Senators Propose Exclusion of Miners, Software Developers in Infrastructure Bill's C Slashdotby msmash on usa at January 1, 1970, 1:00 am (cached at August 4, 2021, 11:35 pm)

A trio of U.S. senators is proposing a legislative exclusion for crypto companies, including miners and software developers, from a tax reporting provision in a long-in-the-making bipartisan infrastructure bill. From a report: The Wyden-Lummis-Toomey amendment, made public Wednesday, comes days after it first emerged that the trillion-dollar infrastructure bill included language aimed at tightening reporting requirements for "brokers" in the digital asset space. But critics quickly highlighted the vague language used in the provision, which they said could subject companies not involved in the actual brokerage of digital assets to overly burdensome regulation. The push to amend the existing language won some key allies in the Senate in the days that followed, resulting in today's Senate amendment. Over the weekend, Ron Wyden, chairman of the Senate Finance Committee, wrote that the initial language was "an attempt to apply brick and mortar rules to the internet and fails to understand how the technology works." Sen. Rob Portman, a leading author of the infrastructure bill, defended the provision on Thursday, writing on Twitter that "the legislation does not impose new reporting requirements on software developers, crypto miners, node operators or other non-brokers."

Read more of this story at Slashdot.

Head of UN Health Agency Seeks Vaccine Booster Moratorium Slashdotby msmash on news at January 1, 1970, 1:00 am (cached at August 4, 2021, 11:05 pm)

The head of the World Health Organization called Wednesday for a moratorium on administering booster shots of COVID-19 vaccines as a way to help ensure that doses are available in countries where few people have received their first shots. From a report: WHO Director-General Tedros Adhanom Ghebreyesus made the appeal mostly to wealthier countries that have far outpaced the developing world in numbers of vaccinations. He said richer countries have administered about 100 doses of coronavirus vaccines for every 100 people on average, while low-income countries -- hampered by short supplies -- have provided only about 1.5 doses per 100 people. WHO officials say the science is unproven about whether giving booster shots to people who have already received two vaccine doses is effective in preventing the spread of the coronavirus. The U.N. health agency has repeatedly called for rich countries to do more to help improve access to vaccines in the developing world. It has argued that no one is safe until everyone is safe because the longer and more widely the coronavirus circulates, the greater the chance that new variants could emerge -- and prolong a global crisis in fighting the pandemic.

Read more of this story at Slashdot.

Passwordstate Customers Complain of Silence and Secrecy After Cyberattack Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 4, 2021, 10:05 pm)

An anonymous reader shares a report: It has been over three months since Click Studios, the Australian software house behind the enterprise password manager Passwordstate, warned its customers to "commence resetting all passwords." The company was hit by a supply chain attack that sought to steal the passwords from customer servers around the world. But customers tell TechCrunch that they are still without answers about the attack. Several customers say they were met with silence from Click Studios, while others were asked to sign strict secrecy agreements when they asked for assurances about the security of the software. One IT executive whose company was compromised by the attack said they felt "abandoned" by the software maker in the wake of the attack. Passwordstate is a standalone web server that enterprise companies can use to store and share passwords and secrets for their organizations, like keys for cloud systems and databases that store sensitive customer data, or "break glass" accounts that grant emergency access to the network. Click Studios says it has 29,000 customers using Passwordstate, including banks, universities, consultants, tech companies, defense contractors and U.S. and Australian government agencies, according to public records seen by TechCrunch.

Read more of this story at Slashdot.

Facebook Cuts Off NYU Researcher Access, Prompting Rebuke From Lawmakers Slashdotby msmash on facebook at January 1, 1970, 1:00 am (cached at August 4, 2021, 9:34 pm)

Facebook shut down accounts belonging to two academic researchers late Tuesday, cutting off their ability to study political ads and misinformation on the world's biggest social network. From a report: The company accused the academics of engaging in "unauthorized scraping" and compromising user privacy on the platform, claims that Facebook's many critics are slamming as a thin pretense for killing the transparency work. The company took action against Laura Edelson and Damon McCoy, two well-known researchers affiliated with NYU's Cybersecurity for Democracy project who have long sparred with the company. The move cuts off their access to Facebook's Ad Library -- one of the company's only meaningful transparency efforts to date -- and data on popular posts from the social media monitoring service CrowdTangle. Facebook has a history with Edelson and McCoy. The company served the pair cease and desist letters just weeks before the 2020 election, calling on the team to disable an opt-in browser tool called Ad Observer and unpublish their findings. Ad Observer is a browser tool anyone can install that's designed to give researchers a rare glimpse into how Facebook targets the ads that have transformed it into a trillion-dollar company. "Over the last several years, we've used this access to uncover systemic flaws in the Facebook Ad Library, identify misinformation in political ads including many sowing distrust in our election system, and to study Facebook's apparent amplification of partisan misinformation," Edelson said on Twitter. "After years of abusing users' privacy, it's rich for Facebook to use it as an excuse to crack down on researchers exposing its problems. I've asked the FTC to confirm that this excuse is as bogus as it sounds," tweeted Sen. Ron Wyden (D-OR).

Read more of this story at Slashdot.

Retracted COVID Paper Lives on in New Citations Slashdotby msmash on science at January 1, 1970, 1:00 am (cached at August 4, 2021, 9:05 pm)

Researchers around the world have continued breathing new life into a retracted study, which suggested that common antihypertensive medications were harmful in patients with COVID-19. From a report: Published online on May 1, 2020 in the New England Journal of Medicine, the study relied on Surgisphere data to claim an association between renin-angiotensin-aldosterone system (RAAS) inhibitor therapy and worse outcomes in hospitalized COVID-19 patients with cardiovascular disease. The journal retracted the paper due to concerns about fraudulent data on June 4, 2020 in a widely publicized move, but the study has continued to rack up citations -- totaling at least 652 as of May 31, 2021, reported Todd Lee, MD, MPH, of McGill University in Montreal, and colleagues. Just 17.6% of verified citations acknowledged or noted that the paper was retracted, according to their research letter published in JAMA Internal Medicine. In May of this year alone -- 11 months after the article was retracted -- it was referenced 21 times. "Our findings challenge authors, peer reviewers, journal editors, and academic institutions to do a better job of addressing the broader issues of ongoing citations of retracted scientific studies and protecting the integrity of the medical literature," Lee's group urged. The hypothesis that angiotensin-converting enzyme (ACE) inhibitors and angiotensin-receptor blockers (ARBs) may be harmful in patients with COVID-19 has been floated since the early days of the pandemic, with the reasoning being that since the SARS-CoV-2 virus enters human cells through ACE2 receptors, upregulation of these receptors could put patients at risk.

Read more of this story at Slashdot.

Thailand bans coral-damaging sunscreens in marine parks BBC News | Science/Nature | UK Edition(cached at August 4, 2021, 9:00 pm)

Anyone flouting the rules could be fined due to the damage some lotions can cause to coral.
Amazon and Google Patch Major Bug in Their DNS-as-a-Service Platforms Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 4, 2021, 8:04 pm)

At the Black Hat security conference Wednesday, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platform's nodes, intercept some of the incoming DNS traffic, and then map customers' internal networks. From a report: Discovered by Shir Tamari and Ami Luttwak from cloud security company Wiz, the vulnerability highlights the amount of sensitive information collected by managed DNS platforms and their attractiveness from a cyber-espionage and intelligence data collection standpoint. Also known as DNS-as-a-Service providers, these companies effectively rent DNS servers to corporate entities. While it's not hard to run your own DNS name server, the benefit of using a service like AWS Route53 or the Google Cloud Platform is that companies can offload managing DNS server infrastructure to a third-party and take advantage of better uptime and top-notch security. Companies that sign up for a managed DNS provider typically have to onboard their internal domain names with the service provider. This typically means companies have to go to a backend portal and add their company.com and other domains to one of the provider's name servers (i.e., ns-1611.awsdns-09.co.uk). Once this is done, when a company employee wants to connect to an intranet app or an internet website, their computer will query the third-party DNS server for the IP address it needs to connect. What the Wiz team discovered was that several managed DNS providers did not blacklist their own DNS servers inside their backends.

Read more of this story at Slashdot.

Australian Mathematician Discovers Applied Geometry Engraved on 3,700-year-old Table Slashdotby msmash on math at January 1, 1970, 1:00 am (cached at August 4, 2021, 7:34 pm)

An Australian mathematician has discovered what may be the oldest known example of applied geometry, on a 3,700-year-old Babylonian clay tablet. Known as Si.427, the tablet bears a field plan measuring the boundaries of some land. From a report: The tablet dates from the Old Babylonian period between 1900 and 1600 BCE and was discovered in the late 19th century in what is now Iraq. It had been housed in the Istanbul Archaeological Museum before Dr Daniel Mansfield from the University of New South Wales tracked it down. Mansfield and Norman Wildberger, an associate professor at UNSW, had previously identified another Babylonian tablet as containing the world's oldest and most accurate trigonometric table. At the time, they speculated the tablet was likely to have had some practical use, possibly in surveying or construction. That tablet, Plimpton 322, described right-angle triangles using Pythagorean triples: three whole numbers in which the sum of the squares of the first two equals the square of the third -- for example, 3^2 + 4^2 = 5^2.

Read more of this story at Slashdot.

Russia Tells UN It Wants Vast Expansion of Cybercrime Offenses, Plus Network Backdoo Slashdotby msmash on internet at January 1, 1970, 1:00 am (cached at August 4, 2021, 7:05 pm)

An anonymous reader writes: Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize. Russia, the ransomware hotbed whose cyber-spies were blamed for attacking US and allied networks, did not join the 2001 Budapest Convention on Cybercrime because it allowed cross-border operations, which it considers a threat to national sovereignty. Russian media outlet Tass also said the 2001 rules are flawed because they only criminalize nine types of cyber offenses. The new draft convention from Russia, submitted last week, defines 23 cybercrimes for discussion. Russia's proposed rule expansion, for example, calls for domestic laws to criminalize changing digital information without permission -- "the intentional unauthorized interference with digital information by damaging, deleting, altering, blocking, modifying it, or copying of digital information." The draft also directs members states to formulate domestic laws to disallow unsanctioned malware research -- "the intentional creation, including adaptation, use and distribution of malicious software intended for the unauthorized destruction, blocking, modification, copying, dissemination of digital information, or neutralization of its security features, except for lawful research." It would forbid "the creation and use of digital data to mislead the user," such as deep fakes -- "the intentional unlawful creation and use of digital data capable of being mistaken for data already known and trusted by a user that causes substantial harm."

Read more of this story at Slashdot.

Microsoft Exchange Used To Hack Diplomats Before 2021 Breach Slashdotby msmash on microsoft at January 1, 1970, 1:00 am (cached at August 4, 2021, 6:34 pm)

An anonymous reader shares a report: Late last year, researchers at the Los Angeles-based cybersecurity company Resecurity stumbled across a massive trove of stolen data while investigating the hack of an Italian retailer. Squirreled away on a cloud storage platform were five gigabytes of data that had been stolen during the previous three and half years from foreign ministries and energy companies by hacking their on-premises Microsoft Exchange servers. In all, Resecurity researchers found documents and emails from six foreign ministries and eight energy companies in the Middle East, Asia and Eastern Europe. The attacks, which haven't been previously reported, served as a prequel to a remarkably similar, widely publicized hack of Microsoft Exchange servers from January to March of this year, according to Resecurity. A person familiar with the investigation into the 2021 attack, who wasn't authorized to speak publicly and requested anonymity, made a similar allegation, saying the data theft discovered by Resecurity followed the same methods. The 2021 hack was extraordinary for its scope, infecting as many as 60,000 global victims with malware. Microsoft quickly pinned the 2021 cyberattack on a group of Chinese state-sponsored hackers it named Hafnium, and the U.S., U.K., and their allies made a similar claim last month, attributing it to hackers affiliated with the Chinese government. Resecurity can't say for sure the attacks were perpetrated by the same group. Even so, the cache of documents contained information that would have been of interest to the Chinese government, according to Gene Yoo, Resecurity's chief executive officer. The person familiar said the victims selected by the hackers and type of intelligence gathered by attackers also pointed to a Chinese operation.

Read more of this story at Slashdot.

Amazon To Cut Waste Following Backlash Over the Destruction of Unused Products Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at August 4, 2021, 5:34 pm)

Amazon has launched two programs as part of an effort to give products a second life when they get returned to businesses that sell items on its platform or fail to get sold in the first place. From a report: The so-called Fulfilment by Amazon programs, announced in a blog post on Wednesday, will help to build a circular economy, the company said. It comes less than two months after British broadcaster ITV reported that Amazon was destroying millions of items of unsold stock at one of its 24 U.K. warehouses every year, including smart TVs, laptops, drones and hairdryers. The online giant was sharply criticized by U.K. lawmakers and environmental campaigners at the time and Prime Minister Boris Johnson pledged to look into the allegations. In a blog post on June 28, Greenpeace said ITV's investigation showed it was clear Amazon "works with within a business model built on greed and speed." The group also described the environmental and human cost of Amazon's wastefulness as "staggering."

Read more of this story at Slashdot.

Floods: Research shows millions more at risk of flooding BBC News | Science/Nature | UK Edition(cached at August 4, 2021, 5:30 pm)

Numbers of people exposed to flooding globally have risen by almost a quarter in two decades.
Leaked Document Says Google Fired Dozens of Employees for Data Misuse Slashdotby msmash on google at January 1, 1970, 1:00 am (cached at August 4, 2021, 5:05 pm)

Google has fired dozens of employees between 2018 and 2020 for abusing their access to the company's tools or data, with some workers potentially facing allegations of accessing Google user or employee data, according to an internal Google document obtained by Motherboard. From a report: The document provides concrete figures on an often delicate part of a tech giant's operations: investigations into how company's own employees leverage their position inside the company to steal, leak, or abuse data they may have access to. Insider abuse is a problem across the tech industry. Motherboard previously uncovered instances at Facebook, Snapchat, and MySpace, with employees in some cases using their access to stalk or otherwise spy on users. The document says that Google terminated 36 employees in 2020 for security related issues. Eighty-six percent of all security-related allegations against employees included mishandling of confidential information, such as the transfer of internal-only information to outside parties. 10 percent of all allegations in 2020 concerned misuse of systems, which can include accessing user or employee data in violation of Google's own policies, helping others to access that data, or modifying or deleting user or employee data, according to the document. In 2019, that figure was 13 percent of all security allegations.

Read more of this story at Slashdot.

Microsoft Pauses Free Windows 365 Cloud PC Trials After 'Significant Demand' Slashdotby msmash on microsoft at January 1, 1970, 1:00 am (cached at August 4, 2021, 4:04 pm)

Microsoft launched its new cloud PC Windows 365 service earlier this week, and the company has already had to pause free trials due to demand. From a report: Windows 365 lets you rent a cloud PC -- with a variety of CPU, RAM, and storage options -- and then stream Windows 10 or Windows 11 via a web browser. The service reached max capacity after only a day of signups. "Following significant demand, we have reached capacity for Windows 365 trials," reads a statement from the Microsoft 365 Twitter account. "We have seen unbelievable response to Windows 365 and need to pause our free trial program while we provision additional capacity," explains Scott Manchester, director of Windows 365 program management.

Read more of this story at Slashdot.

My two cents on Cuomo Scripting News(cached at August 4, 2021, 3:32 pm)

I wonder how many people calling for Cuomo's resignation know what he was accused of in any specific way.

I wonder how many people calling for Cuomo's resignation have regrets about forcing Al Franken to resign in 2017.

I wonder how many NY voters agree that Cuomo should resign? And if most of them don't, he shouldn't.

Personally, I don't trust NY politicians, even the Attorney General. I think they're all corrupt. And I certainly don't trust the NY press, who, without dissent, has decided it's time for him to resign. That alone would be enough for me to encourage him to fight. It's not their call. They don't care what the voters think. They arrogantly think they are the public. They are not.

Accusations must be lititgated, to a verdict, using the American justice system, with a jury trial, and then when there's a decision, we should talk about him resigning. He holds an elective office. His source of power isn't the approval of the Attorney General or other NY politicians, or journalists. His power comes from the people of New York. Their opinion is imho all that matters.

I don't like the Cuomo family, they've been in NY politics my whole life. They play dirty. I wouldn't be surprised if the accusations were true. But there's a difference between accusations and a verdict. We have a justice system to protect against mob rule. And this is a mob trying to rule, and the answer must be emphatically no, as it should have been with Al Franken.