T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records. From a report: Starting this week, T-Mobile began texting customers that a "security incident" exposed their account's information. According to T-Mobile, its security team recently discovered "malicious, unauthorized access" to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI. The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.

Read more of this story at Slashdot.

As Trump's long fade-away proceeds, a sad thought, going back to 2018 and 2019 when it seemed we might get past Trump without an international meltdown like 9/11, the Cuban Missile Crisis, the financial meltdown of 2008, the Iran Hostage Crisis. It seemed every presidency had one or two of these, but it was looking like we might not pay the big price for having a child-man with a bad temper in the White House. Well, it's almost hindsight now and worth observing that we did not get away with it. The pandemic is still building, could still explode, and Trump is still playing Pretend President. We're not out of the woods yet.

The hackers who carried out a sophisticated cyberattack on government agencies in the US and private companies were able to access Microsoft's source code, the company said Thursday. From a report: A Microsoft investigation turned up "unusual activity with a small number of internal accounts" and that "one account had been used to view source code in a number of source code repositories," the company said in a blog post. Microsoft said the account didn't have the ability to modify code and that no company services or customer data was put at risk. "The investigation, which is ongoing, has also found no indications that our systems were used to attack others," the company said.

Read more of this story at Slashdot.

An anonymous reader shares a report: A ten-year longitudinal study published in the Journal of Cyberpsychology, Behavior, and Social Networking on a group in early adolescence from as young as ten years old, investigated how playing violent video games at an early age would translate into adulthood behavior (23 years of age). Titled "Growing Up with Grand Theft Auto: A 10-Year Study of Longitudinal Growth of Violent Video Game Play in Adolescents" the study found no correlation between growing up playing video games and increased levels of aggression ten years later. This particular study utilized a more contemporary approach for analyzing its data, known as the person-centered approach. Traditional studies use a variable-centered approach whereby researchers treat each variable, or characteristic, as related to another variable. An example would be that exercising is related to a reduced incidence of heart disease. This has been particularly valuable when comparing groups. In a person-centered approach researchers combine various algorithms across variables to determine how these variables compare among individuals. This approach provides a more accurate depiction of how variables relate to the individual.

Read more of this story at Slashdot.

An anonymous reader shares a report [the story is behind a paywall; alternative source]: Seven years ago, Apple made a staggering discovery: Among the employees at a factory in China that made most of the computer ports used in its MacBooks were two 15-year-olds. Apple told the manufacturer, Suyin Electronics, that it wouldn't get any new business until it improved employee screening to ensure no more people under 16 years of age got hired. Suyin pledged to do so, but an audit by Apple three months later found three more underage workers, including a 14-year-old. Apple, which has promised to ban suppliers that repeatedly use underage workers, stopped giving Suyin new business because of the violations. But it took Apple more than three years to fully cut its ties with Suyin, which continued to make HDMI, USB and other ports for older MacBooks under previous contracts. A person close to Suyin, which is headquartered in Taiwan, said that the company hadn't intentionally hired underage workers and that it had passed Apple's audits in later years. Apple no longer does business with Suyin. But the previously unreported episode, drawn from documents reviewed by The Information and interviews with people who have direct knowledge of Apple's dealings with Suyin, is a stark example of the dilemmas Apple faces in fulfilling its pledges to put workers first and not use manufacturers that consistently violate labor laws. And it demonstrates the fine line Apple has to walk in balancing the need to maximize profits with the expectation that it will prioritize good working conditions for its own employees and its suppliers'. [...] In interviews, 10 former members of Apple's supplier responsibility team -- the unit in charge of monitoring manufacturing partners for violations of labor, environmental and safety rules -- claimed that Apple avoided or delayed cutting ties with offenders when doing so would hurt its business. For example, the former team members said, Apple continued working with some suppliers that refused to implement safety suggestions or that consistently violated labor laws.

Read more of this story at Slashdot.

Japan's Mitsubishi Heavy Industries will soon complete in Austria the world's largest steel plant capable of attaining net-zero carbon dioxide emissions. Mitsubishi Heavy, through a British unit, is constructing the pilot plant at a complex of Austrian steelmaker Voestalpine. Trial operation is slated to begin in 2021. From a report: The plant will use hydrogen instead of coal in the reduction process for iron ore. The next-generation equipment will produce 250,000 tons of steel product a year. The global steel industry generated about 2 billion tons of CO2 in 2018, according to the International Energy Agency -- double the volume in 2000. The steel sector's share among all industries grew 5 percentage points to 25%. Iron ore reduction accounts for much of the CO2 emissions in steelmaking. Japanese steelmakers including Nippon Steel are developing hydrogen-consuming reduction processes based on the conventional blast furnace design. Mitsubishi Heavy's plant adopts a process called direct reduced iron, or DRI. New blast furnaces require trillions of yen (1 trillion yen equals $9.6 billion) in investment. Although DRI equipment produces less steel, the investment is estimated at less than half of blast furnaces. For DRI to attain the same level of cost-competitiveness as blast furnaces, low-cost hydrogen will be key. Market costs for hydrogen now stand at around 100 yen per normal cu. meter, estimates the Ministry of Economy, Trade and Industry.

Read more of this story at Slashdot.

OMG yet another song: Truckin.

Bloomberg Editorial Board: Amid raging wildfires, rolling blackouts and a worsening coronavirus outbreak, it has not been a great year for California. Unfortunately, the state is also reeling from a manmade disaster: an exodus of thriving companies to other states. In just the past few months, Hewlett Packard Enterprise said it was leaving for Houston. Oracle said it would decamp for Austin. Palantir, Charles Schwab and McKesson are all bound for greener pastures. No less an information-age avatar than Elon Musk has had enough. He thinks regulators have grown "complacent" and "entitled" about the state's world-class tech companies. No doubt, he has a point. Silicon Valley's high-tech cluster has been the envy of the world for decades, but there's nothing inevitable about its success. As many cities have found in recent years, building such agglomerations is exceedingly hard, as much art as science. Low taxes, modest regulation, sound infrastructure and good education systems all help, but aren't always sufficient. Once squandered, moreover, such dynamism can't easily be revived. With competition rising across the U.S., the area's policy makers need to recognize the dangers ahead. In recent years, San Francisco has seemed to be begging for companies to leave. In addition to familiar failures of governance -- widespread homelessness, inadequate transit, soaring property crime -- it has also imposed more idiosyncratic hindrances. Far from welcoming experimentation, it has sought to undermine or stamp out home-rental services, food-delivery apps, ride-hailing firms, electric-scooter companies, facial-recognition technology, delivery robots and more, even as the pioneers in each of those fields attempted to set up shop in the city. It tried to ban corporate cafeterias -- a major tech-industry perk -- on the not-so-sound theory that this would protect local restaurants. It created an "Office of Emerging Technology" that will only grant permission to test new products if they're deemed, in a city bureaucrat's view, to provide a "net common good." Whatever the merits of such meddling, it's hardly a formula for unbounded inventiveness. These two traits -- poor governance and animosity toward business -- have collided calamitously with respect to the city's housing market. Even as officials offered tax breaks for tech companies to headquarter themselves downtown, they mostly refused to lift residential height limits, modify zoning rules or allow significant new construction to accommodate the influx of new workers. They then expressed shock that rents and home prices were soaring -- and blamed the tech companies. California's legislature has only made matters worse. A bill it enacted in 2019, ostensibly intended to protect gig workers, threatened to undo the business models of some of the state's biggest tech companies until voters granted them a reprieve in a November referendum. A new privacy law has imposed immense compliance burdens -- amounting to as much as 1.8% of state output in 2018 -- while conferring almost no consumer benefits. An 8.8% state corporate tax rate and 13.3% top income-tax rate (the nation's highest) haven't helped.

Read more of this story at Slashdot.

Really, today's song is: Nobody Loves Me But My Mother.

For the first time since the service arrived in April 2018, the ESPN+ annual plan is getting a price increase. From January 8th, it'll cost new members $59.99 instead of $49.99. Existing annual subscribers will have until at least March 2nd to renew their plan for $50. From a report: The monthly plan went up by $1 to $5.99 in August, so opting for an annual subscription instead of going month-to-month will save you $12 over a year. Of course, you'll save more if you lock in an annual plan before the increase.

Read more of this story at Slashdot.

Today's song: They All Aks'd for You.

Why are we paying taxes to the US Treasury when the government won't protect us from a deadly virus? Why are we funding a military when we can't get vaccine into the arms of Americans? This is a war where, if we chose to fight it, we could win in 3 weeks. What's the purpose of such an expensive military beyond protecting Americans?

The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack. From a report: In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that can't update by that deadline are to take all Orion systems offline, per CISA's original guidance, first issued on December 18. The guidance update comes after security researchers uncovered a new major vulnerability in the SolarWinds Orion app over the Christmas holiday. Tracked as CVE-2020-10148, this vulnerability is an authentication bypass in the Orion API that allows attackers to execute remote code on Orion installations. This vulnerability was being exploited in the wild to install the Supernova malware on servers where the Orion platform was installed, in attacks separate from the SolarWinds supply chain incident.

Read more of this story at Slashdot.

With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. From a report: When Flash Player is installed, it creates a scheduled task named 'Adobe Flash Player PPAPI Notifier' that executes the following command: "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe" -update pepperplugin. When this command is executed, it is now displaying an alert thanking users for using Adobe Flash Player and then recommending that they uninstall the program due to its looming end of life. Further reading: Adobe Flash is about to die, but classic Flash games will live on.

Read more of this story at Slashdot.