Data Collected by the US Justice Department Exposed in Consultant’s Breach

DOJ-Collected Information Exposed In Data Breach Affecting 340,000
Information Collected

An anonymous reader shared this report from Security Week:

Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals.

According to GMA’s notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office, both personal and Medicare information was compromised in the data breach… “This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information,” the notification letter reads.

The compromised data, GMA says, was obtained by the US Department of Justice “as part of a civil litigation matter”. More than 340,000 individuals were affected by the data breach, the company told the Maine Attorney General’s Office. The impacted individuals, however, are “not the subject of this investigation or the associated litigation matters”, the company tells the affected individuals.

Read more of this story at Slashdot.

Could a New Charge Double the Service-life of Li-Ion Batteries?

“An improved charging protocol might help lithium-ion batteries to last much longer,” writes Science Daily:

The best commercial lithium-ion batteries…have a service life of up to eight years. Batteries are usually charged with a constant current flow. But is this really the most favorable method? A new study by Prof. Philipp Adelhelm’s group at HZB and Humboldt-University Berlin answers this question clearly with “no.” [In collaboration with teams including the Technical University of Berlin.]

Part of the battery tests were carried out at Aalborg University. The batteries were either charged conventionally with constant current (CC) or with a new charging protocol with pulsed current (PC). Post-mortem analyses revealed clear differences after several charging cycles: In the CC samples, the solid electrolyte interface (SEI) at the anode was significantly thicker, which impaired the capacity… PC-charging led to a thinner SEI interface and fewer structural changes in the electrode materials.

The study is published in the journal Advanced Energy Materials and analyzes the effect of the charging protocol on the service time of the battery, according to the article. “The frequency of the pulsed current counts…”

“Doubling the life of your EV’s battery or even your smartphone’s battery is no small thing,” says Slashdot reader NewtonsLaw…

Read more of this story at Slashdot.

96% of US Hospital Websites Share Visitor Info With Meta, Google, Data Brokers

An anonymous reader quotes a report from The Guardian: Hospitals — despite being places where people implicitly expect to have their personal details kept private — frequently use tracking technologies on their websites to share user information with Google, Meta, data brokers, and other third parties, according to research published today. Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals — essentially traditional hospitals with emergency departments — and their findings were that 96 percent of their websites transmitted user data to third parties. Additionally, not all of these websites even had a privacy policy. And of the 71 percent that did, 56 percent disclosed specific third-party companies that could receive user information.

The researchers’ latest work builds on a study they published a year ago of 3,747 US non-federal hospital websites. That found 98.6 percent tracked and transferred visitors’ data to large tech and social media companies, advertising firms, and data brokers. To find the trackers on websites, the team checked out each hospitals’ homepage on January 26 using webXray, an open source tool that detects third-party HTTP requests and matches them to the organizations receiving the data. They also recorded the number of third-party cookies per page. One name in particular stood out, in terms of who was receiving website visitors’ information. “In every study we’ve done, in any part of the health system, Google, whose parent company is Alphabet, is on nearly every page, including hospitals,” [Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania] observed. “From there, it declines,” he continued. “Meta was on a little over half of hospital webpages, and the Meta Pixel is notable because it seems to be one of the grabbier entities out there in terms of tracking.”

Both Meta and Google’s tracking technologies have been the subject of criminal complaints and lawsuits over the years — as have some healthcare companies that shared data with these and other advertisers. In addition, between 20 and 30 percent of the hospitals share data with Adobe, Friedman noted. “Everybody knows Adobe for PDFs. My understanding is they also have a tracking division within their ad division.” Others include telecom and digital marketing companies like The Trade Desk and Verizon, plus tech giants Oracle, Microsoft, and Amazon, according to Friedman. Then there’s also analytics firms including Hotjar and data brokers such as Acxiom. “And two thirds of hospital websites had some kind of data transfer to a third-party domain that we couldn’t even identify,” he added. Of the 71 hospital website privacy policies that the team found, 69 addressed the types of user information that was collected. The most common were IP addresses (80 percent), web browser name and version (75 percent), pages visited on the website (73 percent), and the website from which the user arrived (73 percent). Only 56 percent of these policies identified the third-party companies receiving user information. In lieu of any federal data privacy law in the U.S., Friedman recommends users protect their personal information via the browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains.

Read more of this story at Slashdot.

Scientists Discover First Nitrogen-Fixing Organelle

In two recent papers, an international team of scientists describes the first known nitrogen-fixing organelle within a eukaryotic cell, which the researchers are calling a nitroplast. Phys.Org reports: The discovery of the organelle involved a bit of luck and decades of work. In 1998, Jonathan Zehr, a UC Santa Cruz distinguished professor of marine sciences, found a short DNA sequence of what appeared to be from an unknown nitrogen-fixing cyanobacterium in Pacific Ocean seawater. Zehr and colleagues spent years studying the mystery organism, which they called UCYN-A. At the same time, Kyoko Hagino, a paleontologist at Kochi University in Japan, was painstakingly trying to culture a marine alga. It turned out to be the host organism for UCYN-A. It took her over 300 sampling expeditions and more than a decade, but Hagino eventually successfully grew the alga in culture, allowing other researchers to begin studying UCYN-A and its marine alga host together in the lab. For years, the scientists considered UCYN-A an endosymbiont that was closely associated with an alga. But the two recent papers suggest that UCYN-A has co-evolved with its host past symbiosis and now fits criteria for an organelle.

In a paper published in Cell in March 2024, Zehr and colleagues from the Massachusetts Institute of Technology, Institut de Ciencies del Mar in Barcelona and the University of Rhode Island show that the size ratio between UCYN-A and their algal hosts is similar across different species of the marine haptophyte algae Braarudosphaera bigelowii. The researchers use a model to demonstrate that the growth of the host cell and UCYN-A are controlled by the exchange of nutrients. Their metabolisms are linked. This synchronization in growth rates led the researchers to call UCYN-A “organelle-like.” “That’s exactly what happens with organelles,” said Zehr. “If you look at the mitochondria and the chloroplast, it’s the same thing: they scale with the cell.”

But the scientists did not confidently call UCYN-A an organelle until confirming other lines of evidence. In the cover article of the journal Science, published today, Zehr, Coale, Kendra Turk-Kubo and Wing Kwan Esther Mak from UC Santa Cruz, and collaborators from the University of California, San Francisco, the Lawrence Berkeley National Laboratory, National Taiwan Ocean University, and Kochi University in Japan show that UCYN-A imports proteins from its host cells. “That’s one of the hallmarks of something moving from an endosymbiont to an organelle,” said Zehr. “They start throwing away pieces of DNA, and their genomes get smaller and smaller, and they start depending on the mother cell for those gene products — or the protein itself — to be transported into the cell.”

Coale worked on the proteomics for the study. He compared the proteins found within isolated UCYN-A with those found in the entire algal host cell. He found that the host cell makes proteins and labels them with a specific amino acid sequence, which tells the cell to send them to the nitroplast. The nitroplast then imports the proteins and uses them. Coale identified the function of some of the proteins, and they fill gaps in certain pathways within UCYN-A. “It’s kind of like this magical jigsaw puzzle that actually fits together and works,” said Zehr. In the same paper, researchers from UCSF show that UCYN-A replicates in synchrony with the alga cell and is inherited like other organelles.

Read more of this story at Slashdot.

VMS Software Prunes OpenVMS Hobbyist Program

Liam Proven reports via The Register: Bad news for those who want to play with OpenVMS in non-production use. Older versions are disappearing, and the terms are getting much more restrictive. The corporation behind the continued development of OpenVMS, VMS Software, Inc. — or VSI to its friends, if it has any left after this — has announced the latest Updates to the Community Program. The news does not look good: you can’t get the Alpha and Itanium versions any more, only a limited x86-64 edition.

OpenVMS is one of the granddaddies of big serious OSes. A direct descendant of the OSes that inspired DOS, CP/M, OS/2, and Windows, as well as the native OS of the hardware on which Unix first went 32-bit, VMS has been around for nearly half a century. For decades, its various owners have offered various flavors of “hobbyist program” under which you could get licenses to install and run it for free, as long as it wasn’t in production use. Since Compaq acquired DEC, then HP acquired Compaq, its prospects looked checkered. HP officially killed it off in 2013, then in 2014 granted it a reprieve and sold it off instead. New owner VSI ported it to x86-64, releasing that new version 9.2 in 2022. Around this time last year, we covered VSI adding AMD support and opening a hobbyist program of its own. It seems from the latest announcement that it has been disappointed by the reception: “Despite our initial aspirations for robust community engagement, the reality has fallen short of our expectations. The level of participation in activities such as contributing open source software, creating wiki articles, and providing assistance on forums has not matched the scale of the program. As a result, we find ourselves at a crossroads, compelled to reassess and recalibrate our approach.”

Although HPE stopped offering hobbyist licenses for the original VAX versions of OpenVMS in 2020, VSI continued to maintain OpenVMS 8 (in other words, the Alpha and Itanium editions) while it worked on version 9 for x86-64. VSI even offered a Student Edition, which included a freeware Alpha emulator and a copy of OpenVMS 8.4 to run inside it. Those licenses run out in 2025, and they won’t be renewed. If you have vintage DEC Alpha or HP Integrity boxes with Itanic chips, you won’t be able to get a legal licensed copy of OpenVMS for them, or renew the license of any existing installations — unless you pay, of course. There will still be a Community license edition, but from now on it’s x86-64 only. Although OpenVMS 9 mainly targets hypervisors anyway, it does support bare-metal operations on a single model of HPE server, the ProLiant DL380 Gen10. If you have one of them to play with — well, tough. Now Community users only get a VM image, supplied as a VMWare .vmdk file. It contains a ready-to-go “OpenVMS system disk with OpenVMS, compilers and development tools installed.” Its license runs for a year, after which you will get a fresh copy. This means you won’t be able to configure your own system and keep it alive — you’ll have to recreate it, from scratch, annually. The only alternative for those with older systems is to apply to be an OpenVMS Ambassador.

Read more of this story at Slashdot.

Microsoft Employees Exposed Internal Passwords In Security Lapse

Zack Whittaker and Carly Page report via TechCrunch: Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. Security researchers Can Yoleri, Murat Ozfidan and Egemen Kochisarli with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine. The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. But the storage server itself was not protected with a password and could be accessed by anyone on the internet.

Yoleri told TechCrunch that the exposed data could potentially help malicious actors identify or access other places where Microsoft stores its internal files. Identifying those storage locations “could result in more significant data leaks and possibly compromise the services in use,” Yoleri said. The researchers notified Microsoft of the security lapse on February 6, and Microsoft secured the spilling files on March 5. It’s not known for how long the cloud server was exposed to the internet, or if anyone other than SOCRadar discovered the exposed data inside.

Read more of this story at Slashdot.