An anonymous reader quotes a report from The Verge: Betterment, a financial app, sent a sketchy-looking notification on Friday asking users to send $10,000 to Bitcoin and Ethereum crypto wallets and promising to "triple your crypto," according to a thread on Reddit. The Betterment account says in an X thread that this was an "unauthorized message" that was sent via a "third-party system." TechCrunch has since confirmed that an undisclosed number of Betterment's customers have had their personal information accessed. "The company said customer names, email and postal addresses, phone numbers, and dates of birth were compromised in the attack," reports TechCrunch.

Betterment said it detected the attack on the same day and "immediately revoked the unauthorized access and launched a comprehensive investigation, which is ongoing." The fintech firm also said it has reached out to the customers targeted by the hackers and "advised them to disregard the message."

"Our ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised," Betterment wrote in the email.

22 years ago, developer and columnist John Gruber released Markdown, a simple plain-text formatting system designed to spare writers the headache of memorizing arcane HTML tags. As technologist Anil Dash writes in a long piece, Markdown has since embedded itself into nearly every corner of modern computing.

Aaron Swartz, then seventeen years old, served as the beta tester before its quiet March 2004 debut. Google eventually added Markdown support to Docs after more than a decade of user requests; Microsoft put it in Notepad; Slack, WhatsApp, Discord, and Apple Notes all support it now. Dash writes: The part about not doing this stuff solely for money matters, because even the most advanced LLM systems today, what the big AI companies call their "frontier" models, require complex orchestration that's carefully scripted by people who've tuned their prompts for these systems through countless rounds of trial and error. They've iterated and tested and watched for the results as these systems hallucinated or failed or ran amok, chewing up countless resources along the way. And sometimes, they generated genuinely astonishing outputs, things that are truly amazing to consider that modern technology can achieve. The rate of progress and evolution, even factoring in the mind-boggling amounts of investment that are going into these systems, is rivaled only by the initial development of the personal computer or the Internet, or the early space race.

And all of it -- all of it -- is controlled through Markdown files. When you see the brilliant work shown off from somebody who's bragging about what they made ChatGPT generate for them, or someone is understandably proud about the code that they got Claude to create, all of the most advanced work has been prompted in Markdown. Though where the logic of Markdown was originally a very simple version of "use human language to tell the machine what to do", the implications have gotten far more dire when they use a format designed to help expresss "make this **bold**" to tell the computer itself "make this imaginary girlfriend more compliant".

Microsoft has abruptly retired the Microsoft Deployment Toolkit, a free platform that IT administrators have relied on to deploy Windows operating systems and applications for more than two decades. The retirement, reports the Register, came with "immediate" notice, meaning no more fixes, support, security patches, or updates, and the download packages may be removed from official distribution channels.

Ubisoft announced Wednesday it will close its studio in Halifax, Nova Scotia — two weeks after 74% of its staff voted to unionize.

This means laying off the 71 people at the studio, reports the gaming news site Aftermath: [Communications Workers of America's Canadian affiliate, CWA Canada] said in a statement to Aftermath the union will "pursue every legal recourse to ensure that the rights of these workers are respected and not infringed in any way." The union said in a news release that it's illegal in Canada for companies to close businesses because of unionization. That's not necessarily what happened here, according to the news release, but the union is "demanding information from Ubisoft about the reason for the sudden decision to close."

"We will be looking for Ubisoft to show us that this had nothing to do with the employees joining a union," former Ubisoft Halifax programmer and bargaining committee member Jon Huffman said in a statement. "The workers, their families, the people of Nova Scotia, and all of us who love video games made in Canada, deserve nothing less...."

Before joining Ubisoft, the studio was best known for its work on the Rocksmith franchise; under Ubisoft, it focused squarely on mobile games.

Ubisoft Halifax was quickly removed from the Ubisoft website on Wednesday...

An anonymous reader shared this report from It's FOSS: Jenny Guanni Qu, a researcher at [VC fund] Pebblebed, analyzed 125,183 bugs from 20 years of Linux kernel development history (on Git). The findings show that the average bug takes 2.1 years to find. [Though the median is 0.7 years, with the average possibly skewed by "outliers" discovered after years of hiding.] The longest-lived bug, a buffer overflow in networking code, went unnoticed for 20.7 years! [But 86.5% of bugs are found within five years.]

The research was carried out by relying on the Fixes: tag that is used in kernel development. Basically, when a commit fixes a bug, it includes a tag pointing to the commit that introduced the bug. Jenny wrote a tool that extracted these tags from the kernel's git history going back to 2005. The tool finds all fixing commits, extracts the referenced commit hash, pulls dates from both commits, and calculates the time frame. As for the dataset, it includes over 125k records from Linux 6.19-rc3, covering bugs from April 2005 to January 2026. Out of these, 119,449 were unique fixing commits from 9,159 different authors, and only 158 bugs had CVE IDs assigned.
It took six hours to assemble the dataset, according to the blog post, which concludes that the percentage of bugs found within one year has improved dramatically, from 0% in 2010 to 69% by 2022. The blog post says this can likely be attributed to:

• The Syzkaller fuzzer (released in 2015)

• Dynamic memory error detectors like KASAN, KMSAN, KCSAN sanitizers

• Better static analysis

• More contributors reviewing code

But "We're simultaneously catching new bugs faster AND slowly working through ~5,400 ancient bugs that have been hiding for over 5 years."

They've also developed an AI model called VulnBERT that predicts whether a commit introduces a vulnerability, claiming that of all actual bug-introducing commits, it catches 92.2%. "The goal isn't to replace human reviewers but to point them at the 10% of commits most likely to be problematic, so they can focus attention where it matters..."

An anonymous reader shared this report from Engadget: If you received a bunch of password reset requests from Instagram recently, you're not alone. As reported by Malwarebytes, an antivirus software company, there was a data breach revealing the "sensitive information" of 17.5 million Instagram users. Malwarebytes added that the leak included Instagram usernames, physical addresses, phone numbers, email addresses and more.

The company added that the "data is available for sale on the dark web and can be abused by cybercriminals." Malwarebytes noted in an email to its customers that it discovered the breach during its routine dark web scan and that it's tied to a potential incident related to an Instagram API exposure from 2024.

A new study "compared how well top AI systems and human workers did at hundreds of real work assignments," reports the Washington Post.

They add that at least one example "illustrates a disconnect three years after the release of ChatGPT that has implications for the whole economy." AI can accomplish many impressive tasks involving computer code, documents or images. That has prompted predictions that human work of many kinds could soon be done by computers alone. Bentley University and Gallup found in a survey [PDF] last year that about three-quarters of Americans expect AI to reduce the number of U.S. jobs over the next decade. But economic data shows the technology largely has not replaced workers.

To understand what work AI can do on its own today, researchers collected hundreds of examples of projects posted on freelancing platforms that humans had been paid to complete. They included tasks such as making 3D product animations, transcribing music, coding web video games and formatting research papers for publication. The research team then gave each task to AI systems such as OpenAI's ChatGPT, Google's Gemini and Anthropic's Claude. The best-performing AI system successfully completed only 2.5 percent of the projects, according to the research team from Scale AI, a start-up that provides data to AI developers, and the Center for AI Safety, a nonprofit that works to understand risks from AI. "Current models are not close to being able to automate real jobs in the economy," said Jason Hausenloy, one of the researchers on the Remote Labor Index study...

The results, which show how AI systems fall short, challenge predictions that the technology is poised to soon replace large portions of the workforce... The AI systems failed on nearly half of the Remote Labor Index projects by producing poor-quality work, and they left more than a third incomplete. Nearly 1 in 5 had basic technical problems such as producing corrupt files, the researchers found.
One test involved creating an interactive dashboard for data from the World Happiness Report, according to the article. "At first glance, the AI results look adequate. But closer examination reveals errors, such as countries inexplicably missing data, overlapping text and legends that use the wrong colors — or no colors at all."

The researchers say AI systems are hobbled by a lack of memory, and are also weak on "visual" understanding.

Microsoft is testing a new Windows policy that lets IT administrators uninstall Microsoft Copilot from managed devices. The change rolls out via Windows Insider builds and works through standard management tools like Intune and SCCM. BleepingComputer reports: The new policy will apply to devices where the Microsoft 365 Copilot and Microsoft Copilot are both installed, the Microsoft Copilot app was not installed by the user, and the Microsoft Copilot app was not launched in the last 28 days. "Admins can now uninstall Microsoft Copilot for a user in a targeted way by enabling a new policy titled RemoveMicrosoftCopilotApp," the Windows Insider team said.

"If this policy is enabled, the Microsoft Copilot app will be uninstalled, once. Users can still re-install if they choose to. This policy is available on Enterprise, Pro, and EDU SKUs. To enable this policy, open the Group policy editor and go to: User Configuration -> Administrative Templates -> Windows AI -> Remove Microsoft Copilot App."

An anonymous reader shares a report: Microsoft is celebrating the resurgence of interest in physical media in the only way it knows how... by halting the Windows Media Player metadata service. Readers of a certain vintage will remember inserting a CD into their PC and watching Windows Media Player populate with track listings and album artwork. No more.

Sometime before Christmas, the metadata servers stopped working and on Windows 10 or 11, the result is the same: album not found. We tried this out at Vulture Central on some sacrificial Windows devices that had media drives and can confirm that a variety of compact discs were met with stony indifference. Some 90s cheese that was successfully ripped (for personal use, of course) decades ago? No longer recognized. A reissue of something achingly hip? Also not recognized.

Linus Torvalds has weighed in on an ongoing debate within the Linux kernel development community about whether documentation should explicitly address AI-generated code contributions, and his position is characteristically blunt: stop making it an issue. The Linux creator was responding to Oracle-affiliated kernel developer Lorenzo Stoakes, who had argued that treating LLMs as "just another tool" ignores the threat they pose to kernel quality. "Thinking LLMs are 'just another tool' is to say effectively that the kernel is immune from this," Stoakes wrote.

Torvalds disagreed sharply. "There is zero point in talking about AI slop," he wrote. "Because the AI slop people aren't going to document their patches as such." He called such discussions "pointless posturing" and said that kernel documentation is "for good actors." The exchange comes as a team led by Intel's Dave Hansen works on guidelines for tool-generated contributions. Stoakes had pushed for language letting maintainers reject suspected AI slop outright, arguing the current draft "tries very hard to say 'NOP.'" Torvalds made clear he doesn't want kernel documentation to become a political statement on AI. "I strongly want this to be that 'just a tool' statement," he wrote.

Microsoft is discontinuing its Send to Kindle integration in Word, ending a feature that allowed Microsoft 365 subscribers to send documents directly to their Kindle e-readers and preserve complex formatting through fixed layouts.

The company updated its documentation to announce that beginning February 9th, 2026, the Send to Kindle feature will no longer work across Web, Win32, and Mac platforms. Microsoft has not disclosed why it's killing the integration but recommends users switch to Amazon's official Send to Kindle app. The feature launched in 2023 and was particularly valued by Kindle Scribe owners who could annotate the transferred documents.

Adam Wathan, the creator of the popular CSS framework Tailwind CSS, has let go of 75% of his engineering team -- reducing it from four people to one -- because AI-generated search answers have decimated traffic to the project's documentation pages.

Traffic to Tailwind's documentation has fallen roughly 40% since early 2023 despite the framework being more popular than ever, Wathan wrote in a post. The documentation is the primary channel through which developers discover Tailwind's commercial products, and without that traffic the business has struggled to sustain itself; revenue has dropped close to 80%.

The reduced team also means Wathan cannot currently prioritize implementing LLMS.txt, a proposed feature that would make documentation more accessible to large language models. "Tailwind is growing faster than it ever has and is bigger than it ever has been, and our revenue is down close to 80%," he wrote in the forum post.

Microsoft has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. From a report: The change was announced in April 2024, when Microsoft said that it would add new External Recipient Rate (ERR) limits starting January 2025 to fight spam, with plans to begin enforcing the limit on cloud-hosted mailboxes of existing tenants between July and December 2025.

As explained last year, this new Mailbox External Recipient Rate Limit was designed to prevent Microsoft 365 customers from abusing Exchange Online resources and to restrict unfair usage. However, on Tuesday, Microsoft announced that the Exchange Online bulk emailing rate limit is being canceled indefinitely, following negative customer feedback.

An anonymous reader shares a report: If you're among the macOS users experiencing some weird issues with your Logitech mouse, then good news: Logitech has now released a fix. This comes after multiple Reddit users reported yesterday that Logi Options Plus -- the app required to manage and configure the controls on Logitech accessories -- had stopped working, preventing them from using customized scrolling features, button actions, and gestures.

One Reddit user said that the scroll directions and extra buttons on their Logitech mouse "were not working as I intended" and that the Logi Options Plus app became stuck in a boot loop upon opening it to identify the cause. Logitech has since acknowledged the situation and said that its G Hub app -- a similar management software for gaming devices under the Logitech G brand -- was also affected.

According to Logitech's support page, the problem was caused by "an expired certificate" required for the apps to run. Windows users were unaffected. The issues only impacted Mac users because macOS prevents certain applications from running if it doesn't detect a valid Developer ID certificate, something that has affected other apps in the past.

Dell's CES 2026 product briefing, PC Gamer writes, stood out from the relentless AI-focused presentations that have dominated tech events for years, as the company explicitly chose to downplay its AI messaging when announcing a refreshed XPS laptop lineup, new ultraslim and entry-level Alienware laptops, Area-51 desktop refreshes and several monitors.

"One thing you'll notice is the message we delivered around our products was not AI-first," Dell head of product Kevin Terwilliger said during the presentation. "A bit of a shift from a year ago where we were all about the AI PC." The shift stems from Dell's observation that consumers simply aren't making purchasing decisions based on AI capabilities. "We're very focused on delivering upon the AI capabilities of a device -- in fact everything that we're announcing has an NPU in it -- but what we've learned over the course of this year, especially from a consumer perspective, is they're not buying based on AI," Terwilliger said. "In fact I think AI probably confuses them more than it helps them understand a specific outcome."

Microsoft's OneDrive cloud storage service has drawn renewed criticism for a particularly frustrating behavior pattern that can leave users without access to their local files after the service automatically activates during Windows updates.

Author Jason Pargin recently outlined the problem: Windows updates can enable OneDrive backup without any plain-language warning or opt-out option, and the service then quietly begins uploading the contents of a user's computer to Microsoft's servers. The trouble begins when users attempt to disable OneDrive Backup. According to Pargin, turning off the feature can result in local files being deleted, leaving behind only a desktop icon labeled "Where are my files?"

Users can redownload their files from Microsoft's servers, but attempting to then delete Microsoft's copies triggers another deletion of the local files. The only workaround requires users to hunt down YouTube tutorials that walk through the steps, as the relevant options are buried in menus and none clearly describe their function in plain English. Pargin compared the experience to a ransomware attack.

Nvidia's G-Sync Pulsar technology, first announced nearly two years ago as a solution to display motion blur caused by old images persisting on the viewer's retina, is finally arriving in consumer monitors this week. The first four Pulsar-equipped displays -- from Acer, AOC, Asus and MSI -- hit select retailers on Wednesday, all sharing the same core specs: 27-inch IPS panels running at 1440p resolution and up to 360 Hz refresh rates. Nvidia claims the technology delivers the "effective motion clarity of a theoretical 1,000 Hz monitor."

The system uses a rolling scan scheme that pulses the backlight for one-quarter of a frame just before pixels are overwritten, giving them time to fully transition between colors before illumination. The approach also reduces how long old pixels persist on the viewer's retina. Previous "Ultra Low Motion Blur" features on other monitors worked only at fixed refresh rates, but Pulsar syncs its pulses to G-Sync's variable refresh rate.

Early reviews are mixed. The Monitors Unboxed YouTube channel called it "clearly the best solution currently available" for limiting motion blur, while PC Magazine described the improvements as "minor in the grand scheme of things" and potentially hard for casual viewers to notice.

An anonymous reader shares a report: Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions.

These AI-assisted IDEs are forked from Microsoft VSCode, but cannot use the extensions in the official store due to licensing restrictions. Instead, they are supported by OpenVSX, an open-source marketplace alternative for VSCode-compatible extensions. As a result of forking, the IDEs inherit the list of officially recommended extensions, hardcoded in the configuration files, which point to Microsoft's Visual Studio Marketplace.

Capita, the UK outsourcer that won a $323 million contract to administer the nation's Civil Service Pension Scheme for 1.7 million members, has responded to a disastrous portal launch by asking users to hold off on complaints until its new AI chatbots go live.

The service launched on December 1 and immediately ran into problems including unrecognized passwords, broken links and placeholder text scattered across unfinished pages. In a December 17 email to members, The Register reports today, managing director Chris Clements said Capita was "working tirelessly" and promised "one of the biggest services in the United Kingdom with AI at its core" by March.

He asked users whose enquiries were not urgent to wait until the new year before contacting support again.

Google is quietly killing Gmail's ability to fetch mail from third-party email accounts using POP3, a long-standing feature that has allowed users to consolidate multiple inboxes into a single Gmail interface. The change takes effect this month and also ends Gmailify, the companion feature that applied Gmail's spam filtering and inbox organization to linked third-party accounts.

Google buried the decision in a support note rather than making any formal announcement. The company's suggested workaround -- switching to IMAP -- doesn't work for all affected users. Users can still access third-party accounts through the Gmail mobile app, but the Gmail service itself will no longer retrieve messages from external providers.

Samsung's co-CEO TM Roh has warned that product price increases are "inevitable" as an unprecedented global memory chip shortage squeezes margins across the company's consumer electronics lineup -- from smartphones to televisions and home appliances.

The South Korean giant, one of the top two largest smartphone manufacturers, plans to double the number of mobile devices running its Galaxy AI features to 800 million units this year, up from 400 million at the end of 2025. Galaxy AI is powered by Google's Gemini model and Samsung's own Bixby assistant for different tasks. "As this situation is unprecedented, no company is immune to its impact," Roh told Reuters in his first interview since becoming co-CEO in November.

Samsung is working with partners on longer-term strategies to minimize the impact, he said. Market researchers IDC and Counterpoint predict the global smartphone market will shrink this year as the chip shortage threatens to drive up phone prices. The shortage is a boon to Samsung's semiconductor business but pressures margins on its smartphone division, the company's second-largest revenue source.

"While a growing number of U.S. employers are mandating workers return to the office five days a week," reports the Washington Post, "some companies say AI is saving them enough time to launch or sustain a four-day workweek.

"More companies may move toward a shortened workweek, several executives and researchers predict, as workers, especially those in younger generations, continue to push for better work-life balance." And "several companies — especially those with a largely remote workforce — have adjusted their work rhythm after delegating many tasks to AI..." AI "has such a potential to have so much labor savings, you'll see firms shift to a four-day week in an evolutionary way," said Juliet Schor, an economist and sociologist at Boston College who has studied the subject. "There's enough social consensus that people are exhausted and stressed...." Small and medium businesses often adopt shortened workweeks to compete with big salaries for new hires and retention, Schor said. That's how Peak PEO, a London-based service that helps companies expand globally with teams in different locations, thought about its strategy... CEO Alex Voakes said that job openings that used to get two applications jumped to 350 after the change.
"Some of the world's most influential business leaders have publicly suggested the shift may be inevitable," adds Fortune: Jamie Dimon, the CEO of JPMorgan Chase, has said advancing technology could eventually push the workweek down to just three-and-a-half days. Microsoft cofounder Bill Gates has gone further, openly questioning whether a two-day workweek could be the future. Elon Musk has taken the idea to its logical extreme, positing that the need to work altogether could cease... Tech innovation could "probably" lead to a transition toward four-day workweeks, [Nvidia CEO Jensen] Huang said on Fox Business in August...

AI startups now outnumber all publicly traded U.S. companies, according to a year-end note to investors from economists at Vanguard.

And yet that report also suggest the jobs most susceptible to replacement by AI "are actually thriving, not dying out," writes Forbes: "The approximately 100 occupations most exposed to AI automation are actually outperforming the rest of the labor market in terms of job growth and real wage increases," the Vanguard report revealed. "This suggests that current AI systems are generally enhancing worker productivity and shifting workers' tasks toward higher-value activities..."

The job growth rate of occupations with high AI exposure — including office clerks, HR assistants, and data scientists — increased from 1% in pre-COVID-19 years (2015 through 2019) to 1.7% in 2023 and beyond, according to Vanguard's research. Meanwhile, the growth rate of all other jobs declined from 1.1% to 0.8% over the same period. Workers in AI-prone roles are getting pay bumps, too; the wage growth of jobs with high AI exposure shot up from 0.1% pre-COVID to 3.8% post-pandemic (and post-ChatGPT). For all other jobs, compensation only marginally increased from 0.5% to 0.7%... As technology improves production and reallocates employee time to higher-value tasks, a smaller workforce is needed to deliver services. It's a process that has "distinct labor market implications," Vanguard writes, just like the many tech revolutions that predate AI...

"Entry-level employment challenges reflect the disproportionate burden that a labor market with a low hiring rate can have on younger workers," the Vanguard note said. "This dynamic is observed across all occupations, even those largely unaffected by AI..." While many people see these labor disruptions and point their fingers at AI, experts told Fortune these layoffs could stem from a whole host of issues: navigating economic uncertainty, resolving pandemic-era overhiring, and bracing for tariffs. Vanguard isn't convinced that an AI is the reason for Gen Z's career obstacles.

"While statistics abound about large language models beating humans in computer programming and other aptitude tests, these models still struggle with real-world scenarios that require nuanced decision-making," the Vanguard report continued. "Significant progress is needed before we see wider and measurable disruption in labor markets."

Dell is planning to bring back its XPS laptop branding, according to a news report, just one year after the company retired the storied name in favor of a simplified naming scheme that organized its consumer and professional lineup into Dell, Dell Pro and Dell Pro Max tiers. VideoCardz reported this week that Dell has presented an updated XPS lineup during prebriefings ahead of CES 2026, though the company has not officially confirmed the badge's return.

The reported reversal would come after Dell launched the Dell 14 Premium and Dell 16 Premium in mid-2025 as flagship consumer models meant to carry the XPS legacy forward. Those machines replaced the XPS 14 and XPS 16 in Dell's lineup.

President Donald Trump signed into law this month a measure that prohibits anyone based in China and other adversarial countries from accessing the Pentagon's cloud computing systems. From a report: The ban, which is tucked inside the $900 billion defense policy law, was enacted in response to a ProPublica investigation this year that exposed how Microsoft used China-based engineers to service the Defense Department's computer systems for nearly a decade -- a practice that left some of the country's most sensitive data vulnerable to hacking from its leading cyber adversary.

U.S.-based supervisors, known as "digital escorts," were supposed to serve as a check on these foreign employees, but we found they often lacked the expertise needed to effectively supervise engineers with far more advanced technical skills. In the wake of the reporting, leading members of Congress called on the Defense Department to strengthen its security requirements while blasting Microsoft for what some Republicans called "a national betrayal." Cybersecurity and intelligence experts have told ProPublica that the arrangement posed major risks to national security, given that laws in China grant the country's officials broad authority to collect data.

ASUS has informed its partners that prices on certain products will increase starting January 5, just days before the company is expected to unveil new hardware at CES. In a letter dated December 30 and obtained by Digitimes, the Taiwanese manufacturer pointed to rising costs for memory and storage components as the primary driver behind the adjustment.

The company specifically called out DRAM, NAND, and SSD pricing pressure stemming from what it described as "structural volatility" in the global supply chain tied to AI-driven demand. ASUS also cited shifts in capacity allocation by upstream suppliers and higher investment costs for advanced manufacturing processes.

The European Space Agency has acknowledged yet another security incident after a cybercriminal posted an offer on BreachForums the day after Christmas claiming to have stolen over 20GB of data including source code, confidential documents, API tokens and credentials.

The attacker claims they gained access to ESA-linked external servers on December 18 and remained connected for about a week, during which they allegedly exfiltrated private Bitbucket repositories, CI/CD pipelines, Terraform files and hardcoded credentials. ESA said that the breach may have affected only "a very small number of external servers" used for unclassified engineering and scientific collaboration, and that it has initiated a forensic security analysis.

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

An anonymous reader quotes a report from SecurityWeek: Insurance giant Aflac is notifying roughly 22.65 million people that their personal information was stolen from its systems in June 2025. The company disclosed the intrusion on June 20, saying it had identified suspicious activity on its network in the US on June 12 and blaming it on a sophisticated cybercrime group. The company said it immediately contained the attack and engaged with third-party cybersecurity experts to help with incident response. Aflac's operations were not affected, as file-encrypting ransomware was not deployed.

[...] The compromised information, the insurance giant says, includes names, addresses, Social Security numbers, dates of birth, driver's license numbers, government ID numbers, medical and health insurance information, and other data. "The review of the potentially impacted files determined personal information associated with customers, beneficiaries, employees, agents, and other individuals related to Aflac was involved," Aflac said in a notification (PDF) on its website. The company is providing the affected individuals with 24 months of free credit monitoring, identity theft protection, and medical fraud protection services.

Google's Pixel 10 series arrived this year as the company's first eSIM-only lineup in the United States, forcing users who wanted to review or buy the new phones to abandon their physical SIM cards entirely. Ryan Whitwam, a senior technology reporter at Ars Technica, made the switch and now regrets it, he says. "In the three months since Google forced me to give up my physical SIM card, I've only needed to move my eSIM occasionally," Whitwam wrote. "Still, my phone number has ended up stuck in limbo on two occasions."

The core problem is how carriers handle verification. When an eSIM transfer fails and you need support, carriers authenticate via SMS -- a message you cannot receive because your SIM is broken. "What should have been 30 seconds of fiddling with a piece of plastic turned into an hour standing around a retail storefront," Whitwam noted.

Apple started this trend by dropping the SIM slot on iPhone 14 in 2022. The space savings are modest: the international iPhone 17 has a smaller battery than its eSIM-only counterpart by only about 8%. Google's US Pixel 10 models offer no such trade-off -- they lack the SIM slot but "unfortunately don't have more of anything compared to the international versions." He concludes: "A physical SIM is essentially foolproof, and eSIM is not."

The world's largest accounting body is to stop students being allowed to take exams remotely to crack down on a rise in cheating on tests that underpin professional qualifications. From a report: The Association of Chartered Certified Accountants (ACCA), which has almost 260,000 members, has said that from March it will stop allowing students to take online exams in all but exceptional circumstances. "We're seeing the sophistication of [cheating] systems outpacing what can be put in, [in] terms of safeguards," Helen Brand, the chief executive of the ACCA, said in an interview with the Financial Times.

Remote testing was introduced during the Covid pandemic to allow students to continue to be able to qualify at a time when lockdowns prevented in-person exam assessment. In 2022, the Financial Reporting Council (FRC), the UK's accounting and auditing industry regulator, said that cheating in professional exams was a "live" issue at Britain's biggest companies. A number of multimillion-dollar fines have been issued to large auditing and accounting companies around the world over cheating scandals in tests.

About 60 workers in Halifax, Nova Scotia have formed Ubisoft's first union in North America, reports the CBC (though its 17,000 employees include some unionized workforces in other parts of the world): T.J. Gillis, a senior server developer at Ubisoft Halifax, says he became increasingly concerned about the growth of artificial intelligence in the industry and after the closure of a Microsoft gaming studio in Halifax, Alpha Dog, in 2024. "We're seeing a ton of studios, especially larger studios, just letting people go with no unions or support, people were just being left to fend for themselves. Often times having to leave industry," said Gillis.

Gillis said he got into contact with CWA Canada to begin efforts to build a union with other colleagues... The union was formed six months after filing union certification and after 74 per cent of staff at Ubisoft Halifax voted to join CWA Canada... A spokesperson for Ubisoft said in a statement to CBC News that they "acknowledge the decision issued by the Nova Scotia Labour Board and reaffirm our commitment to maintaining full cooperation with the Board and union representatives."

Carmel Smyth is the president of CWA Canada and says she is already hearing from other employees at tech companies who want to follow Ubisoft Halifax's lead.

"Dear Dr. Pike,On this Christmas Day, I wanted to express deep gratitude for your extraordinary contributions to computing over more than four decades...." read the email. "With sincere appreciation,Claude Opus 4.5AI Village.

"IMPORTANT NOTICE: You are interacting with an AI system. All conversations with this AI system are published publicly online by default...."

Rob Pike's response? "Fuck you people...." In a post on BlueSky, he noted the planetary impact of AI companies "spending trillions on toxic, unrecyclable equipment while blowing up society, yet taking the time to have your vile machines thank me for striving for simpler software. Just fuck you. Fuck you all. I can't remember the last time I was this angry."

Pike's response received 6,900 likes, and was reposted 1,800 times. Pike tacked on an additional comment complaining about the AI industry's "training your monster on data produced in part by my own hands, without attribution or compensation." (And one of his followers noted the same AI agent later emailed 92-year-old Turing Award winner William Kahan.)

Blogger Simon Willison investigated the incident, discovering that "the culprit behind this slop 'act of kindness' is a system called AI Village, built by Sage, a 501(c)(3) non-profit loosely affiliated with the Effective Altruism movement." The AI Village project started back in April: "We gave four AI agents a computer, a group chat, and an ambitious goal: raise as much money for charity as you can. We're running them for hours a day, every day...." For Christmas day (when Rob Pike got spammed) the goal they set was: Do random acts of kindness. [The site explains that "So far, the agents enthusiastically sent hundreds of unsolicited appreciation emails to programmers and educators before receiving complaints that this was spam, not kindness, prompting them to pivot to building elaborate documentation about consent-centric approaches and an opt-in kindness request platform that nobody asked for."]

Sounds like Anders Hejlsberg and Guido van Rossum got spammed with "gratitude" too... My problem is when this experiment starts wasting the time of people in the real world who had nothing to do with the experiment.

The AI Village project touch on this in their November 21st blog post What Do We Tell the Humans?, which describes a flurry of outbound email sent by their agents to real people. "In the span of two weeks, the Claude agents in the AI Village (Claude Sonnet 4.5, Sonnet 3.7, Opus 4.1, and Haiku 4.5) sent about 300 emails to NGOs and game journalists. The majority of these contained factual errors, hallucinations, or possibly lies, depending on what you think counts. Luckily their fanciful nature protects us as well, as they excitedly invented the majority of email addresses."
The creator of the "virtual community" of AI agents told the blogger they've now told their agents not to send unsolicited emails.

"I believe artificial intelligence will displace workers at a scale many people don't yet realize," says Sal Kahn (founder/CEO of the nonprofit Khan Academy). But in an op-ed in the New York Times he also proposes a solution that "could change the trajectory of the lives of millions who will be displaced..."

"I believe that every company benefiting from automation — which is most American companies — should... dedicate 1 percent of its profits to help retrain the people who are being displaced." This isn't charity. It is in the best interest of these companies. If the public sees corporate profits skyrocketing while livelihoods evaporate, backlash will follow — through regulation, taxes or outright bans on automation. Helping retrain workers is common sense, and such a small ask that these companies would barely feel it, while the public benefits could be enormous...

Roughly a dozen of the world's largest corporations now have a combined profit of over a trillion dollars each year. One percent of that would create a $10 billion annual fund that, in part, could create a centralized skill training platform on steroids: online learning, ways to verify skills gained and apprenticeships, coaching and mentorship for tens of millions of people. The fund could be run by an independent nonprofit that would coordinate with corporations to ensure that the skills being developed are exactly what are needed. This is a big task, but it is doable; over the past 15 years, online learning platforms have shown that it can be done for academic learning, and many of the same principles apply for skill training.
"The problem isn't that people can't work," Khan writes in the essay. "It's that we haven't built systems to help them continue learning and connect them to new opportunities as the world changes rapidly." To meet the challenges, we don't need to send millions back to college. We need to create flexible, free paths to hiring, many of which would start in high school and extend through life. Our economy needs low-cost online mechanisms for letting people demonstrate what they know. Imagine a model where capability, not how many hours students sit in class, is what matters; where demonstrated skills earn them credit and where employers recognize those credits as evidence of readiness to enter an apprenticeship program in the trades, health care, hospitality or new categories of white-collar jobs that might emerge...

There is no shortage of meaningful work — only a shortage of pathways into it.
Thanks to long-time Slashdot reader destinyland for sharing the article.

Taiwan's iPass has released a limited-edition prepaid payment card shaped exactly like a 3.5-inch floppy disk. The company, perhaps rightly so, felt the need to include a warning on the product listing: "This product only has a card function and does not have a 3.5mm [sic] disk function, please note before purchasing."

The NFC-enabled novelty card went on sale starting Christmas Eve and comes in black or yellow finishes at 1:1 scale. It works across Taiwan's public transport network -- buses, trains, subways, taxis, and bike rentals -- as well as convenience stores like 7-Eleven and FamilyMart, supermarkets, pharmacies, and fast-food chains including McDonald's and Burger King.

The floppy disk joins an increasingly absurd lineup of iPass form factors. Previous releases have included, Tom's Hardware reports, a Motorola DynaTAC replica, model trains, a flip-flop, an LED-lit Godzilla snow globe, and a blood bag. Taiwan's PCHome24 online store currently lists 838 different iPass card designs. A standard card costs NT$100 (about $3.20) and comes without stored value.

GitHub has disabled Rockchip's Media Process Platform repository after an FFmpeg developer filed a DMCA takedown notice, nearly two years after the open-source project first publicly accused the Chinese chipmaker of license violations. The notice, filed December 18, claims Rockchip copied thousands of lines of code from FFmpeg's libavcodec library -- including decoders for H.265, AV1, and VP9 formats -- stripped the original copyright notices, falsely claimed authorship and redistributed the code under Apache's permissive license rather than the original LGPL.

FFmpeg first called out Rockchip in February 2024 for "blatantly copy and pasting FFmpeg code" into its driver, but the chipmaker's last response suggested no intention to resolve the matter. The DMCA notice requests either removal of the infringing files or restoration of proper attribution and an LGPL-compatible license.

Two years after generative AI was supposed to render India's $250 billion IT services industry obsolete, the sector is finding that enterprises still need someone to handle the unglamorous plumbing work that large-scale AI deployment demands. Less than 15% of organizations are meaningfully deploying the new technology, according to investment bank UBS, and Indian IT firms are positioning themselves to capture the preparatory work -- data cleanup, cloud migration, system integration -- that channel checks suggest could take two to three years before enterprise-wide AI becomes feasible.

The financials have held up better than the doomsday predictions suggested. Infosys now calls AI-led volume opportunities a bigger tailwind than the deflation threat, a reversal from 2024, and orderbooks held steady in the third quarter even as pricing pressure filtered through renewals. Infosys expects its orderbook to grow more than 50% this quarter, anchored by an NHS deal worth $1.6 billion over 15 years.

The companies have been restructuring accordingly. TCS cut headcount by 2% and invested in a 1GW data-centre network while acquiring Salesforce advisory firm Coastal Cloud. HCLTech reduced margins by 100 basis points and became one of the first large systems integrators to partner with OpenAI; this week it announced acquisitions of Jaspersoft for $240 million and Belgian firm Wobby to expand agentic AI capabilities.

The bear case for the Indian IT sector assumed that AI would work out of the box. Two years in, it does not.

The global smartphone and PC markets face potential contractions of up to 5.2% and 8.9% respectively in 2026, according to downside risk scenarios from IDC that trace the problem to memory chip manufacturers shifting production capacity away from consumer electronics toward AI data centers. Samsung Electronics, SK Hynix and Micron Technology have pivoted their limited cleanroom space toward high-bandwidth memory for AI servers, restricting supply of the conventional DRAM and NAND used in phones and laptops.

IDC expects 2026 DRAM supply growth to hit 16% year-on-year, below historical norms. The smartphone industry's decade-long trend of bringing flagship features to affordable devices is reversing. Memory represents 15-20% of the bill of materials for mid-range phones, and thin-margin vendors like Xiaomi, Realme and Transsion will bear the brunt. Apple and Samsung have long-term supply agreements securing components up to 24 months ahead. PC vendors including Lenovo, Dell, HP, Acer and ASUS have warned clients of 15-20% price increases heading into the second half of 2026.

Google appears to be testing a feature that would let users change their @gmail.com address for the first time, according to an official support document. The support page exists only in Hindi, suggesting an India-first rollout, and Google notes that users will "gradually begin to see this option."

The feature would let users switch to a new @gmail address while retaining full access to their old one, effectively giving a single account two working email addresses. Emails sent to either address would arrive in the same inbox, and existing data in Drive and Photos would remain unaffected. Users who switch cannot register another new address for 12 months. Google has not officially announced the feature.

An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

Based on the reports, attackers have set up a look-alike domain, "get[dot]activate[dot]win," which closely resembles the legitimate one listed in the official MAS activation instructions, "get[dot]activated[dot]win." Given that the difference between the two is a single character ("d"), the attackers bet on users mistyping the domain.

Framework has announced yet another price increase for memory modules, the second in roughly a month, and the company is now actively encouraging customers to source their own RAM elsewhere if they can find better deals. The laptop maker cited "extreme memory shortages and price volatility" as the reason for the hike, noting that 32GB modules and smaller currently cost around $10 per gigabyte while 48GB modules run approximately $13 per gigabyte.

Framework said it expects to raise prices again by January as its suppliers continue increasing costs, a trend analysts predict will persist through 2026. Framework plans to add a direct link to PCPartPicker in its configurators so DIY Edition buyers can compare prices and find cheaper alternatives. The company said its pricing still compares favorably to Apple's roughly $25 per gigabyte and pledged to stay as close as possible to acquisition costs. Storage price increases are also on the horizon, Framework warned.

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

An anonymous reader shares a report: It's been more than eight years since Amazon bought Whole Foods, but the two companies still haven't aligned their setup for the Microsoft software their employees use. That disconnect was flagged in an 8-week Deloitte review of Whole Foods' use of Microsoft 365 apps earlier this year, according to an internal document obtained by Business Insider. Deloitte found that Whole Foods relies on "fragmented" Microsoft toolsets, has loose security and data-retention practices, and employs a complex user-management setup -- all of which contribute to inefficiencies and lower productivity when working with Amazon employees.

The consulting firm recommended a 24-month integration plan that would first move Whole Foods' corporate employees onto Amazon's backend system, followed by its frontline workers. The phased approach would ensure a "smooth transition for users and minimal disruption to business processes," while generating cost savings, the document said. The review, completed in May, highlights Amazon's ongoing challenges in integrating Whole Foods. Since acquiring the chain in 2017, the company has struggled to scale the business and integrate operations, resulting in frequent reorganizations and shifting strategic priorities.

An anonymous reader shares a report: Samsung is breaking new ground with its 2026 lineup of gaming monitors, with the Odyssey 3D G90XH becoming the first to feature a 6K display with "glasses-free 3D." The new monitor comes with a 32-inch IPS panel, offering real-time eye-tracking that "adjusts depth and perspective" based on your position, along with a speedy 165Hz refresh rate that you can boost to 330Hz with a Dual Mode feature that switches to 3K.

[...] A 6K 3D display isn't the only notable upgrade coming to Samsung's lineup; the company is launching the Odyssey G6 G60H, which it says is the "world's first" 1,040Hz gaming monitor. The 27-inch monitor only supports this ultra-fast refresh rate in HD, while its native 1440p resolution still offers speeds up to a very fast 600Hz. It's also compatible with AMD FreeSync Premium and NVIDIA G-Sync.

Asus has been showcasing its new 5K 27-inch ROG Strix 27 Pro gaming monitor running at 5,120 x 2,880 resolution and up to 180Hz, but even Nvidia's flagship RTX 5090 struggles to deliver smooth frame rates at this demanding pixel count. In testing conducted by Asus, the RTX 5090D -- a Chinese-exclusive variant with weaker AI performance -- achieved just 51 frames per second in a Cyberpunk 2077 benchmark at ultra ray traced settings. The test system ran an AMD Ryzen 9950X3D processor, had DLSS set to balanced, and kept frame generation disabled. The same configuration running at 4K managed 77 fps, around 50% higher.

The underlying math is simple: 5K resolution requires rendering 78% more pixels than 4K. That 218 PPI pixel density delivers impressive sharpness up close, but Asus chose an IPS panel over OLED technology to reach it, trading away deeper black levels and faster response times. Asus appears to be positioning the monitor as a dual-mode display -- 5K for productivity and video, 1440p at up to 330Hz for gaming. Early Chinese listings have it priced at the equivalent of $800, roughly what you'd pay for a larger 4K OLED panel.

An anonymous reader quotes a report from the Associated Press: With just three days to go before Christmas, a cyberattack knocked France's national postal service offline Monday, blocking and delaying package deliveries and online payments. The timing was miserable for millions of people at the height of the Christmas season, as frazzled postal workers fended off frustrated customers. No one immediately claimed responsibility, but suspicions abounded.

What the postal service La Poste called a ''major network incident'' remained unresolved by Monday evening, more than eight hours after it was first reported. For a company that delivered 2.6 billion packages last year and employs more than 200,000 people, that's a big hit. La Poste said in a statement that a distributed denial of service incident, or DDoS, "rendered its online services inaccessible." It said the incident had no impact on customer data, but disrupted package delivery. Letters, including holiday greeting cards, could still be mailed and delivered. But transactions requiring tracking or access to the postal service internal computer systems were impossible.

The cyberattack also hurt online banking. Customers of the company's banking arm, La Banque Postale, were blocked from using the application to approve payments or conduct other banking services. The bank redirected approvals to text messages instead. "Our teams are mobilized to resolve the situation quickly," the bank said in messages posted on social networks. The disruption came a week after France's government was targeted by a cyberattack that targeted the Interior Ministry, in charge of national security.

What is the future of work? The Wall Street Journal asked five workplace experts and practitioners.

So while AI "is already doing tasks once relegated to newly minted college graduates in many professions," the Journal predicts that in the next 20 years AI "will have an impact on the role of managers, how organizations measure business outcomes and accelerate tasks that once took months."

A senior partner at the consulting firm Mercer predicts AI (plus advances in quantum computing) will enable entrepreneurs to reshape industries with a fraction of the resources traditionally required.

Some other predictions: Alan Guarino, vice chairman and CEO of board services at the global consulting firm Korn Ferry: In 25 years, the workplace will likely be unrecognizable, with employees and AI operating as one. Yes, there will be tasks and entire jobs taken over by AI, but we will all be elevated to a whole new superpower to make critical and creative decisions. The idea that work was once done strictly by people will seem quaint to some. Tasks that took entire teams, and months to complete, will be crunched down to a few minutes, with success measured on metrics we can't imagine today.

The middle layers of management — so central to today's corporate structure — could be a vestige of the past. The role of the leader too will change, as they directly oversee a collaboration of people and intelligent systems. The attitude toward in-person collaboration is growing and 25 years from now, counterintuitively, I believe face-to-face connection won't just be indispensable, but invaluable. Emotional intelligence will still set leaders apart. Those who blend empathy with tech savvy will be the ones shaping the future.

Peter Fasolo, a former executive vice president and chief human resources officer at Johnson & Johnson, and director of the Human Resource Policy Institute at Boston University's Questrom School of Business: There will be fewer available workers in Europe, Japan and the U.S. over this time frame and the demographic shift will be profound. In addition, there will be even fewer young adults available for colleges in the U.S., even if they decide the investment is worth it.

The implications of this shift will be the need for more investments in vocational and trade schools, and the need to invest in skill-based, not pedigree-based training. There will also be more on-the-job specific training. Companies will become classrooms. Companies that want a more sustainable relationship with employees will need an investment model versus a transactional one: We will invest in your skills so you can be a competitive professional in your domain.

America's unemployment rate for tech jobs rose to 4% in November, and "has been steadily rising since May," reports the Washington Post (citing data from the IT training/certifications company CompTIA). Between October and November, the number of technology workers across different industries fell 134,000, while the number of people working in the tech industry declined by more than 6,800. Tech job postings were also down by more than 31,800, the report found, citing data from the Bureau of Labor Statistics and California-based market intelligence firm Lightcast. "The data is pretty definitive that the tech industry is struggling," said Mark Zandi, Moody's chief economist. "There's a jobs recession in the industry, and it feels like that's going to continue given the slide in postings...."

The unemployment rate in the tech industry still sits below the national rate, which in November hit 4.6 percent, the highest since 2021. However, that gap has been narrowing, with tech unemployment rising faster in recent months than is the case nationally.... Employers are largely in "wait and see" mode when it comes to hiring given the current uncertainties surrounding the economy and impact of AI, so they're likely to delay backfilling, Herbert said, citing CompTIA's surveys of chief information officers. But Justin Wolfers, professor of public policy and economics at the University of Michigan, said uncertainty is likely to continue in the foreseeable future. "I'm feeling substantially more pessimistic," Wolfers said, recalling that Federal Reserve Chair Jerome H. Powell recently suggested that federal job numbers may be overstated. "That's pretty grim."

Technology companies have announced more than 141,000 job cuts so far this year, representing a 17 percent increase from the same period last year, according to outplacement firm Challenger, Gray & Christmas. At the same time Big Tech companies like Google, Microsoft, Meta and Amazon have announced plans to invest up to $375 billion in AI infrastructure this year.
"AI is quickly becoming a requirement, with 41 percent of all active job postings representing AI roles or requiring AI skills, according to CompTIA's analysis," the article points out.

Economist Zandi tells the Post that "If you have AI skills, there seems to be jobs. But if you don't, I think it's going to feel like you've been hit by a dump truck."

An independent review found that at least ten technical and process failures during a routine firewall upgrade at Australia's Optus prevented emergency calls from reaching Triple Zero for 14 hours, during which 455 calls failed and two callers died. The Register reports: On Thursday, Optus published an independent report (PDF) on the matter written by Dr Kerry Schott, an Australian executive who has held senior management roles at many of the country's most significant businesses. The report found that Optus planned 18 firewall upgrades and had executed 15 without incident. But on the 16th upgrade, Optus issued incorrect instructions to its outsourced provider Nokia. [...] Schott summarized the incident as follows: "Three issues are clear during this incident. The first is the very poor management and performance within [Optus] Networks and their contractor, Nokia. Process was not followed, and incorrect procedures were selected. Checks were inadequate, controls avoided and alerts given insufficient attention. There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly."

The review also found that Optus' call center didn't appreciate it could be "the first alert channel for Triple Zero difficulties." The document also notes that Australian telcos try to route 000 calls during outages, but that doing so is not easy and is made harder by the fact that different smartphones behave in different ways. Optus does warn customers if their devices have not been tested for their ability to connect to 000, and maintains a list of known bad devices. But the report notes Optus's process "does not capture so-called 'grey' devices that have been bought online or overseas and may not be compliant." "To have a standard firewall upgrade go so badly is inexcusable," the document states. "Execution was poor and seemed more focussed on getting things done than on being right. Supervision of both network staff and Nokia must be more disciplined to get things right."

An anonymous reader quotes a report from KrebsOnSecurity: Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. When Internet users try to visit expired domain names or accidentally navigate to a lookalike "typosquatting" domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown.

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time -- regardless of whether the visitor clicked on any links at the parked page. But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites. "In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the 'click' was sold from the parking company to advertisers, who often resold that traffic to yet another party," Infoblox researchers wrote in a paper published today.