"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.

couchslug shares a report from ITPro: A European cloud trade body has called for an investigation into Broadcom amid concerns over changes it has made to VMware licensing structures. The Cloud Infrastructure Service Providers in Europe (CISPE) consortium called on regulatory and legislative bodies across Europe to investigate the changes Broadcom has made to the VMware operating model, which it says will "decimate" the region's cloud infrastructure. "CISPE calls upon regulators, legislators and courts across Europe to swiftly scrutinize the actions of Broadcom in unilaterally canceling license terms for essential virtualization software," the trade body said in a statement. Since acquiring VMware in November 2023, Broadcom has embarked on a comprehensive overhaul of software licensing at the firm, which has drawn widespread criticism from customers. Broadcom stated it would continue to support customers under a perpetual licensing agreement for the period defined in the contract, but following this customers would need to exchange any remaining licenses for subscription-based products. This has left both cloud service vendors and customers in limbo, according to CISPE, without any solid information on how, when, or if they will be able to license VMware products essential for their operations from April 2024. Moreover, even if they are able to relicense the VMware software, a number of customers reported dramatic price hikes of as much as 12 times.

CISPE's characterisation of the move was far less charitable, arguing Broadcom is using VMware's market dominance, controlling almost 45% of the virtualization market, to charge exorbitant rents from cloud providers. Several CISPE members admitted that without the ability to license VMware products they will be unable to operate and will go bankrupt, with some stating that over 75% of their revenue depends on VMware virtualization tech. Members added that they often received termination notices late, if at all, with short notice periods that spanned just a few weeks. In addition, CISPE also complained about the decision to remove hundreds of products without any notice, and re-bundle the outstanding products under new prohibitive contract terms, despite there being no changes to the products themselves. Francisco Mingorance, secretary general of CISPE, said the changes will hurt both European customers and cloud service providers by increasing costs and reducing choice. At a time when our members are moving to support the requirements for switching and portability between cloud services outlined in the Data Act, Broadcom is holding the sector to ransom by leveraging VMware's dominance of the virtualization sector to enforce unfair license terms and extract unfair rents from European cloud customers," Mingorance said.

CISPE noted that for some cloud sector applications that require certifications by software or service providers, VMware products are the only viable option. As such, the association called for Broadcom to be recognized as a designated gatekeeper under the terms of the Digital Markets Act (DMA) that came into force on March 7, 2024. Mingorance argued Broadcom's moves will only further restrict an already limited set of options for cloud providers in Europe, warning that Broadcom has a dangerous degree of control over the region's digital ecosystems. "As well as inflicting financial damage on the European digital economy, these actions will decimate Europe's independent cloud infrastructure sector and further reduce the diversity of choice for customers," he explained. "Dominant software providers, in any sector from productivity software to virtualization, must not be allowed to wield life or death power over Europe's digital ecosystems."

An anonymous reader writes: Reddit priced its stock on Wednesday at $34 a share, the top of the anticipated range, a signal that investors are excited about the company's IPO on Thursday. The social media giant raised nearly $500 million in the offering. Excluding employee stock options, the 19-year old company's valuation will start at $5.4 billion, a far cry from its last private market value of $10 billion, set in August 2021, the top of the last tech markets boom. The stock, which is the most anticipated offering of the year so far, will debut on New York Stock Exchange on Thursday with the ticker symbol "RDDT."

Two investment advisors have reached settlements with the US Securities and Exchange Commission for allegedly exaggerating their use of AI, which in both cases were purported to be cornerstones of their offerings. From a report: Canada-based Delphia and San Francisco-headquartered Global Predictions will cough up $225,000 and $175,000 respectively for telling clients that their products used AI to improve forecasts. The financial watchdog said both were engaging in "AI washing," a term used to describe the embellishment of machine-learning capabilities.

"We've seen time and again that when new technologies come along, they can create buzz from investors as well as false claims by those purporting to use those new technologies," said SEC chairman Gary Gensler. "Delphia and Global Predictions marketed to their clients and prospective clients that they were using AI in certain ways when, in fact, they were not." Delphia claimed its system utilized AI and machine learning to incorporate client data, a statement the SEC said it found to be false.

"Delphia represented that it used artificial intelligence and machine learning to analyze its retail clients' spending and social media data to inform its investment advice when, in fact, no such data was being used in its investment process," the SEC said in a settlement order. Despite being warned about suspected misleading practices in 2021 and agreeing to amend them, Delphia only partially complied, according to the SEC. The company continued to market itself as using client data as AI inputs but never did anything of the sort, the regulator said.

Sam Bankman-Fried should spend between 40 and 50 years in prison after being convicted for stealing $8 billion from customers of his now-bankrupt FTX cryptocurrency exchange, prosecutors said on Friday. From a report: "His life in recent years has been one of unmatched greed and hubris; of ambition and rationalization; and courting risk and gambling repeatedly with other people's money," federal prosecutors in Manhattan wrote. "And even now Bankman-Fried refuses to admit what he did was wrong." A jury found Bankman-Fried, 32, guilty in November on seven counts of fraud and conspiracy.

Lawyers for the former billionaire told U.S. District Judge Lewis Kaplan that a 5-1/4 to 6-1/2 year prison term would be appropriate. They said FTX clients would get most of their money back, and that Bankman-Fried did not set out to steal. Kaplan is scheduled to sentence Bankman-Fried on March 28 in Manhattan federal court. Bankman-Fried plans to appeal his conviction and sentence.

Roman Sterlingov, the founder of a $400 million crypto-mixing service called Bitcoin Fog, has been convicted of money laundering in a United State District Court on Tuesday. Other charges include money laundering conspiracy, operating an unlicensed money-transmitting business, and violations of the D.C. Money Transmitters Act. CoinTelegraph reports: Sterlingov, however, had argued throughout the trial that he was only a user of the service, and not its operator. His attorney, Tok Ekeland said in a March 12 X post that his team will appeal the verdict. According to evidence presented at the trial, Sterlingov operated Bitcoin Fog from October 2011 to April 2021, which acted as a money laundering service for "criminals seeking to hide their illicit proceeds from law enforcement."

The service moved over 1.2 million Bitcoin over the decade-long operation -- worth $400 million at the time of the transactions -- with the bulk of cryptocurrency coming from darknet marketplaces tied to narcotics, computer fraud abuse and identity theft, the government said. Bitcoin Fog also served distributors of child sexual abuse material. Evidence used to convict Sterlingov found that the "vast majority" of crypto deposited to his crypto exchange accounts came from "Bitcoin clusters" associated with Bitcoin Fog. "Evidence presented at trial clearly showed that the defendant laundered hundreds of millions of illicit funds from the dark web through Bitcoin Fog in an attempt to conceal the origin of those funds," said Internal Revenue Service (IRS) Criminal Investigation Chief Jim Lee.

Two top executives from the crypto exchange Binance have been arrested in Nigeria for allegedly destabilizing the national currency. Quartz reports: According to a Wall Street Journal report, Tigran Gambaryan, head of financial-crime compliance at Binance who previously worked at the U.S. Internal Revenue Service (IRS), and Nadeem Anjarwalla, a British-Kenyan national and Binance's regional manager for Africa, have been held against their will for the past two weeks in the country. As per reports, Nigerian government officials invited Binance executives to discuss an ongoing dispute about the world's largest crypto exchange allegedly driving down the value of their national currency. Gambaryan and Anjarwalla arrived in Nigeria on February 25th; after their meeting with government officials, both were taken to their hotels. Later, they were instructed to pack their belongings and move to a guesthouse run by Nigeria's National Security Agency, as stated by their families, per reports.

The Nigerian government has accused Binance of exacerbating the country's foreign exchange challenges through rate manipulation for profit. The authorities have also accused the crypto exchange of illegal operations and have restricted access to the company's website. There are also reports that Nigeria sought a $10 billion penalty from Binance for processing around $26 billion in untraceable funds in the country. [...] The reason why and how Nigeria's economic crisis is linked with Binance is yet to be found out. Binance is hoping to resolve the matter soon, according to CoinDesk. The report notes that Nigeria is experiencing its worst economic crisis in recent years due to inflation and the devaluation of their currency, the naira.

The U.S. Securities and Exchange Commission on Wednesday approved a rule that will require some public companies to report their greenhouse gas emissions and climate risks, after last-minute revisions that weakened the directive in the face of strong pushback from companies. From a report: The rule was one of the most anticipated in recent years from the nation's top financial regulator, drawing more than 24,000 comments from companies, auditors, legislators and trade groups over a two-year process. It brings the U.S. closer to the European Union and California, which moved ahead earlier with corporate climate disclosure rules.

The SEC rule passed 3-2, with three Democratic commissioners supporting it and two Republicans opposed. Since the SEC proposed a rule two years ago, experts had said it was likely to face litigation almost immediately. SEC Chairman Gary Gensler, one of the Democrats, acknowledged that was a factor the agency considered as it worked toward a final rule. "We've seriously considered what people have said about our legal authorities," Gensler said on Wednesday.

Bitcoin surged to a record as demand from new US exchange-traded funds and a looming reduction in the token's supply growth fuel a breathtaking rebound in the original cryptocurrency. From a report: The largest digital asset rose as much as 2.5% to $69,191.95 as of 10:10 a.m. Tuesday in New York. Bitcoin has climbed about 62% so far in 2024, outperforming global stocks and spreading optimism across the digital-asset market.

In an ironic twist, Bitcoin owes much of its resurgence to a regulator long-viewed as hostile to crypto: the US Securities and Exchange Commission. The SEC approved spot-Bitcoin exchange-traded funds in early January after suffering a legal defeat last year in its attempt to reject them. The move has widened the mass-market accessibility of Bitcoin, helping the crypto sector to turn the page following a bear market in 2022 and a string of subsequent bankruptcies, including the implosion of Sam Bankman-Fried's FTX exchange.

An anonymous reader quotes a report from NPR: ExxonMobil faces dozens of lawsuits from states and localities alleging the company lied for decades about its role in climate change and the dangers of burning fossil fuels. But now, ExxonMobil is going on the offensive with a lawsuit targeting investors who want the company to slash pollution that's raising global temperatures. Investors in publicly-traded companies like ExxonMobil try to shape corporate policies by filing shareholder proposals that are voted on at annual meetings. ExxonMobil says it's fed up with a pair of investor groups that it claims are abusing the system by filing similar proposals year after year in an effort to micromanage its business.

ExxonMobil's lawsuit points to growing tensions between companies and activist investors calling for corporations to do more to shrink their climate impact and prepare for a hotter world. Interest groups on both sides of the case say it could unleash a wave of corporate litigation against climate activists. It is happening at a time when global temperatures continue to rise, and corporate analysts say most companies aren't on track to meet targets they set to reduce their heat-trapping emissions. "Exxon is really upping the ante here in a big way by bringing this case," says Josh Zinner, chief executive of an investor coalition called the Interfaith Center on Corporate Accountability, whose members include a defendant in the ExxonMobil case. "Other companies could use this tactic not just to block resolutions," Zinner says, "but to intimidate their shareholders from even bringing these [climate] issues to the table."

ExxonMobil said in an email that it is suing the investor groups Arjuna Capital and Follow This because the U.S. Securities and Exchange Commission (SEC) isn't enforcing rules governing when investors can resubmit shareholder proposals. A court is the "the right place to get clarity on SEC rules," ExxonMobil said, adding that the case "is not about climate change." Other corporations are watching ExxonMobil's case, says Charles Crain, a vice president at the National Association of Manufacturers, which represents ExxonMobil and other industrial companies. "If companies are decreasingly able to get the SEC to allow them to exclude proposals that are obviously politically motivated, then the next question is, well, can the courts succeed where the SEC has failed -- or, more accurately, not even tried?," Crain says. "The shareholder proposal from Arjuna and Follow This called for ExxonMobil to cut emissions faster from its own operations and from its supply chain, including the pollution that's created when customers burn its oil and natural gas," notes NPR. "That indirect pollution, known as Scope 3 emissions, accounts for 90% of ExxonMobil's carbon footprint."

"ExxonMobil says it is committed to cutting emissions from its operations. But the idea that activist investors like Arjuna and Follow This can quickly push the company out of the oil and gas business with new climate policies is 'simplistic and against the interests of the vast majority of ExxonMobil shareholders,' the company said in a court filing in Texas." The company added that while shareholders are entitled to submit proposals, they don't have "an unlimited right to put forth any proposal to do anything."

"Their intent is to advance their agenda rather than creating long-term value for shareholders," ExxonMobil said of Arjuna and Follow This.

Emily Shugerman reports via The Daily Beast: Gemini, the crypto startup owned by the Winklevoss twins, will have to return $1.1 billion to customers who lost money in their partnership with the now-bankrupt crypto lender Genesis. In a deal with the New York State Department of Financial Services, Gemini agreed to return the funds lost by customers of its Earn program, in which users could loan their crypto to Genesis in exchange for interest payments. According to the Department of Financial Services, Gemini "did not fully vet or sufficiently monitor [Genesis] throughout the life of Earn," and the company defaulted on its loans and then went bankrupt, leaving some 200,000 Earn customers empty-handed. "Gemini failed to conduct due diligence on an unregulated third party, later accused of massive fraud, harming Earn customers who were suddenly unable to access their assets after Genesis Global Capital experienced a financial meltdown," DFS Superintendent Adrienne A.Harris said in a statement. "Today's settlement is a win for Earn customers, who have a right to the assets they entrusted to Gemini."

In a tweet, Gemini said it was "pleased to announce that we have finally reached a settlement in principle with Genesis and other creditors in the Genesis Bankruptcy that will, if approved by the Bankruptcy Court, result in all Earn users receiving 100% of their digital assets back in kind." The DFS said Gemini would also pay $40 million to the Genesis bankruptcy for the benefit of Earn customers, as well as a $37 million fine for "significant failures that threatened the safety and soundness of the company."

Longtime Slashdot reader Kant shares a report from Euractiv: The European Parliament decided to ban Amazon representatives from accessing its buildings on Tuesday (February 27), due to multiple events where the global retailing giant did not attend meetings requested by members of the European Parliament, the European Parliament press service confirmed Euractiv. "In line with rule 123/3 and at the request of the [Employment and Social Affairs] Committee, the Quaestors have authorized the Secretary General [Alessandro Chiocchetti] to withdraw the long-term access badges of the interest representatives of Amazon." It is now the responsibility of the secretary general to concretely initiate the process of withdrawing their badges and to determine the duration of the ban, a European Parliament source close to the matter told Euractiv.

According to the EMPL chair Dragos Pislaru, who signed the letter, the US e-commerce company refuses to attend more than one meeting with EU lawmakers to discuss the condition of Amazon workers. Four cases are mentioned in the letter. The first occurred in May 2021, when Amazon did not attend a parliamentary committee meeting on "Amazon attacks on fundamental workers' rights and freedoms: freedom of assembly and association, and the right to collective bargain and action." The second event concerns the refusal by Amazon CEO Jeff Bezos to attend an exchange of views with EU lawmakers -- instead, the company sent a written answer. The last two episodes happened in December 2023 and January 2024. In the former event, Amazon refused access to its facilities in German and Poland to a MEP, while on the latter, the company did not attend another parliamentary committee meeting dedicated to Amazon workers' conditions. In a statement to Euractiv, an Amazon spokesperson said: "We are very disappointed with this decision, as we want to engage constructively with policymakers. [...] Our commitment continues despite this decision. Amazon regularly participates in activities organized by the European Parliament and other EU institutions -- including Parliamentary hearings -- and we remain committed to participating in balanced, constructive dialogue on issues that affect European citizens."

An anonymous reader quotes a report from Ars Technica: Convicted FTX fraudster Sam Bankman-Fried pleaded for a lenient prison sentence in a court filing yesterday, saying that he isn't motivated by greed and "is already being punished." Bankman-Fried requested a sentence of 63 to 78 months, or 5.25 to 6.5 years. Because of "Sam's charitable works and demonstrated commitment to others, a sentence that returns Sam promptly to a productive role in society would be sufficient, but not greater than necessary, to comply with the purposes of sentencing," the court filing (PDF) said. Bankman-Fried's filing also said that he maintains his innocence and intends to appeal his convictions.

A presentence investigation report (PSR) prepared by a probation officer recommended that Bankman-Fried be sentenced to 100 years in prison, according to the filing. "That recommendation is grotesque," SBF's filing said, arguing that it is based on an erroneously calculated loss of $10 billion. The $10 billion loss asserted in the PSR is "illusory" because the "victims are poised to recover -- were always poised to recover -- a hundred cents on the dollar" in bankruptcy proceedings, SBF's filing said. The filing urged the court to "reject the PSR's barbaric proposal" of 100 years, saying that such sentences should only be for "heinous conduct" like terrorism and child sexual abuse.

The founder and ex-CEO of cryptocurrency exchange FTX, Bankman-Fried was convicted on seven charges with a combined maximum sentence of 110 years after a monthlong trial in US District Court for the Southern District of New York. The charges included wire fraud and conspiracy to commit wire fraud, securities fraud, commodities fraud, and money laundering. US government prosecutors are required to make a sentencing recommendation by March 15, and US District Judge Lewis Kaplan is scheduled to issue a sentence on March 28.

Kalyeena Makortoff reports via The Guardian: US regulators have accused a man of making $1.8 million by trading on confidential information he overheard while his wife was on a remote call, in a case that could fuel arguments against working from home. The Securities and Exchange Commission (SEC) said it charged Tyler Loudon with insider trading after he "took advantage of his remote working conditions" and profited from private information related to the oil firm BP's plans to buy an Ohio-based travel centre and truck-stop business last year.

The SEC claims that Loudon, who is based in Houston, Texas, listened in on several remote calls held by his wife, a BP merger and acquisitions manager who had been working on the planned deal in a home office 20ft (6 meters) away. The regulator said Loudon went on a buying spree, purchasing more than 46,000 shares in the takeover target, TravelCenters of America, without his wife's knowledge, weeks before the deal was announced on 16 February 2023. TravelCenters's stock soared by nearly 71% after the deal was announced. Loudon then sold off all of his shares, making a $1.8m profit.

Loudon eventually confessed to his wife, and claimed that he had bought the shares because he wanted to make enough money so that she did not have to work long hours anymore. She reported his dealings to her bosses at BP, which later fired her despite having no evidence that she knowingly leaked information to her husband. She eventually moved out of the couple's home and filed for divorce.

Reddit has filed its initial public offering (IPO) with the SEC on Thursday. "The company plans to trade on the New York Stock Exchange under the ticker symbol 'RDDT,'" reports CNBC. From the report: Its market debut, expected in March, will be the first major tech initial public offering of the year. It's the first social media IPO since Pinterest went public in 2019. Reddit said it had $804 million in annual sales for 2023, up 20% from the $666.7 million it brought in the previous year, according to the filing. The social networking company's core business is reliant on online advertising sales stemming from its website and mobile app.

The company, founded in 2005 by technology entrepreneurs Alexis Ohanian and Steve Huffman, said it has incurred net losses since its inception. It reported a net loss of $90.8 million for the year ended Dec. 31, 2023, compared with a net loss of $158.6 million the year prior. [...] Reddit said it plans to use artificial intelligence to improve its ad business and that it expects to open new revenue channels by offering tools and incentives to "drive continued creation, improvements, and commerce." It's also in the early stages of developing and monetizing a data-licensing business in which third parties would be allowed to access and search data on its platform.

For example, Google on Thursday announced an expanded partnership with Reddit that will give the search giant access to the company's data to, among other uses, train its AI models. "In January 2024, we entered into certain data licensing arrangements with an aggregate contract value of $203.0 million and terms ranging from two to three years," Reddit said, regarding its data-licensing business. "We expect a minimum of $66.4 million of revenue to be recognized during the year ending December 31, 2024 and the remaining thereafter." On Wednesday, Reddit said it plans to sell a chunk of its IPO shares to 75,000 of its most loyal users.

In the high-stakes world of AI, "The fundamental agreement behind robots.txt [files], and the web as a whole — which for so long amounted to 'everybody just be cool' — may not be able to keep up..." argues the Verge: For many publishers and platforms, having their data crawled for training data felt less like trading and more like stealing. "What we found pretty quickly with the AI companies," says Medium CEO Tony Stubblebin, "is not only was it not an exchange of value, we're getting nothing in return. Literally zero." When Stubblebine announced last fall that Medium would be blocking AI crawlers, he wrote that "AI companies have leached value from writers in order to spam Internet readers."

Over the last year, a large chunk of the media industry has echoed Stubblebine's sentiment. "We do not believe the current 'scraping' of BBC data without our permission in order to train Gen AI models is in the public interest," BBC director of nations Rhodri Talfan Davies wrote last fall, announcing that the BBC would also be blocking OpenAI's crawler. The New York Times blocked GPTBot as well, months before launching a suit against OpenAI alleging that OpenAI's models "were built by copying and using millions of The Times's copyrighted news articles, in-depth investigations, opinion pieces, reviews, how-to guides, and more." A study by Ben Welsh, the news applications editor at Reuters, found that 606 of 1,156 surveyed publishers had blocked GPTBot in their robots.txt file.

It's not just publishers, either. Amazon, Facebook, Pinterest, WikiHow, WebMD, and many other platforms explicitly block GPTBot from accessing some or all of their websites.

On most of these robots.txt pages, OpenAI's GPTBot is the only crawler explicitly and completely disallowed. But there are plenty of other AI-specific bots beginning to crawl the web, like Anthropic's anthropic-ai and Google's new Google-Extended. According to a study from last fall by Originality.AI, 306 of the top 1,000 sites on the web blocked GPTBot, but only 85 blocked Google-Extended and 28 blocked anthropic-ai. There are also crawlers used for both web search and AI. CCBot, which is run by the organization Common Crawl, scours the web for search engine purposes, but its data is also used by OpenAI, Google, and others to train their models. Microsoft's Bingbot is both a search crawler and an AI crawler. And those are just the crawlers that identify themselves — many others attempt to operate in relative secrecy, making it hard to stop or even find them in a sea of other web traffic.

For any sufficiently popular website, finding a sneaky crawler is needle-in-haystack stuff.
In addition, the article points out, a robots.txt file "is not a legal document — and 30 years after its creation, it still relies on the good will of all parties involved.

"Disallowing a bot on your robots.txt page is like putting up a 'No Girls Allowed' sign on your treehouse — it sends a message, but it's not going to stand up in court."

An anonymous reader quotes a report from SFGate: Cisco, the San Jose-based networking and telecommunications giant, is laying off 5% of its workforce. The company announced the cuts in a Wednesday filing with the Securities and Exchange Commission, alongside its quarterly earnings report. Based on the company's reported head count, the layoffs will hit at least 4,000 workers. Cisco wrote in the filing that the cuts are aimed to "realign the organization and enable further investment in key priority areas."

Most of the cuts will go through this quarter, per the filing. Cisco estimated that severance payments and other termination benefits will cost the company $800 million. In a statement to SFGATE on Wednesday, Cisco spokesperson Robyn Blum cited "the cautious macro environment, our customers continuing to absorb high levels of product inventory, and ongoing weakness in the Service Provider market," as reasons for the layoff.

"The care of our people is a top priority, and we will provide impacted employees with career support and market-competitive severance packages," the statement continued.

Martin Hellman "achieved legendary status as co-inventor of the Diffie-Hellman public key exchange algorithm, a breakthrough in software and computer cryptography," notes a new interview in InfoWorld.

Nine years after winning the Turing award, the 78-year-old cryptologist shared his perspective on some other issues: What do you think about the state of digital spying today?

Hellman: There's a need for greater international cooperation. How can we have true cyber security when nations are planning — and implementing — cyber attacks on one another? How can we ensure that AI is used only for good when nations are building it into their weapons systems? Then, there's the grandaddy of all technological threats, nuclear weapons. If we keep fighting wars, it's only a matter of time before one blows up.

The highly unacceptable level of nuclear risk highlights the need to look at the choices we make around critical decisions, including cyber security. We have to take into consideration all participants' needs for our strategies to be effective....

Your battle with the government to make private communication available to the general public in the digital age has the status of folklore. But, in your recent book (co-authored with your wife Dorothie [and freely available as a PDF]), you describe a meeting of minds with Admiral Bobby Ray Inman, former head of the NSA. Until I read your book, I saw the National Security Agency as bad and Diffie-Hellman as good, plain and simple. You describe how you came to see the NSA and its people as sincere actors rather than as a cynical cabal bent on repression. What changed your perspective?

Hellman: This is a great, real-life example of how taking a holistic view in a conflict, instead of just a one-sided one, resolved an apparently intractable impasse. Those insights were part of a major change in my approach to life. As we say in our book, "Get curious, not furious." These ideas are effective not just in highly visible conflicts like ours with the NSA, but in every aspect of life.
Hellman also had an interesting answer when asked if math, game theory, and software development teach any lessons applicable to issues like nuclear non-proliferation or national defense.

"The main thing to learn is that the narrative we (and other nations) tell ourselves is overly simplified and tends to make us look good and our adversaries bad."

Former FTX customers "have reasons to believe they could actually recoup their money," reports CNBC: Bankman-Fried, who could spend the rest of his life behind bars, was found guilty in November on seven criminal counts after roughly $10 billion in customer funds from his company went missing. Some of that money went to pay for Bankman-Fried's lavish lifestyle, but much of it went towards other investments that have, of late, appreciated dramatically in value. Lawyers representing the bankruptcy estate of FTX told a judge in Delaware last week that they expect to fully repay customers and creditors with legitimate claims. Bankruptcy attorney Andrew Dietderich, who works with FTX's new leadership team, said "there is still a great amount of work and risk" ahead in getting all the money back to clients, but that the team has a "strategy to achieve it."

It's a welcome development for the many thousands of customers (reportedly up to a million) who collectively lost billions of dollars in FTX's collapse 15 months ago, when the crypto exchange spiraled into bankruptcy in a matter of days. Given the lightly regulated and unsecured nature of FTX — and the crypto industry at large — those clients faced the real possibility that the vast majority of their money had evaporated. Plenty of failed hedge funds and lenders lost virtually everything during the 2022 crypto winter... [C]rypto was mired in a bear market, with bitcoin trading at around $16,000. It's now above $47,000... FTX's bitcoin stash, which was worth $560 million at the time of the September report, is today valued north of $1 billion.

Bankman-Fried's investments weren't limited to crypto. He also used client money to back startups like Anthropic, the artificial intelligence company founded by ex-OpenAI employees. FTX invested $500 million in Anthropic in 2021, before the generative AI boom. Anthropic's valuation hit $18 billion in December 2023, which would value FTX's roughly 8% stake at about $1.4 billion.
CNBC suggests this could affect the length of Bankman-Fried's prison sentence (which will be determined next month).

There's now also a so-called "FTX IOU" market where investors are selling their debt, CNBC adds. "One financial firm that had lost around $100 million initially sold its FTX debt for 6 cents on the dollar in a new secondary market out of concern that he may never get a better deal. As of December, those claims were going for more than 70 cents on the dollar."

CNBC also reports that FTX "had been negotiating with bidders about a potential reboot of the company, but those efforts were scrapped last month."

An anonymous reader quotes a report from TechCrunch: AI-generated imagery and other forms of deepfakes depicting child sexual abuse (CSA) could be criminalized in the European Union under plans to update existing legislation to keep pace with technology developments, the Commission announced today. It's also proposing to create a new criminal offense of livestreaming child sexual abuse. The possession and exchange of "pedophile manuals" would also be criminalized under the plan -- which is part of a wider package of measures the EU says is intended to boost prevention of CSA, including by increasing awareness of online risks and to make it easier for victims to report crimes and obtain support (including granting them a right to financial compensation). The proposal to update the EU's current rules in this area, which date back to 2011, also includes changes around mandatory reporting of offenses.

Back in May 2022, the Commission presented a separate piece of CSA-related draft legislation, aiming to establish a framework that could make it obligatory for digital services to use automated technologies to detect and report existing or new child sexual abuse material (CSAM) circulating on their platforms, and identify and report grooming activity targeting kids. The CSAM-scanning plan has proven to be highly controversial -- and it continues to split lawmakers in the parliament and the Council, as well as kicking up suspicions over the Commission's links with child safety tech lobbyists and raising other awkward questions for the EU's executive, over a legally questionable foray into microtargeted ads to promote the proposal. The Commission's decision to prioritize the targeting of digital messaging platforms to tackle CSA has attracted a lot of criticism that the bloc's lawmakers are focusing in the wrong area for combatting a complex societal problem -- which may have generated some pressure for it to come with follow-on proposals. (Not that the Commission is saying that, of course; it describes today's package as "complementary" to its earlier CSAM-scanning proposal.) "Fast evolving technologies are creating new possibilities for child sexual abuse online, and raises challenges for law enforcement to investigate this extremely serious and wide spread crime," said Ylva Johansson, commissioner for home affairs, in a statement. "A strong criminal law is essential and today we are taking a key step to ensure that we have effective legal tools to rescue children and bring perpetrators to justice. We are delivering on our commitments made in the EU Strategy for a more effective fight against Child sexual abuse presented in July 2020."

The final shape of the proposals will be determined by the EU's co-legislators in the Parliament and Council. "If/when there's agreement on how to amend the current directive on combating CSA, it would enter into force 20 days after its publication in the Official Journal of the EU," adds TechCrunch.