An anonymous reader quotes a report from SecurityWeek: Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver's license numbers were likely exposed due to a technical glitch. Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies. According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver's license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.

Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver's license numbers to be accessed without authorization. "We have no evidence to suggest that your driver's license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself," the company's notification letter reads. The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

A Canadian math prodigy is accused of stealing over $65 million through complex exploits on decentralized finance platforms and is currently a fugitive from U.S. authorities. Despite facing criminal charges for fraud and money laundering, he has evaded capture by moving internationally, embracing the controversial "Code is Law" philosophy, and maintaining that his actions were legal under the platforms' open-source rules. The Globe and Mail reports: Andean Medjedovic was 18 years old when he made a decision that would irrevocably alter the course of his life. In the fall of 2021, shortly after completing a master's degree at the University of Waterloo, the math prodigy and cryptocurrency trader from Hamilton had conducted a complex series of transactions designed to exploit a vulnerability in the code of a decentralized finance platform. The maneuver had allegedly allowed him to siphon approximately $16.5-million in digital tokens out of two liquidity pools operated by the platform, Indexed Finance, according to a U.S. court document.

Indexed Finance's leaders traced the attack back to Mr. Medjedovic, and made him an offer: Return 90 per cent of the funds, keep the rest as a so-called "bug bounty" -- a reward for having identified an error in the code -- and all would be forgiven. Mr. Medjedovic would then be free to launch his career as a white hat, or ethical, hacker. Mr. Medjedovic didn't take the deal. His social media posts hinted, without overtly stating, that he believed that because he had operated within the confines of the code, he was entitled to the funds -- a controversial philosophy in the world of decentralized finance known as "Code is Law." But instead of testing that argument in court, Mr. Medjedovic went into hiding. By the time authorities arrived on a quiet residential street in Hamilton to search his parents' townhouse less than two months later, Mr. Medjedovic had moved out, taking his electronic devices with him.

Then, roughly two years later, he struck again, netting an even larger sum -- approximately $48.4-million -- by conducting a similar exploit on another decentralized finance platform, U.S. authorities allege. Mr. Medjedovic, now 22, faces five criminal charges -- including wire fraud, attempted extortion and money laundering -- according to a U.S. federal court document that was unsealed earlier this year. If convicted, he could be facing decades in prison. First, authorities will have to find him.

An anonymous reader quotes a report from TechCrunch: Figma has sent a cease-and-desist letter to popular no-code AI startup Lovable, Figma confirmed to TechCrunch. The letter tells Lovable to stop using the term "Dev Mode" for a new product feature. Figma, which also has a feature called Dev Mode, successfully trademarked that term last year, according to the U.S. Patent and Trademark office. What's wild is that "dev mode" is a common term used in many products that cater to software programmers. It's like an edit mode. Software products from giant companies like Apple's iOS, Google's Chrome, Microsoft's Xbox have features formally called "developer mode" that then get nicknamed "dev mode" in reference materials.

Even "dev mode" itself is commonly used. For instance Atlassian used it in products that pre-date Figma's copyright by years. And it's a common feature name in countless open source software projects. Figma tells TechCrunch that its trademark refers only to the shortcut "Dev Mode" -- not the full term "developer mode." Still, it's a bit like trademarking the term "bug" to refer to "debugging." Since Figma wants to own the term, it has little choice but send cease-and-desist letters. (The letter, as many on X pointed out, was very polite, too.) If Figma doesn't defend the term, it could be absorbed as a generic term and the trademarked becomes unenforceable.

An anonymous reader quotes a report from TechCrunch: Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver's licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz's websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher. Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be "inaccurate to say millions" of customers are affected. The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

Apple will begin analyzing data on customers' devices in a bid to improve its AI platform, a move designed to safeguard user information while still helping it catch up with AI rivals. From a report: Today, Apple typically trains AI models using synthetic data -- information that's meant to mimic real-world inputs without any personal details. But that synthetic information isn't always representative of actual customer data, making it harder for its AI systems to work properly.

The new approach will address that problem while ensuring that user data remains on customers' devices and isn't directly used to train AI models. The idea is to help Apple catch up with competitors such as OpenAI and Alphabet, which have fewer privacy restrictions. The technology works like this: It takes the synthetic data that Apple has created and compares it to a recent sample of user emails within the iPhone, iPad and Mac email app. By using actual emails to check the fake inputs, Apple can then determine which items within its synthetic dataset are most in line with real-world messages.

The European Commission is issuing burner phones and basic laptops to some US-bound staff to avoid the risk of espionage [non-paywalled source], a measure traditionally reserved for trips to China. Financial Times: Commissioners and senior officials travelling to the IMF and World Bank spring meetings next week have been given the new guidance, according to four people familiar with the situation. They said the measures replicate those used on trips to Ukraine and China, where standard IT kit cannot be brought into the countries for fear of Russian or Chinese surveillance.

"They are worried about the US getting into the commission systems," said one official. The treatment of the US as a potential security risk highlights how relations have deteriorated since the return of Donald Trump as US president in January. Trump has accused the EU of having been set up to "screw the US" and announced 20 per cent so-called reciprocal tariffs on the bloc's exports, which he later halved for a 90-day period.

At the same time, he has made overtures to Russia, pressured Ukraine to hand over control over its assets by temporarily suspending military aid and has threatened to withdraw security guarantees from Europe, spurring a continent-wide rearmament effort. "The transatlantic alliance is over," said a fifth EU official.

10 years ago "certificate authorities normally issued certificate lifetimes lasting a year or more," remembers a new blog post Thursday by the EFF's engineering director. So in 2015 when the free cert authority Let's Encrypt first started issuing 90-day TLS certificates for websites, "it was considered a bold move, that helped push the ecosystem towards shorter certificate life times."

And then this January Let's Encrypt announced new six-day certificates...

This week saw a related announcement from the EFF engineering director. More than 31 million web sites maintain their HTTPS certificates using the EFF's Certbot tool (which automatically fetches free HTTPS certificates forever) — and Certbot is now supporting Let's Encrypt's six-day certificates. (It's accomplished through ACME profiles with dynamic renewal at 1/3rd of lifetime left or 1/2 of lifetime left, if the lifetime is shorter than 10 days): There is debate on how short these lifetimes should be, but with ACME profiles you can have the default or "classic" Let's Encrypt experience (90 days) or start actively using other profile types through Certbot with the --preferred-profile and --required-profile flags. For six day certificates, you can choose the "shortlived" profile.
Why shorter lifetimes are better (according to the EFF's engineering director):

• If a certificate's private key is compromised, that compromise can't last as long.

• With shorter life spans for the certificates, automation is encouraged. Which facilitates robust security of web servers.

• Certificate revocation is historically flaky. Lifetimes 10 days and under prevent the need to invoke the revocation process and deal with continued usage of a compromised key.

Somewhere in Montana sits the only coal-fired power plant in America that hasn't installed modern pollution controls to limit particulate matter, according to the Environmental Protecction Agency. Mining.com notes that it has the highest emission rate of fine particulate matter out of any U.S. coal-burning power plant. When inhaled, the finest particles are able to penetrate deep into the lungs and even potentially the bloodstream, exacerbating heart and lung disease, causing asthma attacks and even sometimes leading to premature death.
Yet America's dirtiest coal-fired power plant — and dozens of others — "are being exempted from stringent air pollution mandates," reports Bloomberg, "as part of US. President Donald Trump's bid to revitalize the industry: Talen Energy Corp.'s Colstrip in Montana is among 47 plants receiving two-year waivers from rules to control mercury and other pollutants as part of a White House effort to ease regulation on coal-fired sites, according to a list seen by Bloomberg News. The exemptions were among a slew of actions announced by the White House Tuesday to expand the mining and use of coal. The Trump administration has argued coal is a vital part of the mix to ensure sufficient energy supply to meet booming demand for AI data centers. The carve-out, which begins in July 2027, lasts until July 2029, according to the proclamation.
In an email to Bloomberg, a White House spokesperson said the move meant that America "will produce beautiful, clean coal" while addressing "necessary electrical demand from emerging technologies such as AI."

"A modern free society has an obligation to offer electronic tax filing that respects user freedom," says a Free Software Foundation blog post, "and the United States is not excluded from this responsibility."

"Governments, and/or the companies that they partner with, are responsible for providing free as in freedom software for necessary operations, and tax filing is no exception." For many years now, a large portion of [U.S.] taxpayers have filed their taxes electronically through proprietary programs like TurboTax. Millions of taxpayers are led to believe that they have no other option than to use nonfree software or Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file their taxes...

While the options for taxpayers have improved slightly with the IRS's implementation of the IRS Direct File program [in 25 states], this program unfortunately does require users to hand over their freedom when filing taxes.... Taxpayers shouldn't have to use a program that violates their individual freedoms to file legally required taxes. While Direct File is a step in the right direction as the program isn't in the hands of a third-party entity, it is still nonfree software. Because Direct File is a US government-operated program, and ongoing in the process of being deployed to twenty-five states, it's not too late to call on the IRS to make Direct File free software.

In the meantime, if you need to file US taxes and are yet to file, we suggest filing your taxes in a way that respects your user freedom as much as possible, such as through mailing tax forms. Like with other government interactions that snatch away user freedom, choose the path that most respects your freedom.
Free-as-in-freedom software would decrease the chance of user lock-in, the FSF points out. But they list several other advantages, including:

• Repairability: With free software, there is no uncertain wait period or reliance on a proprietary provider to make any needed bug or security fixes.

• Transparency: Unless you can check what a program really does (or ask someone in the free software community to check for you), there is no way to know that the program isn't doing things you don't consent to it doing.

• Cybersecurity: While free software isn't inherently more secure than nonfree software, it does have a tendency to be more secure because many developers can continuously improve the program and search for errors that can be exploited. With proprietary programs like TurboTax, taxpayers and the U.S. government are dependent on TurboTax to protect the sensitive financial and personal information of millions with few (if any) outside checks and balances...

• Taxpayer dollars spent should actually benefit the taxpayers: Taxpayer dollars should not be used to fund third-party programs that seek to control users and force them to use their programs through lobbying....

"We don't have to accept this unjust reality: we can work for a better future, together," the blog post concludes (offering a "sample message" U.S. taxpayers could send to IRS Commissioner Danny Werfel).

"Take action today and help make electronic tax filing free as in freedom for everyone."

Slashdot reader king*jojo shared this article from The Register: A 23-year-old side-channel attack for spying on people's web browsing histories will get shut down in the forthcoming Chrome 136, released last Thursday to the Chrome beta channel. At least that's the hope.

The privacy attack, referred to as browser history sniffing, involves reading the color values of web links on a page to see if the linked pages have been visited previously... Web publishers and third parties capable of running scripts, have used this technique to present links on a web page to a visitor and then check how the visitor's browser set the color for those links on the rendered web page... The attack was mitigated about 15 years ago, though not effectively. Other ways to check link color information beyond the getComputedStyle method were developed... Chrome 136, due to see stable channel release on April 23, 2025, "is the first major browser to render these attacks obsolete," explained Kyra Seevers, Google software engineer in a blog post.

This is something of a turnabout for the Chrome team, which twice marked Chromium bug reports for the issue as "won't fix." David Baron, presently a Google software engineer who worked for Mozilla at the time, filed a Firefox bug report about the issue back on May 28, 2002... On March 9, 2010, Baron published a blog post outlining the issue and proposing some mitigations...

America's Justice Department "has shut down its unit that investigates cryptocurrency fraud," reports USA Today.

A Monday night memo from U.S. Deputy Attorney General Todd Blanche said the shut down was "effective immediately." Blanche directed the closure of the National Cryptocurrency Enforcement Team and ordered prosecutors to pivot to investigating transnational criminal organizations and terrorist groups that use crypto to engage in illicit transactions... In his four-page memo, Blanche said the new order was meant to bring the Justice Department in line with Trump's own Executive Order 14178, which decreed that clarity and certainty regarding enforcement policy "are essential to supporting a vibrant and inclusive digital economy and innovation in digital assets." Blanche, one of several Trump criminal defense lawyers at the top ranks of DOJ, said the president "has also made clear that '[w]e are going to end the regulatory weaponization against digital assets'..."

Consistent with that narrowing of its cryptocurrency enforcement policy, the DOJ Market Integrity and Major Frauds Unit will also cease cryptocurrency enforcement to focus on other administration priorities, including immigration and procurement fraud, Blanche said.
The Washington Post got this assessment from Yesha Yadav, a Vanderbilt University law professor who closely follows cryptocurrency and financial markets. "It's hard to underestimate the importance this task force has had ... in pursuing some really huge crypto hacks and cases."

More from USA Today: Public corruption and transnational crime experts warned that shutting down the unit could divert critical resources from efforts to stop criminals and corrupt regimes from using cryptocurrency for illicit gain, even as Trump claims he wants to crack down on them. "Dangerous US adversaries rely on cryptocurrencies to launder money and evade sanctions," said Nate Sibley, an anti-corruption expert and director of the Kleptocracy Initiative at the conservative Hudson Institute think tank in Washington, D.C., in a post on X. "If this is accurate, hard to see how it squares with — for example-cracking down on cartel finances or maximum pressure sanctions on Iran...."

Trump's so-called "memecoin" surged from less than $10 on the Saturday before his inauguration to as high as $74.59 before eventually giving up some of its gains. The token, branded $TRUMP, has been criticized by ethics experts as a conflict of interest for the president since the company could likely benefit from his pro-crypto policies...

Last month, Trump signed an order to create a federal Strategic Bitcoin Reserve, signaling new federal support for cryptocurrency in general and Bitcoin in particular.
Since the first-ever White House crypto summit in March, America's Securities and Exchange Commission "has dropped more than a dozen cases against crypto firms," notes the Washington Post: Last month, both the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency pledged to stop evaluating banks based on "reputational risk" — a practice that some venture capitalists have claimed unfairly "de-banked" founders of cryptocurrency start-ups.
In other news, executives from cryptocurrency exchange Binance "met with Treasury Department officials last month," reports the Wall Street Journal, asking them to remove a U.S. monitor overseeing their compliance with anti-money-laundering laws, according to people familiar with the talks.

The article adds that Binance is also concurrently "exploring" a deal with the Trump family to list its new dollar-pegged stablecoin which "could catapult it into a huge market and potentially bring in billions in profit for the family. "

People "are likely to continue working full-time even if they receive no-strings-attached universal basic income payments," reports CNN, citing results from a recent experiment in Germany (discussed on Slashdot in 2020): Mein Grundeinkommen (My Basic Income), the Berlin-based non-profit that ran the German study, followed 122 people for three years. From June 2021 to May 2024, this group received an unconditional sum of €1,200 ($1,365) per month. The study focused on people aged between 21 and 40 who lived alone and already earned between 1,100 euros (around $1,250) and 2,600 euros ($2,950) a month. They were free to use the extra money from the study on anything they wanted. Over the course of three years, the only condition was that they had to fill out a questionnaire every six months that asked about different areas of their lives, including their financial situation, work patterns, mental well-being and social engagement.

One concern voiced by critics is that receiving a basic income could make people less inclined to work. But the Grundeinkommen study suggests that may not be the case at all. It found that receiving a basic income was not a reason for people to quit their jobs. On average, study participants worked 40 hours a week and stayed in employment — identical to the study's control group, which received no payment. "We find no evidence that people love doing nothing," Susann Fiedler, a professor at the Vienna University of Economics and Business who was involved with the study, said on the study's website.

Unlike the control group, those receiving a basic income were more likely to change jobs or enroll in further education. They reported greater satisfaction in their working life — and were "significantly" more satisfied with their income...

And can more money buy happiness? According to the study, the recipients of a basic income reported feeling that their lives were "more valuable and meaningful" and felt a clear improvement in their mental health.

The Washington Post reports: The United States urgently needs more energy to fuel an artificial intelligence race with China that the country can't afford to lose, industry leaders told lawmakers at a House hearing on Wednesday. "We need energy in all forms," said Eric Schmidt, former CEO of Google, who now leads the Special Competitive Studies Project, a think tank focused on technology and security. "Renewable, nonrenewable, whatever. It needs to be there, and it needs to be there quickly." It was a nearly unanimous sentiment at the four-hour-plus hearing of the House Energy and Commerce Committee, which revealed bipartisan support for ramping up U.S. energy production to meet skyrocketing demand for energy-thirsty AI data centers.

The hearing showed how the country's AI policy priorities have changed under President Donald Trump. President Joe Biden's wide-ranging 2023 executive order on AI had sought to balance the technology's potential rewards with the risks it poses to workers, civil rights and national security. Trump rescinded that order within days of taking office, saying its "onerous" requirements would "threaten American technological leadership...." [Data center power consumption] is already straining power grids, as residential consumers compete with data centers that can use as much electricity as an entire city. And those energy demands are projected to grow dramatically in the coming years... [Former Google CEO Eric] Schmidt, whom the committee's Republicans called as a witness on Wednesday, told [committee chairman Brett] Guthrie that winning the AI race is too important to let environmental considerations get in the way...

Once the United States beats China to develop superintelligence, Schmidt said, AI will solve the climate crisis. And if it doesn't, he went on, China will become the world's sole superpower. (Schmidt's view that AI will become superintelligent within a decade is controversial among experts, some of whom predict the technology will remain limited by fundamental shortcomings in its ability to plan and reason.)

The industry's wish list also included "light touch" federal regulation, high-skill immigration and continued subsidies for chip development. Alexandr Wang, the young billionaire CEO of San Francisco-based Scale AI, said a growing patchwork of state privacy laws is hampering AI companies' access to the data needed to train their models. He called for a federal privacy law that would preempt state regulations and prioritize innovation.
Some committee Democrats argued that cuts to scientific research and renewable energy will actually hamper America's AI competitiveness, according to the article. " But few questioned the premise that the U.S. is locked in an existential struggle with China for AI supremacy.

"That stark outlook has nearly coalesced into a consensus on Capitol Hill since China's DeepSeek chatbot stunned the AI industry with its reasoning skills earlier this year."

UPDATE (4/13): Smartphones, computer monitors, semiconductors, and various other electronics will be exempt from U.S. President Trump's tariffs, CNN reported Saturday, "according to a US Customs and Border Protection notice posted late Friday." But then Sunday morning America's commerce secretary insisted "a special-focus type of tariff" was coming for those products, ABC News reported. (President Trump "is saying they're exempt from the reciprocal tariffs," the commerce secretary told an interviewer, "but they're included in the semiconductor tariffs, which are coming in probably a month or two.... This is not like a permanent sort of exemption.")

CNN had reported that several other products also received an exemption which "applies to products entering the United States or removed from warehouses as early as April 5, according to the notice." Roughly 90% of Apple's iPhone production and assembly is based in China, according to Wedbush Securities' estimates. Counterpoint Research, a firm that monitors global smartphone shipments, estimated Apple has up to six weeks of inventory in the United States. Once that supply runs out, prices would have been expected to go up...

Semiconductors and microchips are among the products heavily outsourced to factories in Asia due to lower costs. Those electronic parts are now exempt, according to the Friday notice. That could help Asian chipmakers, such as Taiwan Semiconductor Manufacturing Company (TSMC), South Korea's Samsung and SK Hynix.
The exemptions were believed to also include solar cells, memory cards, and computers, according to the BBC. "It was not clear whether technology imports from China would still be hit by a 20% tariff that was not part of the reciprocal tariffs announced on 2 April..."

Thanks to Slashdot readers Alain Williams and Mr. Dollar Ton for sharing the news.

A former Facebook employee/whistleblower alleges Meta's AI model Lllama was used to help DeepSeek.

The whistleblower — former Facebook director of global policy Sarah Wynn-Williams — testified before U.S. Senators on Wednesday. CBS News found this earlier response from Meta: In a statement last year on Llama, Meta spokesperson Andy Stone wrote, "The alleged role of a single and outdated version of an American open-source model is irrelevant when we know China is already investing over 1T to surpass the US technologically, and Chinese tech companies are releasing their own open AI models as fast, or faster, than US ones."

Wynn-Williams encouraged senators to continue investigating Meta's role in the development of artificial intelligence in China, as they continue their probe into the social media company founded by Zuckerberg. "The greatest trick Mark Zuckerberg ever pulled was wrapping the American flag around himself and calling himself a patriot and saying he didn't offer services in China, while he spent the last decade building an $18 billion business there," she said.
The testimony also left some of the lawmakers skeptical of Zuckerberg's commitment to free speech after the whistleblower also alleged Facebook worked "hand in glove" with the Chinese government to censor its platforms: In her almost seven years with the company, Wynn-Williams told the panel she witnessed the company provide "custom built censorship tools" for the Chinese Communist Party. She said a Chinese dissident living in the United States was removed from Facebook in 2017 after pressure from Chinese officials. Facebook said at the time it took action against the regime critic, Guo Wengui, for sharing someone else's personal information. Wynn-Williams described the use of a "virality counter" that flagged posts with over 10,000 views for review by a "chief editor," which Democratic Sen. Richard Blumenthal of Connecticut called "an Orwellian censor." These "virality counters" were used not only in Mainland China, but also in Hong Kong and Taiwan, according to Wynn-Williams's testimony.

Wynn-Williams also told senators Chinese officials could "potentially access" the data of American users.