Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.

The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a “bleeding edge” upgrading approach were impacted, with most using an earlier, safe library version. Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity.

Binarly says the approach taken so far in the threat mitigation efforts relies on simple checks such as byte string matching, file hash blocklisting, and YARA rules, which could lead to false positives. This approach can trigger significant alert fatigue and doesn’t help detect similar backdoors on other projects. To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor. […] Binarly’s scanner increases detection as it scans for various supply chain points beyond just the XZ Utils project, and the results are of much higher confidence. Binarly has made a free API available to accomodate bulk scans, too.

Read more of this story at Slashdot.

Phil Spencer Wants Epic Games Store and Others On Xbox Consoles

Chris Plante reports via Polygon: Phil Spencer doesn’t just want Xbox games on other consoles. He wants other video game retailers on Xbox, too. In an interview with Microsoft’s CEO of Gaming during the annual Game Developers Conference, Spencer told Polygon about the ways he’d like to break down the walled gardens that have historically limited players to making purchases through the first-party stores tied to each console. Or, in layperson terms, why you should be able to buy games from other stores on Xbox — not just the official storefront. Spencer mentioned his frustrations with closed ecosystems, so we asked for clarity. Could he really see a future where stores like Itch.io and Epic Games Store existed on Xbox? Was it just a matter of figuring out mountains of paperwork to get there? “Yes,” said Spencer. “[Consider] our history as the Windows company. Nobody would blink twice if I said, ‘Hey, when you’re using a PC, you get to decide the type of experience you have [by picking where to buy games]. There’s real value in that.” Spencer believes console players would benefit from that freedom too — and so would console makers like Microsoft.

Spencer explained how, in the past, console makers would typically subsidize the cost of expensive hardware, knowing that a portion of every dollar spent on games for the platform over the years would eventually make it back to the console maker. Then, in time, the console maker would recoup the subsidy — and hopefully more. But, Spencer said, “Moore’s Law has slowed down. The price of the components of a console aren’t coming down as fast as they have in previous generations.” Worse, he explained, the console market isn’t growing, with more gamers moving to PC and handheld options. Now, the notion of subsidizing a console — and forcing players to purchase games through the official storefront to help recoup costs — might not make sense. The walls meant to lock people into consoles might be motivating them to stay out.

“[Subsidizing hardware] becomes more challenging in today’s world,” Spencer said. “And I will say, and this may seem too altruistic, I don’t know that it’s growing the industry. So I think, what are the barriers? What are the things that create friction in today’s world for creators and players? And how can we be part of opening up that model?” The answer, in part, is scrapping exclusivity on more and more Xbox games. Spencer explained that the game experience is hindered when it matters what consoles we play on or what shops sell us our games. As an example, he pointed to Sea of Thieves. A player, he explained, shouldn’t have to worry about what hardware they or their friends own. They should just know if their friends have and want to play Sea of Thieves. Now, Spencer said, “if I want to play on a gaming PC, then I feel like I’m more a continuous part of a gaming ecosystem as a whole. As opposed to [on console], my gaming is kind of sharded — to use a gaming term — based on these different closed ecosystems that I have to play across.”

Read more of this story at Slashdot.