A widespread outage affecting over 600,000 routers connected to Windstream's Kinetic broadband service left customers without internet access for several days last October, according to a report by security firm Lumen Technologies' Black Lotus Labs. The incident, dubbed "Pumpkin Eclipse," is believed to be the result of a deliberate attack using commodity malware known as Chalubo to overwrite router firmware. Windstream, which has about 1.6 million subscribers in 18 states, has not provided an explanation for the outage. The company sent replacement routers to affected customers, many of whom reported significant financial losses due to the disruption. ArsTechnica adds: After learning of the mass router outage, Black Lotus began querying the Censys search engine for the affected router models. A one-week snapshot soon revealed that one specific ASN experienced a 49 percent drop in those models just as the reports began. This amounted to the disconnection of at least 179,000 ActionTec routers and more than 480,000 routers sold by Sagemcom. The constant connecting and disconnecting of routers to any ISP complicates the tracking process, because it's impossible to know if a disappearance is the result of the normal churn or something more complicated. Black Lotus said that a conservative estimate is that at least 600,000 of the disconnections it tracked were the result of Chaluba infecting the devices and, from there, permanently wiping the firmware they ran on. After identifying the ASN, Black Lotus discovered a complex multi-path infection mechanism for installing Chaluba on the routers.

The staggering electricity demand needed to power next-generation technology is forcing the US to rely on yesterday's fuel source: coal. From a report: Retirement dates for the country's ageing fleet of coal-fired power plants are being pushed back as concerns over grid reliability and expectations of soaring electricity demand force operators to keep capacity online. The shift in phasing out these facilities underscores a growing dilemma facing the Biden administration as the US race to lead in artificial intelligence and manufacturing drives an unprecedented growth in power demand that clashes with its decarbonisation targets. The International Energy Agency estimates the AI application ChatGPT uses nearly 10 times as much electricity as Google Search.

An estimated 54 gigawatts of US coal powered generation assets, about 4 per cent of the country's total electricity capacity, is expected to be retired by the end of the decade, a 40 per cent downward revision from last year, according to S&P Global Commodity Insights, citing reliability concerns. "You can't replace the fossil plants fast enough to meet the demand," said Joe Craft, chief executive of Alliance Resource Partners, one of the largest US coal producers. "In order to be a first mover on AI, we're going to need to embrace maintaining what we have." Operators slowing down retirements include Alliant Energy, which last week delayed plans to convert its Wisconsin coal-fired plant to gas from 2025 to 2028. Earlier this year, FirstEnergy announced it was scrapping its 2030 target to phase out coal, citing "resource adequacy concerns." Further reading: Data Centers Could Use 9% of US Electricity By 2030, Research Institute Says.

Google has confirmed the authenticity of 2,500 leaked internal documents detailing the company's data collection practices. The documents offer insights into Google's closely guarded search ranking algorithm. However, Google cautioned against making inaccurate assumptions based on incomplete information. The Verge adds: The leaked material suggests that Google collects and potentially uses data that company representatives have said does not contribute to ranking webpages in Google Search, like clicks, Chrome user data, and more. The thousands of pages of documents act as a repository of information for Google employees, but it's not clear what pieces of data detailed are actually used to rank search content -- the information could be out of date, used strictly for training purposes, or collected but not used for Search specifically. The documents also do not reveal how different elements are weighted in search, if at all.

Alphabet's Google and augmented reality startup Magic Leap are forming a strategic technology partnership and working on building immersive experiences that blend the physical and digital worlds. From a report: Magic Leap said in a blog post on Thursday that the two companies have agreed to a partnership. While short on details, the announcement adds to signals that Google may be plotting a return to the market for augmented and virtual reality (AR/VR) technologies that it so far has largely yielded to rivals Meta and Apple. The partnership would combine Florida-based Magic Leap's expertise in optics and device manufacturing with Google's technology platforms, Magic Leap said.

An anonymous reader quotes a report from Ars Technica: Yesterday, Amazon failed to convince a US district court to dismiss the Federal Trade Commission's lawsuit targeting the tech giant's alleged history of tricking people into signing up for Prime. The FTC has alleged that Amazon "tricked, coerced, and manipulated consumers into subscribing to Amazon Prime," a court order said, failing to get informed consent by designing a murky sign-up process. And to keep subscriptions high, Amazon also "did not provide simple mechanisms for these subscribers to cancel their Prime memberships," the FTC alleged. Instead, Amazon forced "consumers intending to cancel to navigate a four-page, six-click, fifteen-option cancellation process." In their motion to dismiss, Amazon outright disputed these characterizations of its business, insisting its enrollment process was clear, its cancellation process was simple, and none of its executives could be held responsible for failing to fix these processes when "accidental" sign-ups became widespread. Amazon defended its current practices, arguing that some of its Prime disclosures "align with practices that the FTC encourages in its guidance documents." But the judge apparently did not find Amazon's denials completely persuasive. Viewing the FTC's complaint "in the light most favorable to the FTC," Judge John Chun concluded that "the allegations sufficiently indicate that Amazon had actual or constructive knowledge that its Prime sign-up and cancellation flows were misleading consumers."

In his order (PDF), Chun also denied individual motions to dismiss from Amazon executives Russell Grandinetti, Neil Lindsay, and Jamil Ghani, who oversaw Prime operations. Executives had urged the court to dismiss the FTC's claims against them. They argued that the FTC "singled them out 'for an 'unprecedented sanction'" when the agency had "only recently started prosecuting companies for using 'dark patterns'" under Restore Online Shoppers' Confidence Act (ROSCA) and the FTC Act. They claimed that the FTC never alerted them to any wrongdoing before filing the lawsuit, so how could they have known they were violating the law? According to Chun, however, the FTC sufficiently alleged that each of these executives knew they were violating consumer protection laws when prioritizing profits over eliminating dark patterns triggering "accidental" or "nonconsensual" Prime sign-ups. Chun explained that executives may be "personally liable for corporate violations of the FTC Act if the individual 'participated directly in, or had the authority to control, the unlawful acts or practices at issue.'"

For example, when Lindsay -- who in 2016 had the "most responsibility for the Prime subscription program" -- was "asked about Amazon's use of dark patterns during the Prime enrollment process," Lindsay justified the dark patterns. "Lindsay explained that once consumers become Prime members -- even unknowingly -- they will see what a great program it is and remain members, so Amazon is 'okay' with the situation," Chun's order said. And when Grandinetti, who "oversaw the Prime subscription program" in 2018, was told that the sign-up process and auto-renew feature frustrated customers, he "vetoed any changes that would reduce enrollment." Because executives seemingly prioritized profits over reducing customer friction, the FTC alleged that reasonable customers got sucked into Prime without their consent. Sometimes customers understandably got confused by the "discrepancy in size, location, and color" of Amazon's disclosures, Chun suggested. Other times, confusion struck when Amazon tried to upsell customers on Prime at checkout -- pairing their enrollment with their other shopping experience.

A survey of 12,000 people in six countries -- Argentina, Denmark, France, Japan, the UK, and the USA -- found that very few people are regularly using AI products like ChatGPT. Unsurprisingly, the group bucking the trend are young people ages 18 to 24. The BBC reports: Dr Richard Fletcher, the report's lead author, told the BBC there was a "mismatch" between the "hype" around AI and the "public interest" in it. The study examined views on generative AI tools -- the new generation of products that can respond to simple text prompts with human-sounding answers as well as images, audio and video. "Large parts of the public are not particularly interested in generative AI, and 30% of people in the UK say they have not heard of any of the most prominent products, including ChatGPT," Dr Fletcher said.

This research attempted to gauge what the public thinks, finding:
- The majority expect generative AI to have a large impact on society in the next five years, particularly for news, media and science
- Most said they think generative AI will make their own lives better
- When asked whether generative AI will make society as a whole better or worse, people were generally more pessimistic In more detail, the study found: - While there is widespread awareness of generative AI overall, a sizable minority of the public -- between 20% and 30% of the online population in the six countries surveyed -- have not heard of any of the most popular AI tools.
- In terms of use, ChatGPT is by far the most widely used generative AI tool in the six countries surveyed, two or three times more widespread than the next most widely used products, Google Gemini and Microsoft Copilot.
- Younger people are much more likely to use generative AI products on a regular basis. Averaging across all six countries, 56% of 18-24s say they have used ChatGPT at least once, compared to 16% of those aged 55 and over.
- Roughly equal proportions across six countries say that they have used generative AI for getting information (24%) as creating various kinds of media, including text but also audio, code, images, and video (28%).
- Just 5% across the six countries covered say that they have used generative AI to get the latest news.

Last August, PayPal became the first major financial company to roll out a stablecoin. Labeled PayPal USD, or PYUSD, the coin was issued on the Ethereum blockchain and "fully backed by U.S. dollar deposits, short-term Treasuries and similar cash equivalents." Now, the financial company is adding Solana as an option, "making PayPal's stablecoin faster and cheaper to use."

"The Solana blockchain is known for processing massive amounts of transactions at high speeds with extremely low costs, providing significant benefits for commerce use cases," says the company in a press release. "As the most used blockchain for stablecoin transfers, according to data from blockchain analytics platform Artemis, Solana has emerged as the leading blockchain to run tokenized transactions and is ideal for PYUSD as it continues to be used for payment use cases."

An anonymous reader quotes a report from Ars Technica: When used to generate power or move vehicles, fossil fuels kill people. Particulates and ozone resulting from fossil fuel burning cause direct health impacts, while climate change will act indirectly. Regardless of the immediacy, premature deaths and illness prior to death are felt through lost productivity and the cost of treatments. Typically, you see the financial impacts quantified when the EPA issues new regulations, as the health benefits of limiting pollution typically dwarf the costs of meeting new standards. But some researchers from Lawrence Berkeley National Lab have now done similar calculations -- but focusing on the impact of renewable energy. Wind and solar, by displacing fossil fuel use, are acting as a form of pollution control and so should produce similar economic benefits. Do they ever. The researchers find that, in the U.S., wind and solar have health and climate benefits of over $100 for every Megawatt-hour produced, for a total of a quarter-trillion dollars in just the last four years. This dwarfs the cost of the electricity they generate and the total of the subsidies they received. [...]

As a result, the environmental and health benefits of wind in 2022 are estimated as being $143 for each Mw-hr, with solar providing $100/Mw-hr in benefits. Given the amount of power generated by wind and solar that year, that works out to a total of $62 billion and $12 billion, respectively. For the entire 2019-2022 period, they total up to $250 billion. Due to the uncertainties in various estimates, the researchers estimate that the real value for wind is somewhere between $91 and $183 per Mw-hr, with solar having a proportionate uncertainty. For comparison, they note that the unsubsidized costs of the electricity produced by wind and solar range from $20 to $60 per Mw-hr, depending on where the facility is sited. So, in some ways, the companies that own these plants are only receiving a very small fraction of the benefits of their operation. Wind and solar do receive subsidies, but even the most generous ones provided by the Inflation Reduction Act max out below $35/Mw-hr -- again, far less than the health and environmental benefits. The researchers note that most of these benefits (about 75 percent) come from the reduction in carbon dioxide emissions. Still, the nitrogen and sulfur emissions reductions were also substantial: They displaced the equivalent of roughly 20 percent of the power sector's total emissions of these chemicals. That translates into avoiding about 1,400 premature deaths in 2022 alone. The researchers acknowledge a number of limitations to their work. "One big one is that they don't include distributed solar at all, meaning their totals for that form of production are a significant underestimate," reports Ars, noting that the Energy Information Agency estimates that, in the U.S., distributed solar accounts for over 30 percent of total solar production. "It also, as mentioned, doesn't account for the use of storage such as batteries, which are increasingly used to offset the tail-off in solar production in the evenings."

"In addition, their work doesn't account for the intermittency of renewable power sources, which can sometimes result in the use of less efficient fossil fuel plants and so offset some of these benefits. The drop of wind and solar prices are also influencing decisions on what types of fossil fuel plants are getting built, disfavoring coal and increasing investments in natural gas plants that can respond quickly to changes in renewable output. Over the long term, this will result in additional benefits that can't be captured by this sort of short-term analysis."

The study has been published in the journal Cell Reports Sustainability.

schwit1 shares a report from NPR: When you first approach this bridge over Interstate 66 in northern Virginia, it may feel like you're driving on the wrong side of the road. Because, in a way, you are. "There were a lot of people who looked at me like I was a little nuts," says traffic engineer Gilbert Chlewicki, the inventor of this unconventional interchange. "Like, why are you putting me on the other side of the road?" Chlewicki agreed to meet at this intersection 35 miles west of Washington, D.C. to explain the workings of the diverging diamond interchange, as it's known. He was easy to spot, wearing a neon yellow vest for safety.

As you enter the interchange, the right and left sides of the road cross over each other at a stop light. You are, in fact, driving on the left side of the road at this point. From there, left turns become a lot easier, because there's no oncoming traffic in the way. Instead of waiting for a signal, you get a free left turn. "When we do the cross-over to the left side of the road, that's when the left turns happen, so the left is very easy," says Chlewicki. That means diverging diamond interchanges can be both more efficient and safer than conventional intersections with left turn lanes. There are now more than 200 of them across the U.S., in more than 30 states. But at first, it wasn't easy to convince other traffic engineers. "Anything different is a hard sell," Chlewicki said. "Safety was the big question." In 2009, Missouri became the first state to install a diverging diamond interchange (DDI) at a congested intersection in Springfield. This new design quickly reduced traffic congestion and significantly improved safety, with crashes decreasing by 40-50%.

However, drivers have mixed feelings about the design. Some, like school bus driver Logan Wilcox, feel it can be confusing and potentially dangerous for unfamiliar drivers. Others, like local driver Greg Peterson, praise it for improving traffic flow and reducing accidents.

Satellite-to-phones service provider AST SpaceMobile announced a deal with Verizon to provide remote coverage across the United States. "Verizon's deal effectively includes a $100 million raise for AST, as well, in the form of $65 million in commercial service prepayments and $35 million in debt via convertible notes," reports CNBC. "The companies said that $45 million of the prepayments 'are subject to certain conditions' such as needed regulatory approvals and signing of a definitive commercial agreement." Shares of AST jumped 69% in trading to close at $9.02 a share -- the largest single day rise for the company's stock since it went public in 2021. From the report: AST SpaceMobile is building satellites to provide broadband service to unmodified smartphones, in the nascent "direct-to-device" communications market. [...] The Verizon partnership follows a similar pattern to AT&T's work with AST. Back in January, AT&T was a co-debt investor in the company alongside Google and Vodafone. The companies then established the commercial agreement earlier this month, which "lays out in much more detail how we will ultimately offer service together," AST's Chief Strategy Officer Scott Wisniewski said in a statement to CNBC. [...] AST expects to launch its first five commercial satellites later this year.

Michael Larabel reports via Phoronix: A massive uptick in traffic to Fedora's package mirrors is causing problems for the Linux distribution. Some five million additional systems have started putting additional strain on Fedora's mirror resources since March and appear to be coming from Amazon's cloud. Stephen Smoogen of Red Hat wrote a blog post today around 5+ million more EPEL-7 systems beginning in March. Fedora hosts the packaging mirrors for Extra Packages For Enterprise Linux (EPEL) to augment the package selection available on RHEL, CentOS, Amazon Linux, etc.

The past three months now there has been a 5+ million surge in Fedora/EPEL traffic and it's placed a strain on the systems. It's about doubling the number of unique IPs connecting to the mirror system. The massive uptick in Fedora/EPEL activity puts additional pressure on Fedora web proxies for mirror data and then the mirrors themselves that tend to be volunteer run. Much of this new traffic is coming from the Amazon/AWS cloud.

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."

The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster-Live Nation, compromising the personal data more than half a billion users. "This massive 1.3 terabytes of data, is now being offered for sale on Breach Forums for a one-time sale for $500,000," reports Hackread. From the report: ShinyHunters has allegedly accessed a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks. The hacker group's bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.

Salesforce shares dropped as much as 17% in extended trading due to weaker-than-expected revenue and guidance that fell short of Wall Street expectations. "Revenue in the fiscal first quarter, which ended April 30, increased 11% from $8.25 billion a year earlier," reports CNBC. "It's the first time since 2006 that Salesforce fell short on revenue, according to LSEG data." From the report: Salesforce called for adjusted earnings per share in the current quarter of $2.34 to $2.36 on $9.2 billion to $9.25 billion in revenue. Analysts surveyed by LSEG had expected $2.40 in adjusted earnings per share on $9.37 billion in revenue. [...] Salesforce saw budget scrutiny and longer deal cycles than usual during the quarter, president and operating chief Brian Millham told analysts on a conference call. Management implemented go-to-market changes that cut into bookings, Millham said.

All five of Salesforce's product areas contributed to the growth. But revenue from the Professional Services and Other category, at $548 million, was down 9% and under the StreetAccount consensus of $572.9 million. Net income jumped to $1.53 billion, or $1.56 per share, from $199 million, or 20 cents per share a year ago.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as "proxies" that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe -- but predominantly in the United States. 911 built its proxy network mainly by offering "free" virtual private networking (VPN) services. 911's VPN performed largely as advertised for the user -- allowing them to surf the web anonymously -- but it also quietly turned the user's computer into a traffic relay for paying 911 S5 customers. 911 S5's reliability and extremely low prices quickly made it one of the most popular services among denizens of the cybercrime underground, and the service became almost shorthand for connecting to that "last mile" of cybercrime. Namely, the ability to route one's malicious traffic through a computer that is geographically close to the consumer whose stolen credit card is about to be used, or whose bank account is about to be emptied.

In July 2022, KrebsOnSecurity published a deep dive into 911 S5, which found the people operating this business had a history of encouraging the installation of their proxy malware by any means available. That included paying affiliates to distribute their proxy software by secretly bundling it with other software. That story named Yunhe Wang from Beijing as the apparent owner or manager of the 911 S5 proxy service. In today's Treasury action, Mr. Wang was named as the primary administrator of the botnet that powered 911 S5. Update, May 29, 12:26 p.m. ET: The U.S. Department of Justice (DOJ) just announced they have arrested Wang in connection with the 911 S5 botnet. The DOJ says 911 S5 customers have stolen billions of dollars from financial institutions, credit card issuers, and federal lending programs. [...] The third man sanctioned is Yanni Zheng, a Chinese national the U.S. Treasury says acted as an attorney for Wang and his firm -- Spicy Code Company Limited -- and helped to launder proceeds from the business into real estate holdings. Spicy Code Company was also sanctioned, as well as Wang-controlled properties Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited. "911 S5 customers allegedly targeted certain pandemic relief programs," a DOJ statement on the arrest reads. "For example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion. Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by 911 S5. Millions of dollars more were similarly identified by financial institutions in the United States as loss originating from IP addresses compromised by 911 S5."

"Jingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang," the document continues. "These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats."