Dutch Foundation Seeks Consumer Damages Over Apple, Google App Payments

Apple and Google face a potential class action lawsuit in the Netherlands over app store charges, after a foundation headed by Dutch entrepreneur Alexander Klopping began gathering claimants. Reuters reports: Klopping is a co-founder of Blendle, a digital platform that enables users to buy individual news articles, which he sold in 2020. He told Reuters his determination to pursue the tech giants grew out of his experience at Blendle. “The reason it’s getting so much attention right now is that everyone feels in their gut that there’s this imbalance of power when it comes to big tech companies.” He said while developers have complained most about app store practices, costs are ultimately passed on to consumers.

Klopping’s App Store Claims Foundation is being represented by law firm Hausfeld, with funding from Fortress Investment Group. Klopping’s App Store Claims Foundation is being represented by law firm Hausfeld, with funding from Fortress Investment Group. Hausfeld lawyer Rob Okhuijsen said the next step will be submitting evidence to the Amsterdam District Court in April. If a judge agrees, the court would then begin weighing the merits of the complaint.

Read more of this story at Slashdot.

Construction Begins On New York’s First Offshore Wind Farm

New York State broke ground on Friday on its first offshore wind farm, kicking off a boom in similar projects aimed at transforming the state’s — and the nation’s — energy mix. The Verge reports: The South Fork Wind project off the coast of Long Island is expected to be operational by the end of 2023. New York has the largest pipeline of offshore wind projects underway of any state in the nation, with five in active development. South Fork Wind is being billed as one of the first-ever commercial-scale offshore wind farms in North America. Once completed, it should be able to generate 130 megawatts (MW) of power — enough to power 70,000 homes in nearby East Hampton.

That alone amounts to a major scaling up of offshore wind capacity in the US. The nation so far only has two operational wind farms along its coasts — off the shores of Rhode Island and Virginia — with a combined capacity of just 42 MW. That’s set to change dramatically over the next few years. Orsted and Eversource, the energy companies developing South Fork, have an even bigger project in the works nearby: Sunrise Wind, a 924-MW wind farm that’s expected to break ground next year. Altogether, all the offshore projects under development in New York state’s current portfolio total over 4,300 MW of clean energy. By 2035, the state hopes to harness more than twice as much renewable energy from offshore wind.

Read more of this story at Slashdot.

Worldle Is Like Wordle, But For Geography

Microsoft Defender Will Soon Block Windows Password Theft

Microsoft is enabling a Microsoft Defender ‘Attack Surface Reduction’ security rule by default to block hackers’ attempts to steal Windows credentials from the LSASS process. BleepingComputer reports: When threat actors compromise a network, they attempt to spread laterally to other devices by stealing credentials or using exploits. One of the most common methods to steal Windows credentials is to gain admin privileges on a compromised device and then dump the memory of the Local Security Authority Server Service (LSASS) process running in Windows. This memory dump contains NTLM hashes of Windows credentials of users who had logged into the computer that can be brute-forced for clear-text passwords or used in Pass-the-Hash attacks to login into other devices. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked.

To prevent threat actors from abusing LSASS memory dumps, Microsoft has introduced security features that prevent access to the LSASS process. One of these security features is Credential Guard, which isolates the LSASS process in a virtualized container that prevents other processes from accessing it. However, this feature can lead to conflicts with drivers or applications, causing some organizations not to enable it. As a way to mitigate Windows credential theft without causing the conflicts introduced by Credential Guard, Microsoft will soon be enabling a Microsoft Defender Attack Surface Reduction (ASR) rule by default. The rule, ‘ Block credential stealing from the Windows local security authority subsystem,’ prevents processes from opening the LSASS process and dumping its memory, even if it has administrative privileges.

While enabling the ASR rule by default will significantly impact the stealing of Windows credentials, it is not a silver bullet by any means. This is because the full Attack Surface Reduction feature is only supported on Windows Enterprise licenses running Microsoft Defender as the primary antivirus. However, BleepingComputer’s tests show that the LSASS ASR rule also works on Windows 10 and Windows 11 Pro clients. Unfortunately, once another antivirus solution is installed, ASR is immediately disabled on the device. Furthermore, security researchers have discovered built-in Microsoft Defender exclusion paths allowing threat actors to run their tools from those filenames/directories to bypass the ASR rules and continue to dump the LSASS process. Mimikatz developer Benjamin Delpy told BleepingComputer that Microsoft probably added these built-in exclusions for another rule, but as exclusions affect ALL rules, it bypasses the LSASS restriction.

Read more of this story at Slashdot.

This Year’s Super Bowl Broadcast May Seem ‘Crypto-Happy’. But the NFL Isn’t

During today’s telecast of the Super Bowl, 100 million Americans will see at least three commercials promoting cryptocurrency, reports the Washington Post, “and though Tom Brady may be gone from the game, he hovers over it, hawking crypto exchange FTX.”

“Yet the hype belies a more complicated relationship. Unlike the National Basketball Association, the National Football League, the country’s most popular sports league, has essentially prohibited its teams from using crypto.”

It’s a microcosm of the broader cultural battle between those touting the currency as the shiny future and others warning of its dangers…. [T]he headlines often come with a negative tint. New York Times columnist and economist Paul Krugman warned last month about crypto’s parallels to the subprime mortgage crisis. This week, the FBI arrested a New York couple for allegedly conspiring to launder billions in crypto. That can scare the large corporate entities of professional sports, particularly the NFL, whose love of fresh revenue sources is matched only by its fear of public relations disasters…. In September, a memo revealed by the Athletic showed the league’s restrictive attitude toward crypto… “Clubs are prohibited from selling, or otherwise allowing within club controlled media, advertisements for specific cryptocurrencies, initial coin offerings, other cryptocurrency sales or any other media category as it relates to blockchain, digital asset or as blockchain company, except as outlined in this policy,” it said.

The NFL has made some forays into NFTs, or non-fungible tokens, the digitally watermarked tools that are crypto’s less controversial cousin, signing up for a partnership with Ticketmaster for NFTs of Super Bowl tickets and an NFT video highlight program with Dapper Labs, one of the leaders in the space. And of course the Super Bowl is taking place at SoFi Stadium, named for the digitally minded financial firm. But sponsorships from crypto exchanges remain off-limits, and the idea of the NFL creating a cryptocurrency, which some enthusiasts have advocated, is the stuff of fantasy. Even the Super Bowl commercials going for as much as $7 million for 30 seconds — which the league authorizes — include only exchanges such as FTX and not currencies themselves….

The NFL has formed an internal working group to study the regulatory, brand and other consequences of partnering with crypto companies but has set no timetable for when its rules could be revised. Renie Anderson, the NFL’s chief revenue officer, said the league is moving slowly by design. “We don’t want to put everything and the kitchen sink into this,” she said by phone from the site of Super Bowl events in Los Angeles. “We don’t know where a lot of this is going, so what we’re trying to do is testing and learning so we can understand.” She cited regulatory and market forces that are still coming into focus. (The Treasury Department and other federal agencies have been ramping up their efforts to create a regulatory framework for crypto, but there remains a degree of murkiness around what the future limits might be.) The NFL, Anderson said, would rather act after there’s clarity. “It’s hard to unwind something like a naming rights deal,” she said, “and I’d rather not have to undo opportunities two years later because there are rules against advertising or marketing certain things.”

National Basketball Association executives, however, say they see a major opportunity right now.

The article also points out that one football star even says he converted his $750,000 salary to Bitcoin. Though one sports analyst calculates that if the purchase was made on November 12th, after federal and state taxes it’s now worth about $35,000.

Read more of this story at Slashdot.

After Just 24 Hours ‘Lost Ark’ Becomes the Second Most Played Game in Steam History

“Lost Ark has comfortably passed 1 million concurrent players after just 24 hours, becoming the second most played game in Steam history by concurrent counts,” reports the Verge:

The Diablo-like MMO launched Friday in the West, after Amazon Games collaborated with Smilegate RPG to localize and translate Lost Ark and make it available in English. It has now passed concurrent records for both Counter-Strike: Global Offensive and Dota 2, which regularly dominate the top of Steam’s most-played games.

Lost Ark is so popular right now that it has experienced server issues and there’s a queue just to start playing. SteamDB lists concurrent players of Lost Ark at 1,311,842, passing CS:GO’s record of 1,308,963 players and Dota 2’s of 1,295,114. It’s not clear exactly how many of those players are actually actively playing the game and not sitting in a server queue, though.

Either way, it’s now second place on the top concurrent list behind only PUGB…

The article notes it’s Amazon’s second big hit after its game New World “set a concurrent record of 913,634 players four months ago.”

GameSpot also spotted a playful clause in the game’s terms of service. It specifies that while players must be human (and not AI), that doesn’t apply if Earth is taken over by robots, simians, or aliens. “In that event, Amazon said these beings will be allowed to play Lost Ark and other games. ‘We welcome our alien, robots, ape, or other overlords, as applicable,’ Amazon said.”

Read more of this story at Slashdot.

Valve Releases Steam Deck CAD Files Allowing Anyone To 3D-Print Custom Shells

Engadget reports:

With two weeks to go before its February 25th release date, Valve has published CAD files for Steam Deck’s exterior shell to GitHub. Making them available under a Creative Commons license, the company noted the release is “good news” for DIY enthusiasts, modders and most notably, accessory manufacturers. All three groups can use the provided technical drawings and schematics to 3D-print custom shells for the handheld.

As Eurogamer notes, Valve’s decision here is an interesting one. It suggests the company will allow case makers to freely make aftermarket shells for Steam Deck. In fact, Valve said it was “looking forward to seeing what the community creates!” Contrast that to the approach Sony has taken with the PlayStation 5. When Sony’s latest console first shipped and only came in one color, an entire cottage industry of companies sprang up to produce colored plates for the PS5. However, Sony quickly moved to shut down those projects before it went on to announce a set of first-party covers for people to purchase.

Read more of this story at Slashdot.

Journalist Labeled ‘Hacker’ By Missouri’s Governor Will Not Be Prosecuted

Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state web site? The St. Louis Post-Dispatch’s reporter informed the state government and delayed publishings his findings until they’d fixed the hole — but the state’s governor then demanded the reporter’s prosecution, labelling him “a hacker.” In the months that followed, throughout a probe — which for some reason was run by the state’s Highway Patrol — the governor had continued to suggest that prosecution of that reporter was imminent.

But it’s not. The St. Louis Post-Dispatch reports:
A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges….

Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson’s office believed the decision “was properly addressed….” Post-Dispatch Publisher Ian Caso said in a statement Friday: “We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state’s failures and for political purposes….”

There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they’re exploited….
A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was “standing up to the fake news media.”
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.

Read more of this story at Slashdot.

America’s Cybersecurity Agency is Now Urging ‘Heightened Posture’ Against Russian Cyberattacks

America’s Cybersecurity and Infrastructure Agency (CISA) “says that American companies should be extra wary about potential hacking attempts from Russia as tensions with the country rise,” reports PC Magazine:

Even if Russia doesn’t invade Ukraine, it has often targeted the country with what Wired has characterized as “many of the most costly cyberattacks in history.” Those attacks might not always be confined to Ukraine, however, which is where CISA’s new Shields Up campaign comes in…. CISA says that it “recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.” It also says that it’s collaborated with its “critical infrastructure partners” to raise awareness of these risks.
The agency wants everyone to “reduce the likelihood of a damaging cyber intrusion,” “take steps to quickly detect a potential intrusion,” “ensure that the organization is prepared to respond if an intrusion occurs,” and “maximize the organization’s resilience to a destructive cyber incident.” CISA offers advice related to each of those focus areas on its website.

Earlier this week CISA also added 15 “known exploited” vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft:

The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. “It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria,” Parkin said. “With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline.”

Read more of this story at Slashdot.

Valve’s Steam Deck Will Run Linux-Based Steam OS – But Won’t Have a Fortnite Port

Liliputing reports:
When Valve’s Steam Deck begins shipping to customers later this month, the handheld gaming PC will be running a Linux-based operating system called Steam OS. And that could give gaming on Linux a bit of a boost.

While Valve’s game client has been able to run on Linux for years, as of last month just over 1% of Steam users were running Linux (and fewer than 3% were using macOS, with Windows holding a 96% share). It’ll be interesting to see if that starts to change once the Steam Deck hits the streets. And if it does, maybe we’ll see more game makers add support for Linux… but one of the most popular games around isn’t going to add Linux support anytime soon: Epic CEO Tim Sweeney says the company has no plans to port Fortnite to Linux.

He says it’s because Epic doesn’t “have confidence that we’d be able to combat cheating at scale under a wide array of kernel configurations including custom ones,” but it’s an interesting take since Epic has already ported its anti-cheat software to support Mac and Linux devices including the Steam Deck.

Read more of this story at Slashdot.