ExpressVPN Offering $100,000 To First Person Who Hacks Its Servers

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems. Bleeping Computer reports: Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer. “This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN,” the company shared in an email to BleepingComputer. The new $100,000 one-time bounty is offered with the following conditions:

– The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive the $100,000 bounty. This one-time bonus is valid until the prize has been claimed.
– The one-time $100,000 bounty is only eligible for vulnerabilities in ExpressVPN’s VPN Server.
– Activities should remain in scope to the TrustedServer platform. If unsure that your testing is considered in-scope, please reach out to support@bugcrowd.com to confirm first.

ExpressVPN also invites security researchers to uncover possible ways to leak the actual IP address of clients and monitor user traffic. The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach ExpressVPN’s servers as part of the program.

Read more of this story at Slashdot.

Meta Introduces ‘Personal Boundary’ Feature To VR Worlds

Meta has introduced a new “personal boundary” feature within its VR social spaces, starting with Horizon Worlds and Horizon Venues. Hypebeast reports: By enacting a personal boundary, a user will by default have a nearly 4-foot (1.2 m) distance between their avatar and others. Via an invisible barrier, the system will halt the forward movement of other avatars as they reach the boundary. Meta says that the feature will make it easier for users to avoid unwanted interactions such as harassment.

Users can still walk past other avatars with personal boundaries enabled and can even give them a high-five or fist bump. The feature will be rolled out as always-on, by default, which Meta says will “help to set behavioral norms” in the VR space. In the future, the company will consider adding new controls, such as allowing users to customize the size of their personal boundaries. In a statement to Ars Technica, a Meta spokesperson said: “Personal Boundary builds upon our existing harassment measures that were already in place – for example, where an avatar’s hands would disappear if they encroached upon someone’s personal space. When we launched Horizon Worlds as an invite-only beta in 2020 we knew this was just the beginning and over time we would be iterating and improving based on community feedback. We’re constantly shipping new features based on people’s feedback, including this one.”

Read more of this story at Slashdot.

Nissan Is Ending Engine Development, Except For US-Bound Vehicles

Nissan is pulling the plug on its internal combustion engine development, except for the United States. Ars Technica reports: According to Nikkei Asia, the Japanese automaker has looked at the likely next set of European emissions rules and has decided it would be too expensive to design a new generation of engines that comply. Nissan is also not planning on any new internal combustion engines for Japan or China, although it will apparently keep refining existing engines and continue to work on hybrid powertrains. However, this new policy isn’t a global one — it doesn’t apply to the US. That’s because here, the automaker expects continuing demand for internal combustion engines, particularly in pickup trucks. If Nikkei Asia’s reporting is correct, Nissan is just making explicit the fact that electrification of light passenger vehicles is going to be much more rapid in regions where governments create strong policy incentives.

Read more of this story at Slashdot.

Next-Generation Spinal Implants Help People With Severe Paralysis Walk, Cycle, and Swim

sciencehabit shares a report from Science.org: Three men paralyzed in motorcycle accidents have become the first success stories for a new spinal stimulation device that could enable faster and easier recoveries than its predecessors. The men, who had no sensation or control over their legs, were able to take supported steps within 1 day of turning on the electrical stimulation, and could stroll outside with a walker after a few months, researchers report today. The nerve-stimulating device doesn’t cure spinal cord injury, and it likely won’t eliminate wheelchair use, but it raises hopes that the assistive technology is practical enough for widespread use.

For now, sending commands to the device is cumbersome. Users must select their desired movement on a tablet, which sends Bluetooth commands to a transmitter worn around the waist. That device must be positioned next to a ‘pulse generator’ implanted in the abdomen, which then activates electrodes along the spine. Setting up to use the stimulation takes 5 to 10 minutes. But the next generation of devices should allow users to activate the pulse generator by giving voice commands to a smartwatch. The company behind the technology plans to test this newer mobility system in a multisite clinical trial of 70 to 100 participants that the team hopes will lead to U.S. regulatory approval. The researchers reported their findings in the journal Nature Medicine.

Read more of this story at Slashdot.

Can Mapping Differences in Cancer Rates Help Pinpoint Environmental Factors?

“Scientists have made the first steps to develop an atlas of world cancer, hoping it will bring us closer to a cure,” reports the Telegraph.

“A map showing stark differences in the incidence of 10 types of cancer between Spain and Portugal has sparked a race to pinpoint causes and risk factors people should avoid.”

It shows huge differences for people living only a short distance apart, sometimes across the border between Spain and Portugal, and others occurring within the same country. Scientists say it will take years to solve the puzzle completely but are confident that the map provides the pieces. There are easier questions and more complex riddles. But it all points to environmental factors — as opposed to genetics — playing a major role in causing cancers.

The lung cancer map tells a clear story of far higher levels of smoking tobacco in Spain than in Portugal, with the latter country showing a consistent hue of dark blue for a lower risk of mortality, while Spain has large areas lit up in red, at least on the map representing men. Twenty per cent of Spanish adults are daily smokers, compared with just over 11 per cent in Portugal. But the data from cancer of the larynx, also linked to smoking, tells a vastly different story, with a high mortality risk for men shown straddling the border in southern Portugal and south western Spain, as well as patches in the north of both countries. “The lung cancer and smoking connection is very clear, so why in other cancers that have a strong link with tobacco are we seeing such surprising differences?” asks Pablo Fernández-Navarro, the lead co-ordinator of the atlas from the Spanish side.

“This is what is so fantastic. If whole countries had uniform levels of mortality, the maps would be in plain colours. Given that it is not the case, now we have to investigate and explain these differences, eliminating one factor after another,” Fernández-Navarro told The Telegraph.

In the case of larynx cancer, the Spanish epidemiologist says the map confirms that smoking is by no means the only risk factor, and that other elements must also be at work, from alcohol intake to levels of pollutants such as asbestos or petrochemicals in the environment.

Thanks to Slashdot reader Bruce66423 for sharing the link.

Read more of this story at Slashdot.

Meta Threatens To Pull Facebook and Instagram From Europe If It Can’t Target Ads

“Facebook is threatening it will simply pull out of Europe altogether if it is no longer able to share data about European users with its U.S. operations, applications, and data centres,” reports ITWire.

It’s customary for regulatory filings to preemptively declare a wide variety of possible future hazards, and in that spirit a recently-filed Meta financial statement cites a ruling by the EU’s Court of Justice (in July of 2020) voiding a U.S. law called the Privacy Shield (which Meta calls one legal basis for its current dara-transferring practices). Though courts are now determining the ruling’s ramifications, ITWire notes that “with the European General Data Protection Regulation (GDPR) well in force, the U.S. Privacy Shield principles were found non-compliant and consequently invalid.” So while that ruling affects every American company, including cloud companies like Google, Microsoft, and Amazon, it’s Facebook/Meta that “says stopping transatlantic data transfers will have a devastating impact on its targeted online advertisements capabilities.”

Read it yourself, in Meta’s own words:

“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on Standard Contractual Clauses [now also subject to new judical scrutiny] or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.”

Of course, the filing also cites other hazards like the possibility of new legislation restricting Facebook’s ability to collect data about minors, complaining that such legislation “may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions.”

And in addition, “We are, and expect to continue to be, the subject of investigations, inquiries, data requests, requests for information, actions, and audits by government authorities and regulators in the United States, Europe, and around the world, particularly in the areas of privacy, data protection, law enforcement, consumer protection, civil rights, content moderation, and competition…”

“Orders issued by, or inquiries or enforcement actions initiated by, government or regulatory authorities could cause us to incur substantial costs, expose us to unanticipated civil and criminal liability or penalties (including substantial monetary remedies), interrupt or require us to change our business practices in a manner materially adverse to our business, result in negative publicity and reputational harm, divert resources and the time and attention of management from our business, or subject us to other structural or behavioral remedies that adversely affect our business.”

(Thanks to Slashdot reader juul_advocate for sharing the story!)

Read more of this story at Slashdot.

North Korea Stole Millions in Cryptocurrency to Fund Its Missile Program, Says UN Report

North Korea funded its missile programs with millions of dollars in stolen cryptocurrency, reports the BBC, citing a new UN report:

Between 2020 and mid-2021 cyber-attackers stole more than $50m (£37m) of digital assets, investigators found. Such attacks are an “important revenue source” for Pyongyang’s nuclear and ballistic missile programme, they said. The findings were reportedly handed to the UN’s sanctions committee on Friday.

The cyber-attacks targeted at least three cryptocurrency exchanges in North America, Europe and Asia.

The report also referenced a study published last month by the security firm Chainalysis that suggested North Korean cyberattacks could have netted as much as $400m worth of digital assets last year. And in 2019, the UN reported that North Korea had accumulated an estimated $2bn for its weapons of mass destruction programmes by using sophisticated cyber-attacks….

The US said on Friday that North Korea — formally known as the Democratic People’s Republic of Korea (DPRK) — carried out nine missile tests last month alone.

Read more of this story at Slashdot.

Should Winter Sports Venues Use Resource-Intensive Artificial Snow?

The region around this Winter’s Olympic venues “is in an extreme drought,” reports CNN, though “even in normal years, it isn’t particularly suitable for snow sports.” In fact, it’s the first year all the snow for the Winter Games has been created by a single company:

It is almost beautiful — except that the venues are surrounded by an endless brown, dry landscape completely devoid of snow. In an Olympic first, though not an achievement to boast about, climate variability has forced the Winter Games to be virtually 100% reliant on artificial snow — part of a trend that is taking place across winter sports venues around the world. Just one of the 21 cities that have hosted the Winter Olympics in the past 50 years will have a climate suitable for winter sports by the end of the century, a recent study found, if fossil fuel emissions remain unchecked.

As the planet warms and the weather becomes increasingly more erratic, natural snow is becoming less reliable for winter sports, which forces venues to lean more on artificial snow. But it comes at a cost: human-made snow is incredibly resource-intensive, requiring massive amounts of energy and water to produce in a climate that’s getting warmer and warmer. Elite athletes also say that the sports themselves become trickier and less safe when human-made snow is involved…. “There have been recent technological advances that allow for the generation of snow when it is above freezing,” explained Jordy Hendrikx, the director of the Snow and Avalanche Laboratory at Montana State University. “This is not your ‘light fluffy’ snow that you might think of — it is much denser and not very soft….”

Making snow demands significant resources, namely energy and water…. And with 1.2 million cubic meters of snow needed to cover roughly 800,000 square meters of competition area… the water demand at this year’s Winter Olympics is massive. [According to a “Slippery Slopes” report led by Loughborough University in London on how the climate crisis is affecting the Winter Olympics.] The International Olympic Committee estimated that 49 million gallons of water will be needed to produce snow for The Games, which is a lot when you consider how rapidly the world is running out of freshwater. It’s enough to fill 3,600 average-sized backyard swimming pools, or — more to the point — it’s a day’s worth of drinking water for nearly 100 million people….

The IOC does not face these challenges alone. Artificial snow is being used as a tool to extend ski seasons in competitions and at resorts across the globe, many of which are threatened by the warming temperatures of the climate crisis. These challenges will continue to drive the snow sports industry toward artificial snow when Mother Nature doesn’t produce it.

But the question remains — just because we can, does that mean we should?

Read more of this story at Slashdot.

MIT/Federal Reserve Bank Release Research on a Possible Central Bank Digital Dollar

“The Federal Reserve Bank of Boston and the Massachusetts Institute of Technology’s Digital Currency Initiative have come up with an initial design for a central bank digital currency,” reports Yahoo Finance.

Reuters cautions that the newly-released research does not suggest that the U.S. central bank will move toward launching a CBDC, a step it has said it would not take without clear support from the White House and Congress….” Instead the team “developed technology that can be adjusted as more policy questions regarding the structure and purpose of a CBDC are addressed.”

The Washington Post describes it as “a system that can settle the vast majority of payments in less than two seconds, handles more than 1.7 million transactions per second and operates around-the-clock with no service outages in the case of a disruption in its network.”

The Boston Globe adds that “The team noted there’s a lot more work to do in the next phase, including researching various privacy features, and stressed the digital dollar remains hypothetical until the Fed decides whether to move forward with government-backed electronic cash.”

Some context from the Washington Post:
The ultimate product could help extend financial services to people who lack a bank account and make cross-border payments such as remittances safer and easier, said Neha Narula, director of the Digital Currency Initiative at MIT. Narula, in a conference call with reporters, noted that the Boston researchers “aren’t the ones making policy decision on how such a system might operate,” so they have aimed to “create a flexible system that can work with a variety of models.”
Along with a paper describing the team’s work to date, researchers on Thursday published open-source code for the platform that would support the digital currency. Jim Cunha, executive vice president of the Boston Fed, called that a first for the central bank, intended to encourage public input that improves the technology.

Read more of this story at Slashdot.

No, Linus Torvalds is not Bitcoin Creator Satoshi Nakamoto

ZDNet reporter Steven Vaughan-Nichols has solved the mystery of whether Linus Torvalds is Bitcoin creator Satoshi Nakamoto: no.

But what’s interesting is why the reporter had to ask in the first place:
In a GitHub Linux kernel repository, it appeared Torvalds had changed a single line in the Linux Kernel. The change: ‘Name = I am Satoshi….’ Torvalds himself has been suspected of being Nakamoto several times over the years. But no one who knows him well, and I consider myself one of those, have ever thought he was the Bitcoin mastermind. It’s just so, so not Linus.

So, while many people were discussing the “evidence,” I decided just to ask Linus. Here’s what he had to say.
“I’m afraid that is just a jokester taking advantage of how GitHub works — it shares git objects between different repositories, so you can use the SHA1 ‘name’ of an object to specify something you did in your own tree, and then use my repository as the web name, and make it look like your object is in my tree….” Torvalds went on, “So the “torvalds/linux” part of that URL is basically just empty noise, designed to fool people into thinking it’s in my tree. You could replace it with [another] GitHub repository name — the actual relevant part is just the SHA1 hash part….”

“So no,” Torvalds concluded, “I’m sadly not the owner of a huge stash of original bitcoins.”

And, there you have it, folks. Nakamoto’s real identity remains a secret.

Late last year Vaughan-Nichols also reported on what happened when Linux Foundation executive director Jim Zemlin suggested Torvalds sell an NFT of the 1991 email that first announced Linux to the world .
“An amused and appalled Torvalds replied, “I’m staying out of the whole craziness with crypto and NFTs. Those people are cuckoo!”

Read more of this story at Slashdot.