The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: February 2025

Unions Sue to Block Elon Musk’s Access to Americans’ Tax and Benefits Records

Posted on by

A coalition of labor organizations representing federal workers and retirees has sued the Department of the Treasury to block it from giving the newly created Department of Government Efficiency, controlled by Elon Musk, access to the federal government’s sensitive payment systems.

After forcing out a security official who opposed the move, Treasury Secretary Scott Bessent granted DOGE workers access to the system last week, according to The New York Times. Despite its name, DOGE is not a government department but rather an ad-hoc group formed by President Trump purportedly tasked with cutting government spending.

The labor organizations behind the lawsuit filed Monday argue that Bessent broke federal privacy and tax confidentiality laws by giving unauthorized DOGE workers, including people like Musk who are not government employees, the ability to view the private information of anyone who pays taxes or receives money from federal agencies.

With access to the Treasury systems, DOGE representatives can potentially view the names, social security numbers, birth dates, mailing addresses, email addresses, and bank information of tens of millions of people who receive tax refunds, social security and disability payments, veterans benefits, or salaries from the federal government, according to the lawsuit.

“The scale of the intrusion into individuals’ privacy is massive and unprecedented,” according to the complaint filed by the Alliance for Retired Americans, the American Federation of Government Employees, and the Service Employees International Union.

[…]

In their lawsuit, the labor organizations argue that federal law prohibits the disclosure of taxpayer information to anyone except Treasury employees who require it for their official duties unless the disclosure is authorized by a specific law, which DOGE’s access to the system is not. DOGE’s access also violates the Privacy Act of 1974, which prohibits disclosure of personal information to unauthorized people and lays out strict procedures for changing those authorizations, which the Trump administration has not followed, according to the suit.

The plaintiffs have asked the Washington, D.C. district court to grant an injunction preventing unauthorized people from accessing the payment systems and to rule the Treasury’s actions unlawful.

Source: Unions Sue to Block Elon Musk’s Access to Americans’ Tax and Benefits Records

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more in a browser

Posted on by

Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.

The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.

A new direction

The Apple silicon affected takes speculative execution in new directions. Besides predicting control flow CPUs should take, it also predicts the data flow, such as which memory address to load from and what value will be returned from memory.

The most powerful of the two side-channel attacks is named FLOP. It exploits a form of speculative execution implemented in the chips’ load value predictor (LVP), which predicts the contents of memory when they’re not immediately available. By inducing the LVP to forward values from malformed data, an attacker can read memory contents that would normally be off-limits. The attack can be leveraged to steal a target’s location history from Google Maps, inbox content from Proton Mail, and events stored in iCloud Calendar.

SLAP, meanwhile, abuses the load address predictor (LAP). Whereas LVP predicts the values of memory content, LAP predicts the memory locations where instruction data can be accessed. SLAP forces the LAP to predict the wrong memory addresses. Specifically, the value at an older load instruction’s predicted address is forwarded to younger arbitrary instructions. When Safari has one tab open on a targeted website such as Gmail, and another open tab on an attacker site, the latter can access sensitive strings of JavaScript code of the former, making it possible to read email contents.

“There are hardware and software measures to ensure that two open webpages are isolated from each other, preventing one of them from (maliciously) reading the other’s contents,” the researchers wrote on an informational site describing the attacks and hosting the academic papers for each one. “SLAP and FLOP break these protections, allowing attacker pages to read sensitive login-protected data from target webpages. In our work, we show that this data ranges from location history to credit card information.”

[…]

The following Apple devices are affected by one or both of the attacks:

• All Mac laptops from 2022–present (MacBook Air, MacBook Pro)
• All Mac desktops from 2023–present (Mac Mini, iMac, Mac Studio, Mac Pro)
• All iPad Pro, Air, and Mini models from September 2021–present (Pro 6th and 7th generation, Air 6th gen., Mini 6th gen.)
• All iPhones from September 2021–present (All 13, 14, 15, and 16 models, SE 3rd gen.)

[…]

Source: Apple chips can be hacked to leak secrets from Gmail, iCloud, and more – Ars Technica

AI-assisted works can get finally copyright with enough human creativity, says US copyright office

Posted on by

Artists can copyright works they made with the help of artificial intelligence, according to a new report by the U.S. Copyright Office that could further clear the way for the use of AI tools in Hollywood, the music industry and other creative fields.

The nation’s copyright office, which sits in the Library of Congress and is not part of the executive branch, receives about half a million copyright applications per year covering millions of individual works. It has increasingly been asked to register works that are AI-generated.

And while many of those decisions are made on a case-by-case basis, the report issued Wednesday clarifies the office’s approach as one based on what the top U.S. copyright official describes as the “centrality of human creativity” in authoring a work that warrants copyright protections.

“Where that creativity is expressed through the use of AI systems, it continues to enjoy protection,” said a statement from Register of Copyrights Shira Perlmutter, who directs the office.

An AI-assisted work could be copyrightable if an artist’s handiwork is perceptible. A human adapting an AI-generated output with “creative arrangements or modifications” could also make it fall under copyright protections.

[…]

Source: AI-assisted works can get copyright with enough human creativity, says US copyright office | AP News

Astronomers Call for Global Ban on Space Advertising Before It’s Too Late

Posted on by

In a statement adopted in October 2024, the American Astronomical Society declared that humankind’s scientific understanding of the universe is under threat from space activities, including the proliferation of satellite constellations, space debris, and radio- and electromagnetic interference. Of note is the potential for a space-based eyesore: giant billboards hanging out in low Earth orbit.

“It is the position of the American Astronomical Society that obtrusive space advertising should be prohibited by appropriate international convention, treaty, or law,” the statement read.

Congress already prohibits domestic launches of any “payload containing any material to be used for the purposes of obtrusive space advertising,” in which obtrusive space advertising is defined as “advertising in outer space that is capable of being recognized by a human being on the surface of the Earth without the aid of a telescope or other technological device.”

“The US federal ban on obtrusive space advertising is a critical bulwark against an insidious fouling of the natural sky by private interests,” said James Lowenthal, an astronomer at Smith College and member of the AAS’ Committee for the Protection of Astronomy and the Space Environment (COMPASSE), in an email to Gizmodo. “That ban recognizes that the sky belongs to everyone, and must be protected for all humans now and in the future.”

“But the ban applies only to US launches; other countries could approve launches of ‘space billboards’ from their soil that would be visible from around the world,” Lowenthal added. “That’s why an international ban is critical.”

[…]

Source: Astronomers Call for Global Ban on Space Advertising Before It’s Too Late

WhatsApp says journalists and civil society members were targets of Israeli spyware

Posted on by

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday.

The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised”.

It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.

Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to be infected.

WhatsApp declined to disclose where the journalists and members of civil society were based, including whether they were based in the US.

Paragon has a US office in Chantilly, Virginia. The company has faced recent scrutiny after Wired magazine in October reported that it had entered into a $2m contract with the US Immigration and Customs Enforcement’s homeland security investigations division.

[…]

A person close to the company told the Guardian that Paragon had 35 government customers, that all of them could be considered democratic, and that Paragon did not do business with countries, including some democracies, that have previously been accused of abusing spyware. The person said that included Greece, Poland, Hungary, Mexico and India.

Paragon’s spyware is known as Graphite and has capabilities that are comparable to NSO Group’s Pegasus spyware. Once a phone is infected with Graphite, the operator of the spyware has total access to the phone, including being able to read messages that are sent via encrypted applications like WhatsApp and Signal.

The company, which was founded by the former Israeli prime minister Ehud Barak, has been the subject of media reports in Israel recently, after it was reported that the group was sold to a US private equity firm, AE Industrial Partners, for $900m.

[…]

Source: WhatsApp says journalists and civil society members were targets of Israeli spyware | WhatsApp | The Guardian

US healthcare provider data breach impacts 1 million patients

Posted on by

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data.

The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients.

CHC said in a Thursday filing with Maine’s attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025.

While the threat actors stole files containing patients’ personal and health information belonging to 1,060,936 individuals, the healthcare organization says they didn’t encrypt any compromised systems and that the security breach didn’t impact its operations.

[…]

Depending on the affected patient, the attackers stole a combination of:

  • personal (names, dates of birth, addresses, phone numbers, emails, Social Security numbers) or
  • health information (medical diagnoses, treatment details, test results, and health insurance.

A CHC spokesperson was not immediately available when BleepingComputer reached out for more details on the incident.

While CHC said the hackers didn’t encrypt any of its systems, more ransomware operations have switched tactics to become data theft extortion groups in recent years.

[…]

In response to this surge of massive healthcare security breaches, the U.S. Department of Health and Human Services (HHS) proposed updates to HIPAA (short for Health Insurance Portability and Accountability Act of 1996) in late December to secure patients’ health data.

Source: US healthcare provider data breach impacts 1 million patients

Boom! The XB-1 Demonstrator Jet Has Gone Supersonic

Posted on by

Boom Supersonic’s XB-1 demonstrator has broken the sound barrier, marking a major milestone in the effort that hopes to lead to a larger 55-seat supersonic airliner design known as Overture. Overall, the program could have significant implications not only for commercial aviation but also for the military.

Boom Supersonic’s XB-1 demonstrator eases past the sound barrier for the first time, going supersonic just over 11 minutes into its sortie today. YouTube screencap

The aircraft was flown to a speed of Mach 1.1 by former U.S. Navy aviator and Boom test pilot Tristan “Geppetto” Brandenburg, from the Mojave Air & Space Port, California. For the majority of its flight, the XB-1 was accompanied by two other supersonic jets, an ATAC Mirage F1 flown by A.J. “Face” McFarland, serving as primary safety chase, and a T-38 Talon performing photo chase duties. During the flight, the XB-1 entered the supersonic realm three times, landing safely at Mojave after a flight of a little over 30 minutes duration.

[…]

Ultimately, XB-1 is expected to have a top speed of around Mach 2.2 (1,687.99 miles per hour).

The XB-1, also known as the “Baby Boom,” is a one-third-scale technology demonstrator for the Overture. It made its first flight at Mojave on March 22, 2024, as you can read about here. During that flight, the XB-1 was flown at speeds up to 238 knots (273 mph, or Mach 0.355), achieving an altitude of 7,120 feet. On that occasion, Chief Test Pilot Bill “Doc” Shoemaker was at the controls, while the flight was monitored by “Geppetto” Brandenburg, flying a T-38 Talon chase aircraft.

[…]

While we have outlined the key aspects of the XB-1 in the past, the aircraft is 62.6 feet long and its elongated delta-wing planform has a wingspan of 21 feet. It makes extensive use of sophisticated technologies, including carbon-fiber composites, advanced avionics, and digitally optimized aerodynamics.

The XB-1 during an earlier test flight. Boom Supersonic

It also has an unusual propulsion system to propel it into the supersonic regime. This comprises three General Electric J85-15 turbojets, which together provide more than 12,000 pounds of thrust. The widely used J85 also powers, among others, the Northrop F-5 and the T-38. Since the XB-1 was rolled out, another three-engined aircraft has broken cover, the Chinese advanced tailless combat aircraft tentatively known as the J-36.

Compared to the XB-1, the Overture will be 201 feet long and is planned to achieve a cruising speed of Mach 1.7 (1,304 miles per hour) and a maximum speed of Mach 2.2. The company anticipates it will have a maximum range of 4,500 nautical miles.

A rendering of Boom Supersonic’s Overture airliner. Boom Supersonic

Achieving the Mach 1 mark is a huge achievement for the company and an important statement of intent for the future Overture supersonic airliner.

Aimed to make supersonic travel more affordable to greater numbers of travelers — a goal in which no other operator has succeeded in the past — the Overture is planned to carry a total of 64-80 passengers. Intended to drastically shorten the duration of transoceanic routes, the aircraft is “designed … to be profitable for airlines at fares similar to first and business class,” the company’s website notes.

[…]

[…]

Source: Boom! The XB-1 Demonstrator Jet Has Gone Supersonic