An anonymous reader quotes a report from BleepingComputer: The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. PowerShell is frequently used in cyberattacks, leveraged mostly in the post-exploitation stage, but the security capabilities embedded in Microsoft's automation and configuration tool can also benefit defenders in their forensics efforts, improve incident response, and to automate repetitive tasks. The NSA and cyber security centers in the U.S. (CISA), New Zealand (NZ NCSC), and the U.K. (NCSC-UK) have created a set of recommendations for using PowerShell to mitigate cyber threats instead of removing or disabling it, which would lower defensive capabilities.

Reducing the risk of threat actors abusing PowerShell requires leveraging capabilities in the framework such as PowerShell remoting, which does not expose plain-text credentials when executing commands remotely on Windows hosts. Administrators should be aware that enabling this feature on private networks automatically adds a new rule in Windows Firewall that permits all connections. Customizing Windows Firewall to allow connections only from trusted endpoints and networks helps reduce an attacker's chance for successful lateral movement. For remote connections, the agencies advise using the Secure Shell protocol (SSH), supported in PowerShell 7, to add the convenience and security of public-key authentication:

- remote connections don't need HTTPS with SSL certificates
- no need for Trusted Hosts, as required when remoting over WinRM outside a domain
- secure remote management over SSH without a password for all commands and connections
- PowerShell remoting between Windows and Linux hosts

Another recommendation is to reduce PowerShell operations with the help of AppLocker or Windows Defender Application Control (WDAC) to set the tool to function in Constrained Language Mode (CLM), thus denying operations outside the policies defined by the administrator. Recording PowerShell activity and monitoring the logs are two recommendations that could help administrators find signs of potential abuse. The NSA and its partners propose turning on features like Deep Script Block Logging (DSBL), Module Logging, and Over-the-Shoulder transcription (OTS). The first two enable building a comprehensive database of logs that can be used to look for suspicious or malicious PowerShell activity, including hidden action and the commands and scripts used in the process. With OTS, administrators get records of every PowerShell input or output, which could help determine an attacker's intentions in the environment. The full document, titled "Keeping PowerShell: Security Measures to Use and Embrace" is available here (PDF).

Newsweek reports: Artificial intelligence has become one of Ukraine's most "effective tools" in identifying potential saboteurs amid the ongoing war with Russia, according to the Ukrainian Ministry of Internal Affairs. The ministry issued a report Wednesday on law enforcement's anti-sabotage activities aimed at stopping people in Ukraine who may compromise the counteroffensive or aid Russia in its assault.

Officers have been using software on tablets to check if a person they view as "suspicious" is already listed in databases, including a police database of about 2 million people suspected of holding positions in paramilitary units from the far-right faction known as the Liberal Democratic Party of Russia (LDPR)... The ministry said that Ukrainian police have been fighting against such saboteurs ever since Russia invaded Ukraine. "More than 123 counter-sabotage groups were set up, and at least 1,500 people were involved," First Deputy Minister of Internal Affairs Yevgeny Yenin said in a statement, according to an English translation. "And the result was not long in coming: More than 800 people suspected of sabotage and intelligence activities were detained and handed over to the SBU (Security Service of Ukraine) for investigation."

The report, citing Yenin, said that the police database on people with suspected ties to the LDPR alone contains a "huge amount" of operational information that law enforcement and partners have compiled. This includes more than 10 billion photos, it said...

Russia has also reportedly contended with sabotage from supporters of Ukraine within its borders.

Shutterfly recently moved its photo libraries to Amazon's cloud division — and became one of the companies that stopped using Oracle for it database management, Bloomberg reports: Businesses are opting to align with newer providers such as MongoDB Inc., Databricks Inc. and Snowflake Inc. instead of Oracle, the sector stalwart, as a result of changes across the enterprise technology landscape.

The move to the cloud is challenging the systems of the past. Newer providers are also making it much easier to adopt their technology directly, alleviating the need for corporate purchasers to negotiate large contracts with salespeople and allowing end users to more easily pick their own tools. Offerings from the newer software makers can also be deployed without large teams of database administrators that are typically needed to support Oracle's products, a cost-saver for organizations that would otherwise have to fight against other businesses for these in-demand engineers. The evidence of the shift is widespread. JPMorgan Chase & Co. chose Cockroach Labs Inc. as the database vendor to support its new retail banking application in Europe. Nasdaq Inc. is working with closely held Databricks and Amazon.com Inc.'s Amazon Web Services, among others, in its quest to upgrade from on-premises Oracle data repositories. Alongside AWS, database products from rival cloud vendors Microsoft Corp. and Alphabet Inc.'s Google Cloud are also growing quickly. And many businesses, like JetBlue Airways Corp. and Automatic Data Processing Inc., are tapping Snowflake to help store and analyze corporate data to power sales dashboards, among other uses....

Collectively, the initiatives are just a small fragment of the estimated $155 billion database market. But it's evidence of a tectonic shift happening within the industry, one that is threatening the leadership status Oracle cultivated over the past 43 years, ever since co-founder Larry Ellison and his team brought to market the first relational database, or one in which information was organized in tables that could be more easily accessed, manipulated and analyzed.... Oracle doesn't disclose financial results specifically for its database business. Much of that revenue comes from providing support and maintenance for existing customers versus new sales. But Oracle's influence is slowly fading. While it owned an estimated 27% of the database market in 2019, that fell to 24% in 2020, per Gartner. In the same time frame, Amazon went from 17% market share to almost 21%.

Oracle declined to comment for this story. Rivals are growing quickly. At MongoDB, for example, sales rose 57% to $285 million in the most recent quarter. Those results, analysts and company executives say, indicate businesses are using MongoDB for increasingly larger projects.... Oracle makes a significant portion of its revenue on existing customers. Every few years, when companies have to renew their contracts, Oracle can raise prices for maintenance and support — a business with margins hovering around 95%, according to Craig Guarente, a 16-year veteran of Oracle who is now CEO and co-founder of consulting firm Palisade Compliance.

"The entire profit of the company comes from Oracle database maintenance," he said. With each contract negotiation, "you go from paying $20 million a year, to $30 million a year, to paying $50 million a year."

"Two CEOs on a podcast casually proposed a shareable database of worker performance that would follow them between companies, forever, and encouraged listeners to create one," writes Slashdot reader merauder128 , summarizing a recent article on Vice.

"HR professionals say it's a terrible idea."

Vice points out the podcast both the host and guest were CEOs of "data harvesters that package and resell data to other parties." Through one lens, it was a mundane musing between two CEOs of data companies talking about how awesome it would be to have more data on something. But in the context of experiments occurring in the tech industry around hiring practices, it was two influential CEOs encouraging other entrepreneurs to create a business that would be an absolute nightmare for workers, a type of credit score for workers that could be a permanent HR file that follows workers from one job to the next, and where a worker who struggles at one job may have trouble getting another....

It is also in line with a growing trend among tech companies that, spurred by work-from-home and hybrid work, are increasingly interested in quantifying employee performance. The most prominent example is Coinbase introducing an app so employees can constantly rate each other's performances, a scenario even the normally cheery TechCrunch said "sounds rough."

Over the last several years, there has been a boom in employee management software solutions such as Workday, Lattice, CultureAmp that are used across thousands of companies for performance reviews and other sensitive HR tasks. Technologically speaking, what Youakim and Hoffman are talking about is opening those confidential resources — or some condensed version of them that can be easily digested and analyzed — up to everyone.

None of these HR software companies have indicated that they have any intention of doing this.
The article warns that experts who have studied hiring extensively believe a permanent database database "would allow this complete, random mess to follow workers their entire careers, affecting their job prospects, earning potential, and their broader lives." And the article summarizes a reaction to the idea from John Hausknecht, a professor of human resources at Cornell University. "It assumes people don't change, that jobs require similar attributes, that a person's experience at one company is relevant to another where they will be in a different environment with a different manager and different company culture....

"Or, to put it a different way, 'Just because we can track it, collect it, and ask about it,' Hausknecht said, 'doesn't necessarily mean we should.'"

In 2019 SEO toolset provider Ahrefs announced it would build it's own search engine, remembers Search Engine Land. After investing $60 million of its own money, this month that search engine has finally launched with the name of "Yep", and Ahrefs "is positioning it as a Googe competitor.

"However, we've seen plenty of Google competitors and Google "killers" come and go over the past two decades. So for now, let's just call it a Google alternative... Yep will not collect personal information (e.g., geolocation, name, age, gender) by default. Your Yep search history will not be stored anywhere.

What Yep will rely on is aggregated search statistics to improve algorithms, spelling corrections, and search suggestions, the company said. "In other words, we do save certain data on searches, but never in a personally identifiable way," said Ahrefs CEO Dmytro Gerasymenko.... What Yep will use is a searcher's:

- Entered keywords.
- Language preference received from the browser.
- Approximate geographical area at the origin of the search at the scale of a region or a city (deduced from the IP address)....

AhrefsBot visits more than 8 billion webpages every 24 hours, which makes it the second most active crawler on the web, behind only Google, Ahrefs said. For 12 years, AhrefsBot has been crawling the web. They had just been using the AhrefsBot data to power its link database and SEO insights. The Yep search index is updated every 15 to 30 minutes. Daily, the company adds 30 million webpages and drops 20 million.

Ahrefs said its Singapore data center is powered by around 1,000 servers that store and process 100 petabytes of web data (webpages, links between them, and the search index). Each server uses at least 2x 100GB connections... Before the end of the year, Ahrefs plans to open a U.S.-based data center.
"It's a unique proposition," reports TechCrunch, "running its own search index, rather than relying on APIs from Google or Bing.

"As for the name? I dunno; Yep seems pretty daft to me, but I guess at least the name is one character shorter than Bing, the other major search engine I'll only ever use by accident." Name aside, Yep is taking a fresh new path through the world of internet advertising, claiming that it's giving 90% of its ad revenues to content creators. The pitch is pretty elegant:

"Let's say that the biggest search engine in the world makes $100B a year. Now, imagine if they gave $90B to content creators and publishers," the company paints a picture of the future it wants to live in. "Wikipedia would probably earn a few billion dollars a year from its content. They'd be able to stop asking for donations and start paying the people who polish their articles a decent salary."

It's an impressively quixotic windmill to fight for the bootstrapped company Ahrefs. Its CEO sheds some light on why this makes sense to him:

"Creators who make search results possible deserve to receive payments for their work...."

Perhaps it sounds a little idealistic, but damn it, that's what made me excited about Yep in the first place. It represents the faintest of echoes from a web more innocent and more hopeful than the social-media poisoned cesspool of chaos and fake news we often find ourselves in today.
Search Engine Land points out that DuckDuckGo, which launched in 2008, "gets as many searches per year (~15.7 billion) as Google gets in about two or three days. Even Microsoft Bing — which is owned by Microsoft, the third-largest company on the planet by market cap — has failed to make a significant dent in Google's search market share since 2009."

But they also quote Ahrefs CEO Dmytro Gerasymenko as saying in 2019, "If we succeed in our endeavors, Google will finally get some long overdue competition for search."

The developers behind the open source MongoDB, and its commercial service counterpart MongoDB Atlas, have been busy making the document database easier to use for developers. From a report: Available in preview, Queryable Encryption provides the ability to query encrypted data, and with the entire query transaction be encrypted -- an industry first according to MongoDB. This feature will be of interest to organizations with a lot of sensitive data, such as banks, health care institutions and the government. This eliminates the need for developers to be experts in encryption, Davidson said. This end-to-end client-side encryption uses novel encrypted index data structures, the data being searched remains encrypted at all times on the database server, including in memory and in the CPU. The keys never leave the application and the company maintains that the query speed nor overall application performance are impacted by the new feature.

MongoDB is also now supporting time series data, which are important for monitoring physical systems, quick-moving financial data, or other temporally-oriented datasets. In MongoDB 6.0, time-series collections can have secondary indexes on measurements, and the database system has been optimized to sort time-based data more quickly. Although there are a number of databases specifically geared towards time-series data specifically, such as InfluxDB, many organizations may not want to stand-up an entire database system for this specific use, a separate system costing more in terms of support and expertise, Davidson argued. Another feature is Cluster-to-Cluster Synchronization, which provides the continuous data synchronization of MongoDB clusters across environments. It works with Atlas, in private cloud, on-premises, or on the edge. This sets the stage for using data in multiple places for testing, analytics, and backup.

That morning cup of coffee may be linked to a lower risk of dying, researchers from a study published Monday in The Annals of Internal Medicine concluded. From a report: Those who drank 1.5 to 3.5 cups of coffee per day, even with a teaspoon of sugar, were up to 30 percent less likely to die during the study period than those who didn't drink coffee. Those who drank unsweetened coffee were 16 to 21 percent less likely to die during the study period, with those drinking about three cups per day having the lowest risk of death when compared with noncoffee drinkers.

Researchers analyzed coffee consumption data collected from the U.K. Biobank, a large medical database with health information from people across Britain. They analyzed demographic, lifestyle and dietary information collected from more than 170,000 people between the ages of 37 and 73 over a median follow-up period of seven years. The mortality risk remained lower for people who drank both decaffeinated and caffeinated coffee. The data was inconclusive for those who drank coffee with artificial sweeteners. "It's huge. There are very few things that reduce your mortality by 30 percent," said Dr. Christina Wee, an associate professor of medicine at Harvard Medical School and a deputy editor of the scientific journal where the study was published. Dr. Wee edited the study and published a corresponding editorial in the same journal.

A group of renowned technologists has joined forces to urge US lawmakers to crack down on the burgeoning cryptocurrencies industry, marking the first concerted effort to counter well-financed lobbying by blockchain companies. From a report: Harvard lecturer Bruce Schneier, former Microsoft engineer Miguel de Icaza and principal engineer at Google Cloud Kelsey Hightower, are among 26 leading computer scientists and academics who have signed a letter delivered to US lawmakers heavily criticising crypto investments and blockchain technology. While individuals have made similar warnings about the safety and reliability of digital assets, it marks a more organised effort to challenge the growing influence of crypto advocates who want to resist attempts to regulate the frothy sector. "The claims that the blockchain advocates make are not true," said Schneier. "It's not secure, it's not decentralised. Any system where you forget your password and you lose your life savings is not a safe system," he added. "We're counter-lobbying, that's what this letter is about," said signatory and software developer Stephen Diehl. "The crypto industry has its people, they say what they want to the politicians."

A recent analysis of the US Congressional Lobbying Disclosure database by Public Citizen, a consumer advocacy group, revealed the number of lobbyists representing the crypto industry increased from 115 to 320 between 2018 and 2021, and the money spent on lobbying for the crypto sector quadrupled from $2.2mn to $9mn in the same period. US-based cryptocurrency exchange Coinbase led the effort with 26 lobbyists and $1.5mn spent on lobbying in 2021. Companies with growing interest in the crypto sector, include Meta, Visa and PayPal, have also lobbied for the industry. Meanwhile, leading crypto exchanges such as FTX, Binance and Crypto.com have also spent heavily on endorsement deals with sports stars and entertainment venues to promote their products to the public.

An anonymous reader quotes a report from Motherboard: A hacker has obtained a database that includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. It's unclear if all the data is accurate or up to date. Motherboard was able to confirm that at least some of the data is legitimate by calling phone numbers in the database. Four people confirmed their full names and email addresses, and said they work at Verizon. Another one confirmed the data, and said she used to work at the company. Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.

The hacker contacted Motherboard last week to share the information. The anonymous hacker said they obtained the data by convincing a Verizon employee to give them remote access to their corporate computer. At that point the hacker said they gained access to a Verizon internal tool that shows employee's information, and wrote a script to query and scrape the database. "These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support," they told Motherboard in an online chat. The hacker said they would like Verizon to pay them $250,000 as a reward. A Verizon spokesperson confirmed the hacker has been in contact with the company.

"A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further," the spokesperson told Motherboard. "As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems."

An anonymous reader quotes a report from Reuters: Clearview AI is expanding sales of its facial recognition software to companies from mainly serving the police, it told Reuters, inviting scrutiny on how the startup capitalizes on billions of photos it scrapes from social media profiles. [...] Clearview primarily helps police identify people through social media images, but that business is under threat due to regulatory investigations. The settlement with the American Civil Liberties Union bans Clearview from providing the social-media capability to corporate clients.

Instead of online photo comparisons, the new private-sector offering [called "Clearview Consent"] matches people to ID photos and other data that clients collect with subjects' permission. It is meant to verify identities for access to physical or digital spaces. Vaale, a Colombian app-based lending startup, said it was adopting Clearview to match selfies to user-uploaded ID photos. [...] Clearview AI CEO Hoan Ton-That said a U.S. company selling visitor management systems to schools had signed up as well. He said a customer's photo database is stored as long as they wish and not shared with others, nor used to train Clearview's AI. But the face-matching that Clearview is selling to companies was trained on social media photos. It said the diverse collection of public images reduces racial bias and other weaknesses that affect rival systems constrained by smaller datasets. The company outlined their path forward in a press release Wednesday.

"Today, FRT is used to unlock your phone, verify your identity, board an airplane, access a building, and even for payment," Clearview AI CEO Hoan Ton-That said in a statement. "Now, we are offering companies who use facial recognition as part of a consent-based workflow access to Clearview AI's superior, industry-leading FRT algorithm, bringing an increased level of security and protection to the marketplace."

He added: "Using facial recognition as a preventative measure means fewer crimes and fewer victims. Ultimately, Clearview Consent is all about making everyday consumers feel more secure in a world that is rife with crime and fraud."

This week New York's attorney general announced they're officially "launching investigations into the social media companies that the Buffalo shooter used to plan, promote, and stream his terror attack." Slashdot reader echo123 points out that Discord confirmed that roughly 30 minutes before the attack a "small group" was invited to join the shooter's server. "None of the people he invited to review his writings appeared to have alerted law enforcement," reports the New York Times., "and the massacre played out much as envisioned."

But meanwhile, another Times article tells a tangentially-related story from 2019 about what ultimately happened to "a partial recording of a livestream by a gunman while he murdered 51 people that day at two mosques in Christchurch, New Zealand." For more than three years, the video has remained undisturbed on Facebook, cropped to a square and slowed down in parts. About three-quarters of the way through the video, text pops up urging the audience to "Share THIS...." Online writings apparently connected to the 18-year-old man accused of killing 10 people at a Buffalo, New York, grocery store Saturday said that he drew inspiration for a livestreamed attack from the Christchurch shooting. The clip on Facebook — one of dozens that are online, even after years of work to remove them — may have been part of the reason that the Christchurch gunman's tactics were so easy to emulate.

In a search spanning 24 hours this week, The New York Times identified more than 50 clips and online links with the Christchurch gunman's 2019 footage. They were on at least nine platforms and websites, including Reddit, Twitter, Telegram, 4chan and the video site Rumble, according to the Times' review. Three of the videos had been uploaded to Facebook as far back as the day of the killings, according to the Tech Transparency Project, an industry watchdog group, while others were posted as recently as this week. The clips and links were not difficult to find, even though Facebook, Twitter and other platforms pledged in 2019 to eradicate the footage, pushed partly by public outrage over the incident and by world governments. In the aftermath, tech companies and governments banded together, forming coalitions to crack down on terrorist and violent extremist content online. Yet even as Facebook expunged 4.5 million pieces of content related to the Christchurch attack within six months of the killings, what the Times found this week shows that a mass killer's video has an enduring — and potentially everlasting — afterlife on the internet.

"It is clear some progress has been made since Christchurch, but we also live in a kind of world where these videos will never be scrubbed completely from the internet," said Brian Fishman, a former director of counterterrorism at Facebook who helped lead the effort to identify and remove the Christchurch videos from the site in 2019....

Facebook, which is owned by Meta, said that for every 10,000 views of content on the platform, only an estimated five were of terrorism-related material. Rumble and Reddit said the Christchurch videos violated their rules and they were continuing to remove them. Twitter, 4chan and Telegram did not respond to requests for comment
For what it's worth, this week CNN also republished an email they'd received in 2016 from 4chan's current owner, Hiroyuki Nishimura. The gist of the email? "If I liked censorship, I would have already done that."

But Slashdot reader Bruce66423 also shares an interesting observation from The Guardian's senior tech reporter about the major tech platforms. "According to Hany Farid, a professor of computer science at UC Berkeley, there is a tech solution to this uniquely tech problem. Tech companies just aren't financially motivated to invest resources into developing it." Farid's work includes research into robust hashing, a tool that creates a fingerprint for videos that allows platforms to find them and their copies as soon as they are uploaded...

Farid: It's not as hard a problem as the technology sector will have you believe... The core technology to stop redistribution is called "hashing" or "robust hashing" or "perceptual hashing". The basic idea is quite simple: you have a piece of content that is not allowed on your service either because it violated terms of service, it's illegal or for whatever reason, you reach into that content, and extract a digital signature, or a hash as it's called.... That's actually pretty easy to do. We've been able to do this for a long time. The second part is that the signature should be stable even if the content is being modified, when somebody changes say the size or the color or adds text. The last thing is you should be able to extract and compare signatures very quickly.

So if we had a technology that satisfied all of those criteria, Twitch would say, we've identified a terror attack that's being live-streamed. We're going to grab that video. We're going to extract the hash and we are going to share it with the industry. And then every time a video is uploaded with the hash, the signature is compared against this database, which is being updated almost instantaneously. And then you stop the redistribution.

It's a problem of collaboration across the industry and it's a problem of the underlying technology. And if this was the first time it happened, I'd understand. But this is not, this is not the 10th time. It's not the 20th time. I want to emphasize: no technology's going to be perfect. It's battling an inherently adversarial system. But this is not a few things slipping through the cracks.... This is a complete catastrophic failure to contain this material. And in my opinion, as it was with New Zealand and as it was the one before then, it is inexcusable from a technological standpoint.
"These are now trillion-dollar companies we are talking about collectively," Farid points out later. "How is it that their hashing technology is so bad?

Paul Sawers writes via VentureBeat: It has been a frosty few years for Elastic and Amazon's AWS cloud computing arm, with the duo frequently locking horns over various issues relating to Elastic's ex-open-source database search engine -- Elasticsearch. To cut a War and Peace-esque story short, Amazon had introduced its own managed Elasticsearch service called Amazon Elasticsearch Service way back in 2015, and in the intervening years the "confusion" this (among other shenanigans) caused in the cloud sphere ultimately led Elastic to transition Elasticsearch from open source to "free and open" (i.e., a less permissive license), exerting more control over how the cloud giants of the world could use the product and Elasticsearch name. In response, Amazon launched an Elasticsearch "fork" called OpenSearch, and the two companies finally settled a long-standing trademark dispute, which effectively meant that Amazon would stop associating the Elasticsearch brand with Amazon's own products. This was an important final piece of the kiss-and-make-up puzzle, as it meant that customers searching for Elastic's fully-managed Elasticsearch service (Elastic Cloud) in the AWS Marketplace, wouldn't also stumble upon Amazon's incarnation and wonder which one they were actually looking for.

Fast-forward to today, and you would hardly know that the two companies were once at loggerheads. Over the past year, Elastic and Amazon have partnered to bring all manner of technologies and integrations to market, and they've worked to ensure that their shared customers can more easily onboard to Elastic Cloud within Amazon's infrastructure. Building on a commitment last month to make AWS and Elastic work even better together, Elastic and AWS today announced an even deeper collaboration, to "build, market and deliver" frictionless access to Elastic Cloud on AWS. In essence, this means that the two companies will go full-throttle on their "go-to-market" sales and marketing strategies -- this includes a new free 7-day trial for customers wanting to test-drive Elastic Cloud directly from the AWS Marketplace.

On top of that, AWS has committed to working with Elastic to generate new business across Amazon's various cloud-focused sales organizations -- this is a direct result of Elastic joining the AWS ISV Accelerate program. All of this has been made possible because of the clear and distinct products that now exist -- Amazon has OpenSearch, and Elastic has Elasticsearch, which makes collaboration that much easier. What does Amazon get for all of this? "Put simply, companies accessing Elastic's services on AWS infrastructure drive a lot of cloud consumption -- which translates into ka-ching for Amazon," adds Sawers.

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. From a report: In a letter to FTC Chair Lina Khan, the Senators charge that ID.me's CEO Blake Hall has offered conflicting statements about how his company uses the facial scan data it collects on behalf of the federal government and many states that use the ID proofing technology to screen applicants for unemployment insurance. The lawmakers say that in public statements and blog posts, ID.me has frequently emphasized the difference between two types of facial recognition: One-to-one, and one-to-many. In the one-to-one approach, a live video selfie is compared to the image on a driver's license, for example. One-to-many facial recognition involves comparing a face against a database of other faces to find any potential matches.

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. BleepingComputer reports: Bing allegedly performed the act in June 2018, when he used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers. This has resulted in the immediate crippling of large portions of Lianjia's operations, leaving tens of thousands of its employees without salaries for an extended period and forcing a data restoration effort that cost roughly $30,000. The indirect damages from the disruption of the firm's business, though, were far more damaging, as Lianjia operates thousands of offices, employs over 120,000 brokers, owns 51 subsidiaries, and its market value is estimated to be $6 billion.

"If you've visited a website in recent days and been randomly redirected to the same pages with sketchy "resources" or unwanted ads, it's likely the site in question was 1) built with WordPress tools and 2) hacked," reports Gizmodo. Details come from this blog post by researchers at Sucuri (a security provider owned by GoDaddy): As outlined in our latest hacked website report, we've been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the year — for example, according to PublicWWW, the April wave for this campaign was responsible for nearly 6,000 infected websites alone. Since these PublicWWW results only show detections for simple script injections, we can assume that the scope is significantly larger.

We recently investigated a number of WordPress websites complaining about unwanted redirects. Interestingly enough, they were found to be related to a new wave of this massive campaign and were sending website visitors through a series of website redirects to serve them unwanted ads. The websites all shared a common issue — malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files... This JavaScript was appended under the current script or under the head of the page where it was fired on every page load, redirecting site visitors to the attacker's destination.... Domains at the end of the redirect chain may be used to load advertisements, phishing pages, malware, or even more redirects....

At the time of writing, PublicWWW has reported 322 websites impacted by this new wave... Considering that this count doesn't include obfuscated malware or sites that have not yet been scanned by PublicWWW, the actual number of impacted websites is likely much higher. Our team has seen an influx in complaints for this specific wave of the massive campaign targeting WordPress sites beginning May 9th, 2022, which has impacted hundreds of websites already at the time of writing....

We expect the hackers will continue registering new domains for this ongoing campaign as soon as existing ones become blacklisted.
"It's important to note that these hacks are related to themes and plugins built by thousands of third-party developers using the open source WordPress software, not WordPress.com, which offers hosting and tools to build websites," Gizmodo points out. But this also cite this warning from Sucuri malware analyst Krasimir Konov: "This page tricks unsuspecting users into subscribing to push notifications from the malicious site. If they click on the fake CAPTCHA, they'll be opted in to receive unwanted ads even when the site isn't open — and ads will look like they come from the operating system, not from a browser," Konov wrote.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. According to this page at the Justice Department website, LEIA "provides federated search capabilities for both EPIC and external database repositories," including data classified as "law enforcement sensitive" and "mission sensitive" to the DEA.

A document published by the Obama administration in May 2016 (PDF) says the DEA's El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community. EPIC and LEIA also have access to the DEA's National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins). The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.

From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley. Weaver said it's clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases. "I don't think these [people] realize what they got, how much money the cartels would pay for access to this," Weaver said. "Especially because as a cartel you don't search for yourself you search for your enemies, so that even if it's discovered there is no loss to you of putting things ONTO the DEA's radar."

An anonymous reader quotes a report from TechCrunch: Google today announced the launch of AlloyDB, a new fully-managed PostgreSQL-compatible database service that the company claims to be twice as fast for transactional workloads as AWS's comparable Aurora PostgreSQL (and four times faster than standard PostgreSQL for the same workloads and up to 100 times faster for analytical queries). [...] AlloyDB is the standard PostgreSQL database at its core, though the team did modify the kernel to allow it to use Google's infrastructure to its fullest, all while allowing the team to stay up to date with new versions as they launch.

Andi Gutmans, who joined Google as its GM and VP of Engineering for its database products in 2020 after a long stint at AWS, told me that one of the reasons the company is launching this new product is that while Google has done well in helping enterprise customers move their MySQL and PostgreSQL servers to the cloud with the help of services like CloudSQL, the company didn't necessarily have the right offerings for those customers who wanted to move their legacy databases (Gutmans didn't explicitly say so, but I think you can safely insert 'Oracle' here) to an open-source service.

"There are different reasons for that," he told me. "First, they are actually using more than one cloud provider, so they want to have the flexibility to run everywhere. There are a lot of unfriendly licensing gimmicks, traditionally. Customers really, really hate that and, I would say, whereas probably two to three years ago, customers were just complaining about it, what I notice now is customers are really willing to invest resources to just get off these legacy databases. They are sick of being strapped and locked in." Add to that Postgres' rise to becoming somewhat of a de facto standard for relational open-source databases (and MySQL's decline) and it becomes clear why Google decided that it wanted to be able to offer a dedicated high-performance PostgreSQL service. The report also says Google spent a lot of effort on making Postgres perform better for customers that want to use their relational database for analytics use cases.

"The changes the team made to the Postgres kernel, for example, now allow it to scale the system linearly to over 64 virtual cores while on the analytical side, the team built a custom machine learning-based caching service to learn a customer's access patterns and then convert Postgres' row format into an in-memory columnar format that can be analyzed significantly faster."

Although it's supposed to be restricted by surveillance rules at local, state and federal levels, Immigration and Customs Enforcement (ICE) has built up a mass surveillance system that includes details on almost all US residents, according to a report from a major think tank. Engadget reports: Researchers from Georgetown Law's Center on Privacy and Technology said ICE "now operates as a domestic surveillance agency" and that it was able to bypass regulations in part by purchasing databases from private companies. "Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government's larger push to amass as much information as possible about all of our lives," the report's authors state. "By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time."

The researchers spent two years looking into ICE to put together the extensive report, which is called "American Dragnet: Data-Driven Deportation in the 21st Century." They obtained information by filing hundreds of freedom of information requests and scouring more than 100,000 contracts and procurement records. The agency is said to be using data from the Department of Motor Vehicles and utility companies, along with the likes of call records, child welfare records, phone location data, healthcare records and social media posts. ICE is now said to hold driver's license data for 74 percent of adults and can track the movement of cars in cities that are home to 70 percent of the adult population in the US.

The study shows that ICE, which falls under the Department of Homeland Security, has already used facial recognition technology to search through driver's license photos of a third of adults in the US. In 2020, the agency signed a deal with Clearview AI to use that company's controversial technology. In addition, the report states that when 74 percent of adults hook up gas, electricity, phone or internet utilities in a new residence, ICE was able to automatically find out their updated address. The authors wrote that ICE is able to carry out these actions in secret and without warrants. Along with the data it acquired from other government departments, utilities, private companies and third-party data brokers, "the power of algorithmic tools for sorting, matching, searching and analysis has dramatically expanded the scope and regularity of ICE surveillance," the report states. The agency spent around $2.8 billion on "new surveillance, data collection and data-sharing initiatives," according to the report. Approximately $569 million was spent on data analsys, including $186.6 million in contracts with Plantir Technologies.

"ICE also spent more than $1.3 billion on geolocation tech during that timeframe and $389 million on telecom interception, which includes tech that helps the agency track someone's phone calls, emails, social media activity and real-time internet use," adds Engadget.

An anonymous reader quotes a report from Engadget: Notorious facial recognition company Clearview AI has agreed to permanently halt sales of its massive biometric database to all private companies and individuals in the United States as part of a legal settlement with the American Civil Liberties Union, per court records. Monday's announcement marks the close of a two-year legal dispute brought by the ACLU and privacy advocate groups in May of 2020 against the company over allegations that it had violated BIPA, the 2008 Illinois Biometric Information Privacy Act. This act requires companies to obtain permission before harvesting a person's biometric information -- fingerprints, gait metrics, iris scans and faceprints for example -- and empowers users to sue the companies who do not.

In addition to the nationwide private party sales ban, Clearview will not offer any of its services to Illinois local and state law enforcement agencies (as well as all private parties) for the next five years. "This means that within Illinois, Clearview cannot take advantage of BIPA's exception for government contractors during that time," the ACLU points out, though Federal agencies, state and local law enforcement departments outside of Illinois will be unaffected. That's not all. Clearview must also end its free trial program for police officers, erect and maintain an opt-out page for Illinois residents, and spend $50,000 advertising it online. The settlement must still be approved by a federal judge before it takes effect. "Fourteen years ago, the ACLU of Illinois led the effort to enact BIPA -- a groundbreaking statute to deal with the growing use of sensitive biometric information without any notice and without meaningful consent," Rebecca Glenberg, staff attorney for the ACLU of Illinois, said in a statement. "BIPA was intended to curb exactly the kind of broad-based surveillance that Clearview's app enables. Today's agreement begins to ensure that Clearview complies with the law. This should be a strong signal to other state legislatures to adopt similar statutes."

After Russia invaded Ukraine in late February, "VPNs have been downloaded in Russia by the hundreds of thousands a day," reports the Washington Post, "a massive surge in demand that represents a direct challenge to President Vladimir Putin and his attempt to seal Russians off from the wider world.

"By protecting the locations and identities of users, VPNs are now granting millions of Russians access to blocked material...." Daily downloads in Russia of the 10 most popular VPNs jumped from below 15,000 just before the war to as many as 475,000 in March. As of this week, downloads were continuing at a rate of nearly 300,000 a day, according to data compiled for The Washington Post by the analytics firm Apptopia, which relies on information from apps, public data and an algorithm to come up with estimates. Russian clients typically download multiple VPNs, but the data suggests millions of new users per month. In early April, Russian telecom operator Yota reported that the number of VPN users was over 50 times as high as in January, according to the Tass state news service.

The Internet Protection Society, a digital rights group associated with jailed Russian opposition leader Alexei Navalny, launched its own VPN service last month and reached its limit of 300,000 users within 10 days, according to executive director Mikhail Klimarev. Based on internal surveys, he estimates that the number of VPN users in Russia has risen to roughly 30 percent of the 100 million Internet users in Russia. To combat Putin, "Ukraine needs Javelin and Russians need Internet," Klimarev said....

In the days before the war, and in the weeks since then, Russian authorities have also ratcheted up pressure on Google, asking the search engine to remove thousands of Internet sites associated with VPNs, according to the Lumen database, an archive of legal complaints related to Internet content. Google, which did not respond to a request for comment, still includes banned sites in search results.... Although downloading a VPN is technically easy, usually requiring only a few clicks, purchasing a paid VPN has become complicated in Russia, as Western sanctions have rendered Russian credit and debit cards nearly useless outside the country. That has forced many to resort to free VPNs, which can have spotty service and can sell information about users.

Vytautas Kaziukonis, chief executive of Surfshark — a Lithuania-based VPN that saw a 20-fold increase in Russian users in March — said some of those customers are now paying in cryptocurrencies or through people they know in third countries.
One 52-year-old told the Post that downloading a VPN "brought back memories of the 1980s in the Soviet Union, when he used a shortwave radio to hear forbidden news of dissident arrests on Radio Liberty, which is funded by the United States."

"We didn't know what was going on around us. That's true again now."