US: Chinese Government Hackers Breached Telcos To Snoop On Network Traffic

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. BleepingComputer reports: As the NSA, CISA, and the FBI said in a joint cybersecurity advisory published on Tuesday, Chinese hacking groups have exploited publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. Once compromised, the threat actors used the devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could use to breach more networks.

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting,” the advisory explains. The attackers then stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.

“Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure,” the federal agencies added. The three federal agencies said the following common vulnerabilities and exposures (CVEs) are the network device CVEs most frequently exploited by Chinese-backed state hackers since 2020. “The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns,” the NSA added. Organizations can protect their networks by applying security patches as soon as possible, disabling unnecessary ports and protocols to shrink their attack surface, and replacing end-of-life network infrastructure that no longer receives security patches.

The agencies “also recommend networks to block lateral movement attempts and enabling robust logging and internet-exposed services to detect attack attempts as soon as possible,” adds BleepingComputer.

Read more of this story at Slashdot.

Microsoft Trying To Kill HDD Boot Drives By 2023, Report Says

A recent executive brief from data storage industry analyst firm Trendfocus reports that OEMs have disclosed that Microsoft is pushing them to drop HDDs as the primary storage device in pre-built Windows 11 PCs and use SSDs instead, with the current deadlines for the switchover set for 2023. Tom’s Hardware reports: Interestingly, these actions from Microsoft come without any firm SSD requirement listed for Windows 11 PCs, and OEMs have pushed back on the deadlines. […] Microsoft’s most current(opens in new tab) list of hardware requirements calls for a ’64 GB or larger storage device’ for Windows 11, so an SSD isn’t a minimum requirement for a standard install. However, Microsoft stipulates that two features, DirectStorage and the Windows Subsystem for Android(opens in new tab), require an SSD, but you don’t have to use those features. It is unclear whether or not Microsoft plans to change the minimum specifications for Windows 11 PCs after the 2023 switchover to SSDs for pre-built systems.

As always, the issue with switching all systems to SSDs boils down to cost: Trendfocus Vice President John Chen tells us that replacing a 1TB HDD requires stepping down to a low-cost 256 GB SSD, which OEMs don’t consider to be enough capacity for most users. Conversely, stepping up to a 512 GB SSD would ‘break the budget’ for lower-end machines with a strict price limit. “The original cut-in date based on our discussions with OEMs was to be this year, but it has been pushed out to sometime next year (the second half, I believe, but not clear on the firm date),” Chen told Tom’s Hardware. “OEMs are trying to negotiate some level of push out (emerging market transition in 2024, or desktop transition in 2024), but things are still in flux.”

The majority of PCs in developed markets have already transitioned to SSDs for boot drives, but there are exceptions. Chen notes that it is possible that Microsoft could make some exceptions, but the firm predicts that dual-drive desktop PCs and gaming laptops with both an SSD for the boot drive and an HDD for bulk storage will be the only mass-market PCs with an HDD. […] It’s unclear what measures, if any, Microsoft would take with OEMs if they don’t comply with its wishes, and the company has decided not to comment on the matter. Trendfocus says the switchover will have implications for HDD demand next year.

Read more of this story at Slashdot.

Waymo Is Teaming Up With Uber On Autonomous Trucking

Waymo and Uber, former legal foes and bitter rivals in the autonomous vehicle space, are teaming up to speed up the adoption of driverless trucks. The Verge reports: Waymo is integrating Uber Freight, the ride-hail company’s truck brokerage, into the technology that powers its autonomous big rigs. This “long-term strategic partnership” will enable fleet owners to more quickly deploy trucks equipped with Waymo’s autonomous “driver” for on-demand delivery routes offered by Uber Freight, the companies said.

Waymo describes the team-up as a “deep integration” of each company’s products, including a jointly developed “product roadmap” to outline how autonomous trucks will get deployed on Uber’s network once they are commercial ready. Until then, Waymo says it will use Uber Freight with its own test fleet to better understand how driverless trucks will receive and accept delivery orders. But the partnership goes beyond just beta testing each other’s technology. Waymo said it will reserve “billions of miles of its goods-only capacity for the Uber Freight network” in a capacity commitment meant to underscore the seriousness of this partnership. The report notes that Alphabet’s Waymo sued Uber in early 2017 over allegations of trade secret theft and patent infringement. The two sides reached a settlement agreement about a year later. “Uber later admitted that it misappropriated some of Waymo’s tech and vowed to license it for future use,” adds The Verge.

Read more of this story at Slashdot.

Ex-Sony CEO Nobuyuki Idei Who Led Firm’s Digital Push, Dies At 84

Sony said Tuesday that Nobuyuki Idei, its former chairman and CEO who led the Japanese giant’s push into the digital network business, has died of liver failure. He was 84. Kyodo News reports: In addition to enhancing Sony’s presence in the digital and communications fields, he also focused on the entertainment business, such as movies, music and game consoles, laying the foundation for its current operations. Idei joined Sony in 1960, becoming president in 1995 and CEO in 1998. He served as both chairman and chief executive from 2000 to 2005. He stepped down as chairman and CEO amid lackluster sales in its appliance business, making headlines for naming Howard Stringer as his successor at a time when it was still rare for a Japanese company to be led by a non-Japanese CEO. Idei also contributed to the advancement of the internet environment in Japan, having been appointed to head the government’s IT strategy council in 2000. […]

Under Idei’s tenure as CEO, the conglomerate launched its Vaio-brand personal computers and domestic internet service provider So-net. It also ventured into online-based banking services and the nonlife insurance business. But after its earlier success with sales of bulky CRT televisions, Sony was slow to transition to flat screens and was outpaced amid intense competition with South Korean and other overseas rival manufacturers. Company stocks plunged in 2003 in what was referred to as the “Sony shock,” and sluggish growth for much of the following decade led Sony to focus on corporate restructuring initiatives.

Read more of this story at Slashdot.

Python 3.11 Performance Benchmarks Are Looking Fantastic

“Besides new language features and other improvements, Python 3.11 performance is looking fantastic with very nice performance uplift over prior Python 3.x releases,” writes Phoronix’s Michael Larabel. From the report: Python 3.11 has been baking support for task groups in asyncio, fine-grained error locations in tracebacks, the self-type to return an instance of their class, TypeVarTuple for variadic generics, and various other features. Besides changes affecting the Python language itself, Python 3.11 has been landing performance work from the “Faster Cython Project” to speed-up the reference implementation. Python 3.11 is 10~60% faster than Python 3.10 according to the official figures and a 1.22x speed-up with their standard benchmark suite.

The Python Docs cover some of the significant performance improvements made for this upcoming release. The formal Python 3.11.0 release isn’t expected until October while multiple betas will come through July and then at least two release candidates in the following months before early October.

Read more of this story at Slashdot.

Connecticut Will Pay a Security Analyst 150K To Monitor Election Memes

An anonymous reader quotes a report from Popular Science: Ahead of the upcoming midterm elections, Connecticut is hiring a “security analyst” tasked with monitoring and addressing online misinformation. The New York Times first reported this new position, saying the job description will include spending time on “fringe sites like 4chan, far-right social networks like Gettr and Rumble and mainstream social media sites.” The goal is to identify election-related rumors and attempt to mitigate the damage they might cause by flagging them to platforms that have misinformation policies and promoting educational content that can counter those false narratives.

Connecticut Governor Ned Lamont’s midterm budget (PDF), approved in early May, set aside more than $6 million to make improvements to the state’s election system. That includes $4 million to upgrade the infrastructure used for voter registration and election management and $2 million for a “public information campaign” that will provide information on how to vote. The full-time security analyst role is recommended to receive $150,000. “Over the last few election cycles, malicious foreign actors have demonstrated the motivation and capability to significantly disrupt election activities, thus undermining public confidence in the fairness and accuracy of election results,” the budget stated, as an explanation for the funding.

While the role is a first for Connecticut, the NYT noted that it’s part of a growing nationwide trend. Colorado, for example, has a Rapid Response Election Security Cyber Unit tasked with monitoring online misinformation, as well as identifying “cyber-attacks, foreign interference, and disinformation campaigns.” Originally created in anticipation of the 2020 presidential election, which proved to be fruitful ground for misinformation, the NYT says the unit is being “redeployed” this year. Other states, including Arizona, California, Idaho, and Oregon, are similarly funding election information initiatives in an attempt to counter misinformation, provide educational information, or do both.

Read more of this story at Slashdot.

In Private, Vulnerable Senate Dems Back Off Tech Bill

A bipartisan legislative effort to rein in the nation’s largest tech companies is facing fresh resistance from a faction of Senate Democrats over complaints the measure could threaten their chances of holding their slim majority, 10 people familiar with the matter told POLITICO. From a report: The internal opposition comes as Democratic leaders are pushing for a vote on the bill by summer, in an effort to pass what has become a central element of the party’s broader antitrust agenda. The American Innovation and Choice Online Act, S. 2992 (117) — led by Sens. Amy Klobuchar (D-Minn.) and Chuck Grassley (R-Iowa) — would ban major tech firms like Amazon and Google from favoring their products over their competitors. For example, the legislation would bar Amazon from promoting its own private-label products over rival items on its e-commerce platform. The bill marks the most serious attempt at tightening oversight of the tech industry in years and passed the Senate Judiciary Committee with support from both parties earlier this year. Yet in the days since Senate Majority Leader Chuck Schumer told Klobuchar he would hold a floor vote as early as next month, several Democratic senators have privately expressed deep reservations about voting for the legislation, particularly with a midterm election looming, in their conversations with Schumer and other Democratic offices.

Read more of this story at Slashdot.

Facebook Opens Political Ad Data Vaults To Researchers

Meta’s ad transparency tools will soon reveal another treasure trove of data: advertiser targeting choices for political, election-related, and social issue spots. The Register reports: Meta said it plans to add the targeting data into its Facebook Open Research and Transparency (FORT) environment for academic researchers at the end of May. The move comes a day after Meta’s reputation as a bad data custodian resurfaced with news of a lawsuit filed in Washington DC against CEO Mark Zuckerberg. Yesterday’s filing alleges Zuckerberg built a company culture of mishandling data, leading directly to the Cambridge Analytica scandal. The suit seeks to hold Zuckerberg responsible for the incident, which saw millions of users’ data harvested and used to influence the 2020 US presidential election.

Jeff King, Meta’s VP of business integrity, said that FORT would allow researchers to look at detailed targeting information for social issue, electoral and political ads. “This data will be provided for each individual ad and will include information like the interest categories chosen by advertisers,” King said. Prior to this announcement, data for social, electoral, and political ads in the run-up to the 2020 election was available as part of a pilot program. This new release will expand the pilot and add data from all ads in those categories run globally since 2020, King said.

The non-academic public has to wait until July to get their hands on that data in Facebook’s Ad Library, and when released it will be in a summarized form. Included in the update will be data on total number of social, electoral, and political ads ran on a page using particular targeting data, percentage spent on the different issues, and whether the page uses a custom or lookalike audience. King said that Meta hopes the release will “help people better understand the practices used to reach potential voters on our technologies,” and emphasized yet again that Meta is “committed to providing meaningful transparency, while also protecting people’s privacy.”

Read more of this story at Slashdot.

Is Insider Trading ‘Common’ in NFTs? (And is It Really Insider Trading?)

What happened after U.S. prosecutors indicted an NFT marketplace’s product manager for insider trading? Vice reports:

The reaction among crypto investors was largely characterized by surprise, and an acknowledgement that trading on insider information (considered by some to be A-OK in private markets) is rampant in the space. “Bro they are prosecuting insider trading on NFTs. we’re all fucked,” said one pseudonymous user in reply to a tweet about the case by Steven Zheng, director of research at The Block. “This is pretty shocking. I can’t imagine any NFT or DeFi developer doesn’t somehow profit from insider trading,” said another.

Of course, not every NFT investor sees this kind of activity as acceptable. Traders themselves first brought Chastain’s activity to light in September using blockchain records. A pseudonymous NFT trader, who goes by Zuwu, pointed out those trades, which were easily traceable to Chastain’s publicly-known Etheruem address.

Unlike Chastain, other NFT traders involved in potential insider trades are often too careful to leave traces. When they do, blockchain sleuths are quick to uncover those signs of unsavory behavior and call them out — a recent phenomenon that attempts to bring some justice to an otherwise permissive market.

As a result, that surprise move by the U.S. Department of Justice has NFT traders wondering what’s on the horizon for this largely unregulated industry. “Insider trading is a pretty common problem in the NFT space, especially in the case of hyped-up NFT collections as lots of stuff on the market is being driven by FOMO,” Fedor Linnik, an NFT trader and creator, told Motherboard.
The article also explores the question of whether the NFT marketplace falls under same restrictions as stock trading, with a professor of securities law calling it “somewhat misleading” to label this an “insider trading” case.

Even to call it a wire fraud case is a stretch, the professor tells them, adding “If it goes to a jury they will wonder why they should care whether someone traded jpegs ahead of them being moved around on a webpage.”

Read more of this story at Slashdot.

Microsoft Tries Collaborating with Unions to Avoid ‘Public Disputes’

“Microsoft on Thursday announced a new strategy for dealing with organized labor…” reports the Washington Post (in a story republished on MSN.com):

In a blog post shared with The Washington Post, Microsoft President Brad Smith wrote that the company will respect workers’ rights to unionize and plans to work collaboratively with organized labor organizations to “make it simpler rather than more difficult” for employees to unionize if they so choose.

Microsoft is in the process of completing a $69 billion acquisition of Activision, a video game company where employees of a small subsidiary voted to unionize in March. That union, the Game Workers Alliance, is a division of the Communications Workers of America (CWA), which in a statement called Microsoft’s announcement “encouraging and unique among the major tech companies.” CWA Secretary-Treasurer Sara Steffens added that “to truly give workers a legally protected voice in decisions that affect them and their families, these principles must be put into action and incorporated into Microsoft’s day-to-day operations and its expectations for its contractors….”
Rebecca Givan, a Rutgers University professor of labor relations, said Microsoft’s announcement could mean the company is trying to smooth things over with employees interested in unionizing. “There’s a lot of actual organizing or talk or desire in the video game sector, and that’s a piece of what Microsoft does. That might be what they’re trying to get out in front of,” Givan said.

The article argues that Microsoft is “attempting to set itself apart from other Big Tech firms like Google and Amazon that have clashed publicly with employees seeking union representation.” And it provides specific examples where other big tech companies have “gotten into trouble” with America’s National Labor Relations Board:
“The labor board has repeatedly found that Amazon wrongfully terminated or retaliated against workers who were involved with union organizing.”
“Google, too, has had to settle charges with workers who said the company fired them in response to union organizing.”
“Workers at Apple told The Post in April that they were targeted by management for supporting the union and threatened with the loss of certain benefits and opportunities for promotion.”

The president of America’s largest federation of union, the AFL-CIO, tells the Post in a statement that “Microsoft’s collaborative approach to working with its employees who seek to organize is a best practice that we look forward to seeing implemented at Microsoft and other companies.”

Read more of this story at Slashdot.