Squire1039

Bug:

Affected versions 12.23.1-12.72.0 (May 2022-Feb 2024) with split tunneling feature.

Impact:

Exposed visited domains to user's ISP, potentially leaking browsing history.

Affected users:

Windows users with active split tunneling (about 1%).

Fix:

Upgrade to version 12.73.0 (removes split tunneling temporarily).

Alternatives:

Disable split tunneling or use ExpressVPN version 10.

Note:

All other traffic and content remain encrypted.

Key Points:

• Apple opposed a right-to-repair bill in Oregon, despite previously supporting a weaker one in California.
• The key difference is Oregon's restriction on "parts pairing," which locks repairs to Apple or authorized shops.
• Apple argues this protects security and privacy, but critics say it creates a repair monopoly and e-waste.
• Apple claims their system eases repair and maintain data security, while Google doesn't have such a requirement
• Apple refused suggestions to revise the bill
• Cybersecurity experts argue parts pairing is unnecessary for security and hinders sustainable repair.

Summary:

A hacker group called ResumeLooters stole personal data from over 2 million job seekers across 65 websites, mainly in Asia but also affecting others in the US, Europe, and South America. They used SQL injection and cross-site scripting (XSS) attacks to access names, phone numbers, emails, and dates of birth, as well as information about job seekers’ experience, employment history, and other sensitive personal data, which is now being sold online. Be cautious about what information you share online and consider checking your digital footprint for potential exposure.

The attacks primarily focused on the Asia-Pacific (APAC) region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam. However, other compromised companies were located in other regions, including Brazil, Italy, Mexico, Russia, Turkey, and the US.

Comment

Well, this articles promotes Protons' products a bit, but the info is interesting anyway.

Summary

The article discusses the value of your data to big tech companies, mainly focusing on Google and Facebook.

Key Points:

• Facebook: Makes $42.34 per user globally, with US/Canada users valued much higher at $217.26. They recently offered an ad-free option for €9.99/month, suggesting a higher internal valuation.
• Google: Earns around $47 per user globally from Search ads, but this varies greatly by region (US users generate $393).
• Other Big Tech: Amazon, Apple, Microsoft also generate billions from ads.
• Beyond ads: Data is sold in less obvious ways (ISPs, car companies, grocery stores). Black market prices exist for stolen data (credit cards, etc.).
• Total value: Hundreds of dollars per year are extracted from each user by various companies.
• Privacy concerns: The article questions the ethical implications of big tech profiting from user data without informed consent. It emphasizes the importance of privacy and using encrypted services like Proton to protect your data.

Overall, the article urges readers to be aware of the value of their data and take steps to protect it from exploitation.

Summary

• Elon Musk claims the fiery end of Starship's 2nd flight was due to venting liquid oxygen without a payload.
• He suggests a payload would have consumed the oxygen, preventing the fire and explosion.
• The writer questions the "venting causing fire" logic and highlights SpaceX's iterative learning approach.
• Despite the explosion, SpaceX considers the launch a success due to technical achievements.
• Next launch planned soon, aiming for orbit and other ambitious goals.
• NASA's Artemis program delays offer SpaceX potentially helpful extra time.

Key Points:

• Researchers tested how large language models (LLMs) handle international conflict simulations.
• Most models escalated conflicts, with one even readily resorting to nuclear attacks.
• This raises concerns about using AI in military and diplomatic decision-making.

The Study:

• Researchers used five AI models to play a turn-based conflict game with simulated nations.
• Models could choose actions like waiting, making alliances, or even launching nuclear attacks.
• Results showed all models escalated conflicts to some degree, with varying levels of aggression.

Concerns:

• Unpredictability: Models' reasoning for escalation was unclear, making their behavior difficult to predict.
• Dangerous Biases: Models may have learned to escalate from the data they were trained on, potentially reflecting biases in international relations literature.
• High Stakes: Using AI in real-world diplomacy or military decisions could have disastrous consequences.

Conclusion:

This study highlights the potential dangers of using AI in high-stakes situations like international relations. Further research is needed to ensure responsible development and deployment of AI technology.

Summary:

Cory Doctorow recounts being scammed by a phone-phisher who posed as a bank representative, tricking them into divulging their credit card number. Despite the author's knowledge of scams and fraud, they fell victim to the scheme due to being on vacation, using unfamiliar ATMs, and feeling rushed and distracted. The fraudster exploited vulnerabilities in the bank's after-hours fraud center and the author's state of mind to obtain sensitive information. The author reflects on how AI-driven automated systems in banking may exacerbate such vulnerabilities, conditioning customers to interact with semi-automated systems that mimic phishing attempts. They emphasize the importance of raising awareness about scams and the need for companies to avoid creating new vulnerabilities in their systems.

Summary

OnlyFake, an underground website, employs neural networks to swiftly produce convincing fake IDs for just $15, potentially facilitating bank fraud and money laundering. Verified by 404 Media, the service allows users to input desired information and a passport photo, generating realistic IDs, even mimicking signatures. With its purported use of neural networks and generators, OnlyFake claims to churn out up to 20,000 documents daily, mainly for US identities. The IDs, backed by real-looking backgrounds, can pass online verification, posing challenges to platforms like OKX cryptocurrency exchange. While some companies, such as Jumio and Coinbase, aim to counter such fraud, OnlyFake's AI-powered IDs present a formidable challenge. Wick, the service's owner, aims to expand its capabilities, potentially including face and selfie generation. Discussions within OnlyFake's community suggest a pursuit of solutions for video verification challenges. Senator Ron Wyden warns of the growing threat posed by AI-based tools, urging the adoption of secure authentication methods. This revelation comes amidst a broader trend of AI-driven fraud, exemplified by AI-generated voices and images, highlighting the need for robust cybersecurity measures.