Hackers Bypass Coinbase 2FA To Steal Customer Funds Slashdotby BeauHD on security at January 1, 1970, 1:00 am (cached at October 1, 2021, 11:04 pm)

An anonymous reader quotes a report from The Record: More than 6,000 Coinbase users had funds stolen from their accounts after hackers used a vulnerability in Coinbase's SMS-based two-factor authentication system to breach accounts. The intrusions took place earlier this year, between March and May, the exchange said in a data breach notification letter it has filed with US state attorney general offices. Coinbase said the attacks could exploit this bug only if they knew the victim's username and password. "While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. "We have not found any evidence that these third parties obtained this information from Coinbase itself," the company said. Coinbase said it would reimburse all users who lost funds in these intrusions.

Read more of this story at Slashdot.

[no title] Scripting News(cached at October 1, 2021, 10:02 pm)

Metacritic was having problems with its SSL certificate, it's so bad that Google won't even let me read the site, even in "advanced" mode. "Your connection might not be private" they warn. Skirting the question: "private from whom?" BTW, Google can read every word no matter how much encryption there might be. And you bet they read every damned word. The press loves to rail on Facebook, but I gotta say Google is dug in deeper than FB. And for some reason they escape the scrutiny of journalists.
Biden Administration To Convene 30 Countries To Crack Down on Ransomware Threat Slashdotby msmash on technology at January 1, 1970, 1:00 am (cached at October 1, 2021, 9:34 pm)

The White House will convene a 30-country meeting this month to try to ramp up global efforts to address the threat of ransomware to economic and national security, President Joe Biden said in a statement shared exclusively with CNN. From a report: "Cyber threats affect the lives and livelihoods of American families and businesses," national security adviser Jake Sullivan said in a statement to CNN. Sullivan said the administration would "continue to build on our whole-of-government effort to deter and disrupt cyberattacks." The goal of the alliance will be "to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically," Biden is set to announce Friday, according to the statement. The announcement follows a series of ransomware attacks on US critical infrastructure firms in recent months, including one that forced major US fuel supplier Colonial Pipeline to shut down for days. The first meeting of the multilateral initiative will be held virtually. It's part of a recurring effort to cut off revenue for ransomware groups and figure out ways to prosecute them, according to the White House. In bolstering US cybersecurity, "the Federal government needs the partnership of every American and every American company in these efforts," Biden added. Biden in June urged Russian President Vladimir Putin to crack down on cybercriminals operating from Russian soil, but US officials have been skeptical of Moscow's willingness to do so. After a brief period of quiet from some ransomware groups following the Biden-Putin meeting, hackers have claimed multiple US companies as victims in recent weeks.

Read more of this story at Slashdot.

Tech Giants Brace For Impact in India as New Payments Rule Goes Into Effect Slashdotby msmash on money at January 1, 1970, 1:00 am (cached at October 1, 2021, 9:04 pm)

Apple, Google, Sony, Zoom, PayPal and several other tech companies as well as scores of banks have cautioned customers and partners in India to expect a surge in declined transactions as the world's second-largest internet market's central bank enforces a new directive for the way recurring payments are processed in the country. From a report: The Reserve Bank of India's directive, which goes into effect on Friday, requires banks, financial institutions and payment gateways to obtain additional approval for auto-renewables transactions worth over 5,000 Indian rupees ($67) from users by conducting notifications, e-mandates and Additional Factors of Authentication (AFA). The directive impacts all such transactions for debit cards as well as credit cards. The Reserve Bank of India said in the original circular in 2019, that the framework was designed to serve as "a risk mitigant and customer facilitation measure," adding that the issuer processing such transactions "shall send a pre-transaction notification to the customer, at least 24 hours prior to the actual charge by SMS or email, as per the customer's preferences."

Read more of this story at Slashdot.

Microsoft Announces Office 2021 Features and Pricing Slashdotby msmash on microsoft at January 1, 1970, 1:00 am (cached at October 1, 2021, 7:34 pm)

Microsoft is launching Office 2021 on October 5th, and the company is finally detailing the features and pricing today. From a report: Office 2021 will be the next standalone version of Microsoft's Office suite, designed for businesses and consumers who want to avoid the subscription version of Office. Office Home and Student 2021 will be priced at $149.99 and include Word, Excel, PowerPoint, OneNote, and Microsoft Teams for PC and Mac. Office Home and Business 2021 is priced at $249.99 and will include everything in the Home version and Outlook for PC and Mac, alongside the rights to use all of the Office apps for business purposes. Office 2021 will include the collaboration features found in Microsoft 365 versions of Office, with real-time co-authoring, OneDrive support, and even Microsoft Teams integration. Office 2021 will also include the new Office design that has a refreshed ribbon interface, rounded corners, and a neutral color palette that all matches the UI changes in Windows 11.

Read more of this story at Slashdot.

Google Is Scrapping Its Plan To Offer Bank Accounts To Users Slashdotby msmash on google at January 1, 1970, 1:00 am (cached at October 1, 2021, 7:34 pm)

Google is abandoning plans to pitch bank accounts to its users, marking a retreat from an effort to make the tech giant a bigger name in finance. The Wall Street Journal: The Alphabet unit announced almost two years ago that users of its Google Pay digital wallet would be able to sign up for enhanced checking accounts and debit cards at a handful of financial institutions large and small, including Citigroup and Stanford Federal Credit Union. The new offerings, called Plex accounts, would sync with Google Pay, carry both Google and bank branding and provide a digital dashboard of where and how users spent and saved. Plex was billed as a new way to bank, with an emphasis on simplicity and financial wellness and without monthly or overdraft fees. The project was initially expected to debut in 2020. A series of missed deadlines, along with the April departure of the Google Pay executive who championed the project, prompted Google to pull the plug on Plex, people familiar with the matter said. A Google spokeswoman said the company would now focus primarily on "delivering digital enablement for banks and other financial services providers rather than us serving as the provider of these services."

Read more of this story at Slashdot.

DeFi Bug Accidentally Gives $90 Million To Users Slashdotby msmash on money at January 1, 1970, 1:00 am (cached at October 1, 2021, 7:04 pm)

phalse phace writes: Robert Leshner, the founder of Compound Labs, just sent out a tweet pleading its users to return the $90.1 million in COMP tokens it accidentally deposited to user accounts. Users of the popular DeFi staking protocol received the platform's crypto tokens after a system upgrade went epically wrong. As an incentive, Leshner told users to "keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS, and most of you are doxxed." In another tweet Leshner explains what happened: "A few hours ago, Proposal 62 went into effect, updating the Comptroller contract, which distributes COMP to users of the protocol. The new Comptroller contract contains a bug, causing some users to receive far too much COMP. All supplied assets, borrowed assets, and positions are completely unaffected. Users don't have to worry about their funds; the only risk is that you (or another user) receives an unfairly large quantity of COMP."

Read more of this story at Slashdot.

Apple, Amazon, Microsoft, and Disney Among Companies Backing Groups Against Climate Slashdotby msmash on earth at January 1, 1970, 1:00 am (cached at October 1, 2021, 6:04 pm)

mspohr writes: Some of America's most prominent companies, including Apple, Amazon, Microsoft and Disney, are backing business groups that are fighting landmark climate legislation, despite their own promises to combat the climate crisis, a new analysis has found. A clutch of corporate lobby groups and organizations have mobilized to oppose the proposed $3.5tn budget bill put forward by Democrats, which contains unprecedented measures to drive down planet-heating gases. The reconciliation bill has been called the "the most significant climate action in our country's history" by Chuck Schumer, the Democratic leader in the US Senate. Most large US corporations have expressed concern over the climate crisis or announced their own goals to cut greenhouse gases. Jeff Bezos, one of the world's richest people, has said that the climate crisis is the "biggest threat to our planet" and the company he founded, Amazon, has created a pledge for businesses to cut their emissions to net zero by 2040. Microsoft has promised to be "carbon negative" within a decade from now and Disney is aiming to use only renewable-sourced electricity within the same timeframe. But these leading companies, and others, either support or actively steer the very lobby groups that are attempting to sink the bill that carries the weight of Joe Biden's ambitions to tackle the climate crisis, threatening one of the last major legislative efforts that will help decide whether parts of the world plunge into a new, barely livable climatic state.

Read more of this story at Slashdot.

South Korea Broadband Firm Sues Netflix After Traffic Surge from 'Squid Game' Slashdotby msmash on communications at January 1, 1970, 1:00 am (cached at October 1, 2021, 5:34 pm)

South Korean Internet service provider SK Broadband has sued Netflix to pay for costs from increased network traffic and maintenance work because of a surge of viewers to the U.S. firm's content, an SK spokesperson said on Friday. From a report: The move comes after a Seoul court said Netflix should "reasonably" give something in return to the internet service provider for network usage, and multiple South Korean lawmakers have spoken out against content providers who do not pay for network usage despite generating explosive traffic. Netflix said it will review SK Broadband's claim, and seek dialogue and explore ways in the meantime to work with SK Broadband to ensure customers are not affected. The popularity of the hit series "Squid Game" and other offerings have underscored Netflix's status as the country's second-largest data traffic generator after Google's YouTube, but the two are the only ones to not pay network usage fees, which other content providers such as Amazon, Apple and Facebook are paying, SK said. Netflix's data traffic handled by SK jumped 24 times from May 2018 to 1.2 trillion bits of data processed per second as of September, SK said, riding on the success of several Netflix productions from Korea including "Squid Game" and "D.P."

Read more of this story at Slashdot.

Utilities Took Public Money, Gave CEOs Millions, and Then Turned People's Lights Off Slashdotby msmash on usa at January 1, 1970, 1:00 am (cached at October 1, 2021, 5:04 pm)

A new report finds that some of the country's most powerful utilities raked in millions of dollars in taxpayer bailout funds last year -- while continuing to shut off service for households across the U.S. during the pandemic. Gizmodo: The report, released Thursday from the Center for Biological Diversity and BailoutWatch, takes a look at states with publicly available data on utility shutoffs. In the 17 states where there was available data on shutoffs, the report found that the 16 utilities operating in those states cut off electric services for their customers nearly 1 million times between February 2020 and June 2021. (For some context on shutoffs during a normal, non-pandemic year, the U.S. Census found that 1.2 million households in 50 states reported experiencing shutoffs within a three-month period of taking the survey in 2017, the latest Census Bureau data available on disconnections.) The offenses here are not shared by the utility industry equally; there are especially bad actors. The report highlights six utilities that were responsible for a jaw-dropping 94% of all shutoffs last year. NextEra, Duke Energy, Southern Company, Dominion Energy, Exelon, and DTE Energy make up what the authors call a "Hall of Shame." NextEra alone, the report found, accounted for more than half of all shutoffs. The analysis also examined financial documents, including proxy statements filed with the Securities and Exchange Commission before a company's shareholder meeting, to calculate how much money these 16 utilities received from the government as part of relief efforts during the pandemic. The CARES Act was originally designed to help struggling businesses pay workers, but utilities took advantage of corporate loopholes within the act that changed how big businesses could report taxes. (The CARES Act also disproportionately benefited oil and gas producers: BailoutWatch, one of the authors of this report, has also used financial documents to show how oil companies laid off thousands of people and yet still gave their CEOs raises during the pandemic, all the while taking handouts from the government.)

Read more of this story at Slashdot.

Nintendo Denies Rumors of New Switch Pro Model Slashdotby msmash on nintendo at January 1, 1970, 1:00 am (cached at October 1, 2021, 4:34 pm)

A Bloomberg report claiming 11 game developers have access to Nintendo Switch 4K development kits is sparking confusion about the existence of the rumored Nintendo Switch Pro. Axios: Bloomberg published a story yesterday in which it says that employees at the game companies, including Zynga, claim to have the dev kits. That system wouldn't be out until at least late next year, Bloomberg reports. Nintendo has disavowed the report on Twitter, saying that it has "no plans for any new model other than Nintendo Switch -- OLED Model." The report "falsely claims that Nintendo is supplying tools to drive game development for a Nintendo Switch with 4K support," Nintendo said. "To ensure correct understanding among our investors and customers, we want to clarify that this report is not true." A Zynga spokesperson told Axios that the company "does not have a 4K developer kit from Nintendo."

Read more of this story at Slashdot.

Low Oxygen Levels Along PNW Coast a 'Silent' Climate Change Crisis Slashdotby BeauHD on earth at January 1, 1970, 1:00 am (cached at October 1, 2021, 3:04 pm)

An anonymous reader quotes a report from Oregon Live: Nearly two decades ago, fishers discovered an odd occurrence off the coast of Oregon. They were pulling up pots of dead or lethargic crabs. At first they suspected a chemical spill or a red tide. But instead, they learned, dangerously low levels of dissolved oxygen in the ocean water were to blame. The crabs had suffocated. These swaths of hypoxic areas have surfaced every summer on Pacific Northwest shores since it was first recorded in 2002. They are spurred by naturally occurring coastal upwellings and algae blooms, exacerbated by climate change, said Francis Chan, director of the Cooperative Institute for Marine Resources Studies at Oregon State University. Akin to fire season, hypoxia season arrived earlier this year -- the earliest start in 20 years, according to Chan. But unlike wildfire, or other visible climate emergencies, it's gone largely unrecognized. "It's kind of a silent problem happening out there," said Chan. "This year, I can look out and see trees with one side burnt because of the heat wave. As I'm driving on McKenzie highway, I can see Mount Jefferson has no snow on it. But when you drive out to the ocean, it looks exactly the same as last summer." Typically, hypoxic conditions haven't arrived to the nearshore until mid-June or July. This year hypoxic conditions were reported in April with the upwelling season beginning in March. To get a sense of why an early beginning to the upwelling season is concerning, Chan compared it to the summer drought season. "Say we expected rainfall lasting until March but the rain stops in February. That's all the water we have. We have to last until next year." Similarly, if upwelling starts a month earlier than usual, the amount of oxygen, already low, has to last until the fall when storms promote mixing which adds oxygen back into the system. Chan said as of late September this year, upwelling is still occurring and low levels of oxygen are still persisting. Climate change is playing a role in worsening oxygen levels. Simply put, warmer water holds less oxygen because the oxygen molecules are moving faster and are more likely to escape from the surface. A little more complicated, climate change is altering the structure of the oceans as the warmer upper layer is more buoyant than the cooler, deeper, already oxygen-poor ocean layer. The warmer upper layer keeps the deeper layer from "taking a breath," explained Chan. On a global scale, the oceans are already losing oxygen. Take this and add local factors like coastal upwelling and phytoplankton bloom decomposition off Washington and Oregon coasts, and you have a system with severely low oxygen levels. [...] There are no records of reoccurring low-oxygen levels like scientists have observed since 2002, despite over 50 years of oceanic monitoring.

Read more of this story at Slashdot.

[no title] Scripting News(cached at October 1, 2021, 3:02 pm)

Facebook tells me today is Jake Savin's birthday. He's a young man, I don't know exactly how young. Jake worked at UserLand on Manila. Oct 1 was also my dear departed uncle's birthday, it would have been his 76th. I miss him every day. He would have loved the web, especially Wikipedia. Ken was always looking stuff up in the Information Please Almanac. Ken's mind would no doubt be blown that cannabis is legal in much of the US, at least the parts of the US you'd want to visit. He grew the best sinsimilla back in the 70s and 80s. I was trying to explain to a friend what that was, to no avail because all weed is seedless these days. Ken had an efficient way of killing off the male plants. He'd cover and uncover his seedlings with a blanket to simulate spring. The tiny baby plants would flower, and thus reveal their gender. Only the female plants produce the resin that humans like so much.
[no title] Scripting News(cached at October 1, 2021, 3:02 pm)

Welcome to October. The monthly ritual is done, the OPML for September is uploaded to the GitHub repo, where interested tools for thought geeks can use it to experiment with interop. There's over four years worth of archives there to play with. Also Drummer testers can see techniques that work in Old School blogs that they may not have seen.
Recent Siri Changes Remove Features Used By Low Vision and Blind Users Slashdotby BeauHD on ios at January 1, 1970, 1:00 am (cached at October 1, 2021, 12:05 pm)

With the recent release of iOS 15, Apple appears to have made some changes to Siri functionality that have removed features relied on by low vision and blind iPhone users. MacRumors reports: Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed: Do I have any voicemails?, Play my voicemail messages, Check my call history, Check my recent calls, Who called me?, Send an email, and Send an email to [person]. Over the last two weeks, we've received several emails from iPhone users who are missing this key Siri functionality, or their relatives who are attempting to help them navigate the changes. The Siri feature removals have also been documented on the AppleVis forums for blind and low vision users of Apple products. Asking Siri to provide details on recent phone calls or voicemails results in the following response: "I can't help with that, but you can ask me to open the Phone app." Asking about email garners a similar response about Siri being unable to help. It's worth noting that it's still possible to ask Siri to play the most recent voicemail message that's available, or a voicemail from a specific person, but Siri will not read out a list of all the available voicemails. The Siri commands seem to have disappeared when iOS 15 was released, but iOS 14 users are also not able to use them anymore so it's not an issue tied to iOS 15.

Read more of this story at Slashdot.