The Justice Department has opened an antitrust investigation into the owner of Ticketmaster, whose sale of Taylor Swift concert tickets descended into chaos this week, The New York Times reported Friday, citing sources. The investigation is focused on whether Live Nation Entertainment has abused its power over the multibillion-dollar live music industry. From the report: That power has been in the spotlight after Ticketmaster's systems crashed while Ms. Swift fans were trying to buy tickets in a presale for her upcoming tour, but the investigation predates the botched sale, the people said. Staff members at the agency's antitrust division have in recent months contacted music venues and players in the ticket market, asking about Live Nation's practices and the wider dynamics of the industry, said the people, who spoke on condition of anonymity because the investigation is sensitive. The inquiry appears to be broad, looking at whether the company maintains a monopoly over the industry, said one of the people. Officials in the Biden administration have spent the last two years trying to push the boundaries of antitrust law. The Justice Department has mounted several challenges to major mergers, successfully convincing a judge to block Penguin Random House's purchase of Simon & Schuster but losing some other cases. The Federal Trade Commission has sued to block Meta, Facebook's parent company, from acquiring a small virtual reality start-up.

An Italian administrative court on Friday rejected an appeal by Alphabet's Google against a decision by Italy's antitrust authority to fine the group, but accepted iPhone maker Apple's appeal against the watchdog's ruling. From a report: Last year, Italy's antitrust regulator fined Google and Apple 10 million euros ($10.36 million) each, claiming that the two tech groups had not provided "clear and immediate information" on how they collect and use the data of those who access their services.

What happens when old atomic bombs are retired? Last month, the Biden administration announced its intention to withdraw the nation's most powerful weapon from the U.S. nuclear arsenal. From a report: The bomb is called the B83. It is a hydrogen bomb that debuted in 1983 -- a time when President Reagan was denouncing Russia as "an evil empire." The government made 660 of the deadly weapons, which were to be delivered by fast bombers. The B83 was 12 feet long, had fins and packed an explosive force roughly 80 times greater than that of the Hiroshima bomb. Its job was to obliterate hardened military sites and command bunkers, including Moscow's.

What now for the B83? How many still exist is a federal secret, but not the weapon's likely fate, which may surprise anyone who assumes that getting rid of a nuclear weapon means that it vanishes from the face of the earth. Typically, nuclear arms retired from the U.S. arsenal are not melted down, pulverized, crushed, buried or otherwise destroyed. Instead, they are painstakingly disassembled, and their parts, including their deadly plutonium cores, are kept in a maze of bunkers and warehouses across the United States. Any individual facility within this gargantuan complex can act as a kind of used-parts superstore from which new weapons can -- and do -- emerge.

On November 15 Meta unveiled a new large language model called Galactica, designed to assist scientists. But instead of landing with the big bang Meta hoped for, Galactica has died with a whimper after three days of intense criticism. Yesterday the company took down the public demo that it had encouraged everyone to try out. From a report: Meta's misstep -- and its hubris -- show once again that Big Tech has a blind spot about the severe limitations of large language models. There is a large body of research that highlights the flaws of this technology, including its tendencies to reproduce prejudice and assert falsehoods as facts.

Galactica is a large language model for science, trained on 48 million examples of scientific articles, websites, textbooks, lecture notes, and encyclopedias. Meta promoted its model as a shortcut for researchers and students. In the company's words, Galactica "can summarize academic papers, solve math problems, generate Wiki articles, write scientific code, annotate molecules and proteins, and more." But the shiny veneer wore through fast. Like all language models, Galactica is a mindless bot that cannot tell fact from fiction. Within hours, scientists were sharing its biased and incorrect results on social media.

Microsoft says token theft attacks are on the rise. From a report: Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers. Three years ago, attacks on multi-factor authentication (MFA) were so rare that Microsoft didn't have decent statistics on them, largely because few organisations had enabled MFA. But with MFA use rising as attacks on passwords become more common, Microsoft has seen an increase in attackers using token theft in their attempts to sidestep MFA.

In these attacks, the attacker compromises a token issued to someone who's already completed MFA and replays that token to gain access from a different device. Tokens are central to OAuth 2.0 identity platforms, including Azure Active Directory (AD), which aim to make authentication simpler and faster for users, but in a way that's still resilient to password attacks. Moreover, Microsoft warns that token theft is dangerous because it doesn't require high technical skills, detection is difficult and, because the technique has only recently seen an uptick, few organisations have mitigations in place. "Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose," Microsoft says in a blogpost. "By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly. This poses to be a concerning tactic for defenders because the expertise needed to compromise a token is very low, is hard to detect, and few organizations have token theft mitigations in their incident response plan."

Amazon will be cutting jobs again at some point in early 2023, CEO Andy Jassy informed employees in a memo on Thursday. The company publicly confirmed some layoffs on Wednesday, and Jassy says that as Amazon's annual planning process extends into the new year, "there will be more role reductions as leaders continue to make adjustments." From a report: Jassy says the company hasn't determined exactly how many additional roles will be cut but did state that there will be "reductions in our Stores and [People, Experience, and Technology] organizations." Amazon will inform who will be impacted by the future cuts early next year.

In the Wednesday notice, devices and services SVP Dave Limp said that some staffers in the organization were being laid off, and Jassy said Thursday that the company has extended voluntary buyouts to some of its HR organization, confirming reporting from Vox. Vox's article highlighted how layoffs have been communicated internally before top executives shared information publicly, and based on Jassy's note, it seems that approach will continue. "As has been the case this week, we will prioritize communicating directly with impacted employees before making broad public or internal announcements," Jassy wrote. The company will try to find roles for impacted people internally, and if it can't, workers will be offered severance packages, according to Jassy.

Japan's core consumer inflation accelerated to a 40-year high in October as a weak yen pushed up the cost of imported commodities, which were already surging due to global supply constraints. From a report: The data suggests Japanese companies may be shaking off their deflationary mindset as they gradually raise prices of everything from fuel to food while coming under pressure from cost-push inflation. The nationwide core consumer price index (CPI), which excludes volatile fresh food prices but includes energy, rose 3.6% year on year in October, versus a 3.5% rise expected by economists, and accelerating from the prior month's 3.0% gain. The jump marked the fastest gain since February 1982.

It also confirmed CPI growth remained above the Bank of Japan's (BOJ) 2% inflation goal for a seventh straight month. Despite broadening price pressures, which are a growing concern for households, however, the BOJ would not join a global trend of tightening monetary policy through rate hikes. BOJ Gov. Haruhiko Kuroda reiterated on Thursday a pledge to maintain monetary stimulus to support a fragile economy facing still weak inflation and reeling from the COVID downturn.

India launched its first rocket developed by a startup into space on Friday, with the aim of testing the company's technology that will be used to design three orbital vehicles. From a report: The Vikram-S rocket, developed by Hyderabad-based Skyroot Aerospace, took off at 11:30 a.m. local time from Sriharikota, an island near Chennai in southeastern India. The rocket reached an altitude of 89.5 kilometers (56 miles) and all systems worked as planned, Pawan Goenka, head of an industry space body said.

"It's a major step forward to India developing its own space ecosystem and emerging as a front-line nation in space," Space Minister Jitendra Singh said. Built in just two years, the sub-orbital validated the pressure, temperature and vibration in Skyroot's orbital vehicles, with the first of the series, Vikram I, scheduled to launch next year. It carried a payload from two Indian aerospace startups and a non-profit space research laboratory in Armenia.

Frederick Brooks, the famed computer architect who discovered the software tar pit and designed OS/360, died Thursday. He also debunked the concept of the Mythical Man-Month in his book, writing: "Adding manpower to software project that is behind schedule delays it even longer."

A true icon, who won the Turing Award in 2000, Brooks was one of the great thinkers in computing. Industry tributes are pouring in the celebration of his contribution and life.

Further reading: His interview with Grady Booch for Computer History Museum [PDF].

Brian Krebs writes via KrebsOnSecurity: Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things, the company's data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter's bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. "Don't pay," the agent said. "We've found someone who can crack the encryption." Peter, who spoke candidly about the attack on condition of anonymity, said the FBI told him to contact a cybersecurity consulting firm in New Jersey called Unit 221B, and specifically its founder -- Lance James. Zeppelin sprang onto the crimeware scene in December 2019, but it wasn't long before James discovered multiple vulnerabilities in the malware's encryption routines that allowed him to brute-force the decryption keys in a matter of hours, using nearly 100 cloud computer servers.

In an interview with KrebsOnSecurity, James said Unit 221B was wary of advertising its ability to crack Zeppelin ransomware keys because it didn't want to tip its hand to Zeppelin's creators, who were likely to modify their file encryption approach if they detected it was somehow being bypassed. This is not an idle concern. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. "The minute you announce you've got a decryptor for some ransomware, they change up the code," James said. But he said the Zeppelin group appears to have stopped spreading their ransomware code gradually over the past year, possibly because Unit 221B's referrals from the FBI let them quietly help nearly two dozen victim organizations recover without paying their extortionists. [...]

The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is randomly generated on each machine it infects. "If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!" [James and co-author Joel Lathrop wrote in a blog post]. "The challenge was that they delete the [public key] once the files are fully encrypted. Memory analysis gave us about a 5-minute window after files were encrypted to retrieve this public key." Unit 221B ultimately built a "Live CD" version of Linux that victims could run on infected systems to extract that RSA-512 key. From there, they would load the keys into a cluster of 800 CPUs donated by hosting giant Digital Ocean that would then start cracking them. The company also used that same donated infrastructure to help victims decrypt their data using the recovered keys. A more technical writeup on Unit 221B's discoveries (cheekily titled "0XDEAD ZEPPELIN") is available here.

The iPhone 15 Pro models are in line for a massive upgrade to their wired transfer speeds with the switch to USB-C, according to noted analyst Ming-Chi Kuo. Unfortunately, he doesn't believe that benefit is coming to the regular 2023 iPhones. The Verge reports: He predicts that the 15 and 15 Plus will also swap in USB-C ports but, just like the 2022 10th-gen iPad, they'll be stuck with the same USB 2.0 speeds they had with Lighting. Kuo made the prediction in a series of tweets on Wednesday and says the information is from his "latest survey." (The analyst is known for getting information from supply chain sources.) He specified by predicting that the "15 Pro & 15 Pro Max will support at least USB 3.2 or Thunderbolt 3." If that's true, that'd mean they could transfer data at speeds up to 40 Gbps -- a boon for people who actually use the Pro phones to shoot a lot of ProRes video and raw photos, where even fast WiFi and cloud uploads aren't really a good substitute.

The world's first vaccine to treat deadly cancerous brain tumors can potentially give patients years of extra life, a global clinical trial has concluded. The Guardian reports: A senior NHS doctor who was one of the trial's chief investigators said the evidence showed DCVax had resulted in "astonishing" enhanced survival for patients. One patient in the 331-person multicenter global study lived for more than eight years after receiving DCVax. In Britain, 53-year-old Nigel French is still alive seven years after having it. If approved by medical regulators, DCVax would be the first new treatment in 17 years for newly diagnosed glioblastoma patients and the first in 27 years for people in whom it had returned. "The total results are astonishing," said Prof Keyoumars Ashkan, a neurosurgeon at King's College hospital in London who was the European chief investigator of the trial. "The final results of this phase three trial... offer fresh hope to patients battling with glioblastoma."

Trial researchers found that newly diagnosed patients who had the vaccine survived for 19.3 months on average, compared with 16.5 months for those who received a placebo. Participants with recurrent glioblastoma who had had DCVax lived on average for 13.2 months after receiving it, compared with just 7.8 months for those who did not. Overall 13% of people who received it lived for at least five years after diagnosis, while just 5.7% of those in the control group did so, according to the results of the trial, which were published on Thursday in the Journal of the American Medical Association Oncology.

The vaccine is a form of immunotherapy, in which the body's immune system is programmed to track down and attack the tumor. It is the first developed to tackle brain tumors. "The vaccine works by stimulating the patient's own immune system to fight against the patient's tumor. It provides a personalized solution, working with a patient's immune system, which is the most intelligent system known to man," said Ashkan. "The vaccine is produced by combining proteins from a patient's own tumor with their white blood cells. This educates the white cells to recognize the tumor. "When the vaccine is administered, these educated white blood cells then help the rest of the patient's immune system recognize the tumor as something it needs to fight against and destroy. Almost like training a sniffer dog."

An anonymous reader quotes a report from TechCrunch: When Stable Diffusion, the text-to-image AI developed by startup Stability AI, was open sourced earlier this year, it didn't take long for the internet to wield it for porn-creating purposes. Communities across Reddit and 4chan tapped the AI system to generate realistic and anime-style images of nude characters, mostly women, as well as non-consensual fake nude imagery of celebrities. But while Reddit quickly shut down many of the subreddits dedicated to AI porn, and communities like NewGrounds, which allows some forms of adult art, banned AI-generated artwork altogether, new forums emerged to fill the gap. By far the largest is Unstable Diffusion, whose operators are building a business around AI systems tailored to generate high-quality porn. The server's Patreon -- started to keep the server running as well as fund general development -- is currently raking in over $2,500 a month from several hundred donors.

"In just two months, our team expanded to over 13 people as well as many consultants and volunteer community moderators," Arman Chaudhry, one of the members of the Unstable Diffusion admin team, told TechCrunch in a conversation via Discord. "We see the opportunity to make innovations in usability, user experience and expressive power to create tools that professional artists and businesses can benefit from." Unsurprisingly, some AI ethicists are as worried as Chaudhry is optimistic. While the use of AI to create porn isn't new [...] Unstable Diffusion's models are capable of generating higher-fidelity examples than most. The generated porn could have negative consequences particularly for marginalized groups, the ethicists say, including the artists and adult actors who make a living creating porn to fulfill customers' fantasies.

Unstable Diffusion got its start in August -- around the same time that the Stable Diffusion model was released. Initially a subreddit, it eventually migrated to Discord, where it now has roughly 50,000 members. [...] Today, the Unstable Diffusion server hosts AI-generated porn in a range of different art styles, sexual preferences and kinks. [...] Users in these channels can invoke the bot to generate art that fits the theme, which they can then submit to a "starboard" if they're especially pleased with the results. Unstable Diffusion claims to have generated over 4,375,000 images to date. On a semiregular basis, the group hosts competitions that challenge members to recreate images using the bot, the results of which are used in turn to improve Unstable Diffusion's models. As it grows, Unstable Diffusion aspires to be an "ethical" community for AI-generated porn -- i.e. one that prohibits content like child pornography, deepfakes and excessive gore. Users of the Discord server must abide by the terms of service and submit to moderation of the images that they generate; Chaudhry claims the server employs a filter to block images containing people in its "named persons" database and has a full-time moderation team. "Chaudhry sees Unstable Diffusion evolving into an organization to support broader AI-powered content generation, sponsoring dev groups and providing tools and resources to help teams build their own systems," reports TechCrunch. "He claims that Equilibrium AI secured a spot in a startup accelerator program from an unnamed 'large cloud compute provider' that comes with a 'five-figure' grant in cloud hardware and compute, which Unstable Diffusion will use to expand its model training infrastructure."

In addition to the grant, Unstable Diffusion will launch a Kickstarter campaign and seek venture funding, Chaudhry says.

"We plan to create our own models and fine-tune and combine them for specialized use cases which we shall spin off into new brands and products," Chaudhry added.

Meta has confirmed that it's removing addresses, "interested in", political views and religion from Facebook profiles as of December 1st. Engadget reports: The move is meant to make Facebook "easier to navigate and use," a spokesperson told TechCrunch. If you've filled out any of these fields, you'll get a notification about the change. Other details you provide, such as your contact information and relationship status, will persist. You can download a copy of your Facebook data before December 1st if you're determined to preserve it, and you still have control over who can see the remaining profile content.

joshuark writes: Yikes, gadzooks, and shiver my timbers! Elastic Labs has found surprisingly that 50% of malware comes from one app: MacKeeper, ironically. Ironic in that MacKeeper claims to "keep your Mac clean and safe with zero effort." MacKeeper also has a tainted reputation for being difficult to completely uninstall and as a malicious antivirus.

A new spin on the biblical phrase, "Am I my brother's keeper..." Well, when the inmate is running the asylum. The findings appear in Elastic Security Labs' recently released 2022 Global Threat Report. As Neowin reports, MacKeeper "can be abused by threat actors because it has extensive permissions and access to processes and files."

With that said, the report found that only 6.2% of malware ends up on macOS devices, compared to 54.4% and 39.4% on Windows and Linux, respectively.