Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Businesses

Wireless Carriers Are Messing With Your Autopay Discount (theverge.com) 60

Posted by BeauHD from the always-read-the-fine-print dept.
According to a new report by The Wall Street Journal, mobile carriers including Verizon, AT&T and T-Mobile are all requiring customers to switch to a debit card or bank account withdrawal in order to receive an autopay discount on their plan. Verizon has included this requirement for years, but in the past few months the other two carriers have quietly added it too. The Verge reports: The new rule goes into effect for AT&T customers on October 2nd, and as a gesture of goodwill, the company will only reduce your discount if you continue to pay with a credit card. Those who register for autopay with a bank or debit card will receive $10 off; a credit card will only get you $5. T-Mobile's change went into effect in July, also eliminating Apple Pay and Google Pay as methods eligible for the $5 discount. Oh, and technically, you can qualify for Verizon's autopay discount with a credit card -- it just has to be a Verizon Visa card.

AT&T and T-Mobile aren't just making this a requirement for new customers -- the change is being applied to all postpaid accounts. Even if you've been receiving the discount for years with a credit card, you'll have to make the switch in order to keep your discount. And it adds up -- the discounts are applied for each line on your plan, so if your whole family is on the same plan, it's a significant amount of money.

Submission + - Russia Targets Ukraine With New Android Backdoor, Intel Agencies Say (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Russia’s military intelligence unit has been targeting Ukrainian Android devices with “Infamous Chisel,” the tracking name for new malware that’s designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. “Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices,” intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). “The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military.”

Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that’s resolved using a request to dns.google.

Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn’t say how the malware gets installed. In the advisory Ukraine’s security service issued earlier this month (PDF), officials said that Russian personnel had “captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system.” It’s unclear if this was the vector.

Submission + - Texas Law Requiring Age Verification On Porn Sites Ruled Unconstitutional (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The day before a Texas antiporn law that requires age verification to access adult websites was set to take effect, the state's attorney general, Angela Colmenero, has been at least temporarily blocked from enforcing the law. US District Judge David Alan Ezra granted a preliminary injunction temporarily blocking enforcement after the Free Speech Coalition (FSC) joined adult performers and sites like Pornhub in a lawsuit opposing the law. Today, they convinced Ezra that Texas' law violates the First Amendment and would have "a chilling effect on legally-protected speech," FSC said in a press release.

“This is a huge and important victory against the rising tide of censorship online,” Alison Boden, FSC's executive director, said. “From the beginning, we have argued that the Texas law, and those like it, are both dangerous and unconstitutional. We’re pleased that the court agreed with our view that [the law's] true purpose is not to protect young people, but to prevent Texans from enjoying First Amendment protected expression. The state’s defense of the law was not based in science or technology, but ideology and politics.” Now, Texas will have to wait until this lawsuit is litigated to enforce the law. [...] According to FSC, in addition to free speech concerns, the law needed to be blocked because it would have exposed consumers to "significant privacy risks" by forcing adult-website visitors to show digital IDs.
Botnet

Ukraine Takes Down Massive Bot Farm, Seizes 150,000 SIM Cards (bleepingcomputer.com) 128

Posted by BeauHD from the another-one-bites-the-dust dept.
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm, seizing computer equipment, mobile phones, and roughly 150,000 SIM cards of multiple mobile operators. BleepingComputer reports: The bots were used to push Russian propaganda justifying Russia's war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities. In a joint operation, the cyber police and units of the Ukrainian National Police executed 21 search operations in Vinnytsia, Zaporizhzhia, and Lvivand.

"The cyber police established that the attackers used special equipment and software to register thousands of bot accounts in various social networks and subsequently launch advertisements that violated the norms and legislation of Ukraine," a cyber police press release reads [machine translation]. "In addition to spreading hostile propaganda, the accounts were also used for unauthorized distribution of personal data of Ukrainian citizens on the Internet, in Internet fraud schemes, and for sending known false messages about threats to citizens' safety, destruction or damage to property." Cyber police in Ukraine have busted several pro-Russian bot farms in the last year, including one last month called "Botoferma" and another one late last year that was working for the Russian secret services. Ukraine also traced a Russian propaganda operation to a bot farm that was secretly operating in the country's own capital of Kyiv last August. "The farm operated more than 1 million bot accounts, which helped the propaganda operation build an audience of over 400,000 users on social media," reports PCMag.
Security

Firmware Vulnerabilities In Millions of Computers Could Give Hackers Superuser Status (arstechnica.com) 23

Posted by BeauHD from the update-ASAP dept.
Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

Submission + - AT&T may have nearly 200,000 miles of lead-covered phone cables across US. (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: AT&T's legacy telephone network may have nearly 200,000 miles of lead-covered cables, according to an estimate by AT&T submitted in a court filing. "Based on its records, AT&T estimates that lead-clad cables represent less than 10 percent of its copper footprint of roughly two million sheath miles of cable, the overwhelming majority of which remains in active service," AT&T wrote in a court filing yesterday in US District Court for the Eastern District of California. "More than two thirds of its lead-clad cabling is either buried or in conduit, followed by aerial cable, and with a very small portion running underwater. There are varying costs of installation, maintenance, and removal by cable type (aerial, buried, buried in conduit, underwater)."

Reacting to the court filing, financial analyst firm Raymond James & Associates wrote in a research note, "AT&T is telling us that the total exposure is 200,000 route miles or less." With about two-thirds of the lead cables either buried or installed inside conduit, "We believe the implication for AT&T's data is that the route miles that should be addressed most immediately is about 3.3 percent (or less)," the analyst firm wrote. AT&T's new court filing came in a case filed against AT&T subsidiary Pacific Bell by the California Sportfishing Protection Alliance (CSPA) in January 2021. The sportfishing group sued AT&T over cables that are allegedly "damaged and discharging lead into Lake Tahoe."

The two underwater cables run along the bottom of the western side of Lake Tahoe for a total of eight miles. AT&T "contends that it stopped using the Cables in or around the 1980s or earlier, that the Easements therefore have terminated, and that Defendant no longer owns the Cables," according to a November 2021 settlement. AT&T agreed in that settlement to remove the cables but now says it is at an "impasse" with the CSPA regarding removal. "In this matter, AT&T has always maintained that its lead-clad telecommunications cables pose no danger to those who work and play in the waters of Lake Tahoe, but in 2021, AT&T agreed to remove them simply to avoid the expense of litigation," an AT&T lawyer at the firm Paul Hastings wrote yesterday in a letter to the plaintiff that was attached to the court filing. [...]

AT&T's stance that it won't remove the Lake Tahoe cables any time soon is apparently a surprise to the plaintiff. The CSPA said in a court filing last week that in a Zoom meeting on July 10, "AT&T confirmed that it is prepared to commence the removal process on September 6, 2023, as long as the new permit request that AT&T submitted to State Parks in May is approved by State Park." AT&T's filing said the company never "confirmed" that it is prepared to start the cable removal process on September 6. The CSPA argues that the lead-covered cables "have leached, are leaching, and will continue to leach lead into the waters of Lake Tahoe, and that such leaching may present an imminent and substantial endangerment to human health or the environment."

Comment Everything is made of plastic (Score 1) 43

This treaty they are working on is more talk about a subject we have known about for decades. No action, just talk. Treaty maybe in the future. Look at the labels on the cloths you wear. Almost all are made with plastic. Every time it's washed it sheds some of the plastic in the wash water. Just about all the products we use everyday are mostly plastic. We have a long way to go to eliminate micro plastics.

Comment Not really a savings account. Same delays. (Score 2) 59

I transferred a significant amount from my bank to the Goldman-Sachs "savings account". It took five business days to show-up in the G-S account. But what I found is I could not pay my apple card balance, or move money to my Apple cash card either. The only thing I could do is transfer it back to my bank account. That transfer took three and half business days to complete. It did probably trigger a review.
Displays

Augmented Reality Laptop Ditches Screen For 100-Inch Virtual Display (axios.com) 37

Posted by BeauHD from the now-we're-talking dept.
Spacetop, a $2,000 laptop developed by two former Magic Leap employees, replaces the traditional screen with augmented reality glasses featuring a 100-inch virtual display. Axios reports: The company is selling 1,000 of the devices as part of an early access program, with hopes of using the feedback to inform a broader launch. The Spacetop runs a custom operating system, with its backers touting the ability to run Web-based applications such as Zoom, Google Workspace and Figma. And it's not promising this first version will be for power users or gamers, saying those folks should probably wait for a later version.

The Tel Aviv-based company behind the startup, Sightful, is led by CEO Tamir Berliner and COO Tomer Kahan, both formerly of AR headset maker Magic Leap. They have raised $61 million in venture funding. The devices are being manufactured by Wistron, a major contract manufacturer of laptops, while the required AR glasses come from Nreal. Those interested can sign up now, with the devices promised for shipping starting in July.

Sightful says the glasses offer 1080p resolution per eye, which they promise is enough to offer sub-pixel viewing resolution. In a pinch the Spacetop can also connect to a traditional monitor for some features, with more available later via software updates. Further reading:
I used the world's first augmented reality laptop (The Verge)
Meet Spacetop, a radical new laptop with no screen (PCWorld)
New Spacetop Laptop Puts Your Workspace in the Air (The New Stack)

Submission + - FCC Rejects Dish 5G Plan That Could Have Made Starlink Broadband 'Unusable' (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Federal Communications Commission sided with Starlink in a battle against Dish Network today, rejecting a Dish proposal that could have degraded Internet service for Starlink satellite users. In a 4-0 vote, the FCC decided not to authorize high-powered terrestrial mobile service in the 12.2-12.7 GHz band that is already used by Starlink customer terminals for downloads. The vote "ensure[s] the present and future of satellite services in the 12.2-12.7 GHz band. We recognize that millions of people rely on services in this band—and we want to see that continue," FCC Chair Jessica Rosenworcel said at today's meeting. The band is also used for satellite TV.

In its announcement of the vote, the FCC said it "declin[ed] to authorize two-way, high-powered terrestrial mobile use due to a significant risk of harmful interference to existing and emergent services, particularly in the growing satellite broadband market." Dish already uses spectrum from the 12.2-12.7 GHz band for satellite TV and wants to use the band for cellular service as well. While the FCC rejected the mobile proposal, it said it would investigate the potential to expand terrestrial fixed use or permit unlicensed use in that spectrum. Specifically, the FCC will seek comment on allowing point-to-point fixed links in 12.2-12.7 GHz at higher power levels than the current rules allow and on "adding indoor-only underlay and unlicensed use." The agency also teed up a plan that could eventually allow mobile broadband in the adjacent 12.7-13.25 GHz band.
AI

OpenAI Launches Free ChatGPT App For iOS 15

Posted by BeauHD from the AI-at-your-fingertips dept.
An official ChatGPT app is now available for iOS, with an Android version coming "soon." It can be downloaded from the App Store here. The Verge reports: The app is free to use, syncs chat history with the web, and features voice input, supported by OpenAI's open-source speech recognition model Whisper. The app works on both iPhones and iPads and can be downloaded from the App Store. OpenAI says it's rolling out the app in the US first and will expand to other countries "in the coming weeks."

OpenAI didn't previously hint that a mobile app was coming, but it makes sense given the incredible popularity of ChatGPT. The AI chatbot launched last November but rocketed in use. Some outside estimates suggest the app attracted 100 million users by January this year, though OpenAI has never confirmed these figures.
Businesses

Vice, Decayed Digital Colossus, Files for Bankruptcy (nytimes.com) 44

Posted by BeauHD from the cautionary-tale dept.
Vice Media has filed for bankruptcy, "punctuating a yearslong descent from a new-media darling to a cautionary tale of the problems facing the digital publishing industry," writes Lauren Hirsch and Benjamin Mullin via the New York Times. The media company was once valued at $5.7 billion back in 2017. From the report: The bankruptcy will not interrupt daily operations for Vice's businesses, which in addition to its flagship website include the ad agency Virtue, the Pulse Films division and Refinery29, a women-focused site acquired by Vice in 2019. A group of Vice's lenders, including Fortress Investment Group and Soros Fund Management, is in the leading position to acquire the company out of bankruptcy. The group has submitted a bid of $225 million, which would be covered by its existing loans to the company. It would also take over "significant liabilities" from Vice after any deal closes. A sale process follows next. The lenders have secured a $20 million loan to continue operating Vice and then, if a better bid does not emerge, the group that includes Fortress and Soros will acquire Vice.

Investments from media titans like Disney and shrewd financial investors like TPG, which spent hundreds of millions of dollars, will be rendered worthless by the bankruptcy, cementing Vice's status among the most notable bad bets in the media industry. Like some of its peers in the digital-media industry, including BuzzFeed and Vox Media, Vice and its investors bet big on the rising power of social media networks like Facebook and Instagram, anticipating they would deliver a tide of young, upwardly mobile readers that advertisers craved. Though readers came by the millions, new media companies had trouble wringing profits from them, and the bulk of digital ad dollars went to the major tech platforms.

Slashdot Top Deals

A quarrel is quickly settled when deserted by one party; there is no battle unless there be two. -- Seneca

Close