Reuters reports that a popular NFT trading platform "has halted most transactions because people were selling tokens of content that did not belong to them, its founder said, calling this a 'fundamental problem' in the fast-growing digital assets market...." The U.S.-based Cent executed one of the first known million-dollar NFT sales when it sold the former Twitter CEO's [first] tweet as an NFT last March. But as of February 6, it has stopped allowing buying and selling, CEO and co-founder Cameron Hejazi told Reuters.... Hejazi highlighted three main problems: people selling unauthorised copies of other NFTs, people making NFTs of content which does not belong to them, and people selling sets of NFTs which resemble a security.

He said these issues were "rampant", with users "minting and minting and minting counterfeit digital assets".

"It kept happening. We would ban offending accounts but it was like we're playing a game of whack-a-mole... Every time we would ban one, another one would come up, or three more would come up...." Hejazi said his company was keen on protecting content-creators, and may introduce centralised controls as a short-term measure in order to re-open the marketplace, before exploring decentralised solutions.
Engadget reports that Cent "continues to operate its Valuables marketplace, the place where people can purchase non-fungible tokens of tweets, but that's about it."

See also: More Than 80% of NFTs Created For Free On OpenSea Are Fraud Or Spam, Company Says.

The Linux 5.18 kernel is adding support this spring for the Intel Hardware Feedback Interface to make better decisions about where to place given work among available CPU cores/threads, reports Phoronix.

This is significant because Intel's Alder Lake CPUs "are the first x86-64 processors to embrace a hybrid paradigm with two separate CPU architectures on the same die," explains Hot Hardware: These two separate CPU architectures have different strengths and capabilities. The Golden Cove "performance cores" (or P-cores) feature Intel's latest high-performance desktop CPU architecture, and they are blisteringly fast. Meanwhile, the Gracemont "efficiency cores" (or E-cores) are so small that four of them, along with 2MB of shared L2 cache, can nearly fit in the same space as a single Golden Cove core. They're slower than the Golden Cove cores, but also much more efficient, at least in theory.

The idea is that background tasks and light workloads can be run on the E-cores, saving power, while latency-sensitive and compute-intensive tasks can be run on the faster P-cores. The benefits of this may not have been exactly as clear as Intel would have liked on Windows, but they were even less visible on Linux. That's because Linux isn't aware of the unusual configuration of Alder Lake CPUs.

Well, that's changing in Linux 5.18, slated for release this spring. Linux 5.18 is bringing support for the Intel Enhanced Hardware Feedback Interface, or EHFI...

This is essentially the crux of Intel's "Thread Director," which is an intelligent, low-latency hardware-assisted scheduler.

Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state web site? The St. Louis Post-Dispatch's reporter informed the state government and delayed publishings his findings until they'd fixed the hole — but the state's governor then demanded the reporter's prosecution, labelling him "a hacker." In the months that followed, throughout a probe — which for some reason was run by the state's Highway Patrol — the governor had continued to suggest that prosecution of that reporter was imminent.

But it's not. The St. Louis Post-Dispatch reports: A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges....

Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson's office believed the decision "was properly addressed...." Post-Dispatch Publisher Ian Caso said in a statement Friday: "We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state's failures and for political purposes...."

There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they're exploited....

A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was "standing up to the fake news media."
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.

America's Cybersecurity and Infrastructure Agency (CISA) "says that American companies should be extra wary about potential hacking attempts from Russia as tensions with the country rise," reports PC Magazine: Even if Russia doesn't invade Ukraine, it has often targeted the country with what Wired has characterized as "many of the most costly cyberattacks in history." Those attacks might not always be confined to Ukraine, however, which is where CISA's new Shields Up campaign comes in.... CISA says that it "recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets." It also says that it's collaborated with its "critical infrastructure partners" to raise awareness of these risks.

The agency wants everyone to "reduce the likelihood of a damaging cyber intrusion," "take steps to quickly detect a potential intrusion," "ensure that the organization is prepared to respond if an intrusion occurs," and "maximize the organization's resilience to a destructive cyber incident." CISA offers advice related to each of those focus areas on its website.
Earlier this week CISA also added 15 "known exploited" vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft: The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. "It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria," Parkin said. "With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline."

Liliputing reports: When Valve's Steam Deck begins shipping to customers later this month, the handheld gaming PC will be running a Linux-based operating system called Steam OS. And that could give gaming on Linux a bit of a boost.

While Valve's game client has been able to run on Linux for years, as of last month just over 1% of Steam users were running Linux (and fewer than 3% were using macOS, with Windows holding a 96% share). It'll be interesting to see if that starts to change once the Steam Deck hits the streets. And if it does, maybe we'll see more game makers add support for Linux... but one of the most popular games around isn't going to add Linux support anytime soon: Epic CEO Tim Sweeney says the company has no plans to port Fortnite to Linux.

He says it's because Epic doesn't "have confidence that we'd be able to combat cheating at scale under a wide array of kernel configurations including custom ones," but it's an interesting take since Epic has already ported its anti-cheat software to support Mac and Linux devices including the Steam Deck.

Mozilla engineer Martin Thomson reveals they've been collaborating with Meta (formerly Facebook) on new technology that can measure "conversions" from advertising while still preserving privacy.

The proposed new technology is called Interoperable Private Attribution, or IPA. IPA has two key privacy-preserving features. First, it uses Multi-Party Computation (MPC) to avoid allowing any single entity — websites, browser makers, or advertisers — to learn about user behavior. Mozilla has some experience with MPC systems as we've deployed Prio for privacy-preserving telemetry. Second, it is an aggregated system, which means that it produces results that cannot be linked to individual users. Together these features mean that IPA cannot be used to track or profile users.

IPA is designed to provide a lot of flexibility for advertising businesses in terms of how they use the system. Cross-device and cross-browser attribution options in IPA enable new and more robust attribution capabilities, while maintaining privacy. The IPA proposal aims to ensure that all sites benefit from these features with the match key concept, which allows smaller players to access the greater reach of entities to cross-device attribution.
"Advertising provides critical support for the Web," the blog post argues — and they've now proposed IPA to the World Wide Web Consortium's dedicated Private Advertising Technology Community Group, while calling their idea "still a work in progress."

"Apple said Thursday it plans to add more safeguards to AirTags to cut down on unwanted tracking," reports CNN, "following reports that the devices have been used to stalk people and steal cars." In a blog post, Apple said it has worked with safety groups and law enforcement agencies to identify more ways to update its AirTag safety warnings, including alerting people sooner if the small Bluetooth tracker is suspected to be tracking someone. (Right now, it can take hours for an AirTag to chirp if it has been separated from its owner.)

Other updates coming later this year include tweaking the tracker's tone sequence so the device is louder and easier to find, and allowing someone to see its distance and direction of an AirTag through the iOS precision finding tool. In addition, Apple will warn AirTag users during the setup process that tracking people without their consent is a crime.
That warning also reminds users "that law enforcement can request identifying information about the owner of the AirTag," Apple writes in their blog post: We have been actively working with law enforcement on all AirTag-related requests we've received. Based on our knowledge and on discussions with law enforcement, incidents of AirTag misuse are rare; however, each instance is one too many. Every AirTag has a unique serial number, and paired AirTags are associated with an Apple ID. Apple can provide the paired account details in response to a subpoena or valid request from law enforcement. We have successfully partnered with them on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged.
"We condemn in the strongest possible terms any malicious use of our products," Apple's blog post adds.

Daring Fireball supplies some analysis: The same features that help prevent AirTags from being used to stalk people without their knowing could also alert a thief that whatever it is they've stolen has an AirTag attached. There's no way for AirTags to serve both purposes, so Apple is increasing the protections against unwanted tracking, and emphasizing that AirTags are solely intended for finding your own lost items.

A "shadowy hacker group" named Modified Elephant has been targeting people throughout India "for at least a decade," reports Gizmodo, "sometimes using its digital powers to plant fabricated evidence of criminal activity on their devices. That phony evidence has, in turn, often provided a pretext for the victims' arrest."

They cite a new report from cybersecurity firm Sentinel One "illuminating the way in which its digital dirty tricks have been used to surveil and target "human rights activists, human rights defenders, academics, and lawyers" throughout India. The most prominent case involving Elephant centers around Maoist activist Rona Wilson and a group of his associates who, in 2018, were arrested by India security services and accused of plotting to overthrow the government. Evidence for the supposed plot — including a word document detailing plans to assassinate the nation's prime minister, Narendra Modi — was found on the Wilson's laptop. However, later forensic analysis of the device showed that the documents were actually fake and had been artificially planted using malware. According to Sentinel researchers, it was Elephant that put them there.

This case, which gained greater exposure after being covered by the Washington Post, was blown open after the aforementioned laptop was analyzed by a digital forensics firm, Boston-based Arsenal Consulting. Arsenal ultimately concluded that Wilson and all of his so-called co-conspirators, as well as many other activists, had been targeted with digital manipulation....

According to the Sentinel One's report, Elephant uses common hacking tools and techniques to gain a foothold in victims' computers. Phishing emails, typically tailored to the victim's interests, are loaded with malicious documents that contain commercially available remote access tools (RATs) — easy-to-use programs available on the dark web that can hijack computers....

An entirely different group is believed to have conducted similar operations against Baris Pehlivan, a journalist in Turkey who was incarcerated for 19 months in 2016 after the Turkish government accused him of terrorism. Digital forensics later revealed that the documents used to justify Pehlivan's charges had been artificially implanted, much like those on Wilson's laptop.

A U.S. district judge "sentenced a Nintendo Switch hacker to 40 months in federal prison," reports the Independent: Gary Bowser, 52, is one of the leaders of the "Team Xecuter" hacker criminal enterprise, a notorious video game piracy gang, authorities said. The gang sold software to hack and download stolen games to various consoles. Besides the Nintendo Switch console, Team Xecuter also targeted the Nintendo 3DS, the Nintendo Entertainment System Classic Edition, the Sony PlayStation Classic and Microsoft's Xbox.

Bowser, a Canadian citizen, was the public face of the group and handled Team Xecuter's public relations and operated its websites. He was arrested in October 2020 in the Dominican Republic and extradited to the US to stand trial in New Jersey. He pleaded guilty in October 2021 to two criminal counts — conspiracy to circumvent technological measures and to traffic in circumvention devices, and trafficking in circumvention devices. As part of his plea deal, Bowser agreed to pay $4.5m in restitution to Nintendo.

Federal agents said that he caused a loss of about $65m (about £48m) to gaming companies.
"The hacking group was initially adamant that its hardware and software modifications that circumvented copyright protections were intended for homebrew application development, not to enable users to steal software..." notes Hot Hardware.

"Following the guilty plea, Bowser settled a civil lawsuit with Nintendo to the tune of $10 million, on top of the $4.5 million in restitution he already owed."

From the New York Times: As Gita Jackson reported recently in Vice News, some Amazon customers are now explicitly asking the company's drivers to deliver a performance along with the package. They are posting signs to their front doors or tapping unusual delivery instructions into the Amazon app in the hopes of capturing a spectacle on their surveillance feeds.... [T]hese customers proceed to shamelessly post the evidence to social media. Sometimes the videos are spun into an online sleuthing opportunity, as the TikToker asks viewers to hunt for the dancing driver's identity. And they represent just a slice of the "Amazon driver approaches the door" genre of internet video... But whether the video is pitched as heartwarming or sadistic, the customer is enlisting the driver into a nonconsensual pageant that doubles as a performance review. As Jackson reported, Amazon drivers who fail to fulfill customer requests risk demerits....

Amazon encourages customers to publicize their Ring videos on its safety-minded social network, Neighbors, and makes it easy to share them more widely, too. One of Ring's marketing lines is "A lot happens at your front door," and this is meant as both a warning and an invitation — though it suggests it is too dangerous to venture outside, it also implies that a whole world of entertainment is to be found through eyeing your surveillance feed.... The official Ring YouTube channel is filled with user-generated videos that help inject its growing spy network with warmth and surprise, as the cameras catch spontaneous footage of good Samaritans, grazing cows and, of course, the company's drivers caught in kooky scenarios, like in this entry from December: "Even a Giant Bear Will Not Stop This Amazon Driver From Making His Delivery."

Amazon obsessively surveils its workers through dashcams, smartphone monitors and machine-generated report cards, and these videos implicate the customer in that exercise, making the violation of driver privacy into a kind of internet-wide contest. The caption for Amazon's bear video focuses on the heroic actions of a Ring user named Josh, who supposedly aided the delivery driver's safety by "watching his exit the whole time" on the security camera.... Its routes are often serviced by precarious gig workers, its quotas are too punishing to allow for socializing, and all potential human interactions have been replaced by one-way surveillance. In many of these TikTok videos, Amazon workers literally run in and out of the frame. If delivery drivers were once lightly teased or frequently ogled, now they are simply dehumanized, plugged into machine-run networks and expected to move product with robotic efficiency. The compulsory dance trend on TikTok suggests that customers, too, have come to see drivers as programmable....

On an even more depressing corner of Amazon TikTok, customers post videos not to backwardly celebrate drivers but just to shame them for delivering the package with less than the customer's expected level of service.

America's Internal Revenue service abandoned plans to make face-scanning mandatory for access to your tax records.

Unfortunately, before this change of heart the IRS had already directed 7 million Americans to facial recognition vendor ID.me, reports the Washington Post. Now the chair of the House Oversight Committee is urging IRS Commissioner Charles Rettig to instruct ID.me to destroy the biometric data and ensure the data isn't used for "unapproved or unauthorized purposes." "Those Americans' highly personal information may continue to be held by a third party outside of the IRS's direct control — increasing the potential for exposure due to bad actors and other cybersecurity incidents," [head of the committee] . Maloney wrote.... ID.me said on Wednesday that it would drop the facial recognition requirement in its software, which is used by 30 states and 10 federal agencies. The company also told The Washington Post that effective March 1, anyone would be able to delete their selfie or photo data....

The letter follows years of controversy over the government's expanding use of facial recognition software, despite warnings from the General Services Administration that the face-scanning technology has too many problems to justify its use.... There is no federal law regulating how facial recognition can be used or how it should be secured....

Maloney also writes that 13 percent of ID.me users since June had struggled to use the software and were referred to customer service, where representatives would attempt to verify their identities over video chat. The letter says this underscores the "widespread issues related to the use of the nascent facial recognition technology."
In fact, the Verge reports that "Internal documents and former ID.me employees say the company was beset by disorganization and staffing shortages throughout 2021, as shortcomings in the automated systems created tensions among the company's workforce, particularly the human verification workers who have to step in when the algorithms fail." Current and former employees who spoke to The Verge paint a picture of a company described as being in "permanent crisis mode," changing policies rapidly to keep up with fluctuating demand for its services and fight a slew of negative press. In particular, they say a lack of human review capacity has been a chokepoint for the company, leading to stress, pressure, and a failure to meet quality standards. It's an unexpected challenge for a biometrics system that's usually seen as automatic, pointing to the often-ignored workers needed to support automated systems at scale.

When the automated systems fail — ID.me says roughly 10 percent of users will need video chat assistance — it's workers and subjects who are left to manage the consequences.... To keep up with demand, the company added 1,300 new employees between January and September 2021, including 500 to be based in a new office in Tampa, Florida, dedicated to customer support. But as adoption increased, so did complaints. A Vice report found dozens of complaints from applicants who said they had been locked out of unemployment benefits when ID.me's verification service had failed to identify them. When the automated system failed, applicants often faced long wait times to reach human reviewers, according to the report — wait times that became even more burdensome and difficult to navigate for people without access to reliable internet connections....

Many staff were unhappy about the end of work-from-home policies, which were being phased out at the company at the same time as first the delta and then omicron variants hit the US. As in-office staffing levels rose, more ID.me employees began to contract COVID at work, sources said, in some cases taking whole teams offline at once.
One Id.me employee complained to the Verge that "In terms of worker treatment, it's like the Amazon of identity protection."

The article also notes that an ID.me video chat agent was terminated after engaging in "inappropriate conduct," and while the company added new procedures to prevent this, "sources said that these quality checks have begun to fall by the wayside under the pressure of clearing through the backlog of video verification requests."

Slashdot reader joshuark writes: Beware fake Windows 11 upgrades install RedLine malware, reports Bleeping Computer.

"Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware." Bleeping Computer advises, "...these dangerous sites are promoted via forum and social media posts or instant messages, so don't trust anything but the official Windows upgrade system alerts."
Bleeping Computer points out that hardware incompatibilities rule out upgrades for many Windows 10 users from official distribution channels — "something that malware operators see as an excellent opportunity for finding new victims." The timing of the attacks coincides with the moment that Microsoft announced Windows 11's broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation's success. RedLine stealer is currently the most widely deployed password, browser cookies, credit card, and cryptocurrency wallet info grabber, so its infections can have dire consequences for the victims.

According to researchers at HP, who have spotted this campaign, the actors used the seemingly legitimate "windows-upgraded.com" domain for the malware distribution part of their campaign. The site appears like a genuine Microsoft site and, if the visitor clicked on the 'Download Now' button, they received a 1.5 MB ZIP archive named "Windows11InstallationAssistant.zip," fetched directly from a Discord CDN...

Although the distribution site is down now, nothing stops the actors from setting up a new domain and restarting their campaign. In fact, this is very likely already happening in the wild.

An anonymous reader quotes a report from CNBC: Binance, the world's biggest cryptocurrency exchange, is making a $200 million strategic investment in Forbes, the 104-year-old magazine and digital publisher, CNBC has learned. The funds will help Forbes execute on its plan to merge with a publicly traded special purpose acquisition company, or SPAC, in the first quarter, according to people with knowledge of the deal. Binance will replace half of the $400 million in commitments from institutional investors announced by Forbes in August, said the people. That would make Binance one of the top two biggest owners of Forbes, which will be listed on the New York Stock Exchange under the ticker FRBS, the people said. The crypto company will also get two directors out of nine total board seats, they said. The move shows the increasing real-world influence of the crypto sector, which has seen surging valuations and minted a new class of billionaires amid global interest in digital assets. While crypto companies have gone public, affixed their names to sports arenas and flooded airwaves with celebrity endorsements, this is the sector's first big investment in a traditional U.S. media property.

The investment by Binance, founded barely five years ago, is an indication that Zhao believes content generation will be a growth area for Web 3.0 development. Web 3.0 refers to a more decentralized version of the internet that uses the blockchain, which also underpins cryptocurrencies and non-fungible tokens, or NFTs. [...] The company approached Forbes, which had been weighing options including an outright sale, after identifying three media and content platforms for potential investment, said the people. Crypto insiders say they expect a deluge of deals this year as companies deploy the enormous sums of money raised in recent fundraising rounds. Further reading: An Incomplete History of Forbes as a Platform for Scams, Grift and Bad Journalism

Engineers at Drexel University have made a breakthrough they say takes [lithium-sulfur batteries] closer to commercial use, by leveraging a rare chemical phase of sulfur to prevent damaging chemical reactions. New Atlas reports: [T]here is one problem that scientists keep running into, which is the formation of chemical compounds called polysulfides. As the battery operates, these make their way into the electrolyte -- the solution that carries the charge back and forth between the anode and cathode -- where they trigger chemical reactions that compromise the battery's capacity and lifespan. Scientists have had some success swapping out the carbonate electrolyte for an ether electrolyte, which doesn't react with the polysulfides. But this poses other problems, as the ether electrolyte itself is highly volatile and contains components with low boiling points, meaning the battery could quickly fail or meltdown if warmed above room temperature.

The chemical engineers at Drexel University have been working on another solution and it starts with the design of a new cathode, which can work with the carbonate electrolytes already in commercial use. This cathode is made from carbon nanofibers and had already been shown to slow the movement of polysulfides in an ether electrolyte. But making it work with a carbonate electrolyte involved some experimentation. The scientists attempted to confine the sulfur in the carbon nanofiber mesh to prevent the dangerous chemical reactions using a technique called vapor disposition. This didn't quite have the desired effect, but as it turned out, actually crystallized the sulfur in an unexpected way and turned it into something called monoclinic gamma-phase sulfur, a slightly altered form of the element. This chemical phase of sulfur had only been produced at high temperatures in the lab or observed in oil wells in nature. Conveniently for the scientists, it is not reactive with the carbonate electrolyte, thereby removing the risk of polysulfide formation.

The cathode remained stable across a year of testing and 4,000 charge-discharge cycles, which the scientists say is equivalent to 10 years of regular use. The prototype battery the team made featuring this cathode offered triple the capacity of a standard lithium-ion battery, paving the way for more environmentally friendly batteries that allow electric vehicles to travel much farther on each charge. The research was published in the journal Communications Chemistry.

The first images from NASA's James Webb Space Telescope have been released, according to Space.com. Slashdot readers g01d4 and fahrbot-bot first shared the news. From the report: The main photo, which doesn't even hint at the power Webb will bring to the universe once it's fully operational, shows a star called HD 84406 and is only a portion of the mosaic taken over 25 hours beginning on Feb. 2, during the ongoing process to align the observatory's segmented mirror. "The entire Webb team is ecstatic at how well the first steps of taking images and aligning the telescope are proceeding," Marcia Rieke, principal investigator of the instrument that Webb relies on for the alignment procedure and an astronomer at the University of Arizona, said in a NASA statement.

JWST is now 48 days out from its Christmas Day launch and in the midst of a commissioning process expected to last about six months. The telescope spent the first month unfolding from its launch configuration and trekking out nearly 1 million miles (1.5 million kilometers) away from Earth. During the bulk of the remaining time, scientists are focusing on waking and calibrating the observatory's instruments and making the minute adjustments to the telescope's 18 golden mirror segments that are necessary for crisp, clear images of the deep universe. The process is going well, according to NASA.

Still, the telescope has a long way to go, as today's image of HD 84406 shows. [...] HD 84406 is in the constellation Ursa Major, or Big Bear, but is not visible from Earth without a telescope. But it was a perfect early target for Webb because its brightness is steady and the observatory can always spot it, so launch or deployment delays wouldn't affect the plan. Oddly, JWST won't be able to observe HD 84406 later in its tenure; once the telescope is focused, this star will be too bright to look at. Previously, JWST personnel have said that the telescope will be seeing fairly sharply by late April. In addition to the image of HD 84406, NASA also shared a "selfie" image, which Gizmodo and CNN decided to focus on in their reports.