An anonymous reader quotes a report from MacRumors: iOS 18, iPadOS 18, and macOS Sequoia feature a new, dedicated Passwords app for faster access to important credentials. The Passwords app replaces iCloud Keychain, which is currently only accessible via a menu in Settings. Now, passwords are available directly via a standalone app for markedly quicker access, bringing it more in line with rival services. The Passwords app consolidates various credentials, including passwords, passkeys, and Wi-Fi passwords, into a single, easily accessible location. Users can filter and sort their accounts based on various criteria, such as recently created accounts, credential type, or membership in shared groups.

Passwords is also compatible with Windows via the iCloud for Windows app, extending its utility to users who operate across different platforms. The developer beta versions of iOS 18, iPadOS 18, and macOS Sequoia are available today with official release to the public scheduled for the fall, providing an early look at the Passwords app.

Copycats are stepping up their attacks on small businesses. Sellers of products including merino socks and hummingbird feeders say they have lost customers to online scammers who use the legitimate business owners' videos, logos and social-media posts to assume their identities and steer customers to cheap knockoffs or simply take their money. WSJ: "We used to think you'd be targeted because you have a brand everywhere," said Alastair Gray, director of anticounterfeiting for the International Trademark Association, a nonprofit that represents brand owners. "It now seems with the ease at which these criminals can replicate websites, they can cut and paste everything." Technology has expanded the reach of even the smallest businesses, making it easy to court customers across the globe. But evolving technology has also boosted opportunities for copycats; ChatGPT and other advances in artificial intelligence make it easier to avoid language or spelling errors, often a signal of fraud.

Imitators also have fine-tuned their tactics, including by outbidding legitimate brands for top position in search results. "These counterfeiters will market themselves just like brands market themselves," said Rachel Aronson, co-founder of CounterFind, a Dallas-based brand-protection company. Policing copycats is particularly challenging for small businesses with limited financial resources and not many employees. Online giants such as Amazon.com and Meta Platforms say they use technology to identify and remove misleading ads, fake accounts or counterfeit products.

It was "a catastrophic IT failure," writes Computer Weekly. It was nearly two years ago that Birmingham City Council, the largest local authority in Europe, "declared itself in financial distress" — effectively declaring bankruptcy — after the costs on an Oracle project costs ballooned from $25 million to around $125.5 million.

But Computer Weekly's investigation finds signs that the program board and its manager wanted to go live in April of 2022 "regardless of the state of the build, the level of testing undertaken and challenges faced by those working on the programme." One manager's notes "reveal concerns that the program manager and steering committee could not be swayed, which meant the system went live despite having known flaws." Computer Weekly has seen notes from a manager at BCC highlighting a number of discrepancies in the Birmingham City Council report to cabinet published in June 2023, 14 months after the Oracle system went into production. The report stated that some critical elements of the Oracle system were not functioning adequately, impacting day-to-day operations. The manager's comments reveal that this flaw in the implementation of the Oracle software was known before the system went live in April 2022... An insider at Birmingham City Council who has been closely involved in the project told Computer Weekly it went live "despite all the warnings telling them it wouldn't work"....

Since going live, the Oracle system effectively scrambled financial data, which meant the council had no clear picture of its overall finances. The insider said that by January 2023, Birmingham City Council could not produce an accurate account of its spending and budget for the next financial year: "There's no way that we could do our year-end accounts because the system didn't work."
A June 2023 report to cabinet "stated that due to issues with the council's bank reconciliation system, a significant number of transactions had to be manually allocated to accounts rather than automatically via the Oracle system," according to the article. But Computer Weekly has seen a 2019 presentation slide deck showing the council was already aware that Oracle's out-of-the-box bank reconciliation system "did not handle mixed debtor/non-debtor bank files. The workaround suggested was either a lot of manual intervention or a platform as a service (PaaS) offering from Evosys, the Oracle implementation partner contracted by BCC to build the new IT system."

The article ultimately concludes that "project management failures over a number of years contributed to the IT failure."

The BBC reports that British tech tycoon Mike Lynch "has been cleared of fraud charges he faced in the U.S. over the $11bn (£8.6bn) sale of his software firm to Hewlett-Packard in 2011." A jury in San Francisco found him not guilty on all counts in a stunning victory for Mr Lynch, who had been accused of inflating the value of Autonomy, his company, ahead of its sale. Mr Lynch, who faced more than 20 years in prison if convicted, had denied the charges and took the stand to defend himself.

In his testimony, he maintained he had focused on technology not accounting, distancing himself from other executives, including the company's former chief financial officer who was already successfully prosecuted for fraud... Mr Lynch made £500m from the sale. Just a year later, HP wrote down the value of Autonomy by $8.8bn. Years of legal battles followed. The company's chief financial officer, Sushovan Hussain, was found guilty of fraud in 2018 and later sentenced to five years in prison...

Mr Lynch's team pushed the argument that HP had failed to properly vet the deal and mismanaged the takeover, while he testified he was uninvolved with the transactions being described.
Lynch's lawyers said the verdict "closes the book on a relentless 13-year effort to pin HP's well-documented ineptitude on Dr Lynch. Thankfully, the truth has finally prevailed."

Thanks to Slashdot reader Bruce66423 for sharing the news.

Wired visits Chula Vista, California (population: 275,487) — where since 2018 drones have been dispatched by police "teleoperators" monitoring 911 calls. ("Noise complaints, car accidents, overdoses, domestic disputes...") After nearly 20,000 drone flights, it's become the envy of other police departments, according to Wired's article, as other police departments "look to expand their use of unmanned aerial aircraft." The [Chula Vista] department says that its drones provide officers with critical intelligence about incidents they are responding to ahead of initiating in-person contact — which the CVPD says has reduced unnecessary police contacts, decreased response times, and saved lives. But a WIRED investigation paints a complicated picture of the trade-offs between public safety and privacy. In Chula Vista, drone flight paths trace a map of the city's inequality, with poorer residents experiencing far more exposure to the drones' cameras and rotors than their wealthier counterparts, a WIRED analysis of nearly 10,000 drone flight records from July 2021 to September 2023 found. The drones, often dispatched for serious incidents like reports of armed individuals, are also routinely deployed for minor issues such as shoplifting, vandalism, and loud music. [Drones are sent in response to about 1 in every 14 calls.] Early in the Covid-19 pandemic, the city even used drones to broadcast public service announcements to homeless encampments.

Despite the police promoting the benefits of the "Drone as First Responder" program, residents who encounter the technology day-to-day report feeling constantly watched. Some say they are afraid to spend time in their backyards; they fear that the machines are following them down the street, spying on them while they use the public pool or change their clothes. One resident says that he was so worried that the drones were harassing him that he went to the emergency room for severe depression and exhaustion. [A 60-year-old professor told Wired that the sound of drones kept them awake at night.]

The police drones, equipped with cameras and zoom lenses powerful enough to capture faces clearly and constantly recording while in flight, have amassed hundreds of hours of video footage of the city's residents. Their flight paths routinely take them over backyards and above public pools, high schools, hospitals, churches, mosques, immigration law firms, and even the city's Planned Parenthood facility. Privacy advocates argue that the extensive footage captured by the drones makes it difficult to distinguish between flights responding to specific incidents and mass surveillance from the sky. Department secrecy around the recordings remains the subject of ongoing litigation... At the time of our analysis, approximately one in 10 drone flights listed on the department's transparency portal lacked a stated purpose and could not be connected to any relevant 911 call.

"Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments," reports BleepingComputer: In a report Wednesday, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine... Once on the target system, the payload checks if it runs in a VMware ESXi environment by executing the 'uname' command and looking for 'vmkernel.' Next, a "TargetInfo.txt" file is created and sent to the command and control (C2) server. It contains victim information such as hostname, IP address, OS details, logged-in users and privileges, unique identifiers, and details about the encrypted files and directories. The ransomware will encrypt files that have VM-related extensions (vmdk, vmem, vswp, vmx, vmsn, nvram), appending the ".locked" extension to the resulting files.

Finally, a ransom note named "HOW TO DECRYPT.txt" is dropped, containing instructions for the victim on how to pay the ransom and retrieve a valid decryption key. "After all tasks have been completed, the shell script deletes the payload using the 'rm -f x' command so all traces that can be used in post-incident investigations are wiped from impacted machines."

Thanks to long-time Slashdot reader joshuark for sharing the article.

A worker at a retail store in an airport has been charged with stealing thousands of dollars in electronics and clothing, reports the Washington Post. But what's more interesting is what led to his arrest...

A woman showed up at his home looking for the missing luggage that she'd tracked with her Apple Watch. CNN reports: Paola Garcia told CNN affiliate WPLG in Miami that she usually takes her suitcase onboard, but this time, she was told she had to check it. Garcia waited at least two hours for her pink roller bag, which contained an Apple MacBook, Apple iPad, Apple Watch, jewelry, high-end woman's clothing and toiletries. It never came out on the luggage belt. In her WPLG interview, Garcia said that Spirit Airlines told her that her luggage had been sent to her house. The luggage never came.

But Garcia explored another avenue with her own electronic tracker. Garcia, not named in the affidavit, later pinged the electronic items inside the bag to try and locate them, and the ping showed them at an address in Fort Lauderdale, the affidavit said... While at the house, she took video and still pictures, where she saw "several pieces of luggage in the front of the home," none of which were her own, the affidavit said. Garcia told WPLG that she dialed 911. "The first thing I remember the police told me is: 'What are you doing here? This is so dangerous for you to be here.' "

When a detective with the Broward County Sheriff's Office searched the address within the airport's employee databases, he found that Bazile reportedly lived at the address. Bazile was listed as working at a Paradies Lagardère Travel Retail store at the airport and was working on the day of the theft, according to the affidavit.
So apparently when the airline said the luggage had been sent to her house — they were wrong. In fact when police contacted a store manager, "he provided the detective with internal CCTV footage from the day of the incident," CNN reports, "which allegedly showed Bazile entering the store's storage room with a pink shell roller bag, matching the description of the stolen bag, and rummaging through the luggage, the affidavit said.

"He then appeared to take the MacBook and other smaller items out of the luggage and put them in other bags."

Yelp can pursue a lawsuit accusing a reputation management company of fraudulently advertising its ability to remove "bad" reviews from the business review website. From a report: In a decision late Thursday night, U.S. District Judge William Alsup in San Francisco said Yelp can pursue trademark infringement and unfair competition claims against ReviewVio, which operates as Dandy. Yelp said ReviewVio's ads, which include the Yelp logo, harmed its reputation by suggesting that businesses could pay for artificially inflated star ratings.

This allegedly undercut honest businesses that will not pay to remove negative reviews, and undermined the usefulness of Yelp's website to consumers. Yelp also said it lost ad revenue from businesses that paid for "review gating," which the company prohibits, or incorrectly believed that Yelp endorsed the practice.

Retailers are struggling to rein in the proliferation of scammers tricking Americans into buying thousands of dollars' worth of gift cards. From a report: The Federal Trade Commission estimates that Americans lost at least $217 million to gift card scams last year. That number is likely higher, given many victims are too embarrassed to report to law enforcement. Cracking down on gift card scams was a hot topic this week at the National Retail Federation's (NRF) cybersecurity conference in Long Beach, California.

Some gift card scams start with texts from people pretending to be tech support, your boss, the government or a wrong number. Eventually, those conversations lead to someone asking the victim to buy gift cards on their behalf and send the barcode number to them via text. Others involve criminals in physical locations, tampering with a gift card to access the barcode information and then stealing the funds without taking the actual card. Each scam targets vulnerable populations: elderly, less-tech savvy people; those who are lonely and work from home; and even young kids, experts say.

An anonymous reader shares a report: Two senior officials working for anti-terror police in Bangladesh allegedly collected and sold classified and personal information of citizens to criminals on Telegram, TechCrunch has learned. The data allegedly sold included national identity details of citizens, cell phone call records and other "classified secret information," according to a letter signed by a senior Bangladeshi intelligence official, seen by TechCrunch.

The letter, dated April 28, was written by Brigadier General Mohammad Baker, who serves as a director of Bangladesh's National Telecommunications Monitoring Center, or NTMC, the country's electronic eavesdropping agency. Baker confirmed the legitimacy of the letter and its contents in an interview with TechCrunch. "Departmental investigation is ongoing for both the cases," Baker said in an online chat, adding that the Bangladeshi Ministry of Home Affairs ordered the affected police organizations to take "necessary action against those officers." The letter, which was originally written in Bengali and addressed to the senior secretary of the Ministry of Home Affairs Public Security Division, alleges the two police agents accessed and passed "extremely sensitive information" of private citizens on Telegram in exchange for money.

Some artists are jumping ship for the anti-AI portfolio app Cara after Meta began using Instagram content to train its AI models. Fast Company explains: The portfolio app bills itself as a platform that protects artists' images from being used to train AI, and only allowing AI content to be posted if it's clearly labeled. Based on the number of new users the Cara app has garnered over the past few days, there seems to be a need. Between May 31 and June 2, Cara's user base tripled from less than 100,000 to more than 300,000 profiles, skyrocketing to the top of the app store. [...] Cara is a social networking app for creatives, in which users can post images of their artwork, memes, or just their own text-based musings. It shares similarities with major social platforms like X (formerly Twitter) and Instagram on a few fronts. Users can access Cara through a mobile app or on a browser. Both options are free to use. The UI itself is like an arts-centric combination of X and Instagram. In fact, some UI elements seem like they were pulled directly from other social media sites. (It's not the most innovative approach, but it is strategic: as a new app, any barriers to potential adoption need to be low).

Cara doesn't train any AI models on its content, nor does it allow third parties to do so. According to Cara's FAQ page, the app aims to protect its users from AI scraping by automatically implementing "NoAI" tags on all of its posts. The website says these tags "are intended to tell AI scrapers not to scrape from Cara." Ultimately, they appear to be html metadata tags that politely ask bad actors not to get up to any funny business, and it's pretty unlikely that they hold any actual legal weight. Cara admits as much, too, warning its users that the tags aren't a "fully comprehensive solution and won't completely prevent dedicated scrapers." With that in mind, Cara assesses the "NoAI" tagging system as a "a necessary first step in building a space that is actually welcoming to artists -- one that respects them as creators and doesn't opt their work into unethical AI scraping without their consent."

In December, Cara launched another tool called Cara Glaze to defend its artists' work against scrapers. (Users can only use it a select number of times.) Glaze, developed by the SAND Lab at University of Chicago, makes it much more difficult for AI models to accurately understand and mimic an artist's personal style. The tool works by learning how AI bots perceive artwork, and then making a set of minimal changes that are invisible to the human eye but confusing to the AI model. The AI bot then has trouble "translating" the art style and generates warped recreations. In the future, Cara also plans to implement Nightshade, another University of Chicago software that helps protect artwork against AI scapers. Nightshade "poisons" AI training data by adding invisible pixels to artwork that can cause AI software to completely misunderstand the image. Beyond establishing shields against data mining, Cara also uses a third party service to detect and moderate any AI artwork that's posted to the site. Non-human artwork is forbidden, unless it's been properly labeled by the poster.

Google will delete everything it knows about users' previously visited locations, the company has said, a year after it committed to reducing the amount of personal data it stores about users. From a report: The company's "timeline" feature -- previously known as Location History -- will still work for those who choose to use it, letting them scroll back through potentially decades of travel history to check where they were at a specific time. But all the data required to make the feature work will be saved locally, to their own phones or tablets, with none of it being stored on the company's servers.

In an email sent by the company to Maps users, seen by the Guardian, Google said they have until 1 December to save all their old journeys before it is deleted for ever. Users will still be able to back up their data if they're worried about losing it or want to sync it across devices but that will no longer happen by default. The company is also reducing the default amount of time that location history is stored for. Now, it will begin to delete past locations after just three months, down from a previous default of a year and a half. In a blogpost announcing the changes, Google didn't cite a specific reason for the updates, beyond suggesting that users may want to delete information from their location history if they are "planning a surprise birthday party."

An anonymous reader quotes a report from Reuters: Google parent Alphabet must face a lawsuit worth up to $17.4 billion for allegedly abusing its dominance in the online advertising market, London's Competition Appeal Tribunal (CAT) ruled on Wednesday. The lawsuit, which seeks damages on behalf of publishers of websites and apps based in the United Kingdom, is the latest case to focus on the search giant's business practices. Ad Tech Collective Action is bringing the claim on behalf of publishers who say they have suffered losses due to Google's allegedly anti-competitive behavior.

Google last month urged the CAT to block the case, which it argued was incoherent. The company "strongly rejects the underlying allegations", its lawyers said in court documents. The CAT said in a written ruling that it would certify the case to proceed towards a trial, which is unlikely to take place before the end of 2025. The tribunal also emphasized the test for certifying a case under the UK's collective proceedings regime -- which is roughly equivalent to the United States' class action regime -- is relatively low. "Google works constructively with publishers across the UK and Europe," Google legal director Oliver Bethell said in a statement. Bethell added: "This lawsuit is speculative and opportunistic. We'll oppose it vigorously and on the facts."

An anonymous reader quotes a report from the New York Times: Israel organized and paid for an influence campaign last year targeting U.S. lawmakers and the American public with pro-Israel messaging, as it aimed to foster support for its actions in the war with Gaza, according to officials involved in the effort and documents related to the operation. The covert campaign was commissioned by Israel's Ministry of Diaspora Affairs, a government body that connects Jews around the world with the State of Israel, four Israeli officials said. The ministry allocated about $2 million to the operation and hired Stoic, a political marketing firm in Tel Aviv, to carry it out, according to the officials and the documents. The campaign began in October and remains active on the platform X. At its peak, it used hundreds of fake accounts that posed as real Americans on X, Facebook and Instagram to post pro-Israel comments. The accounts focused on U.S. lawmakers, particularly ones who are Black and Democrats, such as Representative Hakeem Jeffries, the House minority leader from New York, and Senator Raphael Warnock of Georgia, with posts urging them to continue funding Israel's military.

ChatGPT, the artificial intelligence-powered chatbot, was used to generate many of the posts. The campaign also created three fake English-language news sites featuring pro-Israel articles. The Israeli government's connection to the influence operation, which The New York Times verified with four current and former members of the Ministry of Diaspora Affairs and documents about the campaign, has not previously been reported. FakeReporter, an Israeli misinformation watchdog, identified the effort in March. Last week, Meta, which owns Facebook and Instagram, and OpenAI, which makes ChatGPT, said they had also found and disrupted the operation. The secretive campaign signals the lengths Israel was willing to go to sway American opinion on the war in Gaza.

A federal court jury in Seattle has ruled against Boeing in a lawsuit brought by failed electric airplane startup Zunum and awarded $81 million in damages -- which the judge has the option to triple. From a report: Zunum alleged that Boeing, while ostensibly investing seed money to get the startup off the ground, stole Zunum's technology and actively undermined its attempts to build a business. It accused Boeing of "a targeted and coordinated campaign" to gain access to its "business plan, market and technological analysis, and other trade secrets and proprietary information," then using that to develop its own hybrid-electric plane design.

Zunum also accused Boeing of sabotaging its efforts to attract funding from aerospace suppliers Safran and United Technologies. The jury found that Boeing had misappropriated Zunum's trade secrets and breached its contract with the startup. It also found that Boeing's actions were "willful and malicious," which opens the door for the judge to award triple damages plus legal costs in a case that has already been running for more than four years.

An anonymous reader quotes a report from Wired: When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the"magical" things about it was that the data doesn't leave your laptop; theWindows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long. Two weeks ahead ofRecall's launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.

Dubbed TotalRecall -- yes, after the 1990 sci-fi film -- the tool can pull all the information that Recall saves into its main database on a Windows laptop. "The database is unencrypted. It's all plain text," Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. "It's a Trojan 2.0 really, built in," Hagenah says, adding that he built TotalRecall -- which he's releasing on GitHub -- in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches. [...] TotalRecall, Hagenah says, can automatically work out where the Recall database is on a laptop and then make a copy of the file, parsing all the data as it does so. While Microsoft's new Copilot+ PCs aren't out yet, it's possible to use Recall by emulating a version of the devices. "It does everything automatically," he says. The system can set a date range for extracting the data -- for instance, pulling information from only one specific week or day. Pulling one day of screenshots from Recall, which stores its information in an SQLite database, took two seconds at most, Hagenah says.

Included in what the database captures are screenshots of whatever is on your desktop -- a potential gold mine for criminal hackers or domestic abusers who may physically access their victim's device. Images include captures of messages sent on encrypted messaging apps Signal and WhatsApp, and remain in the captures regardless of whether disappearing messages are turned on in the apps. There are records of websites visited and every bit of text displayed on the PC. Once TotalRecall has been deployed, it will generate a summary about the data; it is also possible to search for specific terms in the database. Hagenah says an attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that's captured by Recall. Hagenah's work builds on findings from cybersecurity researcher Kevin Beaumont, who has detailed how much information Recall captures and how easy it can be to extract it.

An anonymous reader quotes a report from TorrentFreak: A popular GitHub repo and over 120 forks containing Switch emulation tutorials have been targeted by Nintendo. While most forks are now disabled, the main repository has managed to survive after being given the opportunity to put things right. Whether Nintendo appreciated the irony is unclear, but it appears that use of encoding as a protection measure to obfuscate links, was no match for the video game company's circumvention skills. [...] The Switch Emulators Guide was presented in the context of piracy, something made clear by a note on the main page of the original repo which stated that the tutorial was made, in part, for use on the /r/NewYuzuPiracy subreddit. Since the actions of Yuzu and its eventual demise are part of the unwritten framework for similar takedowns, that sets the tone (although not the legal basis) in favor of takedown.

When asked to provide a description and URL pointing to the copyrighted content allegedly infringed by the repos, Nintendo states that the works are the 'Nintendo Switch firmware" and various games protected by technological protection measures (TPM) which prevent users from unlawfully copying and playing pirated games. The notice states the repos 'provide access' to keys that enable circumvention of its technical measures. "The reported repositories offer and provide access to unauthorized copies of cryptographic keys that are used to circumvent Nintendo's Technological Measures and infringe Nintendo's intellectual property rights. Specifically, the reported repositories provide to users unauthorized copies of cryptographic keys (prod.keys) extracted from the Nintendo Switch firmware," Nintendo writes.

"The prod.keys allow users to bypass Nintendo's Technological Measures for digital games; specifically, prod.keys allow users to decrypt and play Nintendo Switch games in unauthorized ways. Distribution of keys without the copyright owner's authorization is a violation of Section 1201 of the DMCA." Nintendo further notes that unauthorized distribution of prod.keys "facilitates copyright infringement by permitting users to play pirated versions of Nintendo's copyright-protected game software on systems without the Nintendo Technological Measures or systems on which Nintendo's Technological Measures have been disabled." Since the prod.keys are extracted from the Nintendo Switch firmware, which is also protected by copyright, distribution amounts to "infringement of Nintendo Switch firmware itself."

Given that the repo's stated purpose was to provide information on how to circumvent Nintendo's technical protection measures, it's fairly ironic that it appears to have used technical measures itself to hinder detection. "The reported repositories attempt to evade detection of their illegal activities by providing access to prod.keys and unauthorized copies of Nintendo's firmware and video games via encoded links that direct users to third-party websites to download the infringing content," Nintendo explains in its notice. "The repositories provide strings of letters and numbers and then instruct users to 'use [private] to decode the lines of strings given here to get an actual link.' The decoded links take users to sites where they can access the prod.keys and unauthorized copies of Nintendo's copyright-protected material." The image below shows the encoded links (partially redacted) that allegedly link to the content in question on third-party sites. To hide their nature, regular URLs are encoded using Base64, a binary-to-text encoding scheme that transforms them into a sequence of characters. Those characters can be decoded to reveal the original URL using online tools.

A Google contractor used admin privileges to access private information from Nintendo's YouTube account about an upcoming Yoshi game in 2017, which later made its way to Reddit before Nintendo announced the game, according to a copy of an internal Google database detailing potential privacy and security incidents obtained by 404 Media. From the report: The news provides more clarity on how exactly a Redditor, who teased news of the new Yoshi game, which was later released as Yoshi's Crafted World in 2019, originally obtained their information. A screenshot in the Reddit post shows a URL that starts with www.admin.youtube.com, which is a Google corporate login page. "Google employee deliberately leaked private Nintendo information," the entry in the database reads. The database obtained by 404 Media includes privacy and security issues that Google's own employees reported internally.

An anonymous reader quotes a report from CBC News: Online streaming services operating in Canada will be required to contribute five percent of their Canadian revenues to support the domestic broadcasting system, the country's telecoms regulator said on Tuesday. The money will be used to boost funding for local and Indigenous broadcasting, officials from the Canadian Radio-television and Telecommunications Commission (CRTC) said in a briefing. "Today's decision will help ensure that online streaming services make meaningful contributions to Canadian and Indigenous content," wrote CRTC chief executive and chair Vicky Eatrides in a statement.

The measure was introduced under the auspices of a law passed last year designed to make sure that companies like Netflix make a more significant contribution to Canadian culture. The government says the legislation will ensure that online streaming services promote Canadian music and stories, and support Canadian jobs. Funding will also be directed to French-language content and content created by official language minority communities, as well as content created by equity-deserving groups and Canadians of diverse backgrounds. The release also said that online streaming services will "have some flexibility" to send their revenues to support Canadian television directly. [...]

The measure, which will start in the 2024-2025 broadcasting year, would raise roughly $200 million annually, CRTC officials said. It will only apply to services that are not already affiliated with Canadian broadcasters. The CMPA was among 20 screen organizations from around the world that signed a statement in January asking governments to impose stronger regulations on streaming companies operating in local markets. One of the demands was a measure that would force companies profiting from their presence in those markets to contribute financially to the creation of new local content."We are disappointed by today's decision and concerned by the negative impact it will have on Canadian consumers. We are assessing the decision in full, but this onerous and inflexible financial levy will be harmful to consumer choice," a spokesperson for Prime Video wrote to CBC News in a statement.

An anonymous reader quotes a report from The Register: Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It's believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker. The pilfered information is said to include individuals' full names, addresses, and address history going back at least three decades, social security numbers, and people's parents, siblings, and relatives, some of whom have been dead for nearly 20 years. According to USDoD, this info was not scraped from public sources, though there may be duplicate entries for people in the database.

Fast forward to this month, and the infosec watchers at VX-Underground say they've not only been able to view the database and verify that at least some of its contents are real and accurate, but that USDoD plans to leak the trove. Judging by VX-Underground's assessment, the 277.1GB file contains nearly three billion records on people who've at least lived in the United States -- so US citizens as well as, say, Canadians and Brits. This info was allegedly stolen or otherwise obtained from National Public Data, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. There is a small silver lining, according to the VX team: "The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present." So, we guess this is a good lesson in opting out.