f0rtytw0 - Slashdot User

A Researcher Figured Out How To Reveal Any Phone Number Linked To a Google Account (wired.com) 17

Posted by msmash on Monday June 09, 2025 @11:22AM from the security-woes dept.

A cybersecurity researcher was able to figure out the phone number linked to any Google account, information that is usually not public and is often sensitive, according to the researcher, Google, and 404 Media's own tests. From a report: The issue has since been fixed but at the time presented a privacy issue in which even hackers with relatively few resources could have brute forced their way to peoples' personal information. "I think this exploit is pretty bad since it's basically a gold mine for SIM swappers," the independent security researcher who found the issue, who goes by the handle brutecat, wrote in an email.

[...] In mid-April, we provided brutecat with one of our personal Gmail addresses in order to test the vulnerability. About six hours later, brutecat replied with the correct and full phone number linked to that account. "Essentially, it's bruting the number," brutecat said of their process. Brute forcing is when a hacker rapidly tries different combinations of digits or characters until finding the ones they're after. Typically that's in the context of finding someone's password, but here brutecat is doing something similar to determine a Google user's phone number.

Brutecat said in an email the brute forcing takes around one hour for a U.S. number, or 8 minutes for a UK one. For other countries, it can take less than a minute, they said. In an accompanying video demonstrating the exploit, brutecat explains an attacker needs the target's Google display name. They find this by first transferring ownership of a document from Google's Looker Studio product to the target, the video says. They say they modified the document's name to be millions of characters, which ends up with the target not being notified of the ownership switch. Using some custom code, which they detailed in their write up, brutecat then barrages Google with guesses of the phone number until getting a hit.

'AI Is Not Intelligent': The Atlantic Criticizes 'Scam' Underlying the AI Industry (msn.com) 206

Posted by EditorDavid on Monday June 09, 2025 @03:34AM from the machine-language dept.

The Atlantic makes that case that "the foundation of the AI industry is a scam" and that AI "is not what its developers are selling it as: a new class of thinking — and, soon, feeling — machines." [OpenAI CEO Sam] Altman brags about ChatGPT-4.5's improved "emotional intelligence," which he says makes users feel like they're "talking to a thoughtful person." Dario Amodei, the CEO of the AI company Anthropic, argued last year that the next generation of artificial intelligence will be "smarter than a Nobel Prize winner." Demis Hassabis, the CEO of Google's DeepMind, said the goal is to create "models that are able to understand the world around us." These statements betray a conceptual error: Large language models do not, cannot, and will not "understand" anything at all. They are not emotionally intelligent or smart in any meaningful or recognizably human sense of the word. LLMs are impressive probability gadgets that have been fed nearly the entire internet, and produce writing not by thinking but by making statistically informed guesses about which lexical item is likely to follow another.
A sociologist and linguist even teamed up for a new book called The AI Con: How to Fight Big Tech's Hype and Create the Future We Want, the article points out: The authors observe that large language models take advantage of the brain's tendency to associate language with thinking: "We encounter text that looks just like something a person might have said and reflexively interpret it, through our usual process of imagining a mind behind the text. But there is no mind there, and we need to be conscientious to let go of that imaginary mind we have constructed."

Several other AI-related social problems, also springing from human misunderstanding of the technology, are looming. The uses of AI that Silicon Valley seems most eager to promote center on replacing human relationships with digital proxies. Consider the ever-expanding universe of AI therapists and AI-therapy adherents, who declare that "ChatGPT is my therapist — it's more qualified than any human could be." Witness, too, how seamlessly Mark Zuckerberg went from selling the idea that Facebook would lead to a flourishing of human friendship to, now, selling the notion that Meta will provide you with AI friends to replace the human pals you have lost in our alienated social-media age....

The good news is that nothing about this is inevitable: According to a study released in April by the Pew Research Center, although 56 percent of "AI experts" think artificial intelligence will make the United States better, only 17 percent of American adults think so. If many Americans don't quite understand how artificial "intelligence" works, they also certainly don't trust it. This suspicion, no doubt provoked by recent examples of Silicon Valley con artistry, is something to build on.... If people understand what large language models are and are not; what they can and cannot do; what work, interactions, and parts of life they should — and should not — replace, they may be spared its worst consequences.

'We Finally May Be Able to Rid the World of Mosquitoes. But Should We?' (yahoo.com) 153

Posted by EditorDavid on Sunday June 08, 2025 @11:34AM from the creating-a-buzz dept.

It's no longer a hypothetical question, writes the Washington Post. "In recent years, scientists have devised powerful genetic tools that may be able to eradicate mosquitoes and other pests once and for all."

But along with the ability to fight malaria, dengue, West Nile virus and other serious diseases, "the development of this technology also raises a profound ethical question: When, if ever, is it okay to intentionally drive a species out of existence...?" When so many wildlife conservationists are trying to save plants and animals from disappearing, the mosquito is one of the few creatures that people argue is actually worthy of extinction. Forget about tigers or bears; it's the tiny mosquito that is the deadliest animal on Earth. The human misery caused by malaria is undeniable. Nearly 600,000 people died of the disease in 2023, according to the World Health Organization, with the majority of cases in Africa... But recently, the Hastings Center for Bioethics, a research institute in New York, and Arizona State University brought together a group of bioethicists to discuss the potential pitfalls of intentionally trying to drive a species to extinction. In a policy paper published in the journal Science last month, the group concluded that "deliberate full extinction might occasionally be acceptable, but only extremely rarely..."

It's unclear how important malaria-carrying mosquitoes are to broader ecosystems. Little research has been done to figure out whether frogs or other animals that eat the insects would be able to find their meals elsewhere. Scientists are hotly debating whether a broader "insect apocalypse" is underway in many parts of the world, which may imperil other creatures that depend on them for food and pollination... Instead, the authors said, geneticists should be able to use gene editing, vaccines and other tools to target not the mosquito itself, but the single-celled Plasmodium parasite that is responsible for malaria. That invisible microorganism — which a mosquito transfers from its saliva to a person's blood when it bites — is the real culprit.
A nonprofit research consortium called Target Malaria has genetically modified mosquitoes in their labs (which get core funding from the Gates Foundation and from Open Philanthropy, backed by Facebook co-founder Dustin Moskovitz and his wife). ), and hopes to deploy them in the wild within five years...

SerenityOS Creator Is Building an Independent, Standards-First Browser Called 'Ladybird' (thenewstack.io) 40

Posted by EditorDavid on Sunday May 25, 2025 @11:34AM from the fly-away-home-page dept.

A year ago, the original creator of SerenityOS posted that "for the past two years, I've been almost entirely focused on Ladybird, a new web browser that started as a simple HTML viewer for SerenityOS." So it became a stand-alone project that "aims to render the modern web with good performance, stability and security." And they're also building a new web engine.

"We are building a brand-new browser from scratch, backed by a non-profit..." says Ladybird's official web site, adding that they're driven "by a web standards first approach." They promise it will be truly independent, with "no code from other browsers" (and no "default search engine" deals).

"We are targeting Summer 2026 for a first Alpha version on Linux and macOS. This will be aimed at developers and early adopters." More from the Ladybird FAQ: We currently have 7 paid full-time engineers working on Ladybird. There is also a large community of volunteer contributors... The focus of the Ladybird project is to build a new browser engine from the ground up. We don't use code from Blink, WebKit, Gecko, or any other browser engine...

For historical reasons, the browser uses various libraries from the SerenityOS project, which has a strong culture of writing everything from scratch. Now that Ladybird has forked from SerenityOS, it is no longer bound by this culture, and we will be making use of 3rd party libraries for common functionality (e.g image/audio/video formats, encryption, graphics, etc.) We are already using some of the same 3rd party libraries that other browsers use, but we will never adopt another browser engine instead of building our own...

We don't have anyone actively working on Windows support, and there are considerable changes required to make it work well outside a Unix-like environment. We would like to do Windows eventually, but it's not a priority at the moment.
"Ladybird's founder Andreas Kling has a solid background in WebKit-based C++ development with both Apple and Nokia,," writes software developer/author David Eastman: "You are likely reading this on a browser that is slightly faster because of my work," he wrote on his blog's introduction page. After leaving Apple, clearly burnt out, Kling found himself in need of something to healthily occupy his time. He could have chosen to learn needlepoint, but instead he opted to build his own operating system, called Serenity. Ladybird is a web project spin-off from this, to which Kling now devotes his time...

[B]eyond the extensive open source politics, the main reason for supporting other independent browser projects is to maintain diverse alternatives — to prevent the web platform from being entirely captured by one company. This is where Ladybird comes in. It doesn't have any commercial foundation and it doesn't seem to be waiting to grab a commercial opportunity. It has a range of sponsors, some of which might be strategic (for example, Shopify), but most are goodwill or alignment-led. If you sponsor Ladybird, it will put your logo on its webpage and say thank you. That's it. This might seem uncontroversial, but other nonprofit organisations also give board seats to high-paying sponsors. Ladybird explicitly refuses to do this...

The Acid3 Browser test (which has nothing whatsoever to do with ACID compliance in databases) is an old method of checking compliance with web standards, but vendors can still check how their products do against a battery of tests. They check compliance for the DOM2, CSS3, HTML4 and the other standards that make sure that webpages work in a predictable way. If I point my Chrome browser on my MacBook to http://acid3.acidtests.org/, it gets 94/100. Safari does a bit better, getting to 97/100. Ladybird reportedly passes all 100 tests.
"All the code is hosted on GitHub," says the Ladybird home page. "Clone it, build it, and join our Discord if you want to collaborate on it!"

Submission + - Microsoft's cut access to accouts related to the International Criminal Court (techzine.eu)

Submitted by denisbergeron on Tuesday May 20, 2025 @06:19PM

denisbergeron writes: In February, the United States imposed sanctions on the International Criminal Court (ICC) in The Hague. As a result, Chief Prosecutor Karim Khan has no access to the emails on his Microsoft account. The incident once again demonstrates the risks of dependence on US IT services.

To make matters worse, Khan’s bank accounts have also been frozen, according to the Associated Press. If he takes a flight to the US, he will likely be arrested upon arrival. According to the Associated Press, the ICC has been paralyzed by the forced Microsoft blockade. The conflict between the ICC and the US arose in November, when the former issued an arrest warrant for Israeli Prime Minister Benjamin Netanyahu.

Comment Re:This "standard" is 0% open (Score 3, Interesting) 55

by Khopesh on Tuesday May 13, 2025 @05:26PM (#65374351) Attached to: Google Says Over 1 Billion RCS Messages Sent in the US Daily

Here is the top hit in my query to find a source for you: Stop telling people that RCS is an open standard. It's 100% proprietary. Quoting it:

I've noticed a few r/android users, including some redditors, really love to claim that RCS is an open standard. I heard it so much, I started to just assume it was true. Unfortunately, this claim is entirely made up, and it's been repeated so many times here that it's kind of taken on a life of its own. It's one of those things that you don't seem to hear on other platforms, too, so I'm addressing it at the root.
Now, unlike "open source," the term "open standard" is a little vague. But on the list of things we could use to define an open standard, none of these things are true o[f] RCS.

The post then goes down the rabbit hole with tons of examples. The top-rated response to that does note that the documentation goes deeper than the author thought, so while it might be technically possible to create an open implementation with minimal reverse-engineering, it's extraordinarily difficult to do, especially without corporate backing, because it's unnecessarily complex and most OSS developers are waiting for AOSP to have a usable skeleton of a client (the RCS Test App doesn't appear to deliver this).

Comment This "standard" is 0% open (Score 5, Interesting) 55

by Khopesh on Tuesday May 13, 2025 @03:23PM (#65374051) Attached to: Google Says Over 1 Billion RCS Messages Sent in the US Daily

The RCS "standard" has no reference implementation and no support in the Android Open Source Project (AOSP), whose components are the basis for myriads of third-party forks like the Fossify suite as well as the stock apps for pretty much all Android forks. As far as I know, only a few RCS clients have ever been created, and none of them are open-sourced: Google's, Apple's (which is new), Samsung's ("partially discontinued" and no longer on Google Play as of January), +Message (only works in Japan), and a handful that only work in China and on HarmonyOS or HyperOS.

With that in mind, it appears Google now has a view of pretty much every RCS in the world, especially outside of China and Japan. While they may not have your content, they have your relationship graph, which is very powerful metadata, especially when they combine it with everything else they know about you.

(I wonder if Samsung would be willing to open-source their Samsung Messages app...)

Creatives Demand AI Comes Clean On What It's Scraping 60

Posted by BeauHD on Tuesday May 13, 2025 @01:30AM from the reasonable-demands dept.

Over 400 prominent UK media and arts figures -- including Paul McCartney, Elton John, and Ian McKellen -- have urged the prime minister to support an amendment to the Data Bill that would require AI companies to disclose which copyrighted works they use for training. The Register reports: The UK government proposes to allow exceptions to copyright rules in the case of text and data mining needed for AI training, with an opt-out option for content producers. "Government amendments requiring an economic impact assessment and reports on the feasibility of an 'opt-out' copyright regime and transparency requirements do not meet the moment, but simply leave creators open to years of copyright theft," the letter says.

The group -- which also includes Kate Bush, Robbie Williams, Tom Stoppard, and Russell T Davies -- said the amendments tabled for the Lords debate would create a requirement for AI firms to tell copyright owners which individual works they have ingested. "Copyright law is not broken, but you can't enforce the law if you can't see the crime taking place. Transparency requirements would make the risk of infringement too great for AI firms to continue to break the law," the letter states. Baroness Kidron, who proposed the amendment, said: "How AI is developed and who it benefits are two of the most important questions of our time. The UK creative industries reflect our national stories, drive tourism, create wealth for the nation, and provide 2.4 million jobs across our four nations. They must not be sacrificed to the interests of a handful of US tech companies." Baroness Kidron added: "The UK is in a unique position to take its place as a global player in the international AI supply chain, but to grasp that opportunity requires the transparency provided for in my amendments, which are essential to create a vibrant licensing market."

The letter was also signed by a number of media organizations, including the Financial Times, the Daily Mail, and the National Union of Journalists.

VPN Firm Says It Didn't Know Customers Had Lifetime Subscriptions, Cancels Them (arstechnica.com) 141

Posted by msmash on Monday May 12, 2025 @06:40PM from the how-about-that dept.

The new owners of VPN provider VPNSecure have drawn ire after canceling lifetime subscriptions. From a report: The owners told customers that they didn't know about the lifetime subscriptions when they bought VPNSecure, and they cannot honor the purchases.

A Look at the NYC Subway's Archaic Signal System 105

Posted by msmash on Monday May 05, 2025 @11:21AM from the closer-look dept.

New York City's subway system continues to operate largely on analog signal technology installed nearly a century ago, with 85% of the network still relying on mechanical equipment that requires constant human intervention. The outdated system causes approximately 4,000 train delays monthly and represents a technological time capsule in America's largest mass transit system.

Deep inside Brooklyn's Hoyt-Schermerhorn station, transit worker Dyanesha Pryor operates a hulking machine the size of a grand piano by manipulating 24 metal levers that control nearby trains. Each command requires a precise sequence of movements, punctuated by metallic clanking as levers slam into place. When Pryor needs to step away, even for a bathroom break, express service must be rerouted until she returns, forcing all trains onto local tracks.

The antiquated "fixed block" signaling divides tracks into approximately 1,000-foot sections. When a train occupies a block, it cuts off electrical current, providing only a general position rather than precise location data. This imprecision requires maintaining buffer zones between trains, significantly limiting capacity as ridership has grown. Maintenance challenges are also piling up, writes the New York Times. Hundreds of cloth-wrapped wires -- rather than modern rubber insulation -- fill back rooms and are prone to failure. When equipment breaks, replacements often must be custom-made in MTA workshops, as many components have been discontinued for decades.

The Metropolitan Transportation Authority has begun replacing this system with communications-based train control (C.B.T.C.), which uses computers and wireless technology to monitor trains' exact locations. Routes already converted to C.B.T.C., including the L line (2006) and 7 line (2018), consistently show the best on-time performance. However, the $25 million per-mile upgrade program faces uncertain funding after the Trump administration threatened to kill New York's congestion pricing plan, which would provide $3 billion for signal modernization.

Submission + - Signal Clone Used by Trump Administration Was Hacked 1

Submitted by bitwraith on Monday May 05, 2025 @10:17AM

bitwraith writes: "A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump."

Note for the editor: The above is an exact quote from the article, except for hyperlinks. It would probably be appropriate to replace, "bitwraith writes:" with, "bitwraith shares an article from 404media:"

Starting July 1, Academic Publishers Can't Paywall NIH-Funded Research (x.com) 98

Posted by msmash on Thursday May 01, 2025 @08:00AM from the moving-forward dept.

An anonymous reader writes: NIH Director Dr. Jay Bhattacharya has announced that the NIH Public Access Policy, originally slated to go into effect on December 31, 2025, will now be effective as of July 1. From Bhattacharya's announcement: NIH is the crown jewel of the American biomedical research system. However, a recent Pew Research Center study shows that only about 25% of Americans have a "great deal of confidence" that scientists are working for the public good. Earlier implementation of the Public Access Policy will help increase public confidence in the research we fund while also ensuring that the investments made by taxpayers produce replicable, reproducible, and generalizable results that benefit all Americans.

Providing speedy public access to NIH-funded results is just one of the ways we are working to earn back the trust of the American people. Trust in science is an essential element in Making America Healthy Again. As such, NIH and its research partners will continue to promote maximum transparency in all that we do.

It Could Be a $250 Billion Market, But Almost No One Is Interested 95

Posted by msmash on Tuesday April 29, 2025 @02:10PM from the closer-look dept.

Carbon removal technologies, potentially a $250 billion market, are failing to gain traction as buyers remain scarce. The Intergovernmental Panel on Climate Change projects a need for 10 billion metric tons of carbon removals annually by 2050, yet only 175 million tons have been sold to date -- less than 2% of requirements.

Microsoft dominates the market, accounting for 35% of all purchases and 76% of engineered removal solutions specifically. The market suffers from significant barriers: unproven technologies, vast price disparities ($80 per ton for forest projects versus $1,000 for direct air capture), and lack of standardization. Industry experts at a recent London gathering concluded that without more buyers willing to accept early adoption risks, the market cannot meaningfully grow.

India Court Orders Proton Mail Block On Security Grounds (livelaw.in) 20

Posted by msmash on Tuesday April 29, 2025 @01:30PM from the escalating-matters dept.

The Karnataka High Court on Tuesday directed India's government to block Switzerland-based email service Proton Mail, citing national security concerns and law enforcement challenges. Justice M Nagaprasanna ordered authorities to initiate proceedings under Section 69A of the Information Technology Act to ban the service, while mandating immediate blocking of "offending URLs" until final decisions are made.

The ruling followed a petition from M Moser Design Associates India, which claimed its female employees were targeted with obscene emails containing "AI-generated deepfake images" sent via Proton Mail. Petitioners argued Proton Mail operates servers outside India, making it inaccessible to law enforcement. The court noted several bomb threats to Indian schools were sent using the service, which has already been banned in Russia and Saudi Arabia. Additional Solicitor General Aravind Kamath, representing the government, said authorities would comply with the court's direction.

Amazon To Display Tariff Costs For Consumers, Report Says (punchbowl.news) 521

Posted by msmash on Tuesday April 29, 2025 @10:00AM from the don't-blame-me dept.

An anonymous reader shares a report: Amazon doesn't want to shoulder the blame for the cost of President Donald Trump's trade war.

So the e-commerce giant will soon show how much Trump's tariffs are adding to the price of each product, according to a person familiar with the plan.

The shopping site will display how much of an item's cost is derived from tariffs -- right next to the product's total listed price. In response, White House press secretary Karoline Leavitt said: This is hostile and political act by Amazon. Why didn't Amazon do this when the Biden administration hiked inflation to the highest level in 40 years? Update: Amazon is considering showing a tariff surcharge on items sold via its site for ultra-low-price items, called Haul, the company said. "This was never a consideration for the main Amazon site and nothing has been implemented on any Amazon properties," the company added.

Slashdot Top Deals