Chrome

America's Justice Department Still Wants Google to Sell Chrome (msn.com) 64

Last week Google urged the U.S. government not to break up the company — but apparently, it didn't work.
In a new filing Friday, America's Justice Department "reiterated its November proposal that Google be forced to sell its Chrome web browser," reports the Washington Post, "to address a federal judge finding the company guilty of being an illegal monopoly in August." The government also kept a proposal that Google be banned from paying other companies to give its search engine preferential placement on their apps and phones. At the same time, the government dropped its demand that Google sell its stakes in AI start-ups after one of the start-ups, Anthropic AI, argued that it needed Google's money to compete in the fast-growing industry.

The government's final proposal "reaffirms that Google must divest the Chrome browser — an important search access point — to provide an opportunity for a new rival to operate a significant gateway to search the internet, free of Google's monopoly control," Justice Department lawyers wrote in the filing... Judge Amit Mehta, of the U.S. District Court for the District of Columbia, who had ruled that Google held an illegal monopoly, will decide on the final remedies in April.

The article quotes a Google spokesperson's response: that the Justice Department's "sweeping" proposals "continue to go miles beyond the court's decision, and would harm America's consumers, economy and national security."
United States

Is America Closer to Ending Daylight Saving Time? (msn.com) 201

U.S. president Donald Trump called Daylight Saving Time "very costly to our nation" and "inconvenient" in December. Today the Washington Post remembers he'd vowed his Republican party would use their "best efforts" to eliminate it.

But it's still proving to be politically difficult... Polls have shown that most Americans oppose the time shifts but disagree on what should replace them... [U.S. political leaders] also say they are grappling with whether the nation should permanently move the clocks forward one hour, an idea championed by lawmakers on the coasts who say it would allow for more sunshine during the winter, or remain on year-round standard time, which is favored by neurologists who say it aligns with our circadian rhythms. That decision would rest with Congress, not the president. The split often reflects regional, not political, differences, based on where time zones fall; a year-round "spring forward" would mean winter sunrises that could creep past 9 a.m. in cities such as Indianapolis and Detroit, prompting many local lawmakers to oppose the idea...

[A 2022 Senate vote to make Daylight Saving Time permanent] awoke a new lobbying effort from advocates such as the American Academy of Sleep Medicine, which warned that year-round daylight saving time would be unhealthy, citing risks such as higher rates of obesity or metabolic dysfunction. Some researchers warned of a condition dubbed "social jetlag," saying that internal body clocks and rhythms would be persistently misaligned if human clocks were permanently set forward an hour. The concerted resistance from the health groups — which some congressional aides jokingly referred to as "Big Sleep" — helped kill the measure in the House and has contributed to a stalemate over how to proceed...

Today, roughly two-thirds of Americans want to end the clock changes, polls show. But even those Americans don't agree on what should come next. An October 2023 YouGov poll found that 33 percent of respondents wanted year-round daylight saving time, 23 percent wanted permanent standard time, and 9 percent had no preference. The remainder weren't sure or preferred to remain on the current system... The political fight is far from over, with Trump allies such as Sen. Tommy Tuberville (R-Alabama) pledging to keep pushing for year-round daylight saving time. Some congressional Republicans also have privately called for a hearing in front of the House Energy and Commerce Committee, with hopes of advancing the Sunshine Protection Act.

GNU is Not Unix

Free Software Foundation Rides To Defend AGPLv3 Against Neo4j License Add-ons (fsf.org) 48

This week the Free Software Foundation "backed a lone developer's brave effort to overturn a pivotal court ruling that threatens to undermine the AGPLv3 — the foundation's GNU Affero General Public License, version 3," reports the Register.

"At stake is the future of not just the AGPLv3, but the FSF's widely used GNU Public License it is largely based on, and the software covered by those agreements." A core tenet of the GPL series is that free software remains free forever, and this is woven into the licenses' fine print. This ongoing legal battle is a matter of whether people can alter those licenses and redistribute code as they see fit in a non-free way, or if they must stick to the terms of an agreement that says the terms cannot be changed... If the Ninth Circuit upholds the [original district court] ruling, it's likely to create a binding precedent that would limit one of the major freedoms that AGPLv3 and other GPL licenses aim to protect — the ability to remove restrictions added to GPL licensed code.
"Neo4j appended an additional nonfree commercial restriction, the Commons Clause, to a verbatim version of the GNU AGPLv3 in a version of its software..." according to an FSF announcement this week. "The FSF's position on such confusing licensing practices has always been clear: the GNU licenses explicitly allow users to remove restrictions incompatible with the four freedoms." (You can read their amicus brief here.)

Thanks to Slashdot reader jms00 for sharing the news.
Crime

Sam Bankman-Fried Gives a Jailhouse Interview, Seeking a Pardon (msn.com) 67

Sam Bankman-Fried — one of the largest donors to the Democratic Party — "was convicted of fraud, sentenced to 25 years in prison and mostly went silent," reports the Wall Street Journal. "Until recently..." Now, from behind bars at the Metropolitan Detention Center in Brooklyn, Bankman-Fried is orchestrating an extraordinary public-relations blitz that looks very much like a campaign to make the most audacious trade of his career: support for President Trump's agenda in return for a presidential pardon...

There is little downside to Bankman-Fried's long-shot effort to secure a pardon. As the appeal that he filed last year works its way through the courts, Bankman-Fried, 33, is staring down a prison sentence that could extend until his 50s... The crowning touch of his campaign came on Thursday, when Bankman-Fried gave a jailhouse interview to "The Tucker Carlson Show," which was released on social-media channels including X and YouTube. Appearing on video in a brown jumpsuit, he criticized Washington bureaucrats and crypto regulators — and suggested that he went to prison out of political retribution... [Carlson's title for the interview? "Sam Bankman-Fried on Life in Prison With Diddy, and How Democrats Stole His Money and Betrayed Him."]

The interview hadn't been approved by the Federal Bureau of Prisons, according to a person familiar with the matter. Bankman-Fried spoke with Carlson through a link that is typically used by inmates to communicate with their lawyers, the person said. After the interview, Bankman-Fried was placed in solitary confinement, but he was out by Friday afternoon, according to a person familiar with the matter... Bankman-Fried is trying to highlight in media appearances and in any interaction with Trump's team that FTX customers are set to be made whole with interest through the bankruptcy proceedings — at least in dollar terms. Many of those creditors remain furious that they missed out on bitcoin's rally since November 2022.

Bankman-Fried "wants to set the record straight on his political beliefs, which he believes have been misconstrued," according to the article. "While he has given heavily to Democrats, he has also donated to Republican causes, including the contribution of millions to a group supporting Senator Mitch McConnell."

But the New York Times, citing "people with knowledge" of his pardon-seeking efforts, reported that "So far, the push does not appear to have gained traction."
Cellphones

Rayhunter: A Cheap New Tool from EFF to Detect Cellular Spying (androidauthority.com) 23

Equuleus42 (Slashdot reader #723) brings word that the Electronic Frontier Foundation (EFF) is sharing a new tool for fighting back against cellphone surveillance by Stingray cell-site simulators.

Android Authority reports: "Rayhunter" uses an open-source software package designed to look for evidence of IMSI catchers in action, running on an old Orbic Speed RC400L mobile hotspot. The great thing about that choice is that you can pick one up for practically nothing — we're seeing them listed for barely over $10 on Amazon, and you can find them even cheaper on eBay. There's an installation script for Macs and Linux to automate getting set up, but once the Orbic is flashed with the Rayhunter software, it should be ready go, collecting data about sketchy-looking "cell towers" it picks up.

Right now, much of the use of IMSI catchers is still shrouded in mystery, with the groups who regularly employ them extremely hesitant to disclose their methods. As a result, a big focus of this EFF project is just getting more info on how and where these are actually used, giving protestors a better sense of the steps they'll need to take if they want to protect their privacy.

AI

Signal President Calls Out Agentic AI As Having 'Profound' Security and Privacy Issues (techcrunch.com) 8

Signal President Meredith Whittaker warned at SXSW that agentic AI poses significant privacy and security risks, as these AI agents require extensive access to users' personal data, likely processing it unencrypted in the cloud. TechCrunch reports: "So we can just put our brain in a jar because the thing is doing that and we don't have to touch it, right?," Whittaker mused. Then she explained the type of access the AI agent would need to perform these tasks, including access to our web browser and a way to drive it as well as access to our credit card information to pay for tickets, our calendar, and messaging app to send the text to your friends. "It would need to be able to drive that [process] across our entire system with something that looks like root permission, accessing every single one of those databases -- probably in the clear, because there's no model to do that encrypted," Whittaker warned.

"And if we're talking about a sufficiently powerful ... AI model that's powering that, there's no way that's happening on device," she continued. "That's almost certainly being sent to a cloud server where it's being processed and sent back. So there's a profound issue with security and privacy that is haunting this hype around agents, and that is ultimately threatening to break the blood-brain barrier between the application layer and the OS layer by conjoining all of these separate services [and] muddying their data," Whittaker concluded.

If a messaging app like Signal were to integrate with AI agents, it would undermine the privacy of your messages, she said. The agent has to access the app to text your friends and also pull data back to summarize those texts. Her comments followed remarks she made earlier during the panel on how the AI industry had been built on a surveillance model with mass data collection. She said that the "bigger is better AI paradigm" -- meaning the more data, the better -- had potential consequences that she didn't think were good. With agentic AI, Whittaker warned we'd further undermine privacy and security in the name of a "magic genie bot that's going to take care of the exigencies of life," she concluded.
You can watch the full speech on YouTube.
Piracy

Feds Arrest Man For Sharing DVD Rip of Spider-Man Movie With Millions Online (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: A 37-year-old Tennessee man was arrested Thursday, accused of stealing Blu-rays and DVDs from a manufacturing and distribution company used by major movie studios and sharing them online before the movies' scheduled release dates. According to a US Department of Justice press release, Steven Hale worked at the DVD company and allegedly stole "numerous 'pre-release' DVDs and Blu-rays" between February 2021 and March 2022. He then allegedly "ripped" the movies, "bypassing encryption that prevents unauthorized copying" and shared copies widely online. He also supposedly sold the actual stolen discs on e-commerce sites, the DOJ alleged.

Hale has been charged with "two counts of criminal copyright infringement and one count of interstate transportation of stolen goods," the DOJ said. He faces a maximum sentence of five years for the former, and 10 years for the latter. Among blockbuster movies that Hale is accused of stealing are Dune, F9: The Fast Saga, Venom: Let There Be Carnage, Godzilla v. Kong, and, perhaps most notably, Spider-Man: No Way Home. The DOJ claimed that "copies of Spider-Man: No Way Home were downloaded tens of millions of times, with an estimated loss to the copyright owner of tens of millions of dollars."

Bitcoin

Trump Signs Order To Establish Strategic Bitcoin Reserve 115

President Trump has signed an executive order to establish a strategic reserve of cryptocurrencies by using tokens already owned by the government. Reuters reports: A "Strategic Bitcoin Reserve" will be capitalized with bitcoin owned by the federal government that was seized as part of criminal or civil asset forfeiture proceedings, the White House crypto czar, billionaire David Sacks, said in a post on social media platform X. The order kept open the possibility of the government buying bitcoin in future. The U.S. commerce and treasury secretaries "are authorized to develop budget-neutral strategies for acquiring additional bitcoin, provided that those strategies impose no incremental costs on American taxpayers," a factsheet on the White House website said. "This is the most underwhelming and disappointing outcome we could have expected for this week," Charles Edwards, founder of bitcoin-focused hedge fund Capriole Investments, wrote in a post on X. "No active buying means this is just a fancy title for Bitcoin holdings that already existed with the Govt. This is a pig in lipstick."
The Internet

Music Labels Will Regret Coming For the Internet Archive, Sound Historian Says (arstechnica.com) 28

An anonymous reader quotes a report from Ars Technica: On Thursday, music labels sought to add nearly 500 more sound recordings to a lawsuit accusing the Internet Archive (IA) of mass copyright infringement through its Great 78 Project, which seeks to digitize all 3 million three-minute recordings published on 78 revolutions-per-minute (RPM) records from about 1898 to the 1950s. If the labels' proposed second amended complaint is accepted by the court, damages sought in the case -- which some already feared could financially ruin IA and shut it down for good -- could increase to almost $700 million. (Initially, the labels sought about $400 million in damages.) IA did not respond to Ars' request for comment, but the filing noted that IA has not consented to music labels' motion to amend their complaint. [...]

Some sound recording archivists and historians also continue to defend the Great 78 Project as a critical digitization effort at a time when quality of physical 78 RPM records is degrading and the records themselves are becoming obsolete, with very few libraries even maintaining equipment to play back the limited collections that are available in physical archives. They push back on labels' claims that commercially available Spotify streams are comparable to the Great 78 Project's digitized recordings, insisting that sound history can be lost when obscure recordings are controlled by rights holders who don't make them commercially available. [...] David Seubert, who manages sound collections at the University of California, Santa Barbara library, told Ars that he frequently used the project as an archive and not just to listen to the recordings.

For Seubert, the videos that IA records of the 78 RPM albums capture more than audio of a certain era. Researchers like him want to look at the label, check out the copyright information, and note the catalogue numbers, he said. "It has all this information there," Seubert said. "I don't even necessarily need to hear it," he continued, adding, "just seeing the physicality of it, it's like, 'Okay, now I know more about this record.'" [...] Nathan Georgitis, the executive director of the Association for Recorded Sound Collections (ARSC), told Ars that you just don't see 78 RPM records out in the world anymore. Even in record stores selling used vinyl, these recordings will be hidden "in a few boxes under the table behind the tablecloth," Georgitis suggested. And in "many" cases, "the problem for libraries and archives is that those recordings aren't necessarily commercially available for re-release."

That "means that those recordings, those artists, the repertoire, the recorded sound history in itself -- meaning the labels, the producers, the printings -- all of that history kind of gets obscured from view," Georgitis said. Currently, libraries trying to preserve this history must control access to audio collections, Georgitis said. He sees IA's work with the Great 78 Project as a legitimate archive in that, unlike a streaming service, where content may be inconsistently available, IA's "mission is to preserve and provide access to content over time." "That 'over time' part is really the key function, I think, that distinguishes an archive from maybe a streaming service in a way," Georgitis said.
"The Internet Archive is not hurting the revenue of the recording industry at all," Seubert suggested. "It has no impact on their revenue." Instead, he suspects that labels' lawsuit is "somehow vindictive," because the labels perhaps "don't like the Internet Archive's way of pushing the envelope on copyright and fair use."

"There are people who, like the founder of the Internet Archive, want to push that envelope, and the media conglomerates want to push back in the other direction," Seubert said.
AI

DuckDuckGo Is Amping Up Its AI Search Tool 21

An anonymous reader quotes a report from The Verge: DuckDuckGo has big plans for embedding AI into its search engine. The privacy-focused company just announced that its AI-generated answers, which appear for certain queries on its search engine, have exited beta and now source information from across the web -- not just Wikipedia. It will soon integrate web search within its AI chatbot, which has also exited beta. DuckDuckGo first launched AI-assisted answers -- originally called DuckAssist -- in 2023. The feature is billed as a less obnoxious version of tools like Google's AI Overviews, designed to offer more concise responses and let you adjust how often you see them, including turning the responses off entirely. If you have DuckDuckGo's AI-generated answers set to "often," you'll still only see them around 20 percent of the time, though the company plans on increasing the frequency eventually.

Some of DuckDuckGo's AI-assisted answers bring up a box for follow-up questions, redirecting you to a conversation with its Duck.ai chatbot. As is the case with its AI-assisted answers, you don't need an account to use Duck.ai, and it comes with the same emphasis on privacy. It lets you toggle between GPT-4o mini, o3-mini, Llama 3.3, Mistral Small 3, and Claude 3 Haiku, with the advantage being that you can interact with each model anonymously by hiding your IP address. DuckDuckGo also has agreements with the AI company behind each model to ensure your data isn't used for training.

Duck.ai also rolled out a feature called Recent Chats, which stores your previous conversations locally on your device rather than on DuckDuckGo's servers. Though Duck.ai is also leaving beta, that doesn't mean the flow of new features will stop. In the next few weeks, Duck.ai will add support for web search, which should enhance its ability to respond to questions. The company is also working on adding voice interaction on iPhone and Android, along with the ability to upload images and ask questions about them. ... [W]hile Duck.ai will always remain free, the company is considering including access to more advanced AI models with its $9.99 per month subscription.
Government

US Mulls Policing Social Media of Would-Be Citizens (theregister.com) 75

The U.S. Citizenship and Immigration Services (USCIS) is proposing to expand mandatory social media screening, currently required only for new arrivals, to include all non-citizens already residing in the U.S. who apply for immigration benefits. The Register reports: Back in 2019, the Department of Homeland Security, which runs USCIS, decided anyone looking to enter the US on a work visa or similar had to hand over their social media handles to the authorities so that they could be looked over for wrongdoing and subversion. In fact, this goes back to 2014, at least, to one degree or another, and has been standard procedure for years for foreigners, particularly those coming in on a visa. [...]

On January 20 this year, President Trump signed an executive order calling for much tougher vetting of foreign aliens, and in response, USCIS has proposed rules saying those already in the country who are going through some process with the agency -- such as applying for permanent residency or citizenship -- will have their social media scanned for subversion. That means if you came to America before foreigners' internet presence was screened as it now is, and you're now seeking some kind of immigration benefit, at this rate you'll be subject to the same scanning as those entering the Land of the Free today.
The proposed changes have a 60-day comment period for the public to suggest amendments. The last day to send them in is May 5.
Censorship

US House Panel Subpoenas Alphabet Over Content Moderation (yahoo.com) 40

An anonymous reader quotes a report from Reuters: The U.S. House Judiciary Committee subpoenaed Alphabet on Thursday seeking its communications with former President Joe Biden's administration about content moderation policies. House Judiciary Committee Chairman Jim Jordan, a Republican, also asked the YouTube parent company for similar communications with companies and groups outside government, according to a copy of the subpoena seen by Reuters. The subpoena seeks communications about limits or bans on content about President Donald Trump, Tesla CEO and close Trump ally Elon Musk, the virus that causes COVID-19 and a host of other conservative discussion topics. "Alphabet, to our knowledge, has not similarly disavowed the Biden-Harris Administration's attempts to censor speech," Jordan said in a letter.

Meanwhile, Google spokesperson Jose Castaneda said the company will "continue to show the committee how we enforce our policies independently, rooted in our commitment to free expression."
Encryption

1Password Introduces 'Nearby Items,' Tying Passwords To Physical Locations (engadget.com) 12

1Password has introduced a 'nearby items' feature, allowing users to tag credentials with physical locations so the relevant information automatically surfaces when users are near those locations. Engadget reports: Location information can be added to any new or existing item in a 1Password vault. The app has also been updated with a map view for setting and viewing the locations of your items. In the blog post announcing the feature, the company cited examples such as door codes for a workplace, health records at a doctor's office, WiFi access at the gym and rewards membership information for local shops as potential uses for location data.

Privacy and security are paramount for a password manager, and 1Password confirmed that a user's location coordinates are only used locally and do not leave the device. Nearby items is available to 1Password customers starting today.

Government

Starlink Benefits As Trump Admin Rewrites Rules For $42 Billion Grant Program (arstechnica.com) 163

An anonymous reader quotes a report from Ars Technica: The Trump administration is eliminating a preference for fiber Internet in a $42.45 billion broadband deployment program, a change that is expected to reduce spending on the most advanced wired networks while directing more money to Starlink and other non-fiber Internet service providers. One report suggests Starlink could obtain $10 billion to $20 billion under the new rules. Secretary of Commerce Howard Lutnick criticized the Biden administration's handling of the Broadband Equity, Access, and Deployment (BEAD) program in a statement yesterday. Lutnick said that "because of the prior Administration's woke mandates, favoritism towards certain technologies, and burdensome regulations, the program has not connected a single person to the Internet and is in dire need of a readjustment."

The BEAD program was authorized by Congress in November 2021, and the US was finalizing plans to distribute funding before Trump's inauguration. The National Telecommunications and Information Administration (NTIA), part of the Commerce Department, developed rules for the program in the Biden era and approved initial funding plans submitted by every state and territory. The program has been on hold since the change in administration, with Senator Ted Cruz (R-Texas) and other Republicans seeking rule changes. In addition to demanding an end to the fiber preference, Cruz wants to kill a requirement that ISPs receiving network-construction subsidies provide cheap broadband to people with low incomes. Cruz also criticized "unionized workforce and DEI labor requirements; climate change assessments; excessive per-location costs; and other central planning mandates."

Lutnick's statement yesterday confirmed that the Trump administration will end the fiber preference and replace it with a "tech-neutral" set of rules, and explore additional changes. He said: "Under my leadership, the Commerce Department has launched a rigorous review of the BEAD program. The Department is ripping out the Biden Administration's pointless requirements. It is revamping the BEAD program to take a tech-neutral approach that is rigorously driven by outcomes, so states can provide Internet access for the lowest cost. Additionally, the Department is exploring ways to cut government red tape that slows down infrastructure construction. We will work with states and territories to quickly get rid of the delays and the waste. Thereafter we will move quickly to implementation in order to get households connected." Lutnick said the department's goal is to "deliver high-speed Internet access... efficiently and effectively at the lowest cost to taxpayers."

Privacy

India Grants Tax Officials Sweeping Digital Access Powers (indiatimes.com) 16

India's income tax department will gain powers to access citizens' social media accounts, emails and other digital spaces beginning April 2026 under the new income tax bill, in a significant expansion of its search and seizure authority.

The legislation, which has raised privacy concerns among legal experts, allows tax officers to "gain access by overriding the access code" to computer systems and "virtual digital spaces" if they suspect tax evasion.

The bill broadly defines virtual digital spaces to include email servers, social media accounts, online investment accounts, banking platforms, and cloud servers.

"The expansion raises significant concerns regarding constitutional validity, potential state overreach, and practical enforcement," Sonam Chandwani, Managing Partner at KS Legal and Associates, told Indian newspaper Economic Times.
Nintendo

Nintendo Says Latest Legal Win Against Piracy 'Significant' For 'Entire Games Industry' (eurogamer.net) 25

Nintendo has trumpeted its latest legal success in the company's ongoing fight against pirated games as "significant" not only for itself, "but for the entire games industry." From a report: The Mario maker today confirmed it had won a final victory over French file-sharing company Dstorage, which operates the website 1fichier.com, following years of legal wrangling and repeated appeals. Nintendo's victory means European file-sharing companies must now remove illegal copies of games when asked to do so, or be held accountable and cough up potentially sizable fines as punishment.

In 2021, the Judicial Court of Paris ordered Dstorage pay Nintendo $1 million in damages after it was found to be hosting pirate games. Dstorage launched an appeal, which then failed in 2023, and was ordered to pay Nintendo further costs. But the case didn't end there. Dstorage finally took the matter to the highest French judiciary court, where it argued that a specific court order was required before it needed to remove content from its hosting services. This bid has also now failed, ending the long-running matter for good.

AI

Judges Are Fed Up With Lawyers Using AI That Hallucinate Court Cases (404media.co) 74

An anonymous reader quotes a report from 404 Media: After a group of attorneys were caught using AI to cite cases that didn't actually exist in court documents last month, another lawyer was told to pay $15,000 for his own AI hallucinations that showed up in several briefs. Attorney Rafael Ramirez, who represented a company called HoosierVac in an ongoing case where the Mid Central Operating Engineers Health and Welfare Fund claims the company is failing to allow the union a full audit of its books and records, filed a brief in October 2024 that cited a case the judge wasn't able to locate. Ramirez "acknowledge[d] that the referenced citation was in error," withdrew the citation, and "apologized to the court and opposing counsel for the confusion," according to Judge Mark Dinsmore, U.S. Magistrate Judge for the Southern District of Indiana. But that wasn't the end of it. An "exhaustive review" of Ramirez's other filings in the case showed that he'd included made-up cases in two other briefs, too. [...]

In January, as part of a separate case against a hoverboard manufacturer and Walmart seeking damages for an allegedly faulty lithium battery, attorneys filed court documents that cited a series of cases that don't exist. In February, U.S. District Judge Kelly demanded they explain why they shouldn't be sanctioned for referencing eight non-existent cases. The attorneys contritely admitted to using AI to generate the cases without catching the errors, and called it a "cautionary tale" for the rest of the legal world. Last week, Judge Rankin issued sanctions on those attorneys, according to new records, including revoking one of the attorneys' pro hac vice admission (a legal term meaning a lawyer can temporarily practice in a jurisdiction where they're not licensed) and removed him from the case, and the three other attorneys on the case were fined between $1,000 and $3,000 each.
The judge in the Ramirez case said that he "does not aim to suggest that AI is inherently bad or that its use by lawyers should be forbidden." In fact, he noted that he's a vocal advocate for the use of technology in the legal profession.

"Nevertheless, much like a chain saw or other useful [but] potentially dangerous tools, one must understand the tools they are using and use those tools with caution," he wrote. "It should go without saying that any use of artificial intelligence must be consistent with counsel's ethical and professional obligations. In other words, the use of artificial intelligence must be accompanied by the application of actual intelligence in its execution."
Security

CISA Tags Windows, Cisco Vulnerabilities As Actively Exploited (bleepingcomputer.com) 16

CISA has warned U.S. federal agencies about active exploitation of vulnerabilities in Cisco VPN routers and Windows systems. "While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it," adds Bleeping Computer. From the report: The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.

The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.

Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.

The Almighty Buck

Trump Names Cryptocurrencies for 'Digital Asset Stockpile' in Social Media Post (cnbc.com) 156

Despite a January announcement that America would explore the idea of a national digital asset stockpile, the exact cryptocurrecies weren't specified. Today on social media the president posted that it would include bitcoin, ether, XRP, Solana's SOL token and Cardano's ADA, reports CNBC — prompting a Sunday rally in cryptocurrencies trading. XRP surged 33% after the announcement while the token tied to Solana jumped 22%. Cardano's coin soared more than 60%. Bitcoin rose 10% to $94,425.29, after dipping to a three-month low under $80,000 on Friday. Ether, which has suffered some of the biggest losses in crypto year-to-date, gained 12%... This is the first time Trump has specified his support for a crypto "reserve" versus a "stockpile." While the former assumes actively buying crypto in regular installments, a stockpile would simply not sell any of the crypto currently held by the U.S. government.
"The total cryptocurrency market has risen about 10%," reports Reuters, "or more than $300 billion, in the hours since Trump's announcement, according to CoinGecko, a cryptocurrency data and analysis company."

"A U.S. Crypto Reserve will elevate this critical industry..." the president posted, promising to "make sure the U.S. is the Crypto Capital of the World," reports The Hill: His announcement comes just after the White House announced it would be welcoming cryptocurrency industry professionals on March 7 in a first-of-its-kind summit... It's unclear what exactly Trump's crypto reserve would look like, and while he previously dismissed crypto as a scam, he's embraced the industry throughout his most recent campaign.
Piracy

Malicious PyPI Package Exploited Deezer's API, Orchestrates a Distributed Piracy Operation (socket.dev) 24

A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News.

Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloads from Deezer — a popular streaming service founded in France in 2007." Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions... The package is designed to log into Deezer, harvest track metadata, request full-length streaming URLs, and download complete audio files in clear violation of Deezer's API terms... [I]t orchestrates a distributed piracy operation by leveraging both user-supplied and hardcoded Deezer credentials to create sessions with Deezer's API. This approach enables full access to track metadata and the decryption tokens required to generate full-length track URLs.

Additionally, the package routinely communicates with a remote server... to update download statuses and submit metadata, thereby centralizing control and allowing the threat actor to monitor and coordinate the distributed downloading operation. In doing so, automslc exposes critical track details — including Deezer IDs, International Standard Recording Codes, track titles, and internal tokens like MD5_ORIGIN (a hash used in generating decryption URLs) — which, when collected en masse, can be used to reassemble full track URLs and facilitate unauthorized downloads...

Even if a user pays for access to the service, the content is licensed, not owned. The automslc package circumvents licensing restrictions by enabling downloads and potential redistribution, which is outside the bounds of fair use...

"The malicious package was initially published in 2019, and its popularity (over 100,000 downloads) indicates wide distribution..."

Slashdot Top Deals