According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...]

If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.

Apple is officially cutting support for progressive web apps for iPhone users in the European Union. While web apps have been broken for EU users in every iOS 17.4 beta so far, Apple has confirmed that this is a feature, not a bug. Commenting on Apple's move, Epic CEO Tim Sweeney tweeted: I suspect Apple's real reason for killing PWAs is the realization that competing web browsers could do a vastly better job of supporting PWAs -- unlike Safari's intentionally crippled web functionality -- and turn PWAs into legit, untaxed competitors to native apps.

samleecole shares a report from 404 Media: A trove of leaked emails shows how administrators of one of the most prestigious awards in science fiction censored themselves because the awards ceremony was being held in China. Earlier this month, the Hugo Awards came under fire with accusations of censorship when several authors were excluded from the awards, including Neil Gaiman, R. F. Kuang, Xiran Jay Zhao, and Paul Weimer. These authors' works had earned enough votes to make them finalists, but were deemed "ineligible" for reasons not disclosed by Hugo administrators. The Hugo Awards are one of the largest and most important science fiction awards. [...]

The emails, which show the process of compiling spreadsheets of the top 10 works in each category and checking them for "sensitive political nature" to see if they were "an issue in China," were obtained by fan writer Chris M. Barkley and author Jason Sanford, and published on fandom news site File 770 and Sanford's Patreon, where they uploaded the full PDF of the emails. They were provided to them by Hugo Awards administrator Diane Lacey. Lacey confirmed in an email to 404 Media that she was the source of the emails. "In addition to the regular technical review, as we are happening in China and the *laws* we operate under are different...we need to highlight anything of a sensitive political nature in the work," Dave McCarty, head of the 2023 awards jury, directed administrators in an email. "It's not necessary to read everything, but if the work focuses on China, taiwan, tibet, or other topics that may be an issue *in* China...that needs to be highlighted so that we can determine if it is safe to put it on the ballot of if the law will require us to make an administrative decision about it."

The email replies to this directive show administrators combing through authors' social media presences and public travel histories, including from before they were nominated for the 2023 awards, and their writing and bodies of work beyond just what they were nominated for. Among dozens of other posts and writings, they note Weimer's negative comments about the Chinese government in a Patreon post and misspell Zhao's name and work (calling their novel Iron Widow "The Iron Giant"). About author Naseem Jamnia, an administrator allegedly wrote, "Author openly describes themselves as queer, nonbinary, trans, (And again, good for them), and frequently writes about gender, particularly non-binary. The cited work also relies on these themes. I include them because I don't know how that will play in China. (I suspect less than well.)"

"As far as our investigation is concerned there was no reason to exclude the works of Kuang, Gaiman, Weimer or Xiran Jay Zhao, save for being viewed as being undesirable in the view of the Hugo Award admins which had the effect of being the proxies Chinese government," Sanford and Barkley wrote. In conjunction with the email trove, Sanford and Barkley also released an apology letter from Lacey, in which she explains some of her role in the awards vetting process and also blames McCarty for his role in the debacle. McCarty, along with board chair Kevin Standlee, resigned earlier this month.

Mark Tyson reports via Tom's Hardware: A serial burglar in Edina, Minnesota is suspected of using a Wi-Fi jammer to knock out connected security cameras before stealing and making off with the victim's prized possessions. [...] Edina police suspect that nine burglaries in the last six months have been undertaken with Wi-Fi jammer(s) deployed to ensure incriminating video evidence wasnâ(TM)t available to investigators. The modus operandi of the thief or thieves is thought to be something like this:

- Homes in affluent areas are found - Burglars carefully watch the homes - The burglars avoid confrontation, so appear to wait until homes are empty - Seizing the opportunity of an empty home, the burglars will deploy Wi-Fi jammer(s) - "Safes, jewelry, and other high-end designer items," are usually taken

A security expert interviewed by the source publication, KARE11, explained that the jammers simply confused wireless devices rather than blocking signals. They usually work by overloading wireless traffic âoeso that real traffic cannot get through,â the news site was told. [...] Worryingly, Wi-Fi jamming is almost a trivial activity for potential thieves in 2024. KARE11 notes that it could buy jammers online very easily and cheaply, with prices ranging from $40 to $1,000. Jammers are not legal to use in the U.S. but they are very easy to buy online.

Satoshi Nakamoto is the founding father of cryptocurrency -- and a mystery. In October 2008, Nakamoto gave Bitcoin to the world. Then they disappeared. To this day, nobody knows who Nakamoto is. Amongst the speculation, one man stepped forward: Craig Wright, an Australian computer scientist who has, since 2016, maintained that he is Nakamoto. Now he'll have to prove it in court. Wired: On February 5, a trial will begin in the UK High Court, the purpose of which is to challenge Wright's claim to Satoshi-hood. The case is being brought by the Crypto Open Patent Alliance (COPA), a nonprofit consortium of crypto and tech firms, in response to a slew of lawsuits filed by Wright against Bitcoin developers and other parties, in which he is trying to assert intellectual property rights over Bitcoin as its ostensible creator.

In its complaint, COPA claims that Wright's behavior has had a "chilling effect," obstructing the progress of Bitcoin by scaring away developers. It is seeking a declaration that Wright does not own the copyright to the white paper that first proposed Bitcoin and did not author the original code, and an injunction preventing him from saying otherwise. In effect, COPA is asking the court to rule that Wright is not Nakamoto. The verdict will have direct implications for a tangle of interlocking cases, which will determine whether Wright can prevent developers from working on Bitcoin without his permission and dictate the terms under which the Bitcoin system can be used.

Wright was first nominated as a potential candidate by both WIRED and Gizmodo on the same day in December 2015. The original story, based on a trove of leaked documents, proposed that Wright had "either invented Bitcoin or is a brilliant hoaxer who very badly wants us to believe he did." A few days later, WIRED published a second story, pointing to discrepancies in the evidence that supported the latter interpretation. Wright did not respond initially to reports that he was Nakamoto, although he did largely scrub his online accounts. By the following year, though, he had begun to present himself publicly as Bitcoin's creator. He has tried on multiple occasions -- through various means -- to categorically prove the claim, earning himself a band of supporters who swear by his credibility. In 2016, Wright was able to convince Gavin Andresen, an early contributor to Bitcoin's underlying software, and Jon Matonis, former director of the Bitcoin Foundation, an advocacy group.

An anonymous reader quotes a report from The Register: Broadcom is tossing the majority of VMware's Cloud Services Providers as part of its shakeup of the virtualization titan's partner programs, say sources, leaving customers unclear who their IT supplier will be. The $61 billion purchase of VMware by Broadcom in November was swiftly followed by news of how it planned to reorganize the business into several Broadcom divisions. A month later we revealed that Broadcom intended to discontinue VMware's channel program, and that some solution providers/ resellers would be transitioned to its own scheme, but on an invitation-only basis, from February. However, while Broadcom informed one part of VMware's channel of this change, a second notice was also sent to Cloud Services Providers (CSPs), informing them that their program is going to be terminated at the end of April. This program allows service providers such as smaller cloud operators to sell a VMware-based cloud service.

In the letter, seen by The Register, Broadcom tells its cloud provider partners: "Effective April 30, 2024, the ability to transact as a VMware Cloud Services Provider, under the VMware Partner Connect Program, will come to an end. However, we want to emphasize that you may have the opportunity to join the Broadcom Expert Advantage Partner Program. This invite-only program has simpler requirements and offers expanded benefits, and we will begin inviting partners to join in early 2024." One service provider told us their company had been left in the dark since that letter was received, and Broadcom has given them no indication of whether they will be invited to join its partner program or not, or what their customers are supposed to do if the company loses the right to operate a VMware cloud service. "I don't know how many smaller providers are affected by this but it must be a very large number," the source told us. "The VCSP program was the only way for MSPs and service providers to offer a multi-tenant VMware-based cloud service."

Chatter among some in the industry is that Broadcom is only interested in keeping the largest and most profitable customers, and the company simply doesn't care about the smaller users and the providers that service them. Unconfirmed fears that are only ten percent of Vmware's biggest CSPs will be invited to the new master program. "This all sounds very much like Broadcom taking an aggressive approach to its route to market and focusing on those partners that can deliver growth and significant revenue," said Omdia chief analyst Roy Illsley. "I suspect the intention is to ensure that VMware consists of only profitable products and they are sold in a more cohesive way with the rest of Broadcom. So I expect to see some news on this continuing to come out for most of 2024 as the company puts this plan into action. I would not rule out disposals of some assets in a drive to streamline the portfolio to those that fit with Broadcom's strategy." "How can they just cancel a major program affecting hundreds, perhaps thousands of customers, with zero notice, and zero details?" said one service provider. "They sent the notices out the Friday before the holidays, with no follow-up, which makes the situation even more egregious. What are we supposed to tell our customers? It's mind-boggling."

"The famed and mysterious disappearance of D.B. Cooper has puzzled investigators for over half a century," writes a Seattle TV station. Now new evidence is coming to light in the supposed "skyjacking," after a microscopic piece of metal found on D. B. Cooper's tie could help reveal his true identity. "Considering the totality of all that has been uncovered in the last year with respect to DB Cooper's tie, I can say with a very high degree of certainty that DB Cooper worked for Crucible Steel," said independent investigator Eric Ulis.
"I would not be surprised at all if 2024 was the year we figure out who this guy was," Ulis told another local Seattle news station: This particle is part stainless steel, part titanium... 18 months ago, Ulis used U.S. patents to trace three of these fragments from the same very tie to a specific plant in Pennsylvania, Crucible Steel. "Headquartered in the suburbs of Pittsburgh, a significant subcontractor all throughout the 1960s," said Ulis. "It supplied the lion's share of titanium and stainless steel for Boeing's aircraft...."

Ulis claims evidence points to Cooper having in-depth knowledge of the 727 he hijacked, and of the Seattle area. Workers at Crucible Steel were known to travel and visit their contractor, Boeing. "This is also the time, 1971, when Boeing had this significant downturn, the big depression, with 'The last person leaving Seattle, please turn out the lights' [billboard sign]," said Ulis. "It's reasonable to deduce that D. B. Cooper may well have been part of that downturn."

Ulis admits his findings are not yet concrete. He's not crossing any suspects off the list. However, he believes from what he's seen, all roads lead to titanium research engineer Vince Peterson from Pittsburgh.
It all reminds me of that episode of Prison Break where they suspect one of the prisoners is secretly D.B. Cooper...

After falsified records for spare aircraft parts set off a frantic global search for suspect pieces, the aviation industry now faces another daunting task: adapting the archaic paperwork for 100 million components to the digital age. From a report: Since the middle of the year, maintenance shops and aerospace manufacturers have found thousands of engine parts with falsified records linked to a distributor called AOG Technics. Airlines from China to the US and Europe have had to pull planes from service and extract the dubious components, leaving jets grounded and racking up millions of dollars in costs.

The episode has prodded carriers and maintenance shops to bolster scrutiny of their vendors and the parts they receive. And it's given fresh weight to an ongoing push to digitize the paper-based records still prevalent in the industry to document the lifespan of every piece of an aircraft from the time that it's made to when it lands in a scrap heap. But any structural reforms to thwart would-be copycats of the scheme of which AOG is suspected are likely years away. The industry is accustomed to following standardized methods and only making fundamental changes after a detailed and often lengthy examination of potential safety risks -- and costs.

Long-time Slashdot reader schwit1 shared this article from the Atlantic: For the past few years, parents, researchers, and the news media have paid closer attention to the relationship between teenagers' phone use and their mental health. Researchers such as Jonathan Haidt and Jean Twenge have shown that various measures of student well-being began a sharp decline around 2012 throughout the West, just as smartphones and social media emerged as the attentional centerpiece of teenage life. Some have even suggested that smartphone use is so corrosive, it's systematically reducing student achievement. I hadn't quite believed that last argument — until now.

The Program for International Student Assessment, conducted by the Organization for Economic Co-operation and Development in almost 80 countries every three years, tests 15-year-olds est scores have been falling for years — even before the pandemic. Across the OECD, science scores peaked in 2009, and reading scores peaked in 2012. Since then, developed countries have as a whole performed "increasingly poorly" on average. "No single country showed an increasingly positive trend in any subject," PISA reported, and "many countries showed increasingly poor performance in at least one subject." Even in famously high-performing countries, such as Finland, Sweden, and South Korea, PISA grades in one or several subjects have been declining for a while.

So what's driving down student scores around the world? The PISA report offers three reasons to suspect that phones are a major culprit. First, PISA finds that students who spend less than one hour of "leisure" time on digital devices a day at school scored about 50 points higher in math than students whose eyes are glued to their screens more than five hours a day. This gap held even after adjusting for socioeconomic factors... Second, screens seem to create a general distraction throughout school, even for students who aren't always looking at them.... Finally, nearly half of students across the OECD said that they felt "nervous" or "anxious" when they didn't have their digital devices near them. (On average, these students also said they were less satisfied with life.) This phone anxiety was negatively correlated with math scores.

In sum, students who spend more time staring at their phone do worse in school, distract other students around them, and feel worse about their life.

An anonymous reader shared this report from CNN: Scientists have long viewed Saturn's moon Enceladus, which harbors an ocean beneath its thick, icy shell, as one of the best places to search for life beyond Earth. Now, a new analysis of data collected by NASA's Cassini mission, which orbited Saturn and its moons between 2004 and 2017, has uncovered intriguing evidence that further supports the idea of Enceladus as a habitable ocean world.

Enceladus initially captured the attention of scientists in 2005 because plumes of ice grains and water vapor were observed rising through cracks in the moon's ice shell and releasing into space. The spacecraft flew through the plumes and "sampled" them, with data suggesting the presence of organic compounds within the plumes, some of which are key for life. The latest data analysis of Cassini's flybys of Enceladus revealed the detection of a molecule called hydrogen cyanide that's toxic to humans but crucial to processes driving the origin of life. What's more, the team also found evidence to support that Enceladus' ocean has organic compounds that provide a source of chemical energy that could potentially be used as powerful fuel for any form of life...

The combination of these elements together suggested a process called methanogenesis, or the metabolic creation of methane, may be at play on Enceladus. Scientists suspect methanogenesis may have also played out on early Earth, contributing to the origin of life. But the new research indicates more varied and powerful chemical energy sources are occurring within Enceladus' ocean... Now, the study authors want to investigate how diluted the organic compounds are within the subsurface ocean because the dilution of these compounds could determine whether Enceladus could support life. In the future, astronomers hope to send a dedicated mission to investigate Enceladus, which could provide a definitive answer as to whether life exists in the ocean world.
"Our work provides further evidence that Enceladus is host to some of the most important molecules for both creating the building blocks of life and for sustaining that life through metabolic reactions," accoding to one of the study's lead authors.

"Not only does Enceladus seem to meet the basic requirements for habitability, we now have an idea about how complex biomolecules could form there, and what sort of chemical pathways might be involved."

An anonymous reader quotes a report from Ars Technica: Criminal suspects can refuse to provide phone passcodes to police under the US Constitution's Fifth Amendment privilege against self-incrimination, according to a unanimous ruling issued (PDF) today by Utah's state Supreme Court. The questions addressed in the ruling could eventually be taken up by the US Supreme Court, whether through review of this case or a similar one. The case involves Alfonso Valdez, who was arrested for kidnapping and assaulting his ex-girlfriend. Police officers obtained a search warrant for the contents of Valdez's phone but couldn't crack his passcode.

Valdez refused to provide his passcode to a police detective. At his trial, the state "elicited testimony from the detective about Valdez's refusal to provide his passcode when asked," today's ruling said. "And during closing arguments, the State argued in rebuttal that Valdez's refusal and the resulting lack of evidence from his cell phone undermined the veracity of one of his defenses. The jury convicted Valdez." A court of appeals reversed the conviction, agreeing "with Valdez that he had a right under the Fifth Amendment to the United States Constitution to refuse to provide his passcode, and that the State violated that right when it used his refusal against him at trial." The Utah Supreme Court affirmed the court of appeals ruling.

The Valdez case does not involve an order to compel a suspect to unlock a device. Instead, "law enforcement asked Valdez to verbally provide his passcode," Utah justices wrote. "While these circumstances involve modern technology in a scenario that the Supreme Court has not yet addressed, we conclude that these facts present a more straightforward question that is answered by settled Fifth Amendment principles." Ruling against the state, the Utah Supreme Court said it "agree[s] with the court of appeals that verbally providing a cell phone passcode is a testimonial communication under the Fifth Amendment."

Slash_Account_Dot writes: The FBI investigated a man who allegedly posed as a police officer in emails and phone calls to trick Verizon to hand over phone data belonging to a specific person that the suspect met on the dating section of porn site xHamster, according to a newly unsealed court record. Despite the relatively unconvincing cover story concocted by the suspect, including the use of a clearly non-government ProtonMail email address, Verizon handed over the victim's data to the alleged stalker, including their address and phone logs. The stalker then went on to threaten the victim and ended up driving to where he believed the victim lived while armed with a knife, according to the record.

The news is a massive failure by Verizon who did not verify that the data request was fraudulent, and the company potentially put someone's safety at risk. The news also highlights the now common use of fraudulent emergency data requests (EDRs) or search warrants in the digital underworld, where criminals pretend to be law enforcement officers, fabricate an urgent scenario such as a kidnapping, and then convince telecoms or tech companies to hand over data that should only be accessible through legitimate law enforcement requests. As 404 Media previously reported, some hackers are using compromised government email accounts for this purpose.

An anonymous reader shares a report: In late September, an arsonist set fire to a storage shed at Memorial Park used by the Santa Monica Pickleball Club, torching thousands of dollars worth of nets, rackets, balls, and other pickleball equipment. "Unknown suspect(s) caused a fire that damaged city property (Tennis Court Gate)," a police report I obtained using a public records request says. The report adds that there is body camera footage of the incident and police-shot photos, but the city refused to release them to me because there is an ongoing investigation. The arsonist is still at large.

We still don't know the motive behind the arson, but the news caught my attention because it happened while I was in the midst of trying to understand what I've been calling the pickleball wars. For the last few months I've been trying to understand what's been happening behind-the-scenes in cities large and small by filing public records requests aimed at learning how common beefs about pickleball are, and what's causing them.

If you don't already know about "the fastest growing sport," Pickleball is kind of like tennis, but played on a court a quarter of the size using a plastic ball similar to a wiffle ball and a hard racket. The smaller court, hard ball, and hard racket means that pickleball is louder than tennis, a fact that is brought up very often by homeowners and homeowner associations who claim, somewhat dubiously, that the noise from pickleball drives down their home values. My hypothesis going into researching this article was that people who live in cities are mad at the noise created during the act of playing pickleball and they have probably complained to the government about it. What I found was surprisingly more complex: Thousands of pages of documents I've reviewed show that pickleball's surging popularity is overwhelming under-resourced parks departments in city governments all over the country.

A series of arrests that began in late August and continued into last week has sparked concerns that a relatively rare 'Scene' crackdown targeting the top of the so-called 'Piracy Pyramid' may be underway in the Nordic region. TorrentFreak reports: In a statement last week, Denmark's National Unit for Special Crime (NSK) announced that as part of a long-running investigation, a man was arrested on November 22 and then charged with copyright infringement offenses. NSK said its officers searched the home of a 47-year-old man in South Zealand (Sydsjaelland) and seized IT equipment in connection with illegal file-sharing and "copyright infringement of a particularly serious nature." "The case is about an organized network that has illegally shared extremely large quantities of films and TV series via file sharing services," said NSK Police Commissioner Anders-Emil Nohr Kelbaek. While noting that NSK had no further information to offer at this time, Kelbaek said he was pleased that NSK had arrested another suspect believed to have played a 'significant role' in the unnamed network.

Last week's arrest was only the latest in a series of arrests carried out as part of the same long-running NSK investigation into the illegal distribution of movies and TV shows. In late August, NSK arrested four people on suspicion of sharing "extremely large quantities" of movies and TV shows. NSK raided addresses in South-West Jutland, North Zealand and Bornholmand. A 43-year old was arrested at the last location, but it's claimed he lives elsewhere. In common with last week's arrest, all were charged on suspicion of "particularly serious" copyright infringement offenses. In an almost identical statement to that issued last week, Commissioner Anders-Emil Nohr Kelbaek said the case was about "an organized network that shares extremely large amounts of data, presumably in the form of films and series."

TorrentFreak sources report concerns that last week's arrest may be linked to Scene groups. Terminology used by NSK doesn't instantly rule that out and does seem to suggest something potentially more significant than other arrests over the past few years. According to NSK, the August arrests took place on August 28, 2023. Using information in Scene release databases we looked for Danish Scene groups and/or groups that were releasing Denmark-focused content before that date but then made no releases afterward; while that wouldn't provide conclusive proof that a group had been targeted, the method has proven useful in the past. While activity late August suggests nothing especially out of the ordinary, activity since the arrest last week stands in contrast. TF is informed that some groups may have gone dark simply out of an abundance of caution. It's also possible that the groups have nothing to release. Furthermore, there are many other global groups with no obvious links to Danish content or Denmark that also stopped releasing on November 21. The reasons for this are unknown but holidays in the United States may play a role.

Rooting out manipulation should not depend on dedicated amateurs who take personal legal risks for the greater good. From a story on Financial Times: As the Oxford university psychologist Dorothy Bishop has written, we only know about the ones who get caught. In her view, our "relaxed attitude" to the scientific fraud epidemic is a "disaster-in-waiting." The microbiologist Elisabeth Bik, a data sleuth who specialises in spotting suspect images, might argue the disaster is already here: her Patreon-funded work has resulted in over a thousand retractions and almost as many corrections. That work has been mostly done in Bik's spare time, amid hostility and threats of lawsuits. Instead of this ad hoc vigilantism, Bishop argues, there should be a proper police force, with an army of scientists specifically trained, perhaps through a masters degree, to protect research integrity.

It is a fine idea, if publishers and institutions can be persuaded to employ them (Spandidos, a biomedical publisher, has an in-house anti-fraud team). It could help to scupper the rise of the "paper mill," an estimated $1bn industry in which unscrupulous researchers can buy authorship on fake papers destined for peer-reviewed journals. China plays an outsize role in this nefarious practice, set up to feed a globally competitive "publish or perish" culture that rates academics according to how often they are published and cited. Peer reviewers, mostly unpaid, don't always spot the scam. And as the sheer volume of science piles up -- an estimated 3.7mn papers from China alone in 2021 -- the chances of being rumbled dwindle. Some researchers have been caught on social media asking to opportunistically add their names to existing papers, presumably in return for cash.

An anonymous reader quotes a report from Wired: A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter WIRED obtained that was sent by US senator Ron Wyden to the Department of Justice (DOJ) on Sunday, challenging the program's legality. According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans' calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs' departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T's infrastructure -- a maze of routers and switches that crisscross the United States. In a letter to US attorney general Merrick Garland on Sunday, Wyden wrote that he had "serious concerns about the legality" of the DAS program, adding that "troubling information" he'd received "would justifiably outrage many Americans and other members of Congress." That information, which Wyden says the DOJ confidentially provided to him, is considered "sensitive but unclassified" by the US government, meaning that while it poses no risk to national security, federal officials, like Wyden, are forbidden from disclosing it to the public, according to the senator's letter. AT&T spokesperson Kim Hart Jonson said only that the company is required by law to comply with a lawful subpoena. However, "there is no law requiring AT&T to store decades' worth of Americans' call records for law enforcement purposes," notes Wired. "Documents reviewed by WIRED show that AT&T officials have attended law enforcement conferences in Texas as recently as 2018 to train police officials on how best to utilize AT&T's voluntary, albeit revenue-generating, assistance."

"The collection of call record data under DAS is not wiretapping, which on US soil requires a warrant based on probable cause. Call records stored by AT&T do not include recordings of any conversations. Instead, the records include a range of identifying information, such as the caller and recipient's names, phone numbers, and the dates and times they placed calls, for six months or more at a time." It's unclear exactly how far back the call records accessible under DAS go, although a slide deck released under the Freedom of Information Act in 2014 states that they can be queried for up to 10 years.

Canonical hosted an amusingly failure-filled demo of its new easy-to-install, Ubuntu-powered tool for building small-to-medium scale, on-premises high-availability clusters, Microcloud, at an event in London yesterday. From a report: The intro to the talk leaned heavily on Canonical's looming 20th anniversary, and with good reason. Ubuntu has carved out a substantial slice of the Linux market for itself on the basis of being easier to use than most of its rivals, at no cost -- something that many Linux players still seem not to fully comprehend. The presentation was as buzzword-heavy as one might expect, and it's also extensively based on Canonical's in-house tech, such as the LXD containervisor, Snap packaging, and, optionally, the Ubuntu Core snap-based immutable distro. (The only missing buzzword didn't crop up until the Q&A session, and we were pleased by its absence: it's not built on and doesn't use Kubernetes, but you can run Kubernetes on it if you wish.)

We're certain this is going to turn off or alienate a lot of the more fundamentalist Penguinistas, but we are equally sure that Canonical won't care. In the immortal words of Kevin Smith, it's not for critics. Microcloud combines several existing bits of off-the-shelf FOSS tech in order to make it easy to link from three to 50 Ubuntu machines into an in-house, private high-availability cluster, with live migration and automatic failover. It uses its own LXD containervisor to manage nodes and workloads, Ceph for distributed storage, OpenZFS for local storage, and OVN to virtualize the cluster interconnect. All the tools are packaged as snaps. It supports both x86-64 and Arm64 nodes, including Raspberry Pi kit, and clusters can mix both architectures. The event included several demonstrations using an on-stage cluster of three ODROID machines with "Intel N6005" processors, so we reckon they were ODROID H3+ units -- which we suspect the company chose because of their dual Ethernet connections.

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. ArsTechnica: Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel.

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host. While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons -- most notably because most SSH software in use has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS -- or Transport Layer Security -- protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers -- meaning adversaries simply observing traffic as it goes by -- couldn't see some of the necessary information when the errors happened.

Security reporter Brian Krebs: The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. Researchers at Infoblox say they've been tracking what appears to be a three-year-old link shortening service that is catering to phishers and malware purveyors. Infoblox found the domains involved are typically three to seven characters long, and hosted on bulletproof hosting providers that charge a premium to ignore any abuse or legal complaints. The short domains don't host any content themselves, but are used to obfuscate the real address of landing pages that try to phish users or install malware.

Infoblox says it's unclear how the phishing and malware landing pages tied to this service are being initially promoted, although they suspect it is mainly through scams targeting people on their phones via SMS. A new report says the company mapped the contours of this link shortening service thanks in part to pseudo-random patterns in the short domains, which all appear on the surface to be a meaningless jumble of letters and numbers. "This came to our attention because we have systems that detect registrations that use domain name generation algorithms," said Renee Burton, head of threat intelligence at Infoblox. "We have not found any legitimate content served through their shorteners."

"Illegal dumping is way too common, and often leads to no consequences," writes Slashdot reader Tony Isaac. "In some urban neighborhoods, people dump entire truckloads of waste in ditches along the streets. Maybe authorities have found a way to make a dent in this problem." Houston Chronicle reports: The Texas Game Wardens were recently able to track down and arrest a litterbug allegedly behind an illegal dumping of over 200 pounds of construction materials using a barcode left at the scene of the crime, according to a news release from the Texas Parks and Wildlife Department (TPWD). The pile of trash, which included sheetrock, housing trim, two-by-fours and various plastic items, was reportedly dumped along a bridge and creek on private land instead of being properly disposed of.

However, hidden among the garbage was also a box containing a barcode that would help identify the person behind the heap. A Smith County Game Warden used the barcode to track down the materials to a local store, and ultimately the owner of the credit card that was used for the purchase, TPWD said. The game warden interviewed the home owner who had reportedly just finished remodeling his home. "The homeowner explained that he paid someone familiar to the family who offered to haul off their used material and trash for a minimum fee," Texas Games Wardens said in a statement. "Unfortunately, the suspect kept the money and dumped the trash onto private property."

Working with the game warden, Smith County Sheriff's Office environmental deputies eventually arrested the suspect on charges of felony commercial dumping. At the time of the arrest, the suspect's truck was reportedly found loaded with even more building materials and trash, TPWD said. The state agency did not identify the suspect or disclose when or where they were arrested.