qnonset - Slashdot User

Comment Used to use eBay, but AliExpress beats them now (Score 2) 87

by qnonset on Wednesday January 24, 2024 @02:11AM (#64183741) Attached to: Ebay To Eliminate 1,000 Jobs, or 9% of Full-Time Workforce

I used to use eBay constantly, but now I often don't even bother looking at eBay. AliExpress has all the same Chinese stuff eBay had, and more, but somehow AliExpress gets the products to my door weeks faster and their prices are cheaper.

Submission + - UK Passport Images Database Could Be Used To Catch Shoplifters (theguardian.com)

Submitted by Anonymous Coward on Monday October 02, 2023 @05:58PM

An anonymous reader writes: Britain’s passport database could be used to catch shoplifters, burglars and other criminals under urgent plans to curb crime, the policing minister has said. Chris Philp said he planned to integrate data from the police national database (PND), the Passport Office and other national databases to help police find a match with the “click of one button." But civil liberty campaigners have warned the plans would be an “Orwellian nightmare” that amount to a “gross violation of British privacy principles”.

Foreign nationals who are not on the passport database could also be found via the immigration and asylum biometrics system, which will be part of an amalgamated system to help catch thieves. The measures have been deemed controversial by campaigners as the technology could get a match even if images are blurred or partially obscured. Speaking at a fringe event of the Conservative party conference hosted by the Policy Exchange thinktank, Philp said: “I’m going to be asking police forces to search all of those databases – the police national database, which has custody images, but also other databases like the passport database – not just for shoplifting but for crime generally to get those matches, because the technology is now so good that you can get a blurred image and get a match for it.

“Operationally, I’m asking them to do it now. In the medium term, by which I mean the next two years, we’re going to try and create a new data platform so you can press one button [and it] lets you search it all in one go. Until the new platform is created, he said police forces should search each database separately. [...] Philp said he has already ordered police forces that have access to the passport database to start searching it alongside the police national database, which stores custody images. Officers will be able to compare those facial images against CCTV, dashcam and doorbell technology to help find a match for criminals as prosecution rates are at record lows. He later added: “I would also just remind everyone that the wider public, including shop staff and security guards, do have the power of citizen’s arrest and where it’s safe to do so I would encourage that to be used. Because if you do just let people walk in and take stuff and walk out without proper challenge, including potentially a physical challenge, then it will just escalate.”

Submission + - The Billionaire Keeping TikTok on Phones in the U.S. (wsj.com)

Submitted by schwit1 on Wednesday September 20, 2023 @10:19AM

schwit1 writes: Financier Jeff Yass made a big bet on the app, and he’s a top donor to lawmakers who support it

Yass’s investment company, Susquehanna International Group, bet big on TikTok in 2012, buying a stake in parent company ByteDance now measured at about 15%. That translates into a personal stake for Yass of 7% in ByteDance. It is worth roughly $21 billion based on the company’s recent valuation, or much of his $28 billion net worth as gauged by Bloomberg.

Yass is also one of the top donors to the Club for Growth, an influential conservative group that rallied Republican opposition to a TikTok ban. Yass has donated $61 million to the Club for Growth’s political-spending arm since 2010, or about 24% of its total, according to federal records.

Club for Growth made public its opposition to banning TikTok in March, in an opinion article by its president, at a time when sentiment against the platform among segments of both parties was running high on Capitol Hill. Days later, Sen. Rand Paul (R., Ky.) stood up on the Senate floor and quashed an attempt to fast-track a bill by Sen. Josh Hawley (R., Mo.) to ban downloading of the TikTok app.

Submission + - Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor (arstechnica.com)

Submitted by Anonymous Coward on Tuesday September 19, 2023 @05:29PM

An anonymous reader writes: Researchers have discovered a never-before-seen backdoor for Linux that’s being used by a threat actor linked to the Chinese government. The new backdoor originates from a Windows backdoor named Trochilus, which was first seen in 2015 by researchers from Arbor Networks, now known as Netscout. They said that Trochilus executed and ran only in memory, and the final payload never appeared on disks in most cases. That made the malware difficult to detect. Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

Other groups eventually used it, and its source code has been available on GitHub for more than six years. Trochilus has been seen being used in campaigns that used a separate piece of malware known as RedLeaves. In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021. By searching VirusTotal for the file name, libmonitor.so.2, the researchers located an executable Linux file named “mkmon.” This executable contained credentials that could be used to decrypt the libmonitor.so.2 file and recover its original payload, leading the researchers to conclude that “mkmon” is an installation file that delivered and decrypted libmonitor.so.2.

The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation. The Trend Micro researchers eventually named their discovery SprySOCKS, with “spry” denoting its swift behavior and the added SOCKS component. SprySOCKS implements the usual backdoor capabilities, including collecting system information, opening an interactive remote shell for controlling compromised systems, listing network connections, and creating a proxy based on the SOCKS protocol for uploading files and other data between the compromised system and the attacker-controlled command server.

After decrypting the binary and finding SprySOCKS, the researchers used the information they found to search VirusTotal for related files. Their search turned up a version of the malware with the release number 1.1. The version Trend Micro found was 1.3.6. The multiple versions suggest that the backdoor is currently under development. The command-and-control server that SprySOCKS connects to has major similarities to a server that was used in a campaign with a different piece of Windows malware known as RedLeaves. Like SprySOCKS, RedLeaves was also based on Trochilus. Strings that appear in both Trochilus and RedLeaves also appear in the SOCKS component that was added to SprySOCKS. The SOCKS code was borrowed from the HP-Socket, a high-performance network framework with Chinese origins.

Submission + - Underocean desalination resolve many problems (latimes.com)

Submitted by Bruce66423 on Tuesday September 19, 2023 @06:37AM

Bruce66423 writes: Locating desalination plants at the bottom of the sea:

Reduces energy consumption because the sea itself provides the necessary osmotic pressure
Reduces brine production because it only removes 10% of fresh water from the salt water
Reduce land usage

Submission + - Lithium discovery in US volcano could be biggest deposit ever found (chemistryworld.com)

Submitted by Anonymous Coward on Monday September 11, 2023 @10:13AM

An anonymous reader writes: A world-beating deposit of lithium along the Nevada–Oregon border could meet surging demand for this metal, according to a new analysis.

An estimated 20 to 40 million tonnes of lithium metal lie within a volcanic crater formed around 16 million years ago. This is notably larger than the lithium deposits found beneath a Bolivian salt flat, previously considered the largest deposit in the world.

‘If you believe their back-of-the-envelope estimation, this is a very, very significant deposit of lithium,’ says Anouk Borst, a geologist at KU Leuven University and the Royal Museum for Central Africa in Tervuren, Belgium. ‘It could change the dynamics of lithium globally, in terms of price, security of supply and geopolitics.’

New in situ analysis reveals that an unusual claystone, composed of the mineral illite, contains 1.3% to 2.4% of lithium in the volcanic crater. This is almost double the lithium present in the main lithium-bearing clay mineral, magnesium smectite, which is more common than illite.

CHINA HAD BETTER HURRY AND BRIBE SOME GREEN ACTIVISTS TO BE SURE WE CAN’T EXPLOIT IT

Related discussion

Submission + - Employers feeling more pain in return-to-work policies

Submitted by lpq on Tuesday August 01, 2023 @12:18PM

lpq writes: From the article: "We’re now finding out the damaging consequences of the mandated return to office. And it’s not a pretty picture.
Nearly half of companies polled are seeing higher than expected attrition for such policies, while a third are finding it harder to recruit new employees as reported in https://fortune.com/2023/08/01... .

Submission + - The U.S. and Europe Are Growing Alarmed by China's Rush Into Legacy Chips (time.com)

Submitted by Anonymous Coward on Monday July 31, 2023 @05:11PM

An anonymous reader writes: U.S. and European officials are growing increasingly concerned about China’s accelerated push into the production of older-generation semiconductors and are debating new strategies to contain the country’s expansion. President Joe Biden implemented broad controls over China’s ability to secure the kind of advanced chips that power artificial-intelligence models and military applications. But Beijing responded by pouring billions into factories for the so-called legacy chips that haven’t been banned. Such chips are still essential throughout the global economy, critical components for everything from smartphones and electric vehicles to military hardware. That’s sparked fresh fears about China’s potential influence and triggered talks of further reining in the Asian nation, according to people familiar with the matter, who asked not to be identified because the deliberations are private. The U.S. is determined to prevent chips from becoming a point of leverage for China, the people said.

Commerce Secretary Gina Raimondo alluded to the problem during a panel discussion last week at the American Enterprise Institute. “The amount of money that China is pouring into subsidizing what will be an excess capacity of mature chips and legacy chips—that’s a problem that we need to be thinking about and working with our allies to get ahead of,” she said. While there’s no timeline for action to be taken and information is still being gathered, all options are on the table, according to a senior Biden administration official. The most advanced semiconductors are those produced using the thinnest etching technology, with 3-nanometers state of the art today. Legacy chips are typically considered those made with 28-nm equipment or above, technology introduced more than a decade ago.

Senior E.U. and U.S. officials are concerned about Beijing’s drive to dominate this market for both economic and security reasons, the people said. They worry Chinese companies could dump their legacy chips on global markets in the future, driving foreign rivals out of business like in the solar industry, they said. Western companies may then become dependent on China for these semiconductors, the people said. Buying such critical tech components from China may create national security risks, especially if the silicon is needed in defense equipment. “The United States and its partners should be on guard to mitigate nonmarket behavior by China’s emerging semiconductor firms,” researchers Robert Daly and Matthew Turpin wrote in a recent essay for the Hoover Institution think tank at Stanford University. “Over time, it could create new U.S. or partner dependencies on China-based supply chains that do not exist today, impinging on U.S. strategic autonomy.”

Submission + - Most of the 100 Million People Who Signed Up For Threads Stopped Using It (arstechnica.com)

Submitted by Anonymous Coward on Friday July 28, 2023 @05:43PM

An anonymous reader writes: Meta's new Twitter competitor, Threads, is looking for ways to keep users interested after more than half of the people who signed up for the text-based platform stopped actively using the app, Meta CEO Mark Zuckerberg reportedly told employees in a company town hall yesterday. Threads launched on July 5 and signed up over 100 million users in less than five days, buoyed by user frustration with Elon Musk-owned Twitter.

"Obviously, if you have more than 100 million people sign up, ideally it would be awesome if all of them or even half of them stuck around. We're not there yet," Zuckerberg told employees yesterday, according to Reuters, which listened to audio of the event. Third-party data suggests that Threads may have lost many more than half of its active users. Daily active users for Threads on Android dropped from 49 million on July 7 to 23.6 million on July 14, and then to 12.6 million on July 23, web analytics company SimilarWeb reported.

"We don't yet have daily numbers for iOS, but we suspect the boom-and-bust pattern is similar," SimilarWeb wrote. "Threads took off like a rocket, with its close linkage to Instagram as the booster. However, the developers of Threads will need to fill in missing features and add some new and unique ones if they want to make checking the app a daily habit for users." Although losing over half of the initial users in a short period might sound discouraging, the Reuters article said Zuckerberg told employees that user retention was better than Meta executives expected. "Zuckerberg said he considered the drop-off 'normal' and expected retention to grow as the company adds more features to the app, including a desktop version and search functionality," Reuters wrote.

Submission + - MOVEit Hackers Accessed Health Data of 'At Least' 8 Million Individuals (techcrunch.com)

Submitted by Anonymous Coward on Friday July 28, 2023 @04:45PM

An anonymous reader writes: U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals. Virginia-based Maximus contracts with federal, state and local governments to manage and administer government-sponsored programs, such as Medicaid, Medicare, healthcare reform and welfare-to-work. In an 8-K filing on Wednesday, Maximus confirmed that the personal information of a “significant number” of individuals was accessed by hackers exploiting a zero-day vulnerability in MOVEit Transfer, which the organization uses to “share data with government customers pertaining to individuals who participate in various government programs.”

While Maximus hasn’t yet been able to confirm the exact number of individuals impacted — something the company expects to take “several more weeks” — the organization said it believes hackers accessed the personal data, including Social Security numbers and protected health information, of “at least” 8 to 11 million individuals. If the latter, this would make the breach the largest breach of healthcare data this year — and the most significant data breach reported as a result of the MOVEit mass-hacks. Maximus has not confirmed which specific types of health data were accessed and has not responded to TechCrunch’s questions. In its 8-K filing, the company said it began notifying impacted customers and federal and state regulators, adding that it expects the security incident to cost approximately $15 million to investigate and remediate. Clop, the Russia-linked data extortion group responsible for the MOVEit mass-hacks, claims to have stolen 169 gigabytes of data from Maximus, which it has not yet published.

Submission + - 'The Blue Flash': How a Screwdriver Slip Caused a Fatal 1946 Atomic Accident

Submitted by theodp on Friday July 28, 2023 @10:07AM

theodp writes: A specially illustrated BBC story created by artist/writer Ben Platts-Mills tells the remarkable story of how a dangerous radioactive apparatus in the Manhattan Project killed a scientist in 1946.

"Less than a year after the Trinity atomic bomb test," Platts-Mills writes, "a careless slip with a screwdriver cost Louis Slotin his life. In 1946, Slotin, a nuclear physicist, was poised to leave his job at Los Alamos National Laboratories (formerly the Manhattan Project). When his successor came to visit his lab, he decided to demonstrate a potentially dangerous apparatus, called the "critical assembly". During the demo, he used his screwdriver to support a beryllium hemisphere over a plutonium core. It slipped, and the hemisphere dropped over the core, triggering a burst of radiation. He died nine days later."

In an interesting follow-up story, Platts-Mills explains how he pieced together what happened inside the room where 'The Blue Flash' occurred (it has been observed that many criticality accidents emit a blue flash of light).

Submission + - 8bit computer culture behind the Iron Curtain (crowdfundr.com)

Submitted by lameron on Thursday July 27, 2023 @04:20AM

lameron writes: New documentary, Stamps Back. From Commodore 64s smuggled across the Iron Curtain to cracked games on cassette tapes sold at flea markets, floppy disk swapping via postal mail, hacked phone booths connected to US BBSes, and copy parties packed to capacity, Stamps Back tells the story of how teenagers in Hungary ignited a computing revolution in the 1980s with illegally copied video games from the West, and began the Hungarian demoscene. https://crowdfundr.com/stampsb...

Submission + - AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs (tomshardware.com)

Submitted by waspleg on Wednesday July 26, 2023 @06:13PM

waspleg writes: Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.

The Zenbleed vulnerability is filed as CVE-2023-20593 and allows data exfiltration (theft) at a rate of 30kb per core, per second, thus providing adequate throughput to steal sensitive information flowing through the processor. This attack works across all software running on the processor, including virtual machines, sandboxes, containers, and processes. The ability for this attack to read data across virtual machines is particularly threatening for cloud service providers and those who use cloud instances.

"The bug works like this, first of all you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. This all has to happen within a precise window to work.

We now know that basic operations like strlen, memcpy and strcmp will use the vector registers — so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever!

This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file," says Ormandy.

TFA has a long list of affected models and patch date estimations.

Submission + - NIST Delays Could Push Post-Quantum Security Products Into the Next Decade (esecurityplanet.com)

Submitted by storagedude on Tuesday July 25, 2023 @07:48PM

storagedude writes: A quantum computer capable of breaking public-key encryption is likely years away. Unfortunately, so are products that support post-quantum cryptography.

That's the conclusion of an eSecurity Planet article by Henry Newman. With the second round of NIST's post-quantum algorithm evaluations — announced last week — expected to take "several years" and the FIPS product validation process backed up, Newman notes that it will be some time before products based on post-quantum standards become available.

"The delay in developing quantum-resistant algorithms is especially troubling given the time it will take to get those products to market," Newman writes. "It generally takes four to six years with a new standard for a vendor to develop an ASIC to implement the standard, and it then takes time for the vendor to get the product validated, which seems to be taking a troubling amount of time.

"I am not sure that NIST is up to the dual challenge of getting the algorithms out and products validated so that vendors can have products that are available before quantum computers can break current technology. There is a race between quantum technology and NIST vetting algorithms, and at the moment the outcome is looking worrisome."

And as encrypted data stolen now can be decrypted later, the potential for “harvest now, decrypt later” (HNDL) attacks "is a quantum computing security problem that’s already here."

Submission + - TSMC Delays US Chip Plant Start To 2025 Due To Labor Shortages (appleinsider.com)

Submitted by Anonymous Coward on Thursday July 20, 2023 @04:41PM

An anonymous reader writes: Apple's processor manufacturer TSMC says that it can't find enough skilled workers to open its Arizona facility on time, and mass chip production will have to wait until 2025. The Taiwan Semiconductor Manufacturing Company (TSMC) began work on a first factory in Arizona in 2021. Since then, the plant has seen safety concerns, complaints from TSMC about US taxation, and a claim that US staff don't work hard enough. Most recently, the company announced that it was sending more Taiwanese workers to the US to manage the final stages of making the plant operational. Now according to Nikkei Asia, that move has proven insufficient.

"We are encountering certain challenges, as there is an insufficient amount of skilled workers with the specialized expertise required for equipment installation in a semiconductor-grade facility," said TSMC chair Mark Liu. "Consequently we expect the production schedule of N4 [4-nanometer] process technology to be pushed out to 2025," continued Liu. The news comes alongside TSMC's latest earnings report, which shows that the firm's profits have fallen, though they are expected to recover when the iPhone 15 range launches. TSMC blames the results on a slow economic recover in China, and a downturn in the consumer electronics market.

Slashdot Top Deals