This month, Jaguar Health more than tripled the price of its lone FDA-approved drug, right after asking the federal government to expand the use of its drug to coronavirus patients. AmiMoJo shares a report: Jaguar Health drastically raised the price of a drug during the height of the pandemic, but executives argued the move was needed to stave off the company's collapse. Going into this year, the list price of a 60-pill bottle of Mytesi -- an antidiarrheal medication specifically for people with HIV/AIDS who are on antiretroviral drugs -- was $668.52. On April 9, Jaguar Health raised the price to $2,206.52, according to pricing data from Elsevier's Gold Standard Drug Database. On March 21, Jaguar Health asked the FDA to authorize emergency use of Mytesi for COVID-19 patients who were experiencing any diarrhea or "diarrhea associated with certain antiviral treatments" including remdesivir, among others.

One of the largest VPN companies, NordVPN, is rolling out NordLynx -- it's first mainstream WireGuard virtual private network for its Windows, Mac, Android and iOS client-software applications. ZDNet reports: NordVPN's own tests have shown NordLynx easily outperforms the other protocols, IKEv2/IPsec and OpenVPN. How much faster? According to NordVPN's 256,886 speed tests, "When a user connects to a nearby VPN server and downloads content that's served from a content delivery network (CDN) within a few thousand miles/kilometers, they can expect up to twice higher download and upload speed." While speed is what customers will notice, security experts like WireGuard for its code's simplicity. With only about 4,000 lines of code, WireGuard's code can be comprehensively reviewed by a single individual.

Besides WireGuard, NordVPN adds in its double Network Address Translation (NAT) system to protect users' privacy. This enables users to establish a secure VPN connection while storing no identifiable user data on a server. You're assigned a dynamic local IP address that remains assigned only while the session is active. User authentication is done with the help of a secure external database. To switch to NordLynx, users need to update their NordVPN app to the latest version. The NordLynx protocol can be chosen manually from the Settings menu.

An anonymous reader shares a report: Threat actors are selling over 267 million Facebook profiles for $623 on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials. Last month, security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States. For many of these records, they contained a user's full name, their phone number, and a unique Facebook ID. The ISP hosting the database eventually took the server offline after being contacted by Diachenko.

Zack Whittaker, reporting for TechCrunch: Since it exploded onto the scene in January after a newspaper expose, Clearview AI quickly became one of the most elusive, secretive, and reviled companies in the tech startup scene. The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it, and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles. But for a time, a misconfigured server exposed the company's internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview's source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code. The repository contained Clearview's source code, which could be used to compile and run the apps from scratch.

Advanced Micro Devices said it is adding three new 2nd-Gen AMD Epyc server processors that can deliver up to 50% lower cost of ownership than rival Intel Xeon processors. From a report: The chips are part of AMD's attempt to grab technology leadership away from Intel, which has long dominated the server chip market. AMD has had an advantage lately with its high-performance Zen 2 cores designed to handle database, high-performance computing, and hyper-converged infrastructure workloads, Dan McNamara, senior vice president at AMD's server business unit, said in a press briefing. The three new processors are the AMD Epyc 7F32 (with 8 computing cores), Epyc 7F52 (16 cores) and EPYC 7F72 (24 cores). They have up to 500MHz of additional base frequency and large amounts of cache memory. AMD said the design gives Epyc the world's highest per-core performance x86 server central-processing unit. The previous chips in the second generation of Epyc processors debuted in the third quarter of 2019. [...] The 7F32 is priced at $2,100, the 7F52 at $3,100, and the 7F72 at $2,450.

"In December, security researchers noticed an uptick in brute-force attacks against publicly exposed Microsoft SQL servers," reports CSOnline.

"It turns out the attacks go as far back as May 2018 and infect on average a couple thousand database servers every day with remote access Trojans and cryptominers."

Slashdot reader itwbennett writes: While the primary goal of the attack seems to be cryptocurrency mining, "what makes these database servers appealing for attackers apart from their valuable CPU power is the huge amount of data they hold," say researchers from Guardicore who investigated the attacks. The researchers also note that most machines (60%) stay infected only briefly, but "almost 20% of all breached servers remained infected for more than a week and even longer than two weeks," and 10% become reinfected...

[T]he attackers aggressively remove malware from competitors from targeted machines.
Many of the infected machines are located in America, India, South Korea, and Turkey, according to the article, which adds that the researchers traced the campaign back to China.

"The scans and attacks originate from Chinese IP addresses -- likely associated with infected and hijacked machines -- and the command-and-control servers are also hosted in China and use Chinese language for their web-based management interfaces."

Last week long-time tech pundit Robert Cringely predicted "the death of IT" in 2020 due to the widespread adoption of SD-WAN and SASE.

Now he's predicting "an even bigger bloodbath as IT employees at all levels are let go forever," including IT consultants and contractors. My IT labor death scenario now extends to process experts (generally consultants) being replaced with automation. In a software-defined network, whether that's SD-WAN or SASE, so much of what used to be getting discreet boxes to talk with one another over the network becomes a simple database adjustment. The objective, in case anyone forgets (as IT, itself, often does) is the improvement of the end-user experience, in this case through an automated process. With SD-WAN, for example, there are over 3,000 available Quality of Service metrics. You can say that Office 365 is a critical metric as just one example. Write a script to that effect into the SD-WAN database, deploy it globally with a keyclick and you are done...

It's slowly dawning on IBM [and its competitors] that they have to get rid of all those process experts and replace them with a few subject matter experts. Here's the big lesson: with SD-WAN and SASE the process no longer matters, so knowing the process (beyond a few silverbacks kept on just in case the world really does end) isn't good for business.
Cringely predicts the downgrading of corporate bonds will also put pressure on IBM and its competitors, perhaps ultimately leading to a sale or spin-off at IBM. "Either they sell the parts that don't make money, which is to say everything except Red Hat and mainframes, or they sell the whole darned thing, which is what I expect to happen."

With that he predicts thousands of layoffs or furloughs — and while the bond market puts IBM in a bigger bind, "this could apply in varying degrees to any IBM competitors."

An anonymous reader quotes a report from CNET: Marriott International said Tuesday that names, mailing addresses, loyalty account numbers and other personal information of an estimated 5.2 million guests may've been exposed in a data breach. This is the second major security incident to hit the hotel group in less than two years. Marriott said it spotted that an "unexpected amount" of guest information may've been accessed at the end of February using the login credentials of two employees at a franchise property. The hotel group said information exposed may include names, addresses, emails, phone numbers and birthdays as well as loyalty account details and information like room preferences. Marriott said the investigation is ongoing but that it doesn't believe credit card numbers, passport information or driver's license numbers were exposed. In 2018, Marriott announced that hackers compromised the reservation database for its Starwood division, exposing records of up to 383 million guests and more than 5 million passport numbers.

The Association for Computing Machinery (ACM) has made the ACM Digital Library open access to help support the computing community during the coronavirus pandemic. Founded in 1947, the ACM is the world's largest scientific and educational computing society and publishes over 50 journals, including the prestigious Journal of the ACM, and two general magazines for computer professionals, Communications of the ACM and Queue.

"We believe that ACM can help support research, discovery and learning during this time of crisis by opening the ACM Digital Library to all," writes ACM President Cherri Pancake in a letter on ACM.org. "For the next three months, there will be no fees assessed for accessing or downloading work published by ACM. We hope this will help researchers, practitioners and students maintain access to our publications as well as increasing visibility and awareness of ACM's journals, proceedings and magazines."

The ACM DL will continue to be open through June 30, 2020. "This global health crisis is a unique challenge that has impacted many ACM members," adds Pancake. "We would like to express our concern and support for all who are affected by this outbreak."

It's the largest free web hosting provider for dark web services. But remember back in 2018 when its 6,500 sites all went down after attackers accessed its database and deleted all its accounts?

It happened again -- for the second time in 16 months. And this time, ZDNet reports, Daniel's Host won't be coming back online for several months: Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal's entire database. This happened earlier this month, on March 10, at around 03:30 am UTC, according to a message posted on DH's now-defunct portal by Daniel Winzen, the German software developer behind the service.

Winzen said that an attacker accessed the DH backend and deleted all hosting-related databases. The attacker then deleted Winzen's database account and created a new one to use for future operations. Winzen discovered the hack the next morning, at which time most of the data was already lost.

The service doesn't keep backups by design.

In an email to ZDNet today, Winzen said he has yet to find out how the hacker breached the DH backend. However, since the dark web hosting service was more of a hobby, Winzen didn't look too much into it. "I am currently very busy with my day-to-day life and other projects, I decided to not spend too much time investigating," he told ZDNet...

Winzen said that users should consider the passwords for their DH accounts as "leaked" and change them if they used the same password for other accounts.
Winzen told ZDNet he still hopes to relaunch the service "at a later time" with "new features and improvements."

"Not having to administrate the services all the time will hopefully give me more time for actual development."

The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media. From the report: In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a dump of the company's user database. The database allegedly contains the details for 538 million Weibo users. Personal details include the likes of real names, site usernames, gender, location, and -- for 172 million users -- phone numbers. Passwords were not included, which explains why the hacker is selling the Weibo data for only $250.

Forbes reports that in a world filled with school closings and social isolation, gaming has surged: - Steam, the most popular digital PC gaming marketplace, reached new heights Sunday, drawing a record 20,313,451 concurrent users to the 16-year-old service, according to third-party database SteamDB

- Counter-Strike: Global Offensive, released by Steam-owner Valve in 2012, seems to be the top beneficiary of the increased engagement, breaking it's all-time peak on Sunday with 1,023,2290 concurrent players, topping its previous peak last month by a million, which itself beat the record set in April 2016...

- Activision Blizzard's new free-to-play battle royale spinoff Call of Duty: Warzone, launched March 10 on PC, Xbox One and PlayStation 4, is also likely benefiting, drawing in a staggering 15 million in three days, besting the record 10 million in three days by last year's battle royale sensation Apex Legends.
Polygon adds: Gaming saw a 75% increase, week over week, in data usage this March, Verizon said. Video games are proving to be a popular way to pass the time during lockdown -- though we're also starting to see the strain this is placing on various networks and services... Recently, Nintendo experienced a nine-hour network outage. Over the weekend, Xbox Live also went down, preventing users from online play.

Gaming adjacent tools and services are also seeing a surge. As our sibling site The Verge reports, live streaming platform Twitch had a 10% jump in viewership. The popular communication app Discord, meanwhile, recently saw server outages that coincided days after it expanded its screen sharing limit for users.

The games that people are playing themselves are changing in the wake of the coronavirus outbreak, too. Pokemon Go, for instance, has tweaked its mechanics to make it easier for people to play from home, while also changing its events to make it easier for people to play solo. And in an effort to entice its players to stay home, Rockstar vowed to add fun bonuses to the MMO for players who are "spending a little extra time at home." Elsewhere, game developers are starting to give out their games for free in an effort to help people stay indoors. It's no wonder we're seeing changes in usage, playtime, and outages across the board.

Longtime Slashdot reader dbart writes: With the near ubiquitous use of smartphones in America, it's sensible to seize upon this resource to help with the coronavirus pandemic. Here's my take on a way to use smartphones to deal with the pandemic:

America does not currently have a good coronavirus test -- but they are in development. Once a test is available there should be a smartphone app ready to deploy immediately. The app should work like this: A person would be tested for the virus at a testing station and the results of the test would be entered into the app's database. The person could then go about their business, such as going back to work. Upon arriving at the place of work, the person would bring up the app on their smartphone. The app would display some information to identify the subject that was tested along with a barcode. The employer would then scan in the barcode with the app on the employer's phone which will check with the central database and report back the results of their coronavirus test and the recency of the test. The employer would decide whether to allow the person into the workplace. This could similarly be used to safely allow entry to a restaurant, airplane, theater, sporting event, etc. -- thus getting the economy functioning again.

I've only presented a rough sketch of my idea about this above and there's many nuances to how this should work. It's obvious that everyone should be tested frequently for this to be effective. This would require testing on a massive scale, but considering the damage happening to the American economy, such massive testing could easily be justified. A capability as described above would get the American economy restarted at the soonest possible time and would allow society to function until a vaccine is available. It would also be a very valuable asset to epidemiological investigators. If an app was designed with enough forethought it could be deployed internationally. I'm hoping to get not just a Slashdot conversation but a larger conversation started about the use of technology to defeat this virus. Perhaps there's a Slashdotter with the skillsets to make this happen who would like to take this on. If anyone has a contact at the CDC please forward this post to them to insure that technological solutions such as this are being considered.

An anonymous reader quotes a report from The Verge: Repair specialist iFixit is building a database filled with repair information for the world's hospital equipment in anticipation of the increased demand caused by COVID-19, the disease caused by the novel coronavirus. In particular, it's calling for repair manuals for ventilators and BiPAP machines that can be used as ventilators. iFixit's database can be found here, and the company is calling for people to create new device pages and upload photographs and manuals.

There are currently few sources for repair manuals online. iFixit notes that resources like Frank's Hospital Workshop exist, but these are relatively small operations. Some manufacturers provide easy access to repair manuals on their websites, but others make them harder to find. There are a few different parts to iFixit's campaign beyond assembling a collection of manuals. Once it's got a manual, the company wants to format its information to make it as easy to understand as possible. It plans to break the manuals down into guides for individual repairs, to reformat them to make them more SEO-friendly, and to translate them into other languages. iFixit also wants to put together preventive maintenance guides so technicians can work to keep their equipment in good working order before it reaches the point of breaking down. iFixit is also asking people in the medical community "to provide information about which ventilators are currently in use as well as which parts are most likely to break," the report adds. If you have any manuals to contribute, you can upload them to iFixit directly or email the company.

An anonymous reader quotes a report from The New York Times: The coronavirus has now been identified in all 50 U.S. states, and more than 100 deaths in the country have been linked to the illness. Those known deaths, all from the past three weeks, come as the number of diagnoses has surged into the thousands as the virus has spread and as testing has expanded significantly. On Tuesday evening, West Virginia became the 50th state to report its first case.

As of Tuesday evening, at least 5,587 people across every state, plus Washington, D.C., and three U.S. territories, have tested positive for coronavirus, according to a New York Times database, and at least 101 patients with the virus have died. Several hundred new cases are now being identified each day, including about 700 on both Saturday and Sunday and nearly 900 on Monday. The pace of diagnosis is expected to quicken as the virus spreads and testing becomes more widely available. More state and private labs have started running tests for the coronavirus in recent days, increasing the capacity to identify new patients after weeks of delays and test kit shortages. For comparison, a total of 70 cases were reported in the U.S. at the start of the month.

"Since then, new cases have poured in, including more than 200 announced on Monday in New York State alone," the report adds. "More than 2,200 cases have been announced nationwide since Friday morning, and the virus is now spreading in parts of the country where it had not been identified as recently as a week ago."

An anonymous reader quotes the "Naked Security" blog of anti-virus company Sophos: Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.

Discovered by Comparitech's noted breach hunter Bob Diachenko, the AWS instance containing the MongoDB database became visible on 3 February, where it remained indexable by search engines for five days. Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards...

A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.
The article calls it "simply the latest example of how easy it is to leave sensitive data sitting in an unsecured state on cloud storage platforms." They cite two more high-profile databases that Comparitech found exposed on Elasticsearch just in 2020:

• A database containing 309 million Facebook user IDs, phone numbers and names
• A total of 250 million Microsoft customer support records dating back to 2005

Ars Technica's senior tech reporter took a long long at Google's reimplementation of Java in Android -- and the lawsuit filed against it by Oracle in 2010. And he discovers "a possible downside" to Oracle's stance on API copyrights. If anyone should understand the importance of such copying, it's Oracle. After all, Oracle got its start in the 1970s selling a database product based on the then-new structured query language (SQL). SQL was invented by IBM. And Oracle doesn't seem to have gotten a license to use it...

Oracle's copying of SQL seems pretty similar to Google's copying of Java. But an Oracle spokeswoman disagrees. "It's an incorrect premise, comparing apples with broccoli, and being completely divorced from the facts of the case," she wrote in a Tuesday email.

Long-time Slashdot reader AmiMoJo shares a startling report from the Washington Post: Whisper, the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed.

The data exposure, discovered by independent researchers and shown to The Washington Post, allowed anyone to access all of the location data and other information tied to anonymous "whispers" posted to the popular social app, which has claimed hundreds of millions of users. The records were viewable on a non-password-protected database open to the public Web. A Post reporter was able to freely browse and search through the records, many of which involved children: A search of users who had listed their age as 15 returned 1.3 million results.

The cybersecurity consultants Matthew Porter and Dan Ehrlich, who lead the advisory group Twelve Security, said they were able to access nearly 900 million user records from the app's release in 2012 to the present day. The researchers alerted federal law-enforcement officials and the company to the exposure.

Shortly after researchers and The Post contacted the company on Monday, access to the data was removed.

"Motherboard built and analyzed a database of over 500 iPhones seized by law enforcement," writes Slashdot reader em1ly. "It's a deep dive into the ongoing "Going Dark" conversation." Here's an excerpt from the report: Most of all, the records compiled by Motherboard show that the capability to unlock iPhones is a fluid issue, with an ebb and flow of law enforcement sometimes being able to access devices and others not. The data solidifies that some law enforcement officials do have trouble accessing data stored on iPhones. But ultimately, our findings lead experts to circle back to the fundamental policy question: should law enforcement have guaranteed access to iPhones, with the trade-offs in iPhone security that come with that?

Out of 516 analyzed cases, 295 were marked as executed. Officials from the FBI, DEA, DHS, Homeland Security and Investigations, the Bureau of Alcohol, Tobacco, Firearms and Explosives were able to extract data from iPhones in investigations ranging from arson, to child exploitation, to drug trafficking. And investigators executed warrants against modern iPhones, not just older models. In some cases, investigators obtained photos, text messages, call records, browsing data, cookies, and location data from seized iPhones. Some executed search warrants explicitly mention the type of extraction performed, such as so-called "Logical" or "Advanced Logical" extraction. The latter is a term with a meaning that varies between different phone data extraction companies, but generally it relates to creating a device backup as iTunes does normally and obtaining some more data on top of that, Vladimir Katalov, the CEO of iOS forensics firm Elcomsoft, told Motherboard. Katalov said those backups can contain the sorts of pieces of data that investigators obtained, and is available to all models of iPhone.

Hanwang Technology, a Chinese firm specializing in facial recognition software, says it can now identify people that are wearing masks to protect against the coronavirus. The company says it used a sample database of around 6 million unmasked faces and a smaller database of masked faces to create the system. The Next Web reports: The Beijing-based firm, which also goes by the English name Hanvon, began to develop the tech in January, as people in China began donning face masks in their droves. The system was rolled out just one month later. Hanwang Vice President Huang Lei says the system's recognition rate reached about 95% when people wore a mask -- still some way below its regular success rate of 99.5%.

China's SenseTime, the world's most valuable AI startup, announced in February that it had also adapted its product to identify people wearing masks. Such developments have led critics to claim that the coronavirus is being used as an excuse to ramp up surveillance. In the case of Hanwang, there is still one way to hide from its system: wearing the fashionable combination of both a face mask and sunglasses.