Three Die After Untreatable 'Superbug' Fungus Infections in Two Different Cities Slashdotby EditorDavid on medicine at January 1, 1970, 1:00 am (cached at July 24, 2021, 11:35 pm)

"U.S. health officials said Thursday they now have evidence of an untreatable fungus spreading in two hospitals and a nursing home," reports the Associated Press: The "superbug" outbreaks were reported in a Washington, D.C, nursing home and at two Dallas-area hospitals, the Centers for Disease Control and Prevention reported. A handful of the patients had invasive fungal infections that were impervious to all three major classes of medications. "This is really the first time we've started seeing clustering of resistance" in which patients seemed to be getting the infections from each other, said the CDC's Dr. Meghan Lyman... Health officials have sounded alarms for years about the superbug after seeing infections in which commonly used drugs had little effect. In 2019, doctors diagnosed three cases in New York that were also resistant to a class of drugs, called echinocandins, that were considered a last line of defense. In those cases, there was no evidence the infections had spread from patient to patient — scientists concluded the resistance to the drugs formed during treatment. The new cases did spread, the CDC concluded.... Those cases were seen from January to April. Of the five people who were fully resistant to treatment, three died — both Texas patients and one in Washington. Lyman said both are ongoing outbreaks and that additional infections have been identified since April. But those added numbers were not reported. The fungus, Candida auris, "is a harmful form of yeast that is considered dangerous to hospital and nursing home patients with serious medical problems," they add — and it's spread through contaminated surfaces or contact with patients. Newsweek points out that while it's only recently appeared in America, "infections have occurred in over 30 countries worldwide."

Read more of this story at Slashdot.

Kaspersky Warns Fake Windows 11 Installers Are Spreading Malware Slashdotby EditorDavid on security at January 1, 1970, 1:00 am (cached at July 24, 2021, 10:35 pm)

Long-time Slashdot reader Ammalgam writes: If you're planning to install Windows 11, you should make sure you download it from official sources. This is because, people who are using pirated or fake methods to get Windows 11 are also downloading malware along with it, according to Kaspersky. The particular file referenced is called 86307_windows 11 build 21996.1 x64 + activator.exe. While it sounds like it includes Windows 11 build 21996.1, and an installer that will automatically activate Windows for you there are some red flags. First, it's only 1.75GB, so while people who want to install Windows 11 might think that's a large file that could be Windows, a real Windows 11 ISO is about 4.87GB... "The 1.75 GB file looks legitimate. But most of this space consists of one DLL file that contains a lot of useless information," explains Mint. And Kaspersky adds that "it even comes with a license agreement (which few people read) calling it a 'download manager for 86307_windows 11 build 21996.1 x64 + activator' and noting that it would also install some sponsored software. If you accept the agreement, a variety of malicious programs will be installed on your machine."

Read more of this story at Slashdot.

Where have all the magas gone? Scripting News(cached at July 24, 2021, 10:32 pm)

Long time passing.

Where have all the magas gone?

Long time ago.

Where have all the magas gone?

They all got covid, every one.

Oh, will they ever learn?

Oh, when will they learn?


To the tune of Where Have All The Flowers Gone by Pete Seeger.

[no title] Scripting News(cached at July 24, 2021, 10:32 pm)

Today's song: Radio Ga Ga.
China Compromised More than a Dozen US Pipelines Between 2011 and 2013 Slashdotby EditorDavid on power at January 1, 1970, 1:00 am (cached at July 24, 2021, 9:35 pm)

"Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry," reports the Wall Street Journal. The disclosure of previously classified information about the aggressive Chinese hacking campaign, though dated, underscored the severity of foreign cyber threats to the nation's infrastructure, current and former officials said. In some cases, the hackers possessed the ability to physically damage or disrupt compromised pipelines, a new cybersecurity alert said, though it doesn't appear they did so. Previously, senior administration officials had warned that China, Russia and others were capable of such cyber intrusions. But rarely has so much information been released about a specific and apparently successful campaign. Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of "holding U.S. pipeline infrastructure at risk," the Federal Bureau of Investigation and the Department of Homeland Security said in Tuesday's joint alert. Of the known targets, 13 were successfully compromised and an additional eight suffered an "unknown depth of intrusion," which officials couldn't fully assess because the victims lacked complete computer log data, the alert said. Another three targets were described as "near misses" of the Chinese campaign, which relied heavily on spear phishing attacks. Newsweek adds that the same day the U.S. Department of Homeland Security "announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast." In a statement, DHS said it would require operators of federally designated critical pipelines to implement "specific mitigation measures" to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a "cybersecurity architecture design review."

Read more of this story at Slashdot.

Mozilla Stops FTP Support in Firefox 90 Slashdotby EditorDavid on firefox at January 1, 1970, 1:00 am (cached at July 24, 2021, 9:06 pm)

A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" — and it's suffering from "a number of serious security issues." The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol. Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP. The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.

Read more of this story at Slashdot.

A song about the magas Scripting News(cached at July 24, 2021, 9:03 pm)

Where have all the magas gone?

Long time passing.

Where have all the magas gone?

Long time ago.

Where have all the magas gone?

They all got covid, every one.

Oh, will they ever learn?

Oh, when will they learn?


To the tune of Where Have All The Flowers Gone by Pete Seeger.

[no title] Scripting News(cached at July 24, 2021, 8:32 pm)

Does anyone else thing the Olympics is offensive from a climate change perspective. All that carbon burning. What if instead we had an Olympics where people did heroic things to put carbon back in the ground.
With Profits Soaring, Tech Companies 'Won the Pandemic' Slashdotby EditorDavid on business at January 1, 1970, 1:00 am (cached at July 24, 2021, 8:05 pm)

In April of 2020, Jeff Bezos announced Amazon would spend their next quarter focusing on people instead of profits, remembers the New York Times: At the end of July 2020, Amazon announced quarterly results. Rather than earning zero, as Mr. Bezos had predicted, it notched an operating profit of $5.8 billion — a record for the company. The months since have established new records. Amazon's margins, which measure the profit on every dollar of sales, are the highest in the history of the company, which is based in Seattle... Amazon's pandemic triumph was echoed all over the world of technology companies. Even as 609,000 Americans have died and the Delta variant surges, as corporate bankruptcies hit a peak for the decade, as restaurants, airlines, gyms, conferences, museums, department stores, hotels, movie theaters and amusement parks shut down and as millions of workers found themselves unemployed, the tech industry flourished. The combined stock market valuation of Apple, Alphabet, Nvidia, Tesla, Microsoft, Amazon and Facebook increased by about 70 percent to more than $10 trillion. That is roughly the size of the entire U.S. stock market in 2002. Apple alone has enough cash in its coffers to give $600 to every person in the United States. And in the next week, the big tech companies are expected to report earnings that will eclipse all previous windfalls. Silicon Valley, still the world headquarters for tech start-ups, has never seen so much loot. More Valley companies went public in 2020 than in 2019, and they raised twice as much money when they did. Forbes calculates there are now 365 billionaires whose fortunes derive from tech, up from 241 before the virus. No single industry has ever had such power over American life, dominating how we communicate, shop, learn about the world and seek distraction and joy. What will Silicon Valley do with this power? Who if anyone might restrain tech, and how much support will they have...? The biggest, and perhaps the only, threat to tech now is from government... Beyond the threat of misuse of tech lurks an even darker possibility: a misplaced confidence in the ability of one loosely regulated sector to run so much of the world.

Read more of this story at Slashdot.

Researchers Found a Malicious NPM Package Using Chrome's Password-Recovery Tools Slashdotby EditorDavid on chrome at January 1, 1970, 1:00 am (cached at July 24, 2021, 7:05 pm)

Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands... ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details: nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized... ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."

Read more of this story at Slashdot.

Repairable, Modular Framework Laptop Begins Shipping Slashdotby EditorDavid on opensource at January 1, 1970, 1:00 am (cached at July 24, 2021, 6:05 pm)

"Are you old enough to remember when laptops had removable batteries?" asks CNET. "Frustrated by mainstream laptops with memory soldered to the motherboard and therefore not upgradable?" "The 13.5-inch Framework Laptop taps into that nostalgia, addressing one of the biggest drawbacks in modern laptops as part of the right-to-repair movement. It was designed from the ground up to be as customizable, upgradable and repairable as technologically possible... and boy does it deliver." It features four expansion card slots, slide-in modules that snap into USB-C connectors, socketed storage and RAM, a replaceable mainboard module with fixed CPU and fan, battery, screen, keyboard and more. It's a design that makes the parts easy to access, all while delivering solid performance at competitive prices and without sacrificing aesthetics. The laptop's in preorder now for the U.S. and Canada, slated to ship in small batches depending upon the configuration. Core i7-based systems are expected to go out in August, while Core i5 systems won't be available until September. Prices for the Framework Laptop start at $999 for the prefab Core i5-1135G7 model with 8GB RAM and 256GB SSD, $1,399 for the Core i7-1165G7 Performance model with 16GB RAM and 512GB storage or a vPro Core i7-1185G7 Professional model with 32GB RAM and 1TB storage. Framework expects to expand into new regions by the end of the year; $999 converts to roughly £730 or AU$1,360... The DIY model adds Linux to the list of operating systems you can install, and doesn't restrict Windows Pro to the vPro model... With the Framework, in addition to the ports you can swap out the mainboard, touchpad, keyboard, speakers, battery... anything you can think of. Don't feel like doing it yourself? Framework is publishing all the information necessary for a repair shop or IT department to not just swap parts, but to perform repairs... Nothing is buried under other parts, so everything's easy to get to. Each Framework part has a QR code and short URL to take you to all the info you'll need about it and the labels on the standard parts (memory and SSD) are easy to read. Or, as Engadget puts it, the laptop is "designed, from the get-go, to be modular and repairable by every one of its users." Created by Nirav Patel, formerly of Oculus, the machine aims to demonstrate that there is a better, more sustainable way of doing things. It shouldn't be that, if your tech fails, you either have to buy a new model, or let the manufacturer's in-house repair teams charge $700 for a job that should've cost $50 . After all, if we're going to survive climate change, we need to treat our tech more sustainably and keep as much as possible out of the landfill... The Framework laptop is equipped with a 1080p, 60fps webcam with an 80-degree field of view, and it's one of the best built-in webcams I've seen. PCWorld calls it "the ultimate Right to Repair laptop."

Read more of this story at Slashdot.

Iconic Japanese Videogame Music Incorporated Into Olympic Opening Ceremony Slashdotby EditorDavid on japan at January 1, 1970, 1:00 am (cached at July 24, 2021, 4:35 pm)

"Fans of Japanese video games couldn't believe their ears as Olympic athletes paraded into Tokyo's National Stadium during the opening ceremony for the 2020 Games on Friday..." reports the Huffington Post. During the Parade of Nations section of the ceremony, "The orchestra was playing tunes from some of their favorite games." In a celebration of Japanese popular culture that is appreciated worldwide, the entry parade was set to tunes from games developed by Sega, Capcom and Square Enix. It kicked off with "Overture: Roto's Theme" from Dragon Quest. Next up was "Victory Fanfare" from Final Fantasy. The parade featured more tunes from Monster Hunter, Soulcaliber and Sonic the Hedgehog. According to Classic FM, the music from Kingdom Hearts was composed by Yoko Shimomura, who is responsible for the music for some of the biggest video games ever made. Fans were delighted to hear her work being incorporated into the ceremony. While the list didn't feature widely recognized tunes from cultural juggernauts like Mario Bros. or The Legend of Zelda, the music helped give a sense of atmosphere to the ceremony, which was held in almost an empty stadium due to coronavirus restrictions. There's even an elaborate doodle at Google.com commemorating the Opening Ceremonies with an anime animation that leads to a multi-level 1980s-style videogame in which Lucky the cat competes in various sporting events. (Though the Huffington Post notes that in the real world, about 1,000 people sat in the 68,000-capacity stadium.) The Washington Post reports the Japanese public "overwhelmingly opposed hosting the Olympics as a new wave of the pandemic hit the country." But unfortunately, host city Tokyo signed a contract agreeing the event could only be cancelled by the International Olympic Committee, and now "There's the possibility — once utterly remote — that Japanese voters could kick Prime Minister Yoshihide Suga out of power in parliamentary elections later this year."

Read more of this story at Slashdot.

Amazon MMO New World Is Bricking RTX 3090s, Players Say; Amazon Responds Slashdotby BeauHD on graphics at January 1, 1970, 1:00 am (cached at July 24, 2021, 3:05 pm)

An anonymous reader quotes a report from GameSpot: Amazon [...] is now bricking high-end graphics cards with a beta for its MMO, New World, according to players. Amazon has now responded to downplay the incident but says it plans to implement a frame rate cap on the game's menus. According to users on Twitter and Reddit, New World has been frying extremely high-end graphics cards, namely Nvidia's RTX 3090. It's worth noting that while the RTX 3090 has an MSRP of $1,500, it's often selling for much more due to scarcity and scalpers, so players could easily be losing upwards of $2,000 if their card stops working. Specifically, it seems that one model of the RTX 3090 is being consistently fried by New World. On Reddit, a lengthy thread of over 600 posts includes multiple users claiming that their EVGA 3090 graphics cards are now little more than expensive paperweights after playing the New World beta. The "red light of death," an indicator that something is disastrously wrong with your EVGA 3090, doesn't pop up consistently for players though. Some report their screen going black after a cutscene in the game while others have said that simply using the brightness calibration screen was enough to brick their card. Amazon Games says a patch is on the way to prevent further issues. "Hundreds of thousands of people played in the New World Closed Beta yesterday, with millions of total hours played. We've received a few reports of players using high-performance graphics cards experiencing hardware failure when playing New World," said Amazon Games in an official statement. "New World makes standard DirectX calls as provided by the Windows API. We have seen no indication of widespread issues with 3090s, either in the beta or during our many months of alpha testing. The New World Closed Beta is safe to play. In order to further reassure players, we will implement a patch today that caps frames per second on our menu screen. We're grateful for the support New World is receiving from players around the world, and will keep listening to their feedback throughout Beta and beyond." New World is currently set to launch for PC on August 31.

Read more of this story at Slashdot.

[no title] Scripting News(cached at July 24, 2021, 3:03 pm)

You know the saying locks are for honest people -- I think this is also true of the Constitution. If enough people decide that they don't respect the rules, then the rules don't hold.
Society Is Right On Track For a Global Collapse, New Study of Infamous 1970s Report Slashdotby BeauHD on earth at January 1, 1970, 1:00 am (cached at July 24, 2021, 12:06 pm)

fahrbot-bot shares a report from Live Science: Human society is on track for a collapse in the next two decades if there isn't a serious shift in global priorities, according to a new reassessment of a 1970s report, Vice reported. In that report -- published in the bestselling book "The Limits to Growth" (1972) -- a team of MIT scientists argued that industrial civilization was bound to collapse if corporations and governments continued to pursue continuous economic growth, no matter the costs. The researchers forecasted 12 possible scenarios for the future, most of which predicted a point where natural resources would become so scarce that further economic growth would become impossible, and personal welfare would plummet. The report's most infamous scenario -- the Business as Usual (BAU) scenario -- predicted that the world's economic growth would peak around the 2040s, then take a sharp downturn, along with the global population, food availability and natural resources. This imminent "collapse" wouldn't be the end of the human race, but rather a societal turning point that would see standards of living drop around the world for decades, the team wrote. So, what's the outlook for society now, nearly half a century after the MIT researchers shared their prognostications? Gaya Herrington, a sustainability and dynamic system analysis researcher at the consulting firm KPMG, decided to find out. [...] Herrington found that the current state of the world -- measured through 10 different variables, including population, fertility rates, pollution levels, food production and industrial output -- aligned extremely closely with two of the scenarios proposed in 1972, namely the BAU scenario and one called Comprehensive Technology (CT), in which technological advancements help reduce pollution and increase food supplies, even as natural resources run out. While the CT scenario results in less of a shock to the global population and personal welfare, the lack of natural resources still leads to a point where economic growth sharply declines -- in other words, a sudden collapse of industrial society. "The good news is that it's not too late to avoid both of these scenarios and put society on track for an alternative -- the Stabilized World (SW) scenario," the report notes. "This path begins as the BAU and CT routes do, with population, pollution and economic growth rising in tandem while natural resources decline. The difference comes when humans decide to deliberately limit economic growth on their own, before a lack of resources forces them to." "The SW scenario assumes that in addition to the technological solutions, global societal priorities change," Herrington wrote. "A change in values and policies translates into, amongst other things, low desired family size, perfect birth control availability, and a deliberate choice to limit industrial output and prioritize health and education services." After this shift of values occurs, industrial growth and global population begin to level out. "Food availability continues to rise to meet the needs of the global population; pollution declines and all but disappears; and the depletion of natural resources begins to level out, too," adds Live Science. "Societal collapse is avoided entirely."

Read more of this story at Slashdot.