×

Submission + - Memory Disclosure Vulnerability in the Great Firewall of China

Submitted by Anonymous Coward
An anonymous reader writes: Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China

“We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.”

Submission + - Undocumented "backdoor" found in Bluetooth chip used by a billion devices (bleepingcomputer.com)

Submitted by ZipNada
ZipNada writes: The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

Submission + - Daylight Saving Time Preferences (poll) (gallup.com) 2

Submitted by superposed
superposed writes: Daylight Saving Time is a perennial flashpoint on Slashdot that is coming up again this weekend in the U.S.. Gallup reports that most Americans prefer to eliminate DST but they canâ(TM)t agree on which alternative to adopt. In other words, there is no majority support for any of the three options: switch twice a year, permanent standard time, or permanent advanced time.

Each of these has downsides. I suspect that DST is a solid second-choice winner that canâ(TM)t get a plurality, but might win in anti-plurality voting (everyoneâ(TM)s least-bad choice).

To assess that, please choose the poll item that best matches your ranking of most-preferred to least-preferred option. Then we can hash out a winner via instant-runoff or anti-plurality voting in the comments (they will probably differ).

A. Standard, Advanced, DST
B. Advanced, Standard, DST
C. Standard, DST, Advanced
D. Advanced, DST, Standard
E. DST, Standard, Advanced
F. DST, Advanced, Standard
G. Sync with CowboyNeal

Submission + - Code.org Campaign Calls on Girls to 'Reclaim Space in the [CS] Space We Started'

Submitted by theodp
theodp writes: Timed to coincide with International Women's Day, AdAge and others report that tech-backed nonprofit Code.org is launching Computer Science is Everything (CSiE), which a press release describes as "the first-ever national campaign to increase enrollment among high school girls in computer science courses." In a Medium post announcing the campaign, Code.org explains that "The challenge isn’t ability or access. The biggest barrier is interest. [...] Many young women don’t see CS as relevant to their lives."

To support the campaign, Code.org is encouraging parents, teachers, and mentors to "share our videos, play them in classrooms, and direct students to CSisEverything.org," a girl-focused spinoff site operated by Code.org that has its own donation page seeking contributions to 'Empower the next generation of female leaders.'

The campaign's launch video opens by challenging young women's disinterest in CS ("You say computer science isn’t your style? Impossible. Because computer science is everything. It’s Sports. Art. Fashion. Cats.") and closes with an odd talking portrait of Ada Lovelace referencing the CS patriarchy ("Is it [CS] the patriarchy? Well, it wasn’t when I started it all.") that leads to a call for girls to "reclaim space in the space we started."

That, plus scenes showing young women how they might be able to use computer science to prevent themselves from being roofied or assaulted, may help explain some negative feedback on the video noted in brand research conducted for the campaign ("The patriarchy part was distasteful and trying too hard to be woke", "It seemed anti-men and unrelatable as a boy."), somewhat ironic complaints considering that Elon Musk is one of Code.org's biggest donors.

Submission + - New open source Windows-compatible operating system released (github.com) 2

Submitted by paugq
paugq writes: Free95, a new lean, Windows-compatible operating system is available from GitHub. In its current form, it can run very basic Win32 GUI and console applications but its developer promises to keep working on it to reach DirectX and een game compatibility.

Submission + - Google Introduces Debian Linux Terminal App For Android (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: Today, Linux is only available on the latest Pixel devices running Android 15. When Android 16 arrives later this year, it's expected that all sufficiently robust Android phones will be able to run Linux. Besides a Linux terminal, beta tests have already shown that you should be able to run desktop Linux programs from your phone — games like Doom, for example. The Linux Terminal runs on top of a Debian Linux virtual machine. This enables you to access a shell interface directly on your Android device. And that just scratches the surface of Google's Linux Terminal. It's actually a do-it-all app that enables you to download, configure, and run Debian. Underneath Terminal runs the Android Virtualization Framework (AVF). These are the APIs that enable Android devices to run other operating systems.

To try the Linux Terminal app, you must activate Developer Mode by navigating to Settings > About Phone and tapping the build number seven times. I guess Google wants to make sure you want to do this. Once Developer Mode is enabled, the app can be activated via Settings > System > Developer options > Linux development environment. The initial setup may take a while because it needs to download Debian. Typically this is a 500MB download. Once in place, it allows you to adjust disk space allocation, set port controls for network communication, and recover the virtual machine's storage partition. However, it currently lacks support for graphical user interface (GUI) applications. For that, we'll need to wait for Android 16.

According to Android specialist Mishaal Rahman, "Google wants to turn Android into a proper desktop operating system, and in order to do that, it has to make it work better with traditional PC input methods and display options. Therefore, Google is now testing new external display management tools in Android 16 that bring Android closer to other desktop OSes."

Submission + - Gene-Edited Non-Browning Banana Could Cut Food Waste, Scientists Say (theguardian.com)

Submitted by Anonymous Coward
An anonymous reader writes: Many of us have been guilty of binning a mushy, overripe banana – but now scientists say they have a solution with the launch of a genetically engineered non-browning banana. The product is the latest in a series of gene-edited fruits and vegetables designed to have a longer shelf life. Scientists say the technology is emerging as a powerful new weapon against food waste, which occurs globally on an epic scale. The banana, developed by Tropic, a biotech company based in Norwich, is said to remain fresh and yellow for 12 hours after being peeled and is less susceptible to turning brown when bumped during harvesting and transportation.

The company has also developed a slow-ripening banana that has been approved in several countries, which it plans to launch later in the year. Other research teams are working on lettuce that wilts more slowly, bruise-resistant apples and potatoes and identifying the genes that determine how quickly grapes and blueberries shrivel. [...] The company worked out how to disable a gene responsible for the production of an enzyme called polyphenol oxidase, which causes browning. The same gene is silenced in Arctic apples, a genetically modified variety, which has been sold in the US since 2017, and blocking the production of polyphenol oxidase has been shown to work in tomatoes, melon, kiwifruits and mushrooms. In the bananas, Tropic made precise changes to existing genes without introducing foreign genetic material.

Submission + - Feds Arrest Man For Sharing DVD Rip of Spider-Man Movie With Millions Online (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: A 37-year-old Tennessee man was arrested Thursday, accused of stealing Blu-rays and DVDs from a manufacturing and distribution company used by major movie studios and sharing them online before the movies' scheduled release dates. According to a US Department of Justice press release, Steven Hale worked at the DVD company and allegedly stole "numerous 'pre-release' DVDs and Blu-rays" between February 2021 and March 2022. He then allegedly "ripped" the movies, "bypassing encryption that prevents unauthorized copying" and shared copies widely online. He also supposedly sold the actual stolen discs on e-commerce sites, the DOJ alleged.

Hale has been charged with "two counts of criminal copyright infringement and one count of interstate transportation of stolen goods," the DOJ said. He faces a maximum sentence of five years for the former, and 10 years for the latter. Among blockbuster movies that Hale is accused of stealing are Dune, F9: The Fast Saga, Venom: Let There Be Carnage, Godzilla v. Kong, and, perhaps most notably, Spider-Man: No Way Home. The DOJ claimed that "copies of Spider-Man: No Way Home were downloaded tens of millions of times, with an estimated loss to the copyright owner of tens of millions of dollars."

Submission + - Music Labels Will Regret Coming For the Internet Archive, Sound Historian Says (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: On Thursday, music labels sought to add nearly 500 more sound recordings to a lawsuit accusing the Internet Archive (IA) of mass copyright infringement through its Great 78 Project, which seeks to digitize all 3 million three-minute recordings published on 78 revolutions-per-minute (RPM) records from about 1898 to the 1950s. If the labels' proposed second amended complaint is accepted by the court, damages sought in the case—which some already feared could financially ruin IA and shut it down for good—could increase to almost $700 million. (Initially, the labels sought about $400 million in damages.) IA did not respond to Ars' request for comment, but the filing noted that IA has not consented to music labels' motion to amend their complaint. [...]

Some sound recording archivists and historians also continue to defend the Great 78 Project as a critical digitization effort at a time when quality of physical 78 RPM records is degrading and the records themselves are becoming obsolete, with very few libraries even maintaining equipment to play back the limited collections that are available in physical archives. They push back on labels' claims that commercially available Spotify streams are comparable to the Great 78 Project's digitized recordings, insisting that sound history can be lost when obscure recordings are controlled by rights holders who don't make them commercially available. [...] David Seubert, who manages sound collections at the University of California, Santa Barbara library, told Ars that he frequently used the project as an archive and not just to listen to the recordings.

For Seubert, the videos that IA records of the 78 RPM albums capture more than audio of a certain era. Researchers like him want to look at the label, check out the copyright information, and note the catalogue numbers, he said. "It has all this information there," Seubert said. "I don't even necessarily need to hear it," he continued, adding, "just seeing the physicality of it, it's like, 'Okay, now I know more about this record.'" [...] Nathan Georgitis, the executive director of the Association for Recorded Sound Collections (ARSC), told Ars that you just don't see 78 RPM records out in the world anymore. Even in record stores selling used vinyl, these recordings will be hidden "in a few boxes under the table behind the tablecloth," Georgitis suggested. And in "many" cases, "the problem for libraries and archives is that those recordings aren't necessarily commercially available for re-release."

That "means that those recordings, those artists, the repertoire, the recorded sound history in itself—meaning the labels, the producers, the printings—all of that history kind of gets obscured from view," Georgitis said. Currently, libraries trying to preserve this history must control access to audio collections, Georgitis said. He sees IA's work with the Great 78 Project as a legitimate archive in that, unlike a streaming service, where content may be inconsistently available, IA's "mission is to preserve and provide access to content over time." "That 'over time' part is really the key function, I think, that distinguishes an archive from maybe a streaming service in a way," Georgitis said.

Submission + - DoD DEI Search Flags Photo of WWII Plane 'Enola Gay' for Deletion (apnews.com)

Submitted by fahrbot-bot
fahrbot-bot writes: The AP reports that it obtained a database that shows that the Defense Department has flagged over 26,000 photos and online posts on its website for deletion — because the administration has determined they have some kind of correlation to DEI.

Some of the selections for deletion are concerning. The AP reports that among the images to be axed are a photo of U.S. Air Force Col. Jeannie Leavitt, the country’s first female fighter pilot, and photos of the Tuskegee Airmen, the decorated Black military pilots who served in a segregated WWII unit.

One selection is a photograph of the Enola Gay, the World War II aircraft that dropped an atomic bomb on Hiroshima, Japan, in August 1945. Pilot Col. Paul Tibbetts Jr. named the plane after his mother, Enola Gay Tibbets.

An anonymous official who spoke to the outlet did mention that it’s not clear if the database has been finalized.

Submission + - BBC Radio's Streaming Changes Leave Long-Time Listeners in the Lurch (bbc.co.uk)

Submitted by grandrollerz
grandrollerz writes: Despite streaming online since the RealAudio days of the late 1990s, the BBC has announced that most of its radio stations will become unavailable to international users later this year. Starting in Spring 2025, only talk news stations BBC World Service and BBC Radio 4 will remain accessible outside the UK. This change is due to rights issues and the launch of a new BBC audio website and app that will replace BBC Sounds for international users. The BBC Sounds app will be available exclusively to UK audiences, although UK users traveling abroad for short periods will still be able to use it. This move has disappointed many long-time international listeners who will lose access to their favorite BBC radio stations. It follows a similar move to further commercialize its services where in 2024 the BBC and Amazon Music struck a global deal to make BBC podcasts available on Amazon Music outside the UK, but only for subscribers to Amazon's Prime and Amazon Music Unlimited services.

Submission + - Snack Makers Are Removing Fake Colors From Processed Foods (archive.is)

Submitted by schwit1
schwit1 writes: PepsiCo is launching a new product, Simply Ruffles Hot & Spicy, which uses natural ingredients like tomato powder and red chile pepper instead of artificial dyes.

The company is working to remove artificial dyes from its products, with a goal of removing them from eight brands next year, but it's a challenging task due to consumer expectations and supply chain issues.

Submission + - DuckDuckGo Is Amping Up Its AI Search Tool (theverge.com)

Submitted by Anonymous Coward
An anonymous reader writes: DuckDuckGo has big plans for embedding AI into its search engine. The privacy-focused company just announced that its AI-generated answers, which appear for certain queries on its search engine, have exited beta and now source information from across the web — not just Wikipedia. It will soon integrate web search within its AI chatbot, which has also exited beta. DuckDuckGo first launched AI-assisted answers — originally called DuckAssist — in 2023. The feature is billed as a less obnoxious version of tools like Google’s AI Overviews, designed to offer more concise responses and let you adjust how often you see them, including turning the responses off entirely. If you have DuckDuckGo’s AI-generated answers set to “often,” you’ll still only see them around 20 percent of the time, though the company plans on increasing the frequency eventually.

Some of DuckDuckGo’s AI-assisted answers bring up a box for follow-up questions, redirecting you to a conversation with its Duck.ai chatbot. As is the case with its AI-assisted answers, you don’t need an account to use Duck.ai, and it comes with the same emphasis on privacy. It lets you toggle between GPT-4o mini, o3-mini, Llama 3.3, Mistral Small 3, and Claude 3 Haiku, with the advantage being that you can interact with each model anonymously by hiding your IP address. DuckDuckGo also has agreements with the AI company behind each model to ensure your data isn’t used for training.

Duck.ai also rolled out a feature called Recent Chats, which stores your previous conversations locally on your device rather than on DuckDuckGo’s servers. Though Duck.ai is also leaving beta, that doesn’t mean the flow of new features will stop. In the next few weeks, Duck.ai will add support for web search, which should enhance its ability to respond to questions. The company is also working on adding voice interaction on iPhone and Android, along with the ability to upload images and ask questions about them. ... [W]hile Duck.ai will always remain free, the company is considering including access to more advanced AI models with its $9.99 per month subscription.

Submission + - Trump signs order to establish strategic bitcoin reserve (reuters.com)

Submitted by ArchieBunker
ArchieBunker writes: WASHINGTON, March 6 (Reuters) — U.S. President Donald Trump signed an executive order on Thursday to establish a strategic bitcoin reserve, a day before meeting with executives from the cryptocurrency industry at the White House.
The reserve will be capitalized with bitcoin owned by the federal government that was forfeited as part of criminal or civil asset forfeiture proceedings, the White House crypto czar, billionaire David Sacks, said in a post on social media platform X.
Attendees at Friday's White House crypto summit expect the event to serve as a stage for Trump to formally announce his plans to build a strategic reserve containing bitcoin and four other cryptocurrencies.
Earlier this week, Trump announced the names of five digital assets he expects to include in this reserve, spiking the market value of each. The five are bitcoin, ether, XRP, solana and cardano, the president said.
It is not clear how such a reserve would work or how it would benefit taxpayers. Sacks said the federal government will have a strategy to maximize the value of its holdings in such a reserve, without offering details.
"The U.S. will not sell any bitcoin deposited into the Reserve. It will be kept as a store of value. The Reserve is like a digital Fort Knox for the cryptocurrency often called "digital gold", Sacks said.
Trump's moves to support the crypto industry, which spent millions backing him and other Republicans in the November elections, have drawn concern from some conservatives and crypto backers over giveaways to an already wealthy community and delegitimizing the digital currency industry.
Proponents argue that a reserve would help taxpayers benefit from crypto's price growth.
Bitcoin briefly tumbled more than 5% to below $85,000 following Sacks' post, and last changed hands at $88,107.
"This is the most underwhelming and disappointing outcome we could have expected for this week," Charles Edwards, founder of Bitcoin-focused hedge fund Capriole Investments, wrote in a post on X.
"No active buying means this is just a fancy title for Bitcoin holdings that already existed with the Govt. This is a pig in lipstick."
Trump's executive order directed the secretaries of Treasury and Commerce to develop "budget-neutral strategies" for acquiring additional bitcoin that have no "incremental costs" on taxpayers.
Sacks estimated the U.S. government owns about 200,000 bitcoin and premature sale of the cryptocurrency has cost the American taxpayer $17 billion. It was not clear how Sacks arrived at these estimates.
The president's support for the crypto industry has also sparked conflict-of-interest concerns. Trump's family has launched cryptocurrency meme coins, and the president also holds a stake in World Liberty Financial, a crypto platform.
His aides have said Trump has handed over control of his business ventures, which are being reviewed by outside ethics lawyers.

Submission + - Rayhunter: A New Tool from EFF to Detect Cellular Spying (androidauthority.com)

Submitted by Equuleus42
Equuleus42 writes: The Electronic Frontier Foundation (EFF) is sharing a new tool for fighting back against Stingray devices.

Rayhunter uses an open-source software package designed to look for evidence of IMSI catchers in action, running on an old Orbic Speed RC400L mobile hotspot. The great thing about that choice is that you can pick one up for practically nothing — we’re seeing them listed for barely over $10 on Amazon, and you can find them even cheaper on eBay.

There’s an installation script for Macs and Linux to automate getting set up, but once the Orbic is flashed with the Rayhunter software, it should be ready go, collecting data about sketchy-looking “cell towers” it picks up.

Right now, much of the use of IMSI catchers is still shrouded in mystery, with the groups who regularly employ them extremely hesitant to disclose their methods. As a result, a big focus of this EFF project is just getting more info on how and where these are actually used, giving protestors a better sense of the steps they’ll need to take if they want to protect their privacy.

Submission + - US House Panel Subpoenas Alphabet Over Content Moderation (yahoo.com)

Submitted by Anonymous Coward
An anonymous reader writes: The U.S. House Judiciary Committee subpoenaed Alphabet on Thursday seeking its communications with former President Joe Biden's administration about content moderation policies. House Judiciary Committee Chairman Jim Jordan, a Republican, also asked the YouTube parent company for similar communications with companies and groups outside government, according to a copy of the subpoena seen by Reuters. The subpoena seeks communications about limits or bans on content about President Donald Trump, Tesla CEO and close Trump ally Elon Musk, the virus that causes COVID-19 and a host of other conservative discussion topics.

Submission + - China to publish policy to boost RISC-V chip use nationwide (reuters.com)

Submitted by AmiMoJo
AmiMoJo writes: China plans to issue guidance to encourage the use of open-source RISC-V chips nationwide for the first time, two sources briefed on the matter said, as Beijing accelerates efforts to curb the country's dependence on Western-owned technology.
The policy guidance on boosting the use of RISC-V chips could be released as soon as this month, although the final date could change, the sources said.
It is being drafted jointly by eight government bodies, including the Cyberspace Administration of China, China's Ministry of Industry and Information Technology, the Ministry of Science and Technology, and the China National Intellectual Property Administration, they added.

Submission + - Post-election Ukraine/Germany partnership on satellite intel undercuts Trump! 1

Submitted by sleeplesseye
sleeplesseye writes: After Russia's invasion of Ukraine, Ukraine's Deputy PM Mykhailo Fedorov — who has since taken over the country's technology-centered Ministry for Digital Transformation — wrote a letter to the world's leading providers of microwave-based SAR satellite imagery — able to see through dark nights and cloudy skies — seeking real-time imagery to help in the defense of Ukraine.
In July of last year, Ukraine signed a memorandum of understanding with ICEYE, a Finnish company, who promised not to provide satellite data to Russia and its intermediaries, something that US companies like Maxar and Planet repeatedly failed to do, at the expense of the Ukrainian people. Fast forward to November 11th, just six days after Trump's reelection. German arms maker Rheinmetall entered into a partnership with Finnish company ICEYE, to provide Ukraine with real-time SAR satellite imagery for the war, with the German Ministry of Defense picking up the entire cost of the project.
So now, even as the Trump administration cuts off sharing satellite intelligence with Ukraine — likely taking business & jobs away from US satellite companies — Finland's ICEYE and Germany's Rheinmetall stand to benefit.

Submission + - Free Software Foundation rides to defend AGPLv3 against Neo4j license add-ons (theregister.com)

Submitted by jms00
jms00 writes: The Free Software Foundation (FSF) has filed an amicus brief in support of a developer seeking to overturn a court ruling that could severely weaken the GPLv3 and other free and open-source licenses.

The decision in question threatens to set a dangerous precedent, potentially undermining the enforceability of all open-source licenses.

The outcome of the appeal could establish a legal framework where the interpretation of widely used open-source licenses is dictated by individual developers rather than the very foundations that drafted and maintain them!

Think about that for a momentâ¦.

Slashdot Top Deals