Akamai To Acquire Linode

“Akamai, which announced quarterly earnings today, also announced that they plan to acquire longtime Linux VPS host Linode for $900 million,” writes Slashdot reader virtig01. From a press release announcing the acquisition: Akamai Technologies, the world’s most trusted solution to power and protect digital experiences, today announced it has entered into a definitive agreement to acquire Linode, one of the easiest-to-use and most trusted infrastructure-as-a-service (IaaS) platform providers. […] Under terms of the agreement, Akamai has agreed to acquire all of the outstanding equity of Linode Limited Liability Company for approximately $900 million, after customary purchase price adjustments. As a result of structuring the transaction as an asset purchase, Akamai expects to achieve cash income tax savings over the next 15 years that have an estimated net present value of approximately $120 million. The transaction is expected to close in the first quarter of 2022 and is subject to customary closing conditions.

Christopher Aker, founder and chief executive officer, Linode, added, “We started Linode 19 years ago to make the power of the cloud easier and more accessible. Along the way, we built a cloud computing platform trusted by developers and businesses around the world. Today, those customers face new challenges as cloud services become all-encompassing, including compute, storage, security and delivery from core to edge. Solving those challenges requires tremendous integration and scale which Akamai and Linode plan to bring together under one roof. This marks an exciting new chapter for Linode and a major step forward for our current and future customers.”

Read more of this story at Slashdot.

Microsoft Defender Will Soon Block Windows Password Theft

Microsoft is enabling a Microsoft Defender ‘Attack Surface Reduction’ security rule by default to block hackers’ attempts to steal Windows credentials from the LSASS process. BleepingComputer reports: When threat actors compromise a network, they attempt to spread laterally to other devices by stealing credentials or using exploits. One of the most common methods to steal Windows credentials is to gain admin privileges on a compromised device and then dump the memory of the Local Security Authority Server Service (LSASS) process running in Windows. This memory dump contains NTLM hashes of Windows credentials of users who had logged into the computer that can be brute-forced for clear-text passwords or used in Pass-the-Hash attacks to login into other devices. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked.

To prevent threat actors from abusing LSASS memory dumps, Microsoft has introduced security features that prevent access to the LSASS process. One of these security features is Credential Guard, which isolates the LSASS process in a virtualized container that prevents other processes from accessing it. However, this feature can lead to conflicts with drivers or applications, causing some organizations not to enable it. As a way to mitigate Windows credential theft without causing the conflicts introduced by Credential Guard, Microsoft will soon be enabling a Microsoft Defender Attack Surface Reduction (ASR) rule by default. The rule, ‘ Block credential stealing from the Windows local security authority subsystem,’ prevents processes from opening the LSASS process and dumping its memory, even if it has administrative privileges.

While enabling the ASR rule by default will significantly impact the stealing of Windows credentials, it is not a silver bullet by any means. This is because the full Attack Surface Reduction feature is only supported on Windows Enterprise licenses running Microsoft Defender as the primary antivirus. However, BleepingComputer’s tests show that the LSASS ASR rule also works on Windows 10 and Windows 11 Pro clients. Unfortunately, once another antivirus solution is installed, ASR is immediately disabled on the device. Furthermore, security researchers have discovered built-in Microsoft Defender exclusion paths allowing threat actors to run their tools from those filenames/directories to bypass the ASR rules and continue to dump the LSASS process. Mimikatz developer Benjamin Delpy told BleepingComputer that Microsoft probably added these built-in exclusions for another rule, but as exclusions affect ALL rules, it bypasses the LSASS restriction.

Read more of this story at Slashdot.

Construction Begins On New York’s First Offshore Wind Farm

New York State broke ground on Friday on its first offshore wind farm, kicking off a boom in similar projects aimed at transforming the state’s — and the nation’s — energy mix. The Verge reports: The South Fork Wind project off the coast of Long Island is expected to be operational by the end of 2023. New York has the largest pipeline of offshore wind projects underway of any state in the nation, with five in active development. South Fork Wind is being billed as one of the first-ever commercial-scale offshore wind farms in North America. Once completed, it should be able to generate 130 megawatts (MW) of power — enough to power 70,000 homes in nearby East Hampton.

That alone amounts to a major scaling up of offshore wind capacity in the US. The nation so far only has two operational wind farms along its coasts — off the shores of Rhode Island and Virginia — with a combined capacity of just 42 MW. That’s set to change dramatically over the next few years. Orsted and Eversource, the energy companies developing South Fork, have an even bigger project in the works nearby: Sunrise Wind, a 924-MW wind farm that’s expected to break ground next year. Altogether, all the offshore projects under development in New York state’s current portfolio total over 4,300 MW of clean energy. By 2035, the state hopes to harness more than twice as much renewable energy from offshore wind.

Read more of this story at Slashdot.

After Just 24 Hours ‘Lost Ark’ Becomes the Second Most Played Game in Steam History

“Lost Ark has comfortably passed 1 million concurrent players after just 24 hours, becoming the second most played game in Steam history by concurrent counts,” reports the Verge:

The Diablo-like MMO launched Friday in the West, after Amazon Games collaborated with Smilegate RPG to localize and translate Lost Ark and make it available in English. It has now passed concurrent records for both Counter-Strike: Global Offensive and Dota 2, which regularly dominate the top of Steam’s most-played games.

Lost Ark is so popular right now that it has experienced server issues and there’s a queue just to start playing. SteamDB lists concurrent players of Lost Ark at 1,311,842, passing CS:GO’s record of 1,308,963 players and Dota 2’s of 1,295,114. It’s not clear exactly how many of those players are actually actively playing the game and not sitting in a server queue, though.

Either way, it’s now second place on the top concurrent list behind only PUGB…

The article notes it’s Amazon’s second big hit after its game New World “set a concurrent record of 913,634 players four months ago.”

GameSpot also spotted a playful clause in the game’s terms of service. It specifies that while players must be human (and not AI), that doesn’t apply if Earth is taken over by robots, simians, or aliens. “In that event, Amazon said these beings will be allowed to play Lost Ark and other games. ‘We welcome our alien, robots, ape, or other overlords, as applicable,’ Amazon said.”

Read more of this story at Slashdot.

This Year’s Super Bowl Broadcast May Seem ‘Crypto-Happy’. But the NFL Isn’t

During today’s telecast of the Super Bowl, 100 million Americans will see at least three commercials promoting cryptocurrency, reports the Washington Post, “and though Tom Brady may be gone from the game, he hovers over it, hawking crypto exchange FTX.”

“Yet the hype belies a more complicated relationship. Unlike the National Basketball Association, the National Football League, the country’s most popular sports league, has essentially prohibited its teams from using crypto.”

It’s a microcosm of the broader cultural battle between those touting the currency as the shiny future and others warning of its dangers…. [T]he headlines often come with a negative tint. New York Times columnist and economist Paul Krugman warned last month about crypto’s parallels to the subprime mortgage crisis. This week, the FBI arrested a New York couple for allegedly conspiring to launder billions in crypto. That can scare the large corporate entities of professional sports, particularly the NFL, whose love of fresh revenue sources is matched only by its fear of public relations disasters…. In September, a memo revealed by the Athletic showed the league’s restrictive attitude toward crypto… “Clubs are prohibited from selling, or otherwise allowing within club controlled media, advertisements for specific cryptocurrencies, initial coin offerings, other cryptocurrency sales or any other media category as it relates to blockchain, digital asset or as blockchain company, except as outlined in this policy,” it said.

The NFL has made some forays into NFTs, or non-fungible tokens, the digitally watermarked tools that are crypto’s less controversial cousin, signing up for a partnership with Ticketmaster for NFTs of Super Bowl tickets and an NFT video highlight program with Dapper Labs, one of the leaders in the space. And of course the Super Bowl is taking place at SoFi Stadium, named for the digitally minded financial firm. But sponsorships from crypto exchanges remain off-limits, and the idea of the NFL creating a cryptocurrency, which some enthusiasts have advocated, is the stuff of fantasy. Even the Super Bowl commercials going for as much as $7 million for 30 seconds — which the league authorizes — include only exchanges such as FTX and not currencies themselves….

The NFL has formed an internal working group to study the regulatory, brand and other consequences of partnering with crypto companies but has set no timetable for when its rules could be revised. Renie Anderson, the NFL’s chief revenue officer, said the league is moving slowly by design. “We don’t want to put everything and the kitchen sink into this,” she said by phone from the site of Super Bowl events in Los Angeles. “We don’t know where a lot of this is going, so what we’re trying to do is testing and learning so we can understand.” She cited regulatory and market forces that are still coming into focus. (The Treasury Department and other federal agencies have been ramping up their efforts to create a regulatory framework for crypto, but there remains a degree of murkiness around what the future limits might be.) The NFL, Anderson said, would rather act after there’s clarity. “It’s hard to unwind something like a naming rights deal,” she said, “and I’d rather not have to undo opportunities two years later because there are rules against advertising or marketing certain things.”

National Basketball Association executives, however, say they see a major opportunity right now.

The article also points out that one football star even says he converted his $750,000 salary to Bitcoin. Though one sports analyst calculates that if the purchase was made on November 12th, after federal and state taxes it’s now worth about $35,000.

Read more of this story at Slashdot.

Journalist Labeled ‘Hacker’ By Missouri’s Governor Will Not Be Prosecuted

Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state web site? The St. Louis Post-Dispatch’s reporter informed the state government and delayed publishings his findings until they’d fixed the hole — but the state’s governor then demanded the reporter’s prosecution, labelling him “a hacker.” In the months that followed, throughout a probe — which for some reason was run by the state’s Highway Patrol — the governor had continued to suggest that prosecution of that reporter was imminent.

But it’s not. The St. Louis Post-Dispatch reports:
A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges….

Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson’s office believed the decision “was properly addressed….” Post-Dispatch Publisher Ian Caso said in a statement Friday: “We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state’s failures and for political purposes….”

There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they’re exploited….
A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was “standing up to the fake news media.”
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.

Read more of this story at Slashdot.