A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online."

Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back." Kahle and his team see the mission of the Internet Archive as a noble one — to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive.

Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year...

[N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive — and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone."
"Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online: As a library community, we are seeing other cyber attacks — for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend."

For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon.

Thank you for your patience and ongoing support.

An anonymous reader quotes a report from MacRumors: Apple today reminded developers that the EU trader requirement in the European Union is now being enforced. Developers who distribute apps in the EU will now need to share information that includes address, phone number, and email address on the EU App Store. Submitting updates for apps on the App Store in the European Union now requires trader information that's added via App Store Connect, with those details shared on each developer's App Store page. App updates can no longer be submitted without trader information, and starting on February 17, 2025, apps that do not have a trader status set will be removed from the App Store in the EU until trader status is provided and verified.

The Digital Services Act (DSA) in the European Union requires Apple to verify and display trader contact information for all "traders" who are distributing apps on the App Store in the European Union. Developers who make money from the App Store through either an upfront purchase price or through in-app purchases are considered traders, regardless of size. Contact information for each developer that is considered a trader will be publicly available, and there will undoubtedly be some developers that are unhappy with the requirement. Independent developers and small companies may not have dedicated business addresses and phone numbers to provide, and will likely be reluctant to provide their personal contact information. You can learn more about the requirements on Apple's website.

Longtime Slashdot reader schwit1 shares a report from Via Satellite: SpaceX submitted a request to the FCC to modify the second generation, Gen2, of its Starlink satellite system with changes that SpaceX said will allow the constellation to deliver gigabit-speed broadband. SpaceX submitted the filing to the FCC on Oct. 11, and it was made public on Tuesday. The operator wants to make changes to the orbital configuration and operational parameters, and requests modifications for its Gen2 frequency authorization.

These modifications "will enable the Gen2 system to deliver gigabit-speed, truly low-latency broadband and ubiquitous mobile connectivity to all Americans and the billions of people globally who still lack access to adequate broadband," Jameson Dempsey, SpaceX director of Satellite Policy said in the filing. For comparison, Starlink's current statement on service speeds is that users typically experience download speeds between 25 and 220 Mbps, and a majority of users experience speeds over 100 Mbps. In 2022, the FCC partially approved SpaceX to deploy a Gen2 Starlink constellation of up to 7,500 satellites for fixed satellite services (FSS) in the Ku- and Ka-bands, then later authorized Gen2 operations using additional frequencies in the E- and V-bands. SpaceX reported that since then, it has deployed more than 3,000 satellites in the Gen2 system and the full Starlink constellation serves more than four million people.

An anonymous reader quotes a report from Wired: Real-time video deepfakes are a growing threat for governments, businesses, and individuals. Recently, the chairman of the US Senate Committee on Foreign Relations mistakenly took a video call with someone pretending to be a Ukrainian official. An international engineering company lost millions of dollars earlier in 2024 when one employee was tricked by a deepfake video call. Also, romance scams targeting everyday individuals have employed similar techniques. "It's probably only a matter of months before we're going to start seeing an explosion of deepfake video, face-to-face fraud," says Ben Colman, CEO and cofounder at Reality Defender. When it comes to video calls, especially in high-stakes situations, seeing should not be believing.

The startup is laser-focused on partnering with business and government clients to help thwart AI-powered deepfakes. Even with this core mission, Colman doesn't want his company to be seen as more broadly standing against artificial intelligence developments. "We're very pro-AI," he says. "We think that 99.999 percent of use cases are transformational -- for medicine, for productivity, for creativity -- but in these kinds of very, very small edge cases the risks are disproportionately bad." Reality Defender's plan for the real-time detector is to start with a plug-in for Zoom that can make active predictions about whether others on a video call are real or AI-powered impersonations. The company is currently working on benchmarking the tool to determine how accurately it discerns real video participants from fake ones. Unfortunately, it's not something you'll likely be able to try out soon. The new software feature will only be available in beta for some of the startup's clients.

As Reality Defender works to improve the detection accuracy of its models, Colman says that access to more data is a critical challenge to overcome -- a common refrain from the current batch of AI-focused startups. He's hopeful more partnerships will fill in these gaps, and without specifics, hints at multiple new deals likely coming next year. After ElevenLabs was tied to a deepfake voice call of US president Joe Biden, the AI-audio startup struck a deal with Reality Defender to mitigate potential misuse. [...] "We don't ask my 80-year-old mother to flag ransomware in an email," says Colman. "Because she's not a computer science expert." In the future, it's possible real-time video authentication, if AI detection continues to improve and shows to be reliably accurate, will be as taken for granted as that malware scanner quietly humming along in the background of your email inbox.

Apple is enhancing its Business Connect tool, allowing companies to customize how they appear in emails, phone calls, and payment interfaces on iPhones. The Verge reports: Each registered business can confirm its info is accurate and add additional details like photos or special offers. Collecting verified, up-to-date business information could be useful for Apple if it ever launches its own search engine or inside features for Apple Intelligence instead of sending users to outside sources like Google, Yelp, or Meta. Branded Mail is a feature businesses can sign up for today before it starts rolling out to users later this year, potentially making emails easier to identify in a sea of unread messages.

Additionally, if companies opt into Business Caller ID, Apple will display their name, logo, and department on an iPhone's inbound call screen. This feature should come in handy when you're trying to figure out whether the random number that's calling you is spam, or if it's a legitimate business. It will start rolling out next year. A smaller update coming to Apple's Tap to Pay service will let companies show their logo when accepting payments instead of just displaying a category icon. You can read more about it in Apple's press release.

An anonymous reader quotes a report from 404 Media: The code that runs Redbox DVD rental machines has been dumped online, and, in the wake of the company's bankruptcy, a community of tinkerers and reverse engineers are probing the operating system to learn how it works. Naturally, one of the first things people did was make one of the machines run Doom. As has been detailed in several great articles elsewhere, the end of Redbox has been a clusterfuck, with pharmacies, grocery stores, and other retailers stuck with very large, heavy, abandoned DVD rental kiosks. To many people's surprise, many of the kiosks remain operational even with the bankruptcy of Redbox's parent company, which has led some people to "liberate" DVDs from the abandoned kiosks. Reddit is full of posts by people who say they have taken dozens of DVDs from kiosks all over the country. Free DVDs is one thing. But in recent days, people have realized that they can, in some cases, get free Redbox kiosks. In an August filing, Walgreens told the bankruptcy court that it has 5,400 abandoned kiosks at its stores, and that it is spending $184,000 a month keeping them powered. "Walgreens should not be required to continue to 'store' and power Redbox kiosks across the country without any form of payment," the company wrote. And so tinkerers and reverse engineers have begun asking stores whether they can take the devices off their hands. There are also posts on Reddit by contractors who are selling them, and I was able to find various Redbox DVD kiosks being advertised for sale on Facebook Marketplace. (There are far more listings on Facebook Marketplace from people who have obtained hundreds or thousands of Redbox DVDs and are now selling them.)

Recently the operating system for Redbox kiosks was dumped online, and this community is now probing it to see how it works. In a thread on Mastodon, reverse engineer Foone Turing has been posting some of her findings, which include the fact that Redbox machines contain a file that has "a complete list of titles ever rented, and the email addresses of the people who rented them, and where and when." She also found that the first six and last four digits of credit card information was logged. She said that the records on the particular unit that she was looking at contained 2,471 different transactions and had records on it dating back to 2015. Other reverse engineers have found that Redbox kiosks contained information about the physical locations of every other kiosk. The server that they communicated with is currently offline (because the company is bankrupt). But people have also been putting together information about what different error codes in the software mean (for example, the error code "0020BDT" would happen when an obstruction was detected in the machine). They have also found and dumped service manuals for different parts of the device and have found a few login passwords (one password is "US#1Choice4movierentals"). [...] There has also been discussion about how the machines could be modified to talk to a new server, or whether the operating system could be put on a DIY Redbox device. Another person installed Minecraft on their Redbox. It is still very early days, but, with the bankruptcy of Redbox's parent company, ironically these devices are being given new life.

The number of sites identified as potentially having been polluted with banned cancer-causing "forever chemicals" in England is on the rise, and the Environment Agency (EA) says it does not have the budget to deal with them. From a report: A former RAF airfield in Cambridgeshire and a fire service college in the Cotswolds have joined a chemicals plant in Lancashire and a fire protection equipment supplier in North Yorkshire on the agency's list of "problem sites" for per- and polyfluoroalkyl substances (PFAS). In total, according to a report compiled for the agency, there could be more than 10,000 locations in England contaminated with PFAS -- substances that have been linked to a wide range of diseases including cancers, and which do not break down in the environment, earning them the nickname "forever chemicals." But to date the agency is only taking action on four sites.

[...] In an email sent to Defra in May, the agency says there are "funding pressures this year to take on all the inspection work we have been asked to do" relating to "PFAS and the two new potential site inspection requests we have accepted for AGC and Duxford." "These are the first requests we have had for many years and the very high cost of analysing for PFAS is beginning to get frightening,â the agency wrote. The "ballpark estimate of costs to carry out ... investigations on four PFAS problem sites ... has just come out at between $2.3m-$3.5m. We aren't planning to spend anything like [that], certainly not immediately but it does put the total value of our contaminated land budget of $392k plus $262k from [the chemicals funding stream] into context."

In a David vs. Goliath legal battle, AI powerhouse OpenAI is squaring off against a little-known entrepreneur who claims he conceived the company's name and mission months before its star-studded launch. Guy Ravine, a self-taught programmer with a history of near-misses in tech, registered the domain open.ai in March 2015. He envisioned a collaborative platform to develop artificial general intelligence (AGI) for the benefit of humanity. By year's end, Ravine had pitched his "Open AI" concept to industry luminaries and filed for a trademark. Then, in December 2015, Sam Altman and Greg Brockman announced the creation of OpenAI, backed by a promised billion dollars from Elon Musk and others.

The similarity was uncanny -- a non-profit aimed at developing AGI for the public good. "What the f---?" Ravine recalls thinking. He claims his idea was stolen, while OpenAI dismisses him as an opportunistic "troll" and a "fraud." The ensuing legal battle has consumed Ravine's life, Bloomberg Businessweek covers in great detail, and has raised thorny questions about idea ownership in Silicon Valley. It also casts a shadow over OpenAI's origin story as the company, now valued at $157 billion, shifts from its non-profit roots to a for-profit juggernaut. "It's humanity's asset," Ravine insists. "It's not his [Altman's] asset." For now, a judge has barred Ravine from using "Open AI" while the suit proceeds, but the inventor has vowed to fight on against what he calls "the most feared law firm in the world." An amusing excerpt from the story: But Ravine had poked the bear, and as he packed up his house on Aug. 11, 2023, he opened an email from a lawyer at the firm Quinn Emanuel Urquhart & Sullivan LLP, informing him that OpenAI was suing him in federal court over the domain and trademark. "I'm like, what the f---?" Ravine recalls. Altman, he says, "could have had it for free" -- or at least for the cost of a donation. "Instead, he decided to donate millions of dollars to literally the most feared law firm in the world, to sue me."

Again and again in our conversations, he returns to that phrase: "the most feared law firm in the world." Finally, I ask him how he knows this. He turns his laptop toward me and pulls up the email. The signature reads "Quinn Emanuel Urquhart & Sullivan LLP: Most Feared Law Firm in the World."

A new study reveals that the human sense of smell is far more sensitive than previously thought, capable of distinguishing odors and their sequences within just 60 milliseconds. CNN reports: In a single sniff, the human sense of smell can distinguish odors within a fraction of a second, working at a level of sensitivity that is "on par" with how our brains perceive color, "refuting the widely held belief that olfaction is our slow sense," a new study finds. Humans also can discern between various sequences of odors -- distinguishing a sequence of "A" before "B" from sequence "B" before "A" -- when the interval between odorant A and odorant B is merely 60 milliseconds, according to the study, published Monday in the journal Nature Human Behavior. [...]

The new findings challenge previous research in which the timing it took to discriminate between odor sequences was around 1,200 milliseconds, Dr. Dmitry Rinberg, a professor in the Department of Neuroscience and Physiology at NYU Langone Health in New York, wrote in an editorial accompanying the study in Nature Human Behavior. "The timing of individual notes in music is essential for conveying meaning and beauty in a melody, and the human ear is very sensitive to this. However, temporal sensitivity is not limited to hearing: our sense of smell can also perceive small temporal changes in odor presentations," he wrote. "Similar to how timing affects the perception of notes in a melody, the timing of individual components in a complex odor mixture that reaches the nose may be crucial for our perception of the olfactory world."

The ability to tell apart odors within a single sniff might be an important way in which animals detect both what a smell is and where it might be in space, said Dr. Sandeep Robert Datta, a professor in the Department of Neurobiology at Harvard Medical School, who was not involved in the new study. "The demonstration that humans can tell apart smells as they change within a sniff is a powerful demonstration that timing is important for smell across species, and therefore is a general principle underlying olfactory function. In addition, this study sheds important light on the mysterious mechanisms that support human odor perception," Datta wrote in an email. "The study of human olfaction has historically lagged that of vision and hearing, because as humans we think of ourselves as visual creatures that largely use speech to communicate," he said, adding that the new study helps "fill a critical gap in our understanding of how we as humans smell."

"Some prominent privacy advocates are encouraging customers to pull their data" from 23andMe, reports SFGate.

But can you actually do that? 23andMe makes it easy to feel like you've protected your genetic footprint. In their account settings, customers can download versions of their data to a computer and choose to delete the data attached to their 23andMe profile. An email then arrives with a big pink button: "Permanently Delete All Records." Doing so, it promises, will "terminate your relationship with 23andMe and irreversibly delete your account and Personal Information."

But there's another clause in the email that conflicts with that "terminate" promise. It says 23andMe and whichever contracted genotyping laboratory worked on a customer's samples will still hold on to the customer's sex, date of birth and genetic information, even after they're "deleted." The reason? The company cites "legal obligations," including federal laboratory regulations and California lab rules. The federal program, which sets quality standards for laboratories, requires that labs hold on to patient test records for at least two years; the California rule, part of the state's Business and Professions Code, requires three. When SFGATE asked 23andMe vice president of communications Katie Watson about the retention mandates, she said 23andMe does delete the genetic data after the three-year period, where applicable...

Before it's finally deleted, the data remains 23andMe property and is held under the same rules as the company's privacy policy, Watson added. If that policy changes, customers are supposed to be informed and asked for their consent. In the meantime, a hack is unfortunately always possible. Another 23andMe spokesperson, Andy Kill, told SFGATE that [CEO Anne] Wojcicki is "committed to customers' privacy and pledges to retain the current privacy policy in force for the foreseeable future, including after the acquisition she is currently pursuing."
An Electronic Frontier Foundation privacy lawyer tells SFGate there's no information more personal than your DNA. "It is like a Social Security number, it can't be changed. But it's not just a piece of paper, it's kind of you."

He urged 23andMe to leave customers' data out of any acquisition deals, and promise customers they'd avoid takeover attempts from companies with bad security — or with ties to law enforcement.

The Wall Street Journal delves into the origin story of that teenaged Grand Theft Auto VI leaker. Arion Kurtaj, now 19 years old, is the most notorious name that has emerged from a sprawling set of online communities called the Com... Their youthful inventiveness and tenacity, as well as their status as minors that make prosecution more complicated, have made the Com especially dangerous, according to law-enforcement officials and cybersecurity investigators. Some kids, they say, are recruited from popular online spaces like Minecraft or Roblox.... [William McKeen, a supervisory special agent with the FBI's Cyber Division] said the average age of anyone arrested for a crime in the U.S. is 37, while the average age of someone arrested for cybercrime is 19. Cybersecurity investigators have found posts they say suggest Kurtaj has been involved in online attacks since he was 11.
"He had limited social skills and trouble developing relationships, records say — and ultimately looked for approval in the booming world of cybercrime..." [When Kurtaj was 14] he landed in a residential school serving children with severe emotional and behavioral needs. Kurtaj was physically assaulted by a staff member at his school who was later convicted as a result, according to a person familiar with the case. In early 2021, his mother brought him home and removed him from government care, court records say. He never returned to school. He was 16.

A month after his mother pulled him out of school, investigators say that Kurtaj was part of a hacking group called Recursion Team that broke into the videogame firm Electronic Arts and stole 780 gigabytes of data. When Electronic Arts refused to engage, they dumped the stolen data online. Within a week of that hack, investigators had identified Kurtaj and provided his name to the FBI. Later in that summer of 2021, according to court records, Kurtaj partnered with another teenager, known as ASyntax, and several Brazilian hackers, and started calling themselves Lapsus$. The group hacked into the British telecommunications giant BT in an effort to steal money using a technique called SIM swapping... The hacks weren't always for money. In late 2021, Lapsus$ hacked into a website operated by Brazil's Ministry of Health and deleted the country's database of Covid vaccinations, according to law enforcement...

If the Com has a social center, it's a website called Doxbin, where users publish personal details, such as home addresses and phone numbers, of their online rivals in an attempt to intimidate each other. Kurtaj bought Doxbin in November 2021 for $75,000, according to Chainalysis. But after a few months, the previous owners accused Kurtaj of mismanaging the site and pressured him to sell it back. He relented. Then in January 2022, cybersecurity investigators say, he doxxed the entire site, publishing a database that included usernames, passwords and email addresses that he'd downloaded when he was the owner. For cybersecurity experts, it was a gold mine. "It helped investigators piece together which crimes were done by who," said Allison Nixon, chief research officer at Unit 221B, an online investigations firm.

Doxbin's owners responded with a dox of Kurtaj and his family, including his home address and photos of him, investigators say — setting up the chain of events that would put Kurtaj in the Travelodge.
After two weeks of "protective custody" there — during which time he was supposed to be computer-free — Kurtaj "was arrested a third time and charged with hacking, fraud and blackmail. Authorities said that while at the Travelodge, he broke into Uber and taunted the company by posting a link to a photo of an erect penis on the company's internal Slack messaging system, then stole software and videos from Rockstar Games. Stolen clips had popped up in a Grand Theft Auto discussion forum from a user named teapotuberhacker and stirred a frenzy.

"As officers collected evidence, the teen stood by, emotionless, police say...."

"Kurtaj's lawyers and some experts on autism have said a potential lifetime of incarceration isn't appropriate for a teenager like Kurtaj..."

Thanks to long-time Slashdot reader SpzToid for sharing the article.

Thursday the Associated Press reported: One of the two companies that manufacture high-purity quartz used for making semiconductors and other high-tech products from mines in a western North Carolina community severely damaged by Hurricane Helene is operating again. Sibelco announced on Thursday that production has restarted at its mining and processing operations in Spruce Pine, located 50 miles (80 kilometers) northeast of Asheville. [Per Wikipedia, its pre-hurricane population was 2,175.] Production and shipments are progressively ramping up to full capacity, the company said in a news release.

"While the road to full recovery for our communities will be long, restarting our operations and resuming shipments to customers are important contributors to rebuilding the local economy," Sibelco CEO Hilmar Rode said... A Spruce Pine council member said recently that an estimated three-quarters of the town has a direct connection to the mines, whether through a job, a job that relies on the mines or a family member who works at the facilities.
An announcement last week from Sibelco attributed its resilience to their long-standing commitment to sustainability, "which includes measures to mitigate the impact of extreme weather events such as Hurricane Helene." Initial assessments indicated their operating facilities sustained only minor damage.

And "the company previously announced that all its employees are safe," Sibelco reaffirmed in its announcement Thursday: Sibelco, with support from its contractors, has been contributing to the local recovery efforts by clearing debris, repairing roads, providing road building materials to the North Carolina Department of Transportation, installing temporary power generators for emergency shelters and local businesses, and working with the town of Spruce Pine to restart water supply to residents.

Additionally, Sibelco has incorporated the Sibelco Spruce Pine Foundation to further support the community's recovery. The company previously announced that it is making an immediate $1 million donation as seed money for the foundation. Anyone interested in learning more or contributing to this initiative should contact the foundation by email or by visiting our website for additional information and donation opportunities.

A group of Wikipedia editors have formed WikiProject AI Cleanup, "a collaboration to combat the increasing problem of unsourced, poorly-written AI-generated content on Wikipedia." From a report: The group's goal is to protect one of the world's largest repositories of information from the same kind of misleading AI-generated information that has plagued Google search results, books sold on Amazon, and academic journals. "A few of us had noticed the prevalence of unnatural writing that showed clear signs of being AI-generated, and we managed to replicate similar 'styles' using ChatGPT," Ilyas Lebleu, a founding member of WikiProject AI Cleanup, told me in an email. "Discovering some common AI catchphrases allowed us to quickly spot some of the most egregious examples of generated articles, which we quickly wanted to formalize into an organized project to compile our findings and techniques."

In many cases, WikiProject AI Cleanup finds AI-generated content on Wikipedia with the same methods others have used to find AI-generated content in scientific journals and Google Books, namely by searching for phrases commonly used by ChatGPT. One egregious example is this Wikipedia article about the Chester Mental Health Center, which in November of 2023 included the phrase "As of my last knowledge update in January 2022," referring to the last time the large language model was updated.

An anonymous reader quotes a report from Ars Technica: On Wednesday, NYC-based software developer Nick Spreen received a surprising alert on his iPhone 15 Pro, delivered through an early test version of Apple's upcoming Apple Intelligence text message summary feature. "No longer in a relationship; wants belongings from the apartment," the AI-penned message reads, summing up the content of several separate breakup texts from his girlfriend -- that arrived on his birthday, no less. Spreen shared a screenshot of the AI-generated message in a now-viral tweet on the X social network, writing, "for anyone who's wondered what an apple intelligence summary of a breakup text looks like." Spreen told Ars Technica that the screenshot does not show his ex-girlfriend's full real name, just a nickname.

This summary feature of Apple Intelligence, announced by the iPhone maker in June, isn't expected to fully ship until an iOS 18.1 update in the fall. However, it has been available in a public beta test of iOS 18 since July, which is what Spreen is running on his iPhone. It works akin to something like a stripped-down ChatGPT, reading your incoming text messages and delivering its own simplified version of their content. On X, Spreen replied to skepticism over whether the message was real in a follow-up post. "Yes this was real / yes it happened yesterday / yes it was my birthday," Spreen wrote. In response to a question about it being a fair summary of his girlfriend's messages, he wrote, "it is."

We reached out to Spreen directly via email and he delivered his own summary of his girlfriend's messages. "It was something along the lines of i can't believe you just did that, we're done, i want my stuff. we had an argument in a bar and I got up and left, then she sent the text," he wrote. How did he feel about getting the news via AI summary? "I do feel like it added a level of distance to it that wasn't a bad thing," he told Ars Technica. "Maybe a bit like a personal assistant who stays professional and has your back even in the most awful situations, but yeah, more than anything it felt unreal and dystopian."

BleepingComputer's Lawrence Abrams: Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

The man identified as Bitcoin creator Satoshi Nakamoto in a new HBO documentary has something to say: Wrong again, world. From a report: In the just-released HBO film on the history of the world's biggest digital currency -- Money Electric: The Bitcoin Mystery -- documentary filmmaker Cullen Hoback comes to the conclusion that the anonymous creator of Bitcoin was none other than a long-time member of the community and early Bitcoin developer Peter Todd. Todd dismissed the claim in the documentary, released yesterday, and denied it again when asked by The Register.

"[Hoback's] evidence for me being Satoshi is the same kind of coincidence-based, circumstantial thinking that fuels conspiracies like QAnon," Todd told us in an email. "Which is ironic, given that [Hoback's] previous big project was a documentary on QAnon. He clearly didn't try to debunk his theories either." Hoback's previous project -- Q: Into the Storm -- aimed to unmask the person behind QAnon, perhaps giving him an interest in uncovering the identity of Satoshi Nakamoto. Todd, however, thinks Hoback was just trying to drum up interest in his new film.

"I think [Hoback] only included the Satoshi claim as a marketing ploy: he was really creating a documentary about Bitcoin, and needed a hook to get media attention," Todd said. "He picked me to accuse mainly because I was an unlikely candidate, which helped drum up even more attention. I don't think he had any interest in finding the real truth."

A new HBO documentary claims Canadian developer Peter Todd is Satoshi Nakamoto, the pseudonymous founder of bitcoin. The documentary's director, Emmy-nominated filmmaker Cullen Hoback, "comes to the conclusion by stitching together old clues and new ones," reports Politico. In the film's finale, Hoback confronted Todd and said: "It seems like you had these deep insights into bitcoin at the time?" Todd replies: "Well, yeah, I'm Satoshi Nakamoto." From the report: The admission, however, is not necessarily a smoking gun. Todd, who is a vocal backer of Ukraine and Israel on his X feed, is known to invoke the claim "I am Satoshi" as an expression of solidarity with the creator's bid for privacy. In an email to CoinDesk prior to the documentary's release, Todd reportedly denied he was the bitcoin creator: "Of course I'm not Satoshi," he said. If Todd is widely accepted as bitcoin's creator, the revelation would end more than a decade of speculation over the identity of a person whose work spawned a global, multibillion-dollar craze for digital currencies: a mania that has pushed back the frontiers of finance but also enabled widespread fraud and other illicit activities.

Todd is not unknown to enthusiasts of the stateless money system. As a longstanding bitcoin core developer known for communicating publicly with "Satoshi" before his disappearance from crypto forums in 2010, his name has always carried weight in the community. But he was rarely considered a prime suspect. A 39-year-old graduate of Ontario College of Art and Design in Toronto, Todd would have been 23 when the famous bitcoin white paper that first laid out the vision for the decentralized money system was being completed. Todd previously told a podcast he was about 15 years old when he first started communicating with key crypto influencers, known as the cypherpunks. "In investigations like these, digital forensics can only take you so far; they're like a compass," Hoback told POLITICO before the documentary aired. "Real answers can only be found offline."

An anonymous reader quotes a report from TechCrunch: U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers' personal information and transaction data during a cyberattack last month. The company said in a statement Monday that an unauthorized third party "accessed and acquired" customer data during the cyberattack on September 20. The cyberattack -- the nature of which remains unknown -- sparked a week-long outage that resulted in the company's website and app falling offline. MoneyGram says it serves over 50 million people in more than 200 countries and territories each year.

The stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. The data also includes a "limited number" of Social Security numbers and government identification documents, such as driver's licenses and other documents that contain personal information, like utility bills and bank account numbers. MoneyGram said the types of stolen data will vary by individual. MoneyGram said that the stolen data also included transaction information, such as dates and amounts of transactions, and, "for a limited number of consumers, criminal investigation information (such as fraud)."

An anonymous reader shared this post from the blog It's FOSS It has been more than two years since K-9 Mail (an open-source email client for Android) joined the Mozilla Thunderbird project. Instead of making a new mobile app from scratch, Mozilla decided to convert K-9 Mail slowly into the new Thunderbird Android app.

While we have known about it for some time now, we finally have something to test: Thunderbird for Android (Beta). Mozilla is looking for users to test it and plans a stable release at the end of October. The new Thunderbird app is now available on the Play Store as a beta version for user testing. So, we are closer to the stable launch than ever before.
The article includes a few screenshots of the app...

"For the functionality side, you can expect things like light/dark theme, email signature, unified inbox, ability to enable/disable contact pictures, threaded view, and opt out of data usage collection for privacy..."