Pfizer this week revealed that it raised the list price of a course of Paxlovid — its lifesaving antiviral drug used to reduce the risk of severe COVID-19 in those most vulnerable — to nearly $1,400, more than double the roughly $530 the US government has paid for the treatment in the emergency phase of the pandemic. From a report: Pfizer CEO Albert Bourla had noted in an investor call at the beginning of the week that the company would increase the price of Paxlovid as it moves from government distribution to the commercial market at the end of this year. But, he did not announce the new list price then. Instead, the company revealed the more than twofold increase in a letter to pharmacies and clinics dated Wednesday. The Wall Street Journal was the first to report the list price of $1,390 after viewing the letter.

A Pfizer spokesperson told the Journal that “pricing for Paxlovid is based on the value it provides to patients, providers, and health care systems due to its important role in helping reduce COVID-19-related hospitalizations and deaths.” A cost-effectiveness analysis last year determined the value of Paxlovid at between $563 and $906 per treatment course, according to nonprofit drug-pricing watchdog The Institute for Clinical and Economic Review.

Read more of this story at Slashdot.

Source: Slashdot – Pfizer Hikes Price of COVID Antiviral Paxlovid From 0 To Nearly ,400

The popular messaging app Telegram can leak your IP address if you simply add a hacker to your contacts and accept a phone call from them. From a report: Denis Simonov, a security researcher, who is also known as n0a, recently highlighted the issue and wrote a simple tool to exploit it. TechCrunch verified the researcher’s findings by adding Simonov to the contacts of a newly created Telegram account. Simonov then called the account, and shortly after provided TechCrunch with the IP address of the computer where the experiment was being carried out.

Telegram boasts 700 million users all over the world, and has always marketed itself as a “secure” and “private” messaging app, even though experts have repeatedly warned that Telegram is not as secure as end-to-end encrypted app Signal, for example. The fact that Telegram leaks your IP address to people in your contacts during a voice call has been known for years, but it’s likely that new, less technical users may not be aware.

Read more of this story at Slashdot.

Source: Slashdot – Telegram is Still Leaking User IP Addresses To Contacts

A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn’t enough to protect affected systems. ArsTechnica: The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out of a possible 10, resides in the NetScaler Application Delivery Controller and NetScaler Gateway, which provide load balancing and single sign-on in enterprise networks, respectively. Stemming from a flaw in a currently unknown function, the information-disclosure vulnerability can be exploited so hackers can intercept encrypted communications passing between devices. The vulnerability can be exploited remotely and with no human action required, even when attackers have no system privileges on a vulnerable system.

Citrix released a patch for the vulnerability last week, along with an advisory that provided few details. On Wednesday, researchers from security firm Mandiant said that the vulnerability has been under active exploitation since August, possibly for espionage against professional services, technology, and government organizations. Mandiant warned that patching the vulnerability wasn’t sufficient to lock down affected networks because any sessions hijacked before the security update would persist afterward.

Read more of this story at Slashdot.

Source: Slashdot – The Latest High-Severity Citrix Vulnerability Under Attack Isn’t Easy To Fix

New submitter flashpoint31415 writes: Amazon is now giving managers leeway to effectively fire employees who fail to meet the company’s three-times-a-week, return-to-office mandate.

The guidelines tell managers to first hold a private conversation with employees who don’t comply with the three-times-a-week requirement. Then, managers have to document the discussion in a follow-up email. If the employee continues to refuse to come in, the manager should hold another meeting, and if needed, take disciplinary action that includes a termination of employment.

Giving managers the ability to fire employees for non-compliance is the strongest measure Amazon has taken over its return-to-office policy.

Read more of this story at Slashdot.

Source: Slashdot – Amazon Allows Managers To Terminate Employees in Office-Attendance Noncompliance

Acting on information from Microsoft and Amazon, India’s Central Bureau of Investigation (CBI) has raided alleged fake tech support operators and other tech-related crims across the country. From a report: The Bureau shared news of a Thursday operation that saw it conduct 76 searches in relation to five cases. The Bureau stated its effort “was conducted in collaboration with national and international agencies, alongside private sector giants,” and described two of its targets as international tech support fraud scams that “impersonated a global IT major and a multinational corporation with an online technology-driven trading platform.”

The alleged scammers operated call centers in five regions of India and “systematically preyed on foreign nationals, masquerading as technical support representatives” for at least five years. The scammers sent users pop-up messages that appeared to come from multinational companies and advised of PC problems — with a toll-free number at which assistance could be had. Victims who called the fakers had their PCs taken over, and were charged hundreds of dollars for a fix.

Read more of this story at Slashdot.

Source: Slashdot – Indian Authorities Raid Fake Tech Support Rings After Tipoff From Amazon and Microsoft

Buckeye, Arizona, is eyeing ‘crazy’ ideas to keep growing, including piping water hundreds of miles uphill from Mexico. From a report: Arizona, stressed by years of drought, has declared its housebuilding boom will have to be curbed due to a lack of water but one of its fastest-growing cities is refusing to give up its relentless march into the desert — even if it requires constructing a pipeline that would bring water across the border from Mexico. The population of Buckeye, located 35 miles west of Phoenix, has doubled over the past decade to just under 120,000 and it is now priming itself to eventually become one of the largest cities in the US west. The city’s boundaries are vast — covering an area stretching out into the Sonoran Desert that would encompass two New York Cities — and so are its ambitions.

Buckeye expects to one day contain as many as 1.5 million people, rivaling or even surpassing Phoenix — the sixth largest city in the US that uses roughly 2bn gallons of water a day — by sprawling out the tendrils of suburbia, with its neat lawns, snaking roads and large homes, into the baking desert. Arizona’s challenging water situation appears a major barrier to such hopes, however. In June, the state announced that new uses of its groundwater have essentially hit a limit, placing restrictions on house building, just a few months after the state lost a fifth of its water allocation from the ailing Colorado River.

There isn’t enough water beneath Buckeye to support homes not already being built, Arizona’s water department has said. But the city is embarking upon an extraordinary scramble to find water from other sources — by recycling it, purchasing it or importing it — to maintain the sort of hurtling growth that continues to propel the US west even in an era of climate crisis. “Personally, my view is that we are still full steam ahead,” said Eric Orsborn, Buckeye’s ebullient mayor. Orsborn said he understands the state has to be “really careful” with water resources but that the city is exploring “options to keep us going and allow us to continue to grow at the rate that we want to grow.”

Read more of this story at Slashdot.

Source: Slashdot – Pipeline Dreams: The Desert City Out To Surpass Phoenix By Importing Water

An anonymous reader quotes a report from Reuters: The U.S. Securities and Exchange Commission dropped claims against two Ripple Labs executives in its lawsuit alleging the blockchain company violated U.S. securities law, according to a court filing in New York on Thursday. The agency said in court papers it is dropping claims that Ripple Chief Executive Brad Garlinghouse and co-founder Chris Larsen aided and abetted sales of the cryptocurrency XRP which a judge has found amounted to unregistered sales of securities.

In its December 2020 lawsuit, the SEC accused Ripple of illegally raising more than $1.3 billion in an unregistered securities offering by selling XRP. U.S. District Judge Analisa Torres in Manhattan granted Ripple a partial win in the case in July, finding that sales of XRP on public exchanges were not unregistered securities offerings. Torres subsequently rejected a request by the SEC to appeal that ruling. She also ruled partly in the SEC’s favor, saying the agency had shown the company’s $728.9 million of XRP sales to hedge funds and other sophisticated buyers had violated the law.

Garlinghouse and Larsen, who have harshly criticized the SEC throughout the case, issued lengthy statements accusing the agency of a political agenda to, in Larsen’s words, “suffocate crypto in America.” “Instead of looking for the criminals stealing customer funds on offshore exchanges that were courting political favor, the SEC went after the good guys,” Garlinghouse said, an apparent reference to Sam Bankman-Fried, founder of crypto exchange FTX. The agency said in its papers that the next step in the case is for both sides to present to the judge on what the appropriate penalty is for Ripple.

Read more of this story at Slashdot.

Source: Slashdot – SEC Drops Claims Against Two Ripple Labs Execs

Is Google laying the groundwork for a true challenger to language learning apps like Duolingo, Memrise and Babbel? In a blog post on Thursday, the search giant announced that it’s rolling out a new Google Search feature designed to help people improve their English speaking skills. TechCrunch’s Kyle Wiggers reports: Rolling out over the next few days for Search on Android devices in Argentina, Colombia, India, Indonesia, Mexico and Venezuela, with more countries and languages to come in the future, the new feature will provide interactive speaking practice for language learners translating to or from English, Google writes in a blog post. “Google Search is already a valuable tool for language learners, providing translations, definitions, and other resources to improve vocabulary,” reads the the post, attributed to Google Research director Christian Plagemann and product manager Katya Cox. “Now, learners translating to or from English on their Android phones will find a new English speaking practice experience with personalized feedback.”

The new experience presents Search users with prompts and asks them to speak the answers using a provided vocabulary word. During each practice session, which last 3 to 5 minutes, Search gives personalized feedback — and the option to sign up for daily reminders to keep practicing and advance to the next stage of difficulty. How personalized is it, exactly? Well, according to Google, the experience gives semantic feedback — indicating whether a response was relevant to a given question and comprehensible to a theoretical conversation partner. It also recommends areas where grammar could be improved, and, to give concrete suggestions for alternative ways to respond, provides a set of example answers at varying levels of language complexity. During practice sessions, learners can tap on any word they don’t understand to see a translation of that word that considers the word in context.

“Designed to be used alongside other learning services and resources, like personal tutoring, mobile apps and classes, the new speaking practice feature on Google Search is another tool to assist learners on their journey,” Plagemann and Cox write. […] “We look forward to expanding to more countries and languages in the future, and to start offering partner practice content soon,” Plagemann and Cox continued. “With these latest updates, which will roll out over the next few days, Google Search has become even more helpful.”

Read more of this story at Slashdot.

Source: Slashdot – Google Takes Aim At Duolingo With New English Tutoring Tool

Tereza Pultarova reports via Space.com: Light pollution is a growing threat to astronomy, but a new streetlamp technology could restore clear views of the night sky. […] A study published earlier this year found that stars are disappearing from the sky at an average rate of 10% per year. This trend affects even the world’s most remote observatories. Germany-based startup StealthTransit recently tested a solution to this growing issue. “Unfortunately, this problem haunts almost all observatories today,” Vlad Pashkovsky, StealthTransit’s founder and CEO, told Space.com in an email. “Modern telescopes are highly sensitive and feel the impact of outdoor lighting of cities located at the distance of 50 or even 200 kilometers [30 to 120 miles]. This means that virtually every observatory on Earth either already needs, or will need in the future 10 years, protection from the light of large cities.”

StealthTransit’s solution relies on three components: A simple device that makes LED lights flicker at a very high frequency that is imperceptible to the human eye, a GPS receiver, and a specially designed shutter on the telescope’s camera that can blink in sync with the LED lights. The GPS technology guides the telescope’s shutter to open only during the fleeting moments when the LED lights are switched off. The experiments, conducted at an observatory in the Caucasus Mountains in Russia, showed that the technology, dubbed the DarkSkyProtector, could reduce unwanted sky glow in astronomical images by 94%. “We can say that the telescope was seeing almost a dark sky at this time,” Pashkovsky said. “The important thing about our technology is that it makes all kinds of lights astronomy-friendly, including outdoor advertising and indoor lighting in apartments, offices and stores.”

The technology could filter out lights from nearby towns and villages as well as those surrounding the observatory itself. It might sound impractical to refit an entire town with devices that allow lamps to blink, but Pashkovsky said that most existing LED lights can operate in the blinking mode and that new lamps designed specifically with sky protection in mind would be no costlier than existing LED technology. The most expensive element of the DarkSkyProtector system is the telescope shutter, which needs to be lightweight and agile enough to blink about 150 times per second. StealthTransit tested the prototype shutter on a 24-inch-wide (60 centimeters) telescope and hopes to make the technology available for larger telescopes. Although StealthTransit’s technology is not yet ready for commercial use, Pashkovsky said, the firm hopes to have a product fit for the world’s best telescopes in five to seven years.

Read more of this story at Slashdot.

Source: Slashdot – A Simple Streetlight Hack Could Protect Astronomy From Urban Light Pollution

Jessica Lyons Hardcastle reports via The Register: Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. ClassPad is Casio’s education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of “items” belonging to individuals and organizations around the globe. As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count.

The data included customers’ names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn’t not retain customers’ credit card information, so presumably people’s banking info wasn’t compromised in the hack. An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure. “At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” the official notice said. “Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access.” The intruder didn’t access the ClassPad.net app, according to Casio, so that is still available for use.

Read more of this story at Slashdot.

Source: Slashdot – Casio Keyed Up After Data Loss Hits Customers In 149 Countries

An anonymous reader quotes a report from VICE News: Canada will legalize medically assisted dying for people who are addicted to drugs next spring, in a move some drug users and activists are calling “eugenics.” The country’s medical assistance in dying (MAID) law, which first came into effect in 2016, will be expanded next March to give access to people whose sole medical condition is mental illness, which can include substance use disorders. Before the changes take place, however, a special parliamentary committee on MAID will regroup to scrutinize the rollout of the new regulations, according to the Toronto Star.

Currently, people are eligible for MAID if they have a “grievous and irremediable medical condition”, such as a serious illness or disability, that has put them in an advanced state of irreversible decline and caused enduring physical or psychological suffering — excluding mental illness. Anyone who receives MAID must also go through two assessments from independent health care providers, among meeting other criteria. […] As Canada prepares to legalize MAID for people with mental disorders, each province will have to develop its own protocol for how to assess people. Dr. Simon Colgan, lead physician for the Community Allied Mobile Palliative Partnership which provides palliative care to homeless people, said MAID requests “must be understood within the context of a person’s lived experience and this takes time and relationship.” He said any MAID protocols for people with substance use disorders should be made with the input of people with lived experiences. “I don’t think it’s fair, and the government doesn’t think it’s fair, to exclude people from eligibility because their medical disorder or their suffering is related to a mental illness,” said Dr. David Martell, physician lead for Addictions Medicine at Nova Scotia Health. “As a subset of that, it’s not fair to exclude people from eligibility purely because their mental disorder might either partly or in full be a substance use disorder. It has to do with treating people equally.”

On the flip side, some drug users and harm reduction advocates say they’re upset drug users are being given access to MAID, as they feel other public health measures are lacking. “I just think that MAID when it has entered the area around mental health and substance use is really rooted in eugenics. And there are people who are really struggling around substance use and people do not actually get the kind of support and help they need,” said Zoe Dodd, a Toronto-based harm reduction advocate.

Karen Ward, a drug user activist in Vancouver, said she considers the expansion of MAID to include people with substance use disorders a “statement in federal law that some people aren’t really human.” “The government has made death accessible while a better life remains impossible,” she said. “Homes for all, guaranteed dignified incomes, access to healthcare, education and employment: these aren’t radical demands.”

Read more of this story at Slashdot.

Source: Slashdot – Canada Will Legalize Medically Assisted Dying For People Addicted To Drugs

theodp writes: In July, Seattle-based and tech-backed nonprofit Code.org announced its 10th policy recommendation for all states “to require all students to take computer science (CS) to earn a high school diploma.” In August, Washington State Senator Lisa Wellman phoned-in her plans to introduce a bill to make computer science a Washington high school graduation requirement to the state’s Board of Education, indicating that the ChatGPT-sparked AI craze and Code.org had helped convince her of the need. Wellman, a former teacher who worked as a Programmer/System Analyst in the 80’s before becoming an Apple VP (Publishing) in the ’90s, also indicated that exposure to CS given to students in fifth grade could be sufficient to satisfy a HS CS requirement. In 2019, Wellman sponsored Microsoft-supported SB 5088 (Bill details), which required all Washington state public high schools to offer a CS class. Wellman also sponsored SB 5299 in 2021, which allows high school students to take a computer science elective in place of a third year math or science course (that may be required for college admission) to count towards graduation requirements.

And in October, Code.org CEO Hadi Partovi appeared before the Washington State Board of Education, driving home points Senator Wellman made in August with a deck containing slides calling for Washington to “require that all students take computer science to earn a high school diploma” and to “require computer science within all teacher certifications.” Like Wellman, Partovi suggested the CS high school requirement might be satisfied by middle school work (he alternatively suggested one year of foreign language could be dropped to accommodate a HS CS course). Partovi noted that Washington contained some of the biggest promoters of K-12 CS in Microsoft Philanthropies’ TEALS (TEALS founder Kevin Wang is a member of the Washington State Board of Education) and Code.org, as well some of the biggest funders of K-12 CS in Amazon and Microsoft — both which are $3,000,000+ Platinum Supporters of Code.org and have top execs on Code.org’s Board of Directors.

Read more of this story at Slashdot.

Source: Slashdot – Code.org Presses Washington To Make Computer Science a High School Graduation Requirement

Slash_Account_Dot shares a report from 404 Media: Hackers are targeting accounts on Kodex, a platform that connects law enforcement agencies and tech companies and which is designed to verify emergency requests for customer data, according to multiple online conversations between hackers viewed by 404 Media. Screenshots from one of the compromised accounts shows a panel where a law enforcement officer, or a hacker, can potentially ‘create a new request.’ The screenshots show a wide range of companies such as tech giants Meta and Microsoft’s LinkedIn; cryptocurrency exchanges Binance and Coinbase; social media platforms Pinterest, Discord, and Snapchat; financial service Fidelity, and gaming platform Roblox. The compromised account appears to belong to a national police force, but the screenshots do not include the agency’s full name.

There is no evidence that hackers have successfully used compromised Kodex accounts to obtain data from a tech company, and Matt Donahue, the former FBI agent and now CEO of Kodex, said that multiple compromised accounts 404 Media found did not have authorization to make such requests, and that Kodex had shut down those accounts. But the repeated examples of criminal chatter show that Kodex is a target of interest for hackers.

Read more of this story at Slashdot.

Source: Slashdot – Hackers Compromise Accounts of Kodex, Company That Vets Police Data Requests For Tech Giants

Ty Roush reports via Forbes: Convoy, a Seattle-based digital freight booker with investors that include billionaires Bill Gates and Jeff Bezos, announced Thursday it would be shutting down, according to Bloomberg, after the company failed to find a buyer amid a “massive freight recession.” Convoy’s founder and chief executive Dan Lewis notified employees in an internal memo Thursday that “today is your last day at the company,” noting the company is “exploring and evaluating strategic options for what might come next,” Bloomberg reported.

Lewis said the company had evaluated potential suitors to acquire it, though “none of the options ultimately materialized into anything sufficient to keep the company going in its then current form.” Convoy was in “the middle of a massive freight recession and a contraction in the capital markets,” according to Lewis, who added “this combination ultimately crushed our progress” and likely swayed potential suitors away from acquiring the firm. “Following an exhaustive process, spanning many, many months during which we explored all viable strategic options for the business, the result is where we are today,” Lewis wrote. Convoy was founded in 2015 in an effort to prevent trucks from driving “empty miles” without loads. The idea was to use technology to make freight more efficient by connecting truck drivers with freight companies — reducing shippers’ costs, increasing carriers’ earnings, and eliminating carbon emissions in the process.

Read more of this story at Slashdot.

Source: Slashdot – Convoy Trucking Startup, Backed By Jeff Bezos and Bill Gates, Is Closing Operation With No Buyer

Jailed WikiLeaks founder Julian Assange will become an honorary citizen of Rome by early next year following a vote this week by its local assembly, the city’s former mayor Virginia Raggi said on Thursday. Reuters reports: Assange, 52, has been in London’s high-security Belmarsh prison since 2019 and is wanted in the United States over the release of confidential U.S. military records and diplomatic cables in 2010. His supporters see his prosecution as a politically motivated assault on journalism and free speech. Washington says the release of secret documents put lives in danger.

The motion to make him a citizen of the Eternal City was spearheaded by Raggi, from the left-leaning Five Star Movement, and won cross-party support. “Assange is a symbol of free speech which is essential for any genuine democracy,” Raggi, who ran Rome’s city hall between 2016 and 2021, told Reuters. “He has been deprived of his own liberty for years, in awful conditions, for doing his job as a journalist,” she said.

The motion was approved on Tuesday, kick-starting a process that Raggi said she hoped could be completed by Christmas but may take slightly longer. Other Italian cities have taken similar steps. The northern city of Reggio Emilia granted Assange citizenship last month, while Naples is set to follow shortly. Further reading: Australian MPs To Lobby US To Drop Julian Assange Prosecution or Risk ‘Very Dangerous’ Precedent for Russia and China

Read more of this story at Slashdot.

Source: Slashdot – Julian Assange To Be Made Honorary Citizen of Rome

Chinese multinational Zotac has announced a mini-PC built around two solid-state active cooling chips called the AirJet Pro and AirJet Mini. They’re designed by a company called Frore Systems. New Atlas reports: The AirJet tech is described as a self-contained active heat sink featuring membranes inside that vibrate at ultrasonic frequency, generating “a powerful flow of air” that’s pushed through vents at the top of the unit. These “high-velocity pulsating jets” remove heat from the processor and push it out through an integrated spout. Back at Computex 2023 in May, Zotac’s new Zbox mini-PC was announced as the first recipient of Frore’s cooling technology, in the shape of two near-silent AirJet Minis. Now The Zbox PI430AJ has launched to “select regions.” Zotac reckons that the active cooling modules can only be heard if the user places an ear against the Zbox’s housing.

The processor of choice for this “world’s first” device is an Intel Core i3-N300 octacore chip that can clock up to 3.8 GHz. This features integrated UHD graphics, and is supported by 8 GB of LPDDR5 RAM. The Windows flavor comes with 512 GB of SSD storage, while users who opt for the barebones version will need to install their own. The 114.8 x 76 x 23.8-mm (4.52 x 2.99 x 0.95-in) mini-PC sports two USB 3.2 Type-A ports plus one USB-C, HDMI and DisplayPort, Ethernet LAN and a combo headphone/microphone jack. Bluetooth 5.2 and Wi-Fi 6 are cooked in for wireless needs.

Read more of this story at Slashdot.

Source: Slashdot – First Mini-PC With Solid-State Active Cooling System Launches

An anonymous reader quotes a report from Politico: The Consumer Financial Protection Bureau on Thursday released a landmark proposal restricting how financial institutions handle consumer data. […] The proposed rule — which faces months of feedback and lobbying from industry and consumer groups before it’s approved — would bar financial firms from “hoarding” a consumer’s data, the agency said. It would require companies to share information, at a customer’s request, with other businesses offering competing products and prevent them from charging for it.

Banks would be required to make personal financial data available to consumers free of charge, and companies that access a person’s data would not be able to use it for targeted advertising. Access to a person’s data would have to be reauthorized annually, and consumers would have the right to revoke access at any time. The proposal, which implements Section 1033 of the 2010 Dodd-Frank law, also “seeks to move the market away from risky data collection practices” such as screen scraping, the CFPB said. “It is often really daunting for a consumer to switch banks, in part because it’s difficult to take their financial transaction history data to a new bank,” White House National Economic Council Director Lael Brainard said on a call with reporters. “Today’s rule will help ensure financial companies compete based on service quality and pricing.”

Read more of this story at Slashdot.

Source: Slashdot – CFPB Moves To Bar Financial Firms From ‘Hoarding’ a Consumer’s Data

An anonymous reader shares a report: In 2015, researchers reported a surprising discovery that stoked industry-wide security concerns — an attack called RowHammer that could corrupt, modify, or steal sensitive data when a simple user-level application repeatedly accessed certain regions of DDR memory chips. In the coming years, memory chipmakers scrambled to develop defenses that prevented the attack, mainly by limiting the number of times programs could open and close the targeted chip regions in a given time. Recently, researchers devised a new method for creating the same types of RowHammer-induced bitflips even on a newer generation of chips, known as DDR4, that have the RowHammer mitigations built into them. Known as RowPress, the new attack works not by “hammering” carefully selected regions repeatedly, but instead by leaving them open for longer periods than normal. Bitflips refer to the phenomenon of bits represented as ones change to zeros and vice versa.

Further amplifying the vulnerability of DDR4 chips to read-disturbance attacks — the generic term for inducing bitflips through abnormal accesses to memory chips — RowPress bitflips can be enhanced by combining them with RowHammer accesses. Curiously, raising the temperature of the chip also intensifies the effect. “We demonstrate a proof of concept RowPress program that can cause bitflips in a real system that already employs protections against RowHammer,” Onur Mutlu, a professor at ETH Zurich and a co-author of a recently published paper titled RowPress: Amplifying Read Disturbance in Modern DRAM Chips [PDF], wrote in an email. “Note that this is not in itself an attack. It simply shows that bitflips are possible and plenty, which can easily form the basis of an attack. As many prior works in security have shown, once you can induce a bitflip, you can use that bitflip for various attacks.”

Read more of this story at Slashdot.

Source: Slashdot – There’s a New Way To Flip Bits in DRAM, and It Works Against the Latest Defenses

Discord is overhauling the way it moderates its platform with a new warning system and teen safety assist feature. From a report: The new Discord warning system has been totally revamped to be far more transparent, educating Discord users how they’ve broken rules and are restricted from parts of the service rather than permanently banning them. “The new system gives users more room to learn from their mistakes and correct misjudgments,” explains Savannah Badalich, Discord’s senior director of policy, in a briefing with The Verge. “We’re moving away from permanent bans to one-year temporary bans for many violations, except for violations that are extremely harmful.”

In the coming weeks, Discord will start to limit features for rule breakers, instead of banning them outright. If a Discord user violates the rules, then they’ll be met with a DM from Discord letting them know about the warning or violation and what action Discord is taking. So, if a Discord user uploads an image that breaks the rules, they might temporarily take away the ability to post images.

Read more of this story at Slashdot.

Source: Slashdot – Discord is Going To Give Out Warnings Instead of Permanent Bans

The FCC has unanimously approved plans by several tech companies to use the 6GHz band for wireless devices. From a report: FCC Chair Jessica Rosenworcel proposed the new rules, which would authorize very low power (VLP) operations — meaning their signals won’t be able to go very far — in about 850MHz of the spectrum, on September 27th. The rules will also allow devices to “use higher power levels” so long as they’re geofenced to keep from interfering with actual licensed 6GHz usage, and the FCC will be taking comments on other ways it can expand 6GHz spectrum usage by technology devices.

A September Bloomberg report pointed to some of the kinds of devices the FCC’s affirmative vote could open up, including in-car connections, mobile virtual or augmented reality devices, and more. The FCC originally opened up 1,200MHz of the 6GHz spectrum for unlicensed use by Wi-Fi routers and client devices (think smartphones or laptops), giving home networks far more wireless overhead than existing Wi-Fi standards already had. This new approval expands the spectrum for much more general use.

Read more of this story at Slashdot.

Source: Slashdot – FCC Greenlights Superfast Wi-Fi Tethering for AR and VR Headsets