Microsoft Employees Exposed Internal Passwords In Security Lapse

Zack Whittaker and Carly Page report via TechCrunch: Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. Security researchers Can Yoleri, Murat Ozfidan and Egemen Kochisarli with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine. The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. But the storage server itself was not protected with a password and could be accessed by anyone on the internet.

Yoleri told TechCrunch that the exposed data could potentially help malicious actors identify or access other places where Microsoft stores its internal files. Identifying those storage locations “could result in more significant data leaks and possibly compromise the services in use,” Yoleri said. The researchers notified Microsoft of the security lapse on February 6, and Microsoft secured the spilling files on March 5. It’s not known for how long the cloud server was exposed to the internet, or if anyone other than SOCRadar discovered the exposed data inside.

Read more of this story at Slashdot.

UK To Deploy Facial Recognition For Shoplifting Crackdown

Bruce66423 shares a report from The Guardian, with the caption: “The UK is hyperventilating about stories of shoplifting; though standing outside a shop and watching as a guy calmly gets off his bike, parks it, walks in and walks out with a pack of beer and cycles off — and then seeing staff members rushing out — was striking. So now it’s throwing technical solutions at the problem…” From the report: The government is investing more than 55 million pounds in expanding facial recognition systems — including vans that will scan crowded high streets — as part of a renewed crackdown on shoplifting. The scheme was announced alongside plans for tougher punishments for serial or abusive shoplifters in England and Wales, including being forced to wear a tag to ensure they do not revisit the scene of their crime, under a new standalone criminal offense of assaulting a retail worker.

The new law, under which perpetrators could be sent to prison for up to six months and receive unlimited fines, will be introduced via an amendment to the criminal justice bill that is working its way through parliament. The change could happen as early as the summer. The government said it would invest 55.5 million pounds over the next four years. The plan includes 4 million pounds for mobile units that can be deployed on high streets using live facial recognition in crowded areas to identify people wanted by the police — including repeat shoplifters. “This Orwellian tech has no place in Britain,” said Silkie Carlo, director of civil liberties at campaign group Big Brother Watch. “Criminals should be brought to justice, but papering over the cracks of broken policing with Orwellian tech is not the solution. It is completely absurd to inflict mass surveillance on the general public under the premise of fighting theft while police are failing to even turn up to 40% of violent shoplifting incidents or to properly investigate many more serious crimes.”

Read more of this story at Slashdot.

March Marks Yet Another Record In Global Heat

According to the European Union, Earth has reached its warmest March on record, capping a 10-month streak in which every month set a new temperature record. Reuters reports: Each of the last 10 months ranked as the world’s hottest on record, compared with the corresponding month in previous years, the EU’s Copernicus Climate Change Service (C3S) said in a monthly bulletin. The 12 months ending with March also ranked as the planet’s hottest ever recorded 12-month period, C3S said. From April 2023 to March 2024, the global average temperature was 1.58 degrees Celsius above the average in the 1850-1900 pre-industrial period.

C3S’ dataset goes back to 1940, which the scientists cross-checked with other data to confirm that last month was the hottest March since the pre-industrial period. Already, 2023 was the planet’s hottest year in global records going back to 1850. El Nino peaked in December-January and is now weakening, which may help to break the hot streak toward the end of the year. But despite El Nino easing in March, the world’s average sea surface temperature hit a record high, for any month on record, and marine air temperatures remained unusually high, C3S said. “The main driver of the warming is fossil fuel emissions,” said Friederike Otto, a climate scientist at Imperial College London’s Grantham Institute. Failure to reduce these emissions will continue to drive the warming of the planet, resulting in more intense droughts, fires, heatwaves and heavy rainfall, Otto said.

Read more of this story at Slashdot.

Linux Continues To Be Above 4% On the Desktop

According to StatCounter, Linux on the desktop has continued to rise and remain above 4%. GamingOnLinux reports: First hitting over 4% in February, their March data is now in showing not just staying above 4% but rising a little once again showing the trend is clear that Linux use is rising. Slow and steady wins the race as they say. [Last March, Linux on the desktop was at 2.85%.]

Technically, ChromeOS is also Linux, and while people like to debate that if you do include Linux and ChromeOS together it would actually be 6.32%. A number that is getting steadily harder for developers of all kinds to ignore. It terms of overall percentage, it’s still relatively small but when you think about how many people that actually is, it’s a lot. Since StatCounter gets its data from web traffic, it’s unlikely the rise is due to the Steam Deck and its SteamOS. “I doubt all that many browse the web regularly on Deck,” writes GameOnLinux’s Liam Dawe. “However, indirectly? Possible, I’ve seen lots and lots of posts about people enjoying Linux thanks to the Desktop Mode on the Steam Deck.”

Read more of this story at Slashdot.

Texas Will Use Computers To Grade Written Answers On This Year’s STAAR Tests

Keaton Peters reports via the Texas Tribune: Students sitting for their STAAR exams this week will be part of a new method of evaluating Texas schools: Their written answers on the state’s standardized tests will be graded automatically by computers. The Texas Education Agency is rolling out an “automated scoring engine” for open-ended questions on the State of Texas Assessment of Academic Readiness for reading, writing, science and social studies. The technology, which uses natural language processing technology like artificial intelligence chatbots such as GPT-4, will save the state agency about $15-20 million per year that it would otherwise have spent on hiring human scorers through a third-party contractor.

The change comes after the STAAR test, which measures students’ understanding of state-mandated core curriculum, was redesigned in 2023. The test now includes fewer multiple choice questions and more open-ended questions — known as constructed response items. After the redesign, there are six to seven times more constructed response items. “We wanted to keep as many constructed open ended responses as we can, but they take an incredible amount of time to score,” said Jose Rios, director of student assessment at the Texas Education Agency. In 2023, Rios said TEA hired about 6,000 temporary scorers, but this year, it will need under 2,000.

To develop the scoring system, the TEA gathered 3,000 responses that went through two rounds of human scoring. From this field sample, the automated scoring engine learns the characteristics of responses, and it is programmed to assign the same scores a human would have given. This spring, as students complete their tests, the computer will first grade all the constructed responses. Then, a quarter of the responses will be rescored by humans. When the computer has “low confidence” in the score it assigned, those responses will be automatically reassigned to a human. The same thing will happen when the computer encounters a type of response that its programming does not recognize, such as one using lots of slang or words in a language other than English. “In addition to ‘low confidence’ scores and responses that do not fit in the computer’s programming, a random sample of responses will also be automatically handed off to humans to check the computer’s work,” notes Peters. While similar to ChatGPT, TEA officials have resisted the suggestion that the scoring engine is artificial intelligence. They note that the process doesn’t “learn” from the responses and always defers to its original programming set up by the state.

Read more of this story at Slashdot.

Nine of the 10 Most-Watched Streaming Programs Are Reruns

Despite investing billions in new streaming services, media giants have failed to dethrone old favorites, according to Nielsen data. The 21-year-old legal drama “NCIS” tops the list, with viewers streaming 11.4 million episodes per week. Netflix dominates the top 10, with eight shows owing most of their viewership to the platform. Reruns from CBS and other networks make up the majority of the list, with “Stranger Things” being the only original series.

“Nine of the 10 most-watched streaming programs are reruns. In addition to the three from CBS, there is one from YouTube (CoComelon), one from Canada (Heartland), one from Australia (Bluey) and Suits. The only original series to crack the list is Stranger Things,” Bloomberg writes. However: “While reruns dominate the top 10, that is not the case overall. Most of the 100 most popular titles of the last three years are original series,” it added.

Read more of this story at Slashdot.

‘Social Order Could Collapse’ in AI Era, Two Top Japan Companies Say

Japan’s largest telecommunications company and the country’s biggest newspaper called for speedy legislation to restrain generative AI, saying democracy and social order could collapse if AI is left unchecked. From a report: Nippon Telegraph and Telephone, or NTT, and Yomiuri Shimbun Group Holdings made the proposal in an AI manifesto to be released Monday. Combined with a law passed in March by the European Parliament restricting some uses of AI, the manifesto points to rising concern among American allies about the AI programs U.S.-based companies have been at the forefront of developing.

The Japanese companies’ manifesto, while pointing to the potential benefits of generative AI in improving productivity, took a generally skeptical view of the technology. Without giving specifics, it said AI tools have already begun to damage human dignity because the tools are sometimes designed to seize users’ attention without regard to morals or accuracy. Unless AI is restrained, “in the worst-case scenario, democracy and social order could collapse, resulting in wars,” the manifesto said. It said Japan should take measures immediately in response, including laws to protect elections and national security from abuse of generative AI.

Read more of this story at Slashdot.

Warner Bros. Issues DMCA’s After ‘Suicide Squad’ Game Cracked to Allow Playing as Unreleased Characters

“It appears the live-service shooter Suicide Squad: Kill The Justice League is, once again, suffering from a hacker problem,” reports Kotaku:

Instead of doing absolutely absurd amounts of damage, this time hackers have figured out how to gain access to unreleased characters and skins. And publisher WB Games is reportedly issuing DMCA takedown notices against any assets that have found their way online.

As reported by IGN, one hacker discovered how to play as Deathstroke, one of the four characters developer Rocksteady Studios teased for an upcoming Suicide Squad season… There were also unreleased skins for The Joker and King Shark that folks have somehow accessed, all of which began circulating on Reddit and X/Twitter on April 4.

Not long after, the assets were removed, with folks believing WB Games was behind the strikes. YouTuber TrixRidiculous, who primarily covers DC- and Marvel-related RPGs, had their posts on X/Twitter swiftly taken down by a DMCA strike.”I posted three pics to Twitter,” TrixRidiculous told Kotaku over email. “Within probably 30 minutes, I received a DMCA strike from WB Games [Kotaku saw a screenshot of this notice]. Please just bring attention to the fact that the leaderboard is riddled with hackers/cheaters that have gone unbanned since launch, as that’s all I was trying to do anyway.”

This sentiment is shared across the game’s official subreddit, with folks posting about “losing interest” in Suicide Squad due to hackers flooding the leaderboards.

Read more of this story at Slashdot.

US Energy Department Announces ‘Blueprint’ for Slashing Emissions From Buildings and Reducing Energy Use

This week America’s Department of Energy announced “a comprehensive plan to reduce greenhouse-gas emissions from buildings by 65% by 2035 and 90% by 2050.”

The U.S. Department of Energy (DOE) led the Blueprint’s development in collaboration with the Department of Housing and Urban Development, the Environmental Protection Agency, and other federal agencies. The Blueprint is the first sector-wide strategy for building decarbonization developed by the federal government… “America’s building sector accounts for more than a third of the harmful emissions jeopardizing our air and health…” said U.S. Secretary of Energy Jennifer M. Granholm. “As part of a whole-of-government approach, the Department of Energy is outlining for the first time ever a comprehensive federal plan to reduce energy in our homes, schools, and workplaces — lowering utility bills and creating healthier communities while combating the climate crisis.”

Buildings account for more than one third of domestic climate pollution and $370 billion in annual energy costs… The Blueprint projects reductions of 90% of total greenhouse gas emissions from the buildings sector, which will save consumers more than $100 billion in annual energy costs and avoid $17 billion in annual health costs.
Just for example, the Department of Energy’s Affordable Home Energy Shot program “aims to reduce the upfront cost of upgrading a home by at least 50% and reduce energy bills by 20% within a decade.” (Meanwhile, the federal government’s role in making more change happen faster includes financing, funding R&D on lower-cost technologies, expanding markets, and “supporting the development and implementation of emissions-reducing building codes and appliance standards.”)

Besides the national blueprint, the Department also announced an expansion of its Better Buildings Commercial Building Heat Pump Accelerator initiative. In this program, “manufacturers will produce higher efficiency and life cycle cost-effective heat pump rooftop units and commercial organizations will evaluate and adopt next-generation heat pump technology.”
U.S. Secretary of Energy Jennifer M. Granholm said the program “builds on more than a decade of public-private partnerships to get cutting edge clean technologies from lab to market, helping to slash harmful carbon emissions throughout our economy.”

On average, between 20% and 30% of the nation’s energy is wasted, presenting a significant opportunity to increase energy efficiency. Through the Better Buildings Initiative, DOE partners with public and private sector stakeholders to pursue ambitious portfolio-wide energy, waste, water, and/or emissions reduction goals and publicly share solutions. By improving building design, materials, equipment, and operations, energy efficiency gains can be achieved across broad segments of the nation’s economy.

The Accelerator initiative was developed with commercial end users like Amazon, IKEA, and Target, and already includes manufacturers AAON, Carrier Global Corp., Lennox International, Rheem Manufacturing Co., Trane Technologies, and York International Corp. The Accelerator aims to bring more efficient, affordable next-generation heat pump rooftop units to market as soon as 2027 — which will slash both emissions and energy costs in half compared to natural gas-fueled heat pumps. If deployed at scale, they could save American businesses and commercial entities $5 billion on utility bills every year.

Read more of this story at Slashdot.