2.8M US folks’ personal info swiped in Sav-Rx IT heist – 8 months ago

Posted on by

Sav-Rx has started notifying about 2.8 million people that their personal information was likely stolen during an IT intrusion that happened more than seven months ago.

The biz provides prescription drug management services to more than 10 million US workers and their families, via their employers or unions. It first spotted the network “interruption” on October 8 last year and notes the break-in likely occurred five days earlier, according to a FAQ page about the incident posted on the Sav-Rx website.

Sav-Rx says it restored the IT systems to normal the following business day, and says all prescriptions were shipped on time and without delay. It also notified the police and called in some experts for a deeper dive into the logs.

An “extensive review” completed by a third-party security team on April 30 confirmed “some of the data accessed or acquired by the unauthorized third party may have contained personal information.”

The security breach affected 2,812,336 people, according to an incident notification filed with the Maine attorney general by A&A Services, doing business as Sav-Rx. Potentially stolen details include patients’ names, dates of birth, social security numbers, email addresses, mailing addresses, phone numbers, eligibility data, and insurance identification numbers.

“Please note that other than these data elements, the threat actor did not have access to clinical or financial information,” the notice reads.

While there’s no indication that the crooks have “made any use of your data as a result of this security incident,” Sav-Rx is providing everyone with two years of free credit and identity monitoring, as seems to be standard practice.

There’s also an oddly worded line about what happened that notes, “in conjunction with third-party experts, we have confirmed that any data acquired from our IT system was destroyed and not further disseminated.”

The Register contacted Sav-Rx with several questions about the network breach — including how it confirmed the data was destroyed and if the crooks demanded a payment — and did not receive a response. We will update this story when we hear back. It seems like some form of ransomware or extortion.

Either anticipating, or already receiving, inquiries about why the lag between discovering the intrusion and then notifying affected parties, the FAQ also includes a “Why wasn’t I contacted sooner?” question.

“Our initial priority was restoring systems to minimize any interruption to patient care,” it answers.

And then, after securing the IT systems and hiring the incident response team, Sav-Rx launched an investigation to determine who had been affected, and what specific personal information had been stolen for each of them.

Then, it sounds like there was some back-and-forth between healthcare bodies and Sav-Rx as to who would notify people that their data had been stolen. Here’s what the company says to that point:

We prioritized this technological investigation to be able to provide affected individuals with as much accurate information as possible. We received the results of that investigation on April 30, 2024, and promptly sent notifications to our health plan customers whose participant data was affected within 48 hours.

We offered to provide affected individuals notification, and once we confirmed that their respective health plans wanted us to provide notice to their participants, we worked expediently to mail notices to the affected individuals.

It’s unclear if this will be enough to satisfy affected customers. But in a statement to reporters, Roger Grimes, of infosec house KnowBe4, said the short answer is probably not.

“I don’t think the eight months it took Sav-Rx to notify impacted customers of the breach is going to fly with anyone, least of all their customers,” Grimes said.

“Today, you’ve got most companies notifying impacted customers in days to a few weeks,” he added. “Eight months? Whoever decided on that decision is likely to come under some heat and have explaining to do.”

Sav-Rx claims to have implemented a “number of detailed and immediate mitigation measures” to improve its security after the digital break-in. This includes “enhancing” its always-on security operations center, and adding new firewalls, antivirus software, and multi-factor authentication.

The organization also says it has since implemented a patching cycle and network segmentation and taken other measures to harden its systems. Hopefully it can also speed up its response times if it happens again.

Source: 2.8M US folks’ personal info swiped in Sav-Rx IT heist • The Register

Google’s technical info about search ranking leaks online

Posted on by

A trove of documents that appear to describe how Google ranks search results has appeared online, likely as the result of accidental publication by an in-house bot.

The leaked documentation describes an old version of Google’s Content Warehouse API and provides a glimpse of Google Search’s inner workings.

The material appears to have been inadvertently committed to a publicly accessible Google-owned repository on GitHub around March 13 by the web giant’s own automated tooling. That automation tacked an Apache 2.0 open source license on the commit, as is standard for Google’s public documentation. A follow-up commit on May 7 attempted to undo the leak.

The material was nonetheless spotted by Erfan Azimi, CEO of search engine optimization (SEO) biz EA Digital Eagle and were then disclosed on Sunday by fellow SEO operatives Rand Fishkin, CEO of SparkToro and Michael King, CEO of iPullRank.

These documents do not contain code or the like, and instead describe how to use Google’s Content Warehouse API that’s likely intended for internal use only; the leaked documentation includes numerous references to internal systems and projects. While there is a similarly named Google Cloud API that’s already public, what ended up on GitHub goes well beyond that, it seems.

The files are noteworthy for what they reveal about the things Google considers important when ranking web pages for relevancy, a matter of enduring interest to anyone involved in the SEO business and/or anyone operating a website and hoping Google will help it to win traffic.

Among the 2,500-plus pages of documentation, assembled for easy perusal here, there are details on more than 14,000 attributes accessible or associated with the API, though scant information about whether all these signals are used and their importance. It is therefore hard to discern the weight Google applies to the attributes in its search result ranking algorithm.

But SEO consultants believe the documents contain noteworthy details because they differ from public statements made by Google representatives.

“Many of [Azimi’s] claims [in an email describing the leak] directly contradict public statements made by Googlers over the years, in particular the company’s repeated denial that click-centric user signals are employed, denial that subdomains are considered separately in rankings, denials of a sandbox for newer websites, denials that a domain’s age is collected or considered, and more,” explained SparkToro’s Fishkin in a report.

iPullRank’s King, in his post on the documents, pointed to a statement made by Google search advocate John Mueller, who said in a video that “we don’t have anything like a website authority score” – a measure of whether Google considers a site authoritative and therefore worthy of higher rankings for search results.

But King notes that the docs reveal that as part of the Compressed Quality Signals Google stores for documents, a “siteAuthority” score can be calculated.

Several other revelations are cited in the two posts.

One is the importance of clicks – and different types of clicks (good, bad, long, etc.) – are in determining how a webpage rankings. Google during the US v. Google antitrust trial acknowledged [PDF] that it considers click metrics as a ranking factor in web search.

Another is that Google uses websites viewed in Chrome as a quality signal, seen in the API as the parameter ChromeInTotal. “One of the modules related to page quality scores features a site-level measure of views from Chrome,” according to King.

Additionally, the documents indicate that Google considers other factors like content freshness, authorship, whether a page is related to a site’s central focus, alignment between page title and content, and “the average weighted font size of a term in the doc body.”

Source: Google’s technical info about search ranking leaks online • The Register

Lawyers To Plastic Makers: Prepare For ‘Astronomical’ PFAS Lawsuits

Posted on by

An anonymous reader quotes a report from the New York Times: The defense lawyer minced no words as he addressed a room full of plastic-industry executives. Prepare for a wave of lawsuits with potentially “astronomical” costs. Speaking at a conference earlier this year, the lawyer, Brian Gross, said the coming litigation could “dwarf anything related to asbestos,” one of the most sprawling corporate-liability battles in United States history. Mr. Gross was referring to PFAS, the “forever chemicals” that have emerged as one of the major pollution issues of our time. Used for decades in countless everyday objects — cosmetics, takeout containers, frying pans — PFAS have been linked to serious health risks including cancer. Last month the federal government said several types of PFAS must be removed from the drinking water of hundreds of millions of Americans. “Do what you can, while you can, before you get sued,” Mr. Gross said at the February session, according to a recording of the event made by a participant and examined by The New York Times. “Review any marketing materials or other communications that you’ve had with your customers, with your suppliers, see whether there’s anything in those documents that’s problematic to your defense,” he said. “Weed out people and find the right witness to represent your company.”

A wide swath of the chemicals, plastics and related industries are gearing up to fight a surge in litigation related to PFAS, or per- and polyfluoroalkyl substances, a class of nearly 15,000 versatile synthetic chemicals linked to serious health problems. […] PFAS-related lawsuits have already targeted manufacturers in the United States, including DuPont, its spinoff Chemours, and 3M. Last year, 3M agreed to pay at least $10 billion to water utilities across the United States that had sought compensation for cleanup costs. Thirty state attorneys general have also sued PFAS manufacturers, accusing the manufacturers of widespread contamination. But experts say the legal battle is just beginning. Under increasing scrutiny are a wider universe of companies that use PFAS in their products. This month, plaintiffs filed a class-action lawsuit against Bic, accusing the razor company for failing to disclose that some of its razors contained PFAS. Bic said it doesn’t comment on pending litigation, and said it had a longstanding commitment to safety.

The Biden administration has moved to regulate the chemicals, for the first time requiring municipal water systems to remove six types of PFAS. Last month, the Environmental Protection Agency also designated two of those PFAS chemicals as hazardous substances under the Superfund law, shifting responsibility for their cleanup at contaminated sites from taxpayers to polluters. Both rules are expected to prompt a new round of litigation from water utilities, local communities and others suing for cleanup costs. “To say that the floodgates are opening is an understatement,” said Emily M. Lamond, an attorney who focuses on environmental litigation at the law firm Cole Schotz. “Take tobacco, asbestos, MTBE, combine them, and I think we’re still going to see more PFAS-related litigation,” she said, referring to methyl tert-butyl ether, a former harmful gasoline additive that contaminated drinking water. Together, the trio led to claims totaling hundreds of billions of dollars. Unlike tobacco, used by only a subset of the public, “pretty much every one of us in the United States is walking around with PFAS in our bodies,” said Erik Olson, senior strategic director for environmental health at the Natural Resources Defense Council. “And we’re being exposed without our knowledge or consent, often by industries that knew how dangerous the chemicals were, and failed to disclose that,” he said. “That’s a formula for really significant liability.”

YouTube’s Crackdown on Adblockers Makes Videos Unwatchable – now skips to end of video

Posted on by

YouTube has been at war with adblockers for quite some time now and has employed various tactics to keep users off those extensions. Its most recent defense strategy is to skip right to the end of the video you’re playing. If you try replaying it, it’ll do that again. If you tap anywhere on the timeline, your video will buffer indefinitely. Here’s what it looks like in action.

[…]

one of its first moves was to send a pop-up warning saying, “Video playback is blocked unless YouTube is allowlisted or the ad blocker is disabled.” However, users could close that pop-up and resume watching their videos.

Next, it tried to make videos unplayable by showing a never-ending loading screen. Then it refused to do even that and would pop up an immovable prompt to disable the adblocker.

[…]

This latest move is frustrating, and that’s the point. There was a time when its ads were tolerable, but with the recent increase of ads on the video platform, users are finding it extremely hard to sit through a 20-second unskippable ad followed by a 5-second skippable one. Ad runtime isn’t proportionate to a video’s length, which adds to the bizarreness.

Google is aware of its monopoly over the video-sharing industry and has jacked up its ad-free Premium tier prices to $14 monthly. It has also extended its crackdown on mobile, resulting in buffering issues and error messages for users who dare to use an adblocker on their phones.

[…]

Users have also figured out workarounds. Some are switching to AdBlock alternatives, such as uBlock Origin, while others recommend browser substitutes like Brave to fix the issue. A few disappointed consumers are also considering bidding farewell to the platform.

[…]

Source: YouTube’s Crackdown on Adblockers Makes Videos Unwatchable

Samsung Requires Independent Repair Shops to Share Customer Data, Snitch on People and destroy phones Using Aftermarket Parts, Leaked Contract Shows

Posted on by

In exchange for selling them repair parts, Samsung requires independent repair shops to give Samsung the name, contact information, phone identifier, and customer complaint details of everyone who gets their phone repaired at these shops, according to a contract obtained by 404 Media. Stunningly, it also requires these nominally independent shops to “immediately disassemble” any phones that customers have brought them that have been previously repaired with aftermarket or third-party parts and to “immediately notify” Samsung that the customer has used third-party parts.

[…]

The contract also requires the “daily” uploading of details of each and every repair that an independent company does into a Samsung database called G-SPN “at the time of each repair,” which includes the customer’s address, email address, phone number, details about what is wrong with their phone, their phone’s warranty status, details of the customer’s complaint, and the device’s IMEI number, which is a unique device identifier. 404 Media has verified the authenticity of the original contract and has recreated the version embedded at the bottom of this article to protect the source. No provisions have been changed.

The use of aftermarket parts in repair is relatively common. This provision requires independent repair shops to destroy the devices of their own customers, and then to snitch on them to Samsung.

[…]

People have a right to use third-party parts under the Magnuson Moss Warranty Act, for one thing, and it’s hard to square this contact language with that basic consumer right.”

[…]

The contract shows the incredible level of control that Samsung has over “independent” repair shops, which need to sign this agreement to get repair parts from Samsung. Signing this contract does not even make a repair shop an “authorized” repair center, which is a distinction that requires shop owners to jump through even more hoops.

[…]

“This is exactly the kind of onerous, one-sided ‘agreement’ that necessitates the right-to-repair,” Kit Walsh, a staff attorney at the Electronic Freedom Foundation and right to repair expert told me. “The data collection is excessive. I may not have chosen to disclose my address or identity to Samsung, yet an added cost of repair—even at an independent shop—is giving that information up. In addition to the provision you mentioned about dismantling devices with third-party components, these create additional disincentives to getting devices repaired, which can harm both device security and the environment as repairable devices wind up in landfills.”

[…]

The contract also functionally limits the types of repairs these “independent” repair shops are allowed to do and does not authorize the stores to do repairs that require soldering or so-called board-level repair, which are increasingly common types of repairs.

Independent repair shops are also required to get a certification from an organization called WISE, which costs $200 annually and is an arm of the CTIA, a trade group made up of wireless companies like Verizon and AT&T that has repeatedly lobbied against right to repair laws. In effect, independent shops are required to fund an organization lobbying against their interests.

In 2020, Motherboard obtained a contract that Apple required independent repair companies to sign in order to get repair parts from the company. At the time, experts said that Apple’s contract was problematic because it allowed Apple to audit and inspect the shops at any time. The Samsung document is even more onerous because it requires them to essentially serve as enforcers for Samsung and requires the proactive sharing of consumer data.

[…]

Source: Samsung Requires Independent Repair Shops to Share Customer Data, Snitch on People Who Use Aftermarket Parts, Leaked Contract Shows

Spotify to brick every Car Thing gadget it ever sold only 2 – 3 years ago

Posted on by

Spotify’s brief attempt at being a hardware company wasn’t all that successful: the company stopped producing its Car Thing dashboard accessory less than a year after it went on sale to the public. And now, two years later, the device is about to be rendered completely inoperable. Customers who bought the Car Thing are receiving emails warning that it will stop working altogether as of December 9th.

Unfortunately for those owners, Spotify isn’t offering any kind of subscription credit or automatic refund for the device — nor is the company open-sourcing it. Rather, it’s just canning the project and telling people to (responsibly) dispose of Car Thing.

[…]

Car Thing was initially made available on an invite-only basis in April 2021, with Spotify later opening a public waitlist to buy the accessory later that year. The $90 device went on general sale in February 2022 — and production was halted five months later.

[…]

Source: Spotify is going to break every Car Thing gadget it ever sold – The Verge

Crooks plant backdoor in software used by courtrooms around the world

Posted on by

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack.

The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings. Its maker, Louisville, Kentucky-based Justice AV Solutions, says its products are used in more than 10,000 courtrooms throughout the US and 11 other countries. The company has been in business for 35 years.

JAVS Viewer users at high risk

Researchers from security firm Rapid7 reported that a version of the JAVS Viewer 8 available for download on javs.com contained a backdoor that gave an unknown threat actor persistent access to infected devices. The malicious download, planted inside an executable file that installs the JAVS Viewer version 8.3.7, was available no later than April 1, when a post on X (formerly Twitter) reported it. It’s unclear when the backdoored version was removed from the company’s download page. JAVS representatives didn’t immediately respond to questions sent by email.

“Users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action,” Rapid7 researchers Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger wrote. “This version contains a backdoored installer that allows attackers to gain full control of affected systems.”

The installer file was titled JAVS Viewer Setup 8.3.7.250-1.exe. When executed, it copied the binary file fffmpeg.exe to the file path C:\Program Files (x86)\JAVS\Viewer 8\. To bypass security warnings, the installer was digitally signed, but with a signature issued to an entity called “Vanguard Tech Limited” rather than to “Justice AV Solutions Inc.,” the signing entity used to authenticate legitimate JAVS software.

fffmpeg.exe, in turn, used Windows Sockets and WinHTTP to establish communications with a command-and-control server. Once successfully connected, fffmpeg.exe sent the server passwords harvested from browsers and data about the compromised host, including hostname, operating system details, processor architecture, program working directory, and the user name.

The researchers said fffmpeg.exe also downloaded the file chrome_installer.exe from the IP address 45.120.177.178. chrome_installer.exe went on to execute a binary and several Python scripts that were responsible for stealing the passwords saved in browsers. fffmpeg.exe is associated with a known malware family called GateDoor/Rustdoor. The exe file was already flagged by 30 endpoint protection engines.

[…]

The researchers warned that the process of disinfecting infected devices will require care. They wrote:

To remediate this issue, affected users should:

  • Reimage any endpoints where JAVS Viewer 8.3.7 was installed. Simply uninstalling the software is insufficient, as attackers may have implanted additional backdoors or malware. Re-imaging provides a clean slate.
  • Reset credentials for any accounts that were logged into affected endpoints. This includes local accounts on the endpoint itself as well as any remote accounts accessed during the period when JAVS Viewer 8.3.7 was installed. Attackers may have stolen credentials from compromised systems.
  • Reset credentials used in web browsers on affected endpoints. Browser sessions may have been hijacked to steal cookies, stored passwords, or other sensitive information.
  • Install the latest version of JAVS Viewer (8.3.8 or higher) after re-imaging affected systems. The new version does not contain the backdoor present in 8.3.7.

Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials. All organizations running JAVS Viewer 8.3.7 should take these steps immediately to address the compromise.

The Rapid7 post included a statement from JAVS that confirmed that the installer for version 8.3.7 of the JAVS viewer was malicious.

“We pulled all versions of Viewer 8.3.7 from the JAVS website, reset all passwords, and conducted a full internal audit of all JAVS systems,” the statement read. “We confirmed all currently available files on the JAVS.com website are genuine and malware-free. We further verified that no JAVS Source code, certificates, systems, or other software releases were compromised in this incident.”

The statement didn’t explain how the installer became available for download on its site. It also didn’t say if the company retained an outside firm to investigate.

The incident is the latest example of a supply-chain attack, a technique that tampers with a legitimate service or piece of software with the aim of infecting all downstream users. These sorts of attacks are usually carried out by first hacking the provider of the service or software.

Source: Crooks plant backdoor in software used by courtrooms around the world | Ars Technica

Bilingual Brain-Reading Implant Decodes Spanish and English

Posted on by

For the first time, a brain implant has helped a bilingual person who is unable to articulate words to communicate in both of his languages. An artificial-intelligence (AI) system coupled to the brain implant decodes, in real time, what the individual is trying to say in either Spanish or English.

The findings, published on 20 May in Nature Biomedical Engineering, provide insights into how our brains process language, and could one day lead to long-lasting devices capable of restoring multilingual speech to people who can’t communicate verbally.

[…]

The person at the heart of the study, who goes by the nickname Pancho, had a stroke at age 20 that paralysed much of his body. As a result, he can moan and grunt but cannot speak clearly.

[…]

the team developed an AI system to decipher Pancho’s bilingual speech. This effort, led by Chang’s PhD student Alexander Silva, involved training the system as Pancho tried to say nearly 200 words. His efforts to form each word created a distinct neural pattern that was recorded by the electrodes.

The authors then applied their AI system, which has a Spanish module and an English one, to phrases as Pancho tried to say them aloud. For the first word in a phrase, the Spanish module chooses the Spanish word that matches the neural pattern best. The English component does the same, but chooses from the English vocabulary instead. For example, the English module might choose ‘she’ as the most likely first word in a phrase and assess its probability of being correct to be 70%, whereas the Spanish one might choose ‘estar’ (to be) and measure its probability of being correct at 40%.

[…]

From there, both modules attempt to build a phrase. They each choose the second word based on not only the neural-pattern match but also whether it is likely to follow the first one. So ‘I am’ would get a higher probability score than ‘I not’. The final output produces two sentences — one in English and one in Spanish — but the display screen that Pancho faces shows only the version with the highest total probability score.

The modules were able to distinguish between English and Spanish on the basis of the first word with 88% accuracy and they decoded the correct sentence with an accuracy of 75%.

[…]

The findings revealed unexpected aspects of language processing in the brain. Some previous experiments using non-invasive tools have suggested that different languages activate distinct parts of the brain. But the authors’ examination of the signals recorded directly in the cortex found that “a lot of the activity for both Spanish and English was actually from the same area”, Silva says.

Furthermore, Pancho’s neurological responses didn’t seem to differ much from those of children who grew up bilingual, even though he was in his thirties when he learnt English — in contrast to the results of previous studies. Together, these findings suggest to Silva that different languages share at least some neurological features, and that they might be generalizable to other people.

[…]

Source: Bilingual Brain-Reading Implant Decodes Spanish and English | Scientific American

Netflix app update for Windows PCs will ditch downloads and offline viewing but give you stuff you never wanted.

Posted on by

In the past few weeks, users have received notifications on their Netflix Windows indicating that a new update is coming. The update will ship with many new features and quality-of-life improvements, including support for watching live events, improved streaming quality, compatibility with ad-supported plans, and more.

Wait – who wants any of this stuff? What quality-of-life is improved here?

[…]

However, the update will also include a new change that won’t allow users to download movies or series via the Netflix app for offline viewing or when facing intermittent internet connection issues.

Source: An official Netflix app update for Windows PCs will ditch downloads and offline viewing following a crackdown on account sharing | Windows Central

So you get stuff you really don’t want to lose stuff you really do want – especially if you travel. Which most people do.

What are they thinking at Netflix? Well, I guess it’s out with the pirate hat again and download what I want to watch offline – even if it is available to me on a service I pay for…

Adobe threatens to sue Nintendo emulator Delta for its look-alike logo

Posted on by

Delta, an emulator that can play Nintendo games, had to change its logo after Adobe threatened legal action. You’d think it would face trouble from Nintendo, seeing as it has been going after emulators these days, but no. It’s Adobe who’s going after the developer, which told TechCrunch that it first received an email from the company’s lawyer on May 7. Adobe warned Delta that their logos are too similar, with its app icon infringing on the well-known Adobe “A,” and asked it to change its logo so it wouldn’t violate the company’s rights. Delta reportedly received an email from Apple, as well, telling the developer that Adobe asked it to take down the emulator app.

A purple icon.
Delta

If you’ll recall, Apple started allowing retro game emulators on the App Store, as long as they don’t offer pirated games for download. Delta was one of the first to be approved for listing and was at the top of Apple’s charts for a while, which is probably why it caught Adobe’s attention. At the time of writing, it sits at number six in the ranking for apps in Entertainment with 17,100 ratings.

The developer told both Adobe and Apple that its logo was a stylized version of the Greek letter “delta,” and not the uppercase letter A. Regardless, it debuted a new logo, which looks someone took a sword to its old one to cut it in half. It’s a temporary solution, though — the developer said it’s releasing the “final” version of its new logo when Delta 1.6 comes out.

Source: Adobe threatens to sue Nintendo emulator Delta for its look-alike logo

Winamp has announced that it is opening up its source code

Posted on by

Winamp has announced that on 24 September 2024, the application’s source code will be open to developers worldwide.

Winamp will open up its code for the player used on Windows, enabling the entire community to participate in its development. This is an invitation to global collaboration, where developers worldwide can contribute their expertise, ideas, and passion to help this iconic software evolve.

[…]

Interested developers can now make themselves known at the following address: about.winamp.com/free-llama

Source: About Winamp – Winamp has announced that it is opening up its source code to enable collaborative development of its legendary player for Windows.

Why only now? who knows. But it will hopefully be a huge boost to WACUP – which is a player that looks a lot like Winamp, allows you to use it’s (old and new) plugins but has been updated to be modern.

Germany’s Sovereign Tech Fund Now Supporting FFmpeg

Posted on by

Following Germany’s Sovereign Tech Fund providing significant funding for GNOME, Rust Coreutils, PHP, a systemd bug bounty, and numerous other free software projects, the FFmpeg multimedia library is the latest beneficiary to this funding from the Germany government.

The Sovereign Tech Fund notes that the FFmpeg project is receiving €157,580.00 for 2024 and 2025.

FFmpeg logo

An announcement on the FFmpeg.org project site notes:

“The FFmpeg community is excited to announce that Germany’s Sovereign Tech Fund has become its first governmental sponsor. Their support will help sustain the [maintenance] of the FFmpeg project, a critical open-source software multimedia component essential to bringing audio and video to billions around the world everyday.”

Exciting news and great continuing to see the significant investments across many open-source projects being made by the Sovereign Tech Fund.

Source: Germany’s Sovereign Tech Fund Now Supporting FFmpeg – Phoronix

Ffmpeg is a hugely important tool used for manipulating video and sound files in all kinds of ways. It is used under the hood by all kinds of projects. It’s really encouraging to see governments funding this kind of stuff, especially considering the problems open source developers are running into. There should be a lot more of this and a lot less of businesses ‘funding’ open source projects and then forking them into closed source versions (here’s looking at you, Amazon).

People Are Jailbreaking Their PS4s Using Smart TVs

Posted on by

Jailbreaking a PlayStation 4 might sound tricky. But actually, all you need nowadays is an LG Smart TV, a few minutes of your time, and the internet.

Why would you want to jailbreak a PlayStation 4 console in 2024? There are a few reasons. For one, it opens the console up, letting you freely back up game installs and saves. You can also run emulators on the PS4 and play your installed games without a disc. And yes, some people are pirating new games and playing them on these hacked consoles, too. But we are not here to talk about that. Instead, I want to share a strange way people are jailbreaking PS4s.

As reported by HackADay.com, a recently created method for jailbreaking a PS4 involves plugging it into a jailbroken LG smart TV. (And yes, in case you didn’t know about this already, people are jailbreaking smart televisions, too.) Once you’ve hacked your LG TV, you install a digital tool onto the TV and hook your PS4 up to it using an ethernet cable. Then run the exploit tool on the TV and set up a LAN connection on the PS4…and that’s it. At that point, the tool should work its magic and you’ll soon have a jailbroken PS4.

Michael Crump

This new tool is built upon the work of other modders and hackers who were able to figure out new ways to jailbreak Sony’s last-gen console. And to be clear, I’m not suggesting you go buy an LG TV, jailbreak it, and then use that device to hack your PS4 and start downloading pirated games.

But being able to take full control of expensive electronic devices, like phones, TVs, and consoles, is something that we should all support as it allows these pieces of tech to be useful long after their corporate owners have moved on.

And based on what a lousy job video game companies have been doing at preserving old (or even fairly new) games, in 20 years or so, a modded PS4—jailbroken using a TV—might be the easiest way to play digital games you bought years ago but lost access to because the servers were killed.

Source: People Are Jailbreaking Their PS4s Using Smart TVs

Top EU court says there is no right to online anonymity, because copyright is more important

Posted on by

A year ago, Walled Culture wrote about an extremely important case that was being considered by the Court of Justice of the European Union (CJEU), the EU’s top court. The central question was whether the judges considered that copyright was more important than privacy. The bad news is that the CJEU has just decided that it is:

The Court, sitting as the Full Court, holds that the general and indiscriminate retention of IP addresses does not necessarily constitute a serious interference with fundamental rights.

IP addresses refer to the identifying Internet number assigned to a user’s system when it is online. That may change each time someone uses the Internet, but if Internet Service Providers are required by law to retain information about who was assigned a particular address at a given time, then it is possible to carry out routine surveillance of people’s online activities. The CJEU has decided this is acceptable:

EU law does not preclude national legislation authorising the competent public authority, for the sole purpose of identifying the person suspected of having committed a criminal offence, to access the civil identity data associated with an IP address

The key problem is that copyright infringement by a private individual is regarded by the court as something so serious that it negates the right to privacy. It’s a sign of the twisted values that copyright has succeeded on imposing on many legal systems. It equates the mere copying of a digital file with serious crimes that merit a prison sentence, an evident absurdity.

As one of the groups that brought the original case, La Quadrature du Net, writes, this latest decision also has serious negative consequences for human rights in the EU:

Whereas in 2020, the CJEU considered that the retention of IP addresses constituted a serious interference with fundamental rights and that they could only be accessed, together with the civil identity of the Internet user, for the purpose of fighting serious crime or safeguarding national security, this is no longer true. The CJEU has reversed its reasoning: it now considers that the retention of IP addresses is, by default, no longer a serious interference with fundamental rights, and that it is only in certain cases that such access constitutes a serious interference that must be safeguarded with appropriate protection measures.

As a result, La Quadrature du Net says:

While in 2020 [the CJEU] stated that there was a right to online anonymity enshrined in the ePrivacy Directive, it is now abandoning it. Unfortunately, by giving the police broad access to the civil identity associated with an IP address and to the content of a communication, it puts a de facto end to online anonymity.

This is a good example of how copyright’s continuing obsession with ownership and control of digital material is warping the entire legal system in the EU. What was supposed to be simply a fair way of rewarding creators has resulted in a monstrous system of routine government surveillance carried out on hundreds of millions of innocent people just in case they copy a digital file.

Source: Top EU court says there is no right to online anonymity, because copyright is more important – Walled Culture

Device Decodes ‘Internal Speech’ in the Brain

Posted on by

Scientists have developed brain implants that can decode internal speech — identifying words that two people spoke in their minds without moving their lips or making a sound.

Although the technology is at an early stage — it was shown to work with only a handful of words, and not phrases or sentences — it could have clinical applications in future.

Similar brain–computer interface (BCI) devices, which translate signals in the brain into text, have reached speeds of 62–78 words per minute for some people. But these technologies were trained to interpret speech that is at least partly vocalized or mimed.

The latest study — published in Nature Human Behaviour on 13 May — is the first to decode words spoken entirely internally, by recording signals from individual neurons in the brain in real time.

[…]

The researchers implanted arrays of tiny electrodes in the brains of two people with spinal-cord injuries. They placed the devices in the supramarginal gyrus (SMG), a region of the brain that had not been previously explored in speech-decoding BCIs.

Figuring out the best places in the brain to implant BCIs is one of the key challenges for decoding internal speech

[…]

wo weeks after the participants were implanted with microelectrode arrays in their left SMG, the researchers began collecting data. They trained the BCI on six words (battlefield, cowboy, python, spoon, swimming and telephone) and two meaningless pseudowords (nifzig and bindip). “The point here was to see if meaning was necessary for representation,” says Wandelt.

Over three days, the team asked each participant to imagine speaking the words shown on a screen and repeated this process several times for each word. The BCI then combined measurements of the participants’ brain activity with a computer model to predict their internal speech in real time.

For the first participant, the BCI captured distinct neural signals for all of the words and was able to identify them with 79% accuracy. But the decoding accuracy was only 23% for the second participant, who showed preferential representation for ‘spoon’ and ‘swimming’ and had fewer neurons that were uniquely active for each word. “It’s possible that different sub-areas in the supramarginal gyrus are more, or less, involved in the process,” says Wandelt.

Christian Herff, a computational neuroscientist at Maastricht University in the Netherlands, thinks these results might highlight the different ways in which people process internal speech. “Previous studies showed that there are different abilities in performing the imagined task and also different BCI control abilities,” adds Marchesotti.

The authors also found that 82–85% of neurons that were active during internal speech were also active when the participants vocalized the words. But some neurons were active only during internal speech, or responded differently to specific words in the different tasks.

[…]

Source: Device Decodes ‘Internal Speech’ in the Brain | Scientific American

Gene therapy relieves back pain, repairs damaged disc in mice

Posted on by

Disc-related back pain may one day meet its therapeutic match: gene therapy delivered by naturally derived nanocarriers that, a new study shows, repairs damaged discs in the spine and lowers pain symptoms in mice.

Scientists engineered nanocarriers using mouse connective-tissue cells called fibroblasts as a model of skin cells and loaded them with genetic material for a protein key to tissue development. The team injected a solution containing the carriers into damaged discs in mice at the same time the back injury occurred.

Assessing outcomes over 12 weeks, researchers found through imaging, tissue analysis, and mechanical and behavioral tests that the gene therapy restored structural integrity and function to degenerated discs and reduced signs of back pain in the animals.

[…]

“This can be used at the same time as surgery to actually boost healing of the disc itself,” said co-senior author Natalia Higuita-Castro, associate professor of biomedical engineering and neurological surgery at Ohio State. “Your own cells are actually doing the work and going back to a healthy state.”

The study was published online recently in the journal Biomaterials.

An estimated 40% of low-back pain cases are attributed to degeneration of the cushiony intervertebral discs that absorb shocks and provide flexibility to the spine, previous research suggests. And while trimming away bulging tissue from a herniated disc during surgery typically reduces pain, it does not repair the disc itself — which continues to degenerate with the passage of time.

[…]

This new study builds upon previous work in Higuita-Castro’s lab, which reported a year ago that nanocarriers called extracellular vesicles loaded with anti-inflammatory cargo curbed tissue injury in damaged mouse lungs. The engineered carriers are replicas of the natural extracellular vesicles that circulate in humans’ bloodstream and biological fluids, carrying messages between cells.

To create the vesicles, scientists apply an electrical charge to a donor cell to transiently open holes in its membrane, and deliver externally obtained DNA inside that converts to a specific protein, as well as molecules that prompt the manufacture of even more of a functional protein.

In this study, the cargo consisted of material to produce a “pioneer” transcription factor protein called FOXF1, which is important in the development and growth of tissues.

[…]

Compared to controls, the discs in mice receiving gene therapy showed a host of improvements: The tissue plumped back up and became more stable through production of a protein that holds water and other matrix proteins, all helping promote range of motion, load bearing and flexibility in the spine. Behavioral tests showed the therapy decreased symptoms of pain in mice, though these responses differed by sex — males and females showed varying levels of susceptibility to pain based on the types of movement being assessed.

The findings speak to the value of using universal adult donor cells to create these extracellular vesicle therapies, the researchers said, because they don’t carry the risk of generating an immune response. The gene therapy also, ideally, would function as a one-time treatment — a therapeutic gift that keeps on giving.

[…]

There are more experiments to come, testing the effects of other transcription factors that contribute to intervertebral disc development. And because this first study used young adult mice, the team also plans to test the therapy’s effects in older animals that model age-related degeneration and, eventually, in clinical trials for larger animals known to develop back problems.

[…]

Story Source:

Materials provided by Ohio State University. Original written by Emily Caldwell. Note: Content may be edited for style and length.

Journal Reference:

  1. Shirley N. Tang, Ana I. Salazar-Puerta, Mary K. Heimann, Kyle Kuchynsky, María A. Rincon-Benavides, Mia Kordowski, Gilian Gunsch, Lucy Bodine, Khady Diop, Connor Gantt, Safdar Khan, Anna Bratasz, Olga Kokiko-Cochran, Julie Fitzgerald, Damien M. Laudier, Judith A. Hoyland, Benjamin A. Walter, Natalia Higuita-Castro, Devina Purmessur. Engineered extracellular vesicle-based gene therapy for the treatment of discogenic back pain. Biomaterials, 2024; 308: 122562 DOI: 10.1016/j.biomaterials.2024.122562

Source: Gene therapy relieves back pain, repairs damaged disc in mice | ScienceDaily

Flood of Fake Science Forces Multiple Journal Closures

Posted on by
Fake studies have flooded the publishers of top scientific journals, leading to thousands of retractions and millions of dollars in lost revenue. The biggest hit has come to Wiley, a 217-year-old publisher based in Hoboken, N.J., which Tuesday will announce that it is closing 19 journals, some of which were infected by large-scale research fraud.
In the past two years, Wiley has retracted more than 11,300 papers that appeared compromised, according to a spokesperson, and closed four journals. It isn’t alone: At least two other publishers have retracted hundreds of suspect papers each. Several others have pulled smaller clusters of bad papers.
Although this large-scale fraud represents a small percentage of submissions to journals, it threatens the legitimacy of the nearly $30 billion academic publishing industry and the credibility of science as a whole.
The discovery of nearly 900 fraudulent papers in 2022 at IOP Publishing, a physical sciences publisher, was a turning point for the nonprofit. “That really crystallized for us, everybody internally, everybody involved with the business,” said Kim Eggleton, head of peer review and research integrity at the publisher. “This is a real threat.”

Wiley will announce that it is closing 19 journals. Photo: Wiley

The sources of the fake science are “paper mills”—businesses or individuals that, for a price, will list a scientist as an author of a wholly or partially fabricated paper. The mill then submits the work, generally avoiding the most prestigious journals in favor of publications such as one-off special editions that might not undergo as thorough a review and where they have a better chance of getting bogus work published.
World-over, scientists are under pressure to publish in peer-reviewed journals—sometimes to win grants, other times as conditions for promotions. Researchers say this motivates people to cheat the system. Many journals charge a fee to authors to publish in them.
Problematic papers typically appear in batches of up to hundreds or even thousands within a publisher or journal. A signature move is to submit the same paper to multiple journals at once to maximize the chance of getting in, according to an industry trade group now monitoring the problem. Publishers say some fraudsters have even posed as academics to secure spots as guest editors for special issues and organizers of conferences, and then control the papers that are published there.
“The paper mill will find the weakest link and then exploit it mercilessly until someone notices,” said Nick Wise, an engineer who has documented paper-mill advertisements on social media and posts examples regularly on X under the handle @author_for_sale.
The journal Science flagged the practice of buying authorship in 2013. The website Retraction Watch and independent researchers have since tracked paper mills through their advertisements and websites. Researchers say they have found them in multiple countries including Russia, Iran, Latvia, China and India. The mills solicit clients on social channels such as Telegram or Facebook, where they advertise the titles of studies they intend to submit, their fee and sometimes the journal they aim to infiltrate. Wise said he has seen costs ranging from as little as $50 to as much as $8,500.
When publishers become alert to the work, mills change their tactics.
[…]
For Wiley, which publishes more than 2,000 journals, the problem came to light two years ago, shortly after it paid nearly $300 million for Hindawi, a company founded in Egypt in 1997 that included about 250 journals. In 2022, a little more than a year after the purchase, scientists online noticed peculiarities in dozens of studies from journals in the Hindawi family.
Scientific papers typically include citations that acknowledge work that informed the research, but the suspect papers included lists of irrelevant references. Multiple papers included technical-sounding passages inserted midway through, what Bishop called an “AI gobbledygook sandwich.” Nearly identical contact emails in one cluster of studies were all registered to a university in China where few if any of the authors were based. It appeared that all came from the same source.
[…]
The extent of the paper mill problem has been exposed by members of the scientific community who on their own have collected patterns in faked papers to recognize this fraud at scale and developed tools to help surface the work.
One of those tools, the “Problematic Paper Screener,” run by Guillaume Cabanac, a computer-science researcher who studies scholarly publishing at the Université Toulouse III-Paul Sabatier in France, scans the breadth of the published literature, some 130 million papers, looking for a range of red flags including “tortured phrases.”
Cabanac and his colleagues realized that researchers who wanted to avoid plagiarism detectors had swapped out key scientific terms for synonyms from automatic text generators, leading to comically misfit phrases. “Breast cancer” became “bosom peril”; “fluid dynamics” became “gooey stream”; “artificial intelligence” became “counterfeit consciousness.” The tool is publicly available.
Another data scientist, Adam Day, built “The Papermill Alarm,” a tool that uses large language models to spot signs of trouble in an article’s metadata, such as multiple suspect papers citing each other or using similar templates and simply altering minor experimental details. Publishers can pay to use the tool.
[…]
The incursion of paper mills has also forced competing publishers to collaborate. A tool launched through STM, the trade group of publishers, now checks whether new submissions were submitted to multiple journals at once, according to Joris van Rossum, product director who leads the “STM Integrity Hub,” launched in part to beat back paper mills. Last fall, STM added Day’s “The Papermill Alarm” to its suite of tools.
While publishers are fighting back with technology, paper mills are using the same kind of tools to stay ahead.
“Generative AI has just handed them a winning lottery ticket,” Eggleton of IOP Publishing said. “They can do it really cheap, at scale, and the detection methods are not where we need them to be. I can only see that challenge increasing.”

Source: Flood of Fake Science Forces Multiple Journal Closures – WSJ

Patent troll hits Microsoft with $242 million US verdict in Cortana lawsuit

Posted on by

Microsoft (MSFT.O) must pay patent owner IPA Technologies $242 million, a federal jury in Delaware said on Friday after determining that Microsoft’s Cortana virtual-assistant software infringed an IPA patent.

The jury agreed with IPA after a week-long trial that Microsoft’s voice-recognition technology violates IPA’s patent rights in computer-communications software.
IPA is a subsidiary of patent-licensing company Wi-LAN, which is jointly owned by Canadian technology company Quarterhill (QTRH.TO)
, opens new tab and two investment firms. It bought the patent and others from SRI International’s Siri Inc, which Apple acquired in 2010 and whose technology it used in its Siri virtual assistant.
“We remain confident that Microsoft never infringed on IPA’s patents and will appeal,” a Microsoft spokesperson said.
Representatives for IPA and Wi-LAN did not immediately respond to a request for comment on the verdict.
IPA filed the lawsuit in 2018, accusing Microsoft of infringing patents related to personal digital assistants and voice-based data navigation.
The case was later narrowed to concern one IPA patent. Microsoft argued that it does not infringe and that the patent is invalid.
IPA has also sued Google and Amazon over its patents. Amazon defeated IPA’s lawsuit in 2021, and the Google case is still ongoing.

Source: Microsoft hit with $242 million US verdict in Cortana patent lawsuit | Reuters

So basically some company that never did anything except buy some rights from somewhere managed to extort a quarter of a billion dollars from MS. What a brilliant system copyright is!

iPhone users report deleted photos reappearing after update – turns out for Apple, delete doesn’t mean delete

Posted on by

Some iPhone users are reportedly seeing photos they had previously deleted resurface on their devices ever since updating to the latest version of iOS.

The user reports originate from Reddit, and it’s not just a couple of Apple users experiencing issues. By our count, 16 people who deleted their photos say they’ve come back. The deleted photos are apparently marked as recently added, making it very obvious which have made a comeback.

One user says that even photos from 2010 reappeared, and that they have “deleted them repeatedly.”

The Register was able to find a handful of instances of X users reporting the same problem.

[…]

The recent complaints were preceded by a different Reddit thread where three users reported the exact same thing happening in the beta version of iOS 17.5.

[…]

Some users previously reported disappearing photos on older versions of iOS 17, and the fix may have resulted in both accidentally and purposefully deleted photos being brought back to life.

If the issue is genuine, it wouldn’t be the first time iCloud has kept its hands on data after it was supposedly deleted, despite Apple’s emphasis on the privacy of its users. Back in 2017, iCloud was patched to fix a glitch where user browser history was retained for up to a year or so.

Source: iPhone users report deleted photos reappearing after update • The Register

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says

Posted on by

Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday.

In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it “calls the very integrity of the blockchain into question.”

[…]

The indictment goes into detail explaining that the scheme allegedly worked by exploiting the ethereum blockchain in the moments after a transaction was conducted but before the transaction was added to the blockchain.

These pending transactions, the DOJ explained, must be structured into a proposed block and then validated by a validator before it can be added to the blockchain, which acts as a decentralized ledger keeping track of crypto holdings. It appeared that the brothers tampered with this process by “establishing a series of ethereum validators” through shell companies and foreign exchanges that concealed their identities and masked their efforts to manipulate the blocks and seize ethereum.

To do this, they allegedly deployed “bait transactions” designed to catch the attention of specialized bots often used to help buyers and sellers find lucrative prospects in the ethereum network. When bots snatched up the bait, their validators seemingly exploited a vulnerability in the process commonly used to structure blocks to alter the transaction by reordering the block to their advantage before adding the block to the blockchain.

When victims detected the theft, they tried to request the funds be returned, but the DOJ alleged that the brothers rejected those requests and hid the money instead.

The brothers’ online search history showed that they studied up and “took numerous steps to hide their ill-gotten gains,” the DOJ alleged. These steps included “setting up shell companies and using multiple private cryptocurrency addresses and foreign cryptocurrency exchanges” that specifically did not rely on detailed “know your customer” (KYC) procedures.

[…]

Source: MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says | Ars Technica

Dell hack but who Dell didn’t think it was a big deal now includes customer phone numbers

Posted on by

The person who claimed to have stolen the physical addresses of 49 million Dell customers appears to have taken more data from a different Dell portal, TechCrunch has learned.

The newly compromised data includes names, phone numbers and email addresses of Dell customers. This personal data is contained in customer “service reports,” which also include information on replacement hardware and parts, comments from on-site engineers, dispatch numbers and, in some cases, diagnostic logs uploaded from the customer’s computer.

[…]

The stolen data included customer names and physical addresses, as well as less sensitive data, such as “Dell hardware and order information, including service tag, item description, date of order and related warranty information.”

I am not sure that knowledge of your operating environment, the amount you spend and service tag information constitutes “less sensitive data”. Actually, no, it is not “less sensitive”

Dell downplayed the breach at the time, saying that the spill of customer addresses did not pose “a significant risk to our customers,” and that the stolen information did not include “any highly sensitive customer information,” such as email addresses and phone numbers.

[…]

Source: Threat actor scraped Dell support tickets, including customer phone numbers | TechCrunch

Sonos App Redesign AMA – 769 angry questions, 19 corporate useless answers

Posted on by

After the absolute shitshow and riots around the release of the new app, which missed core functionalities and broke systems, Sonos did participate in their promised Ask Me Anything. Kind of. Three Sonos employees apparently attended, but managed to barely respond to any of the questions – which were almost all overwhelmingly angry, disappointed and hoping for control of their expensive machines.

Diane Roberts, Senior Director of Software Engineering and Product Management at Sonos responsible for the Sonos Apps managed to answer 9 questions

Tucker Severson, Director of Product Management and leads the PM team responsible for the Sonos Apps managed to answer a grand total of four questions

Kate, Senior Director of User Experience, Kate leads the UX team responsible for Sonos’ home audio hardware, software, and app user experiences got in six answers

Most of the answers given were disrespectful corporate shitspeak, blaming the customers for wanting the features they already had or alluding to how ‘energized’ the team was to roll out features in the future.

None apologised or seemed to even acknowledge the > 750 complaints about the new app.

None of these head honchos had ever even looked at the Sonos forum before! This is where they would have been able to see problems that people really had before embarking on their app redesign adventure.

Some guy called Mike – the Sonos employee left after the original people ran away posted an insulting closing comment, saying

We covered as many of the most asked questions as possible. We know tracking the responses wasn’t as easy as we had hoped. But we wanted to let the community air frustrations and have their questions answered.

Not very much seemed to be possible, not many questions were answered and the community was left more frustrated than it began.

Keith and I will work on recapping all the questions and feedback we have responded to

Again, if that’s going to be the recap, Sonos is going to miss absolutely everything that people were upset about.

A feature list was linked to: The New Sonos App and Future Feature Updates which put things like playing your own music and being able to update WiFi settings to mid-June, meaning you can hardly use the system if you rely on music you bought instead of streamed.

Source: Sonos App Redesign AMA | Sonos Community

Capacitor Breakthrough: 19-Fold Increase in Energy Storage Potential – could kill batteries

Posted on by

A battery’s best friend is a capacitor. Powering everything from smartphones to electric vehicles, capacitors store energy from a battery in the form of an electrical charge and enable ultrafast charging and discharging. However, their Achilles’ heel has always been their limited energy storage efficiency.

Now, Washington University in St. Louis researchers have unveiled a groundbreaking capacitor design that looks like it could overcome those energy storage challenges.

In a study published in Science, lead author Sang-Hoon Bae, an assistant professor of mechanical engineering and materials science, demonstrates a novel heterostructure that curbs energy loss, enabling capacitors to store more energy and charge rapidly without sacrificing durability.

While batteries excel in storage capacity, they fall short in speed, unable to charge or discharge rapidly. Capacitors fill this gap, delivering the quick energy bursts that power-intensive devices demand. Some smartphones, for example, contain up to 500 capacitors, and laptops around 800. Just don’t ask the capacitor to store its energy too long.

Within capacitors, ferroelectric materials offer high maximum polarization. That’s useful for ultra-fast charging and discharging, but it can limit the effectiveness of energy storage or the “relaxation time” of a conductor.

[…]

Bae makes the change—one he unearthed while working on something completely different—by sandwiching 2D and 3D materials in atomically thin layers, using chemical and nonchemical bonds between each layer. He says a thin 3D core inserts between two outer 2D layers to produce a stack that’s only 30 nanometers thick

[…]

“Initially, we weren’t focused on energy storage, but during our exploration of material properties, we found a new physical phenomenon that we realized could be applied to energy storage,” Bae says in a statement

[…]

The sandwich structure isn’t quite fully conductive or nonconductive. This semiconducting material, then, allows the energy storage, with a density up to 19 times higher than commercially available ferroelectric capacitors, while still achieving 90 percent efficiency—also better than what’s currently available.

The capacitor can hang on to its energy thanks to the minuscule gap in the material structure.

[…]

The study team will continue to optimize the material structure to ensure ultrafast charging and discharging with a new high-energy density. “We must be able to do that without losing storage capacity over repeated charges,” Bae says, “to see this material used broadly in large electronic like electric vehicles.”

Source: Capacitor Breakthrough: 19-Fold Increase in Energy Storage Potential

US Patent and Trademark Office confirms another leak of filers’ address data

Posted on by

The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years.

The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address — which can include their home address — appeared in public records between August 23, 2023 and April 19, 2024.

U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency’s website, about 14,000 applicants’ private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research.

The agency took blame for the incident, saying the addresses were “inadvertently exposed as we transitioned to a new IT system,” according to the email to affected applicants, which TechCrunch obtained. “Importantly, this incident was not the result of malicious activity,” the email said.

Upon discovery of the security lapse, the agency said it “blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access.”

If this sounds remarkably familiar, USPTO had a similar exposure of applicants’ address data last June. At the time, USPTO said it inadvertently exposed about 61,000 applicants’ private addresses in a years-long data spill in part through the release of its bulk datasets, and told affected individuals that the issue was fixed.

[…]

Source: US Patent and Trademark Office confirms another leak of filers’ address data | TechCrunch

Dell customer order database stolen, 49m records for sale on dark web

Posted on by

Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected.

According to the US computer maker, the stolen data includes people’s names, addresses, and details about their Dell equipment, but does not include sensitive stuff like payment info. Still, its portal was compromosed.

“We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address and certain Dell hardware and order information,” a Dell spokesperson told The Register today.

“It did not include financial or payment information, email address, telephone number or any highly sensitive customer data.”

A report at the end of last month from the aptly named Daily Dark Web suggested as many as 49 million Dell customers may have had some of their account information taken. The data is said to cover purchases made between 2017 and 2024.

Judging from a screenshot of a sample of the stolen info, the Dell database now up for sale on a cyber-crime forum includes the following columns: service tag, items, date, country, warranty, organization name, address, city, province, postal code, customer code, and order number.

[…]

Source: Dell customer order database stolen, for sale on dark web • The Register

Apparently Dell doesn’t think knowing your name coupled to your address and how much expensive stuff you bought from them constitutes a risk though, so you’re allright. But not really.