Businesses

Netflix To Open Branded Retail Stores For Some Reason (engadget.com) 43

As reported by Bloomberg, Netflix plans to open a number of brick-and-mortar retail locations, called Netflix House, in 2025. Engadget reports: The stores will sell merchandise based on hit Netflix shows, so you can finally snag that Lincoln Lawyer coffee mug you've always dreamed of. Netflix House establishments will also offer dining and curated live experiences. To the latter point, the two initial locations are going to feature an obstacle course based on Squid Game. This seems to miss the point of the show's brutal satire of modern capitalism, but that's been par for the course since it took the world by storm back in 2021.

Netflix House will also boast rotating art installations based on hit shows and live performances to excite fans. Additionally, the in-house restaurant will serve cuisine and drinks originally featured on the streamer's many unscripted food-based reality shows. The menu will range from fast casual to high-end dining.

The first two locations should open up in the US some time in 2025, though Netflix hasn't said where, with more global outlets to come at a later date. Why the big global push? Josh Simon, the company's vice president of consumer products, told Bloomberg that its customers "love to immerse themselves in the world of our movies and TV shows, and we've been thinking a lot about how we take that to the next level." [...] The company's still finalizing details regarding menus, locations and just about everything else. It has more than a year, after all, to set up shop.

AI

ChatGPT Is Being Used To Declassify Redacted Government Docs 61

Last month, OpenAI launched GPT-4 with vision (GPT-4V), allowing the chatbot to read and respond to questions about images. One of the many ways AI users are using this new feature is to decode redacted government documents on UFO sightings. "ChatGPT-4V Multimodal decodes a redacted government document on a UFO sighting released by NASA," one tweet raves. "Maybe the truth isn't out there; it's right here in GPT-V." Decrypt reports: Trying to fill gaps in a string of text is basically what LLMs do. The user did the next best thing when trying to test GPT-V's capabilities and made it guess parts of a text that he censored. "Nearly 100% intent accuracy." he reported. Of course, it's hard to verify whether its guess at what's otherwise obscured is accurate -- it's not like we can ask the CIA how well it did peering through the black lines. Some other ways users are utilizing GPT-4V include: deciphering a doctor's handwriting; understanding medical images, such as X-rays, and receiving analysis and insights for specific medical cases; providing information about the nutritional content of meals or food items; assisting interior design enthusiasts by offering design suggestions based on personal preferences and images of living spaces; and proving technical analysis for stocks and cryptocurrencies based on screenshots.
Bitcoin

FTX Used Python Code To Fake Its Insurance Fund Figure (cointelegraph.com) 104

Tom Mitchelhill reports via CoinTelegraph: Crypto exchange FTX used hidden Python code to misrepresent the value of its insurance fund -- a pool of funds meant to prevent user losses during huge liquidation events -- according to testimony from FTX co-founder Gary Wang. In a damning testimony on Oct. 6, FTX's former chief technology officer, Gary Wang, said that FTX's so-called $100 million insurance fund in 2021 was fabricated and never contained any of the exchanges' FTX tokens (FTT) as claimed. Instead, the figure shown to the public was calculated by multiplying the daily trading volume of the FTX Token by a random number close to 7,500.

When the prosecution surfaced the above tweet -- among other public statements of its value -- and asked Wang whether this amount was accurate, he replied with a single word: "No." "For one, there is no FTT in the insurance fund. It's just the USD number. And, two, the number listed here does not match what was in the database." An exhibit in the Oct. 6 trial shows the alleged code used to generate the size of the so-called "Backstop Fund" or public insurance fund.

FTX's insurance fund was designed to protect user losses in case of huge, sudden market movements and its value was often touted on its website and social media. According to Wang's testimony, however, the amount contained within the fund was often insufficient to cover these losses. [...] In addition to revealing the allegedly fraudulent nature of FTX's insurance fund, Wang claimed that Bankman-Fried prompted him and Nishad Singh to implement an "allow_negative" balance feature in the code at FTX, which allowed Alameda Research to trade with near-unlimited liquidity on the crypto exchange.

Security

State-backed Hackers Are Exploiting New 'Critical' Atlassian Zero-Day Bug (techcrunch.com) 18

Microsoft says Chinese state-backed hackers are exploiting a "critical"-rated zero-day vulnerability in Atlassian software to break into customer systems. From a report: The technology giant's threat intelligence team said in a post on X, formerly Twitter, that it has observed a nation-state threat actor it calls Storm-0062 exploiting a recently disclosed critical flaw in Atlassian Confluence Data Center and Server. Microsoft has previously identified Storm-0062 as a China-based state-sponsored hacker.

Microsoft said it observed in-the-wild abuse of the maximum rated 10.0 vulnerability, tracked as CVE-2023-22515, since September 14, some three weeks before Atlassian's public disclosure on October 4. A bug is considered a zero-day when the vendor -- in this case Atlassian -- has zero time to fix the bug before it is exploited. Atlassian updated its advisory this week to confirm it has "evidence to suggest that a known nation-state actor" is exploiting the bug, which the company says could allow a remote attacker to create unauthorized administrator accounts to access Confluence servers. Atlassian's Confluence is a widely popular collaborative wiki system used by corporations around the world to organize and share work.

AI

UK Opposition Leader Targeted By AI-Generated Fake Audio Smear (therecord.media) 49

An anonymous reader quotes a report from The Record: An audio clip posted to social media on Sunday, purporting to show Britain's opposition leader Keir Starmer verbally abusing his staff, has been debunked as being AI-generated by private-sector and British government analysis. The audio of Keir Starmer was posted on X (formerly Twitter) by a pseudonymous account on Sunday morning, the opening day of the Labour Party conference in Liverpool. The account asserted that the clip, which has now been viewed more than 1.4 million times, was genuine, and that its authenticity had been corroborated by a sound engineer.

Ben Colman, the co-founder and CEO of Reality Defender -- a deepfake detection business -- disputed this assessment when contacted by Recorded Future News: "We found the audio to be 75% likely manipulated based on a copy of a copy that's been going around (a transcoding). As we don't have the ground truth, we give a probability score (in this case 75%) and never a definitive score ('this is fake' or 'this is real'), leaning much more towards 'this is likely manipulated' than not," said Colman. "It is also our opinion that the creator of this file added background noise to attempt evasion of detection, but our system accounts for this as well," he said.

Security

Hacktivism Erupts In Response To Hamas-Israel War (techcrunch.com) 340

An anonymous reader quotes a report from TechCrunch: Several groups of hacktivists have targeted Israeli websites with floods of malicious traffic following a surprise land, sea and air attack launched against Israel by militant group Hamas on Saturday, which prompted Israel to declare war and retaliate. Israeli newspaper The Jerusalem Post reported Monday that since Saturday morning its website was down "due to a series of cyberattacks initiated against us." At the time of writing, the paper's website still appeared down.

Rob Joyce, director of cybersecurity at the National Security Agency, reportedly said at a conference on Monday that there have been denial of service (DDoS) attacks and defacements of websites, without attributing the cyberattacks to particular groups. "But we're not yet seeing real [nation] state malicious actors," Joyce reportedly said. [...] Joyce's remarks appear to confirm findings of security researcher Will Thomas, who told TechCrunch that he has seen more than 60 websites taken down with DDoS attacks, and more than five websites that were defaced as of Monday.

It is common for hacktivist groups to launch cyberattacks during armed conflict, similar to what happened in Ukraine. These hackers are often not affiliated with any governments but rather a decentralized group of politically motivated hackers. Their activities can disrupt websites and services, but are far more limited compared to the activities of nation-state hacking groups. Researchers and government agencies like the NSA say they have only seen activity by hacktivists so far in this Hamas-Israel conflict.
"The thing that has surprised me about the hacktivism surrounding this conflict is the amount of international groups involved, such as those allegedly from Bangladesh, Pakistan, and Morocco all also targeting Israel in support of Palestine," said Thomas. "We also seen long-time threat actors returning who have participated in attacks and spread them using the hashtag #OpIsrael for years."

"I have seen several posts of cybercriminal service operators such as DDoS-for-Hire or Initial Access Brokers offering their services to those wanting to target Israel or Palestine," he added.
Programming

States Are Calling For More K-12 CS Classes. Now They Need the Teachers. (edweek.org) 114

Long-time Slashdot reader theodp writes: "42 states to go!" exclaimed Code.org to its 1+ million Twitter followers as it celebrated victorious efforts to pass legislation making North Carolina the 8th state to pass a high school computer science graduation requirement, bringing the tech-backed nonprofit a step closer to its goal of making CS a requirement for a HS diploma in all 50 states. But as states make good on pledges made to tech CEOs to make their schoolchildren CS savvy, Education Week cautions that K-12 CS has a big certified teacher shortage problem.
From the article: When trying to ensure all students get access to the knowledge they need for college and careers, sometimes policy can get ahead of teacher capacity. Computer science is a case in point. As of 2022, every state in the nation has passed at least one law or policy intended to promote K-12 computer science education, and 53 percent of high schools offered basic computer science courses that year, according to the nonprofit advocacy group Code.org."

"'There's big money behind making [course offerings] go up higher and faster,' thanks to federal and state grants as well as private foundations, said Paul Bruno, an assistant professor of education policy, organization, and leadership at the University of Illinois Urbana-Champaign. "But then that raises the question, well, who are we getting to teach these courses...?"

Bruno's work in states such as California and North Carolina suggests that few of those new computer science classes are staffed with teachers who are certified in that subject."

Bitcoin

NChain's CEO 'Departs', Claims Evidence Craig Wright Manipulated Bitcoin Creation Documents (forbes.com) 46

Bitcoin creator Satoshi Nakamoto may or may not be businessman Craig Wright, who in 2015 founded the blockchain-tech company nChain.

But nChain's recently-departed CEO Christen Ager-Hanssen's thinks Wright is not Satoshi — and that's just the beginning. According to Forbes Ager-Hanssen went as far as "to leak emails suggesting former gambling billionaire Calvin Ayre, who has heavily backed the company doesn't believe Wright, nChain's chief scientist, is Satoshi Nakamoto.

The alleged email from Ayre begins by citing Wright's "litigation disaster"...' I have been operating under the assumption that you and Ramona have the keys and that you were simply pretending not to have them as part of some strategy that you have trapped yourself in. But now that we are looking at a situation where continuing to deny you have them ruins your life and damages your supporters, I am forced to make a tough decision... There is zero reason to continue to pretend you do not have the keys if you really have them... So either you are a moron for intentionally losing this case, or you are a moron for actually not having the keys... either way, I am not following you over the cliff...
But Ager-Hanssen also shared some thoughts of his own: I can confirm I have departed from nChain Global as its Group CEO with immediate effect after reporting several serious issues to the board of nChain Group including what I believe is a conspiracy to defraud nChain shareholders orchestrated by a significant shareholder. I also had concerns about the ultimate beneficiary shareholder and the real people behind DW Discovery fund registered in Cayman. The chairman also took instructions from shadow directors which I didn't accept.

I have also reported that I have found compelling evidence that Dr Craig Wright has manipulated documents with the aim to deceive the court he is Satoshi. I'm today myself convinced that Dr Craig Wright is NOT Satoshi and I'm persuaded he will lose all his legal battles. The board didn't take action and my job becomes clearly untenable. One of the things I recommended the Chairman of the board was to sack Dr Craig Wright.

I feel sorry for all the great people that work in the company but I don't want to be part of something I clearly don't believe in. #faketoshi

Forbes also notes an X (Twitter) account calling itself "Satoshi Nakamoto" with the handle @Satoshi has posted for the first time since 2018 — though X's community notes feature added: "This isn't the real Satoshi Nakamoto, creator of bitcoin. Its an account related to Craig Wright, who claims to be Satoshi with no material proof."

Thanks to long-time Slashdot reader UnknowingFool for sharing the news.
Privacy

23andMe Scraping Incident Leaked Data On 1.3 Million Users (therecord.media) 25

Jonathan Greig writes via The Record: Genetic testing giant 23andMe confirmed that a data scraping incident resulted in hackers gaining access to sensitive user information and selling it on the dark web. The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data and more. 23andMe processes saliva samples submitted by customers to determine their ancestry.

When asked about the post, the company initially denied that the information was legitimate, calling it a "misleading claim" in a statement to Recorded Future News. The company later said it was aware that certain 23andMe customer profile information was compiled through unauthorized access to individual accounts that were signed up for the DNA Relative feature -- which allows users to opt in for the company to show them potential matches for relatives. [...] When pressed on how compromising a handful of user accounts would give someone access to millions of users, the spokesperson said the company does not believe the threat actor had access to all of the accounts but rather gained unauthorized entry to a much smaller number of 23andMe accounts and scraped data from their DNA Relative matches.

A researcher approached Recorded Future News after examining the leaked database and found that much of it looked real. [...] The researcher downloaded two files from the BreachForums post and found that one had information on 1 million 23andMe users of Ashkenazi heritage. The other file included data on more than 300,000 users of Chinese heritage. The data included profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user has opted into 23andme's health data. The researcher added that he discovered another issue where someone could enter a 23andme profile ID, like the ones included in the leaked data set, into their URL and see someone's profile. The data available through this only includes profile photos, names, birth years and location but does not include test results.

Microsoft

Microsoft Launches New Web App Store for Windows 21

Microsoft has launched a new web version of its app store for Windows. From a report: It's designed as a replacement for the existing way to find Windows apps on the web, with links from the site opening in the Microsoft Store client on Windows 10 or Windows 11. The software giant has ditched its old React codebase from its previous web version of the Microsoft Store and replaced it with a modern web version that uses Shoelace, Lit, Vite, and a C# ASPNET backend. "The old site was a React codebase built on an obsoleted UI framework," explains Microsoft engineer Judah Gabriel in a post on X (formerly Twitter). "We created a fresh user experience with a thoughtfully designed interface, easier ways to discover new apps, modern web tech stack. I hope folks will find it useful."
AI

4chan Uses Bing To Flood the Internet With Racist Images (404media.co) 132

samleecole writes: 4chan users are coordinating a posting campaign where they use Microsoft Bing's AI text-to-image generator to create racist images that they can then post across the internet. The news shows how users are able to manipulate free to access, easy to use AI tools to quickly flood the internet with racist garbage, even when those tools are allegedly strictly moderated. "We're making propaganda for fun. Join us, it's comfy," the 4chan thread instructs. "MAKE, EDIT, SHARE."

A visual guide hosted on Imgur that's linked in that post instructs users to use AI image generators, edit them to add captions that make them seem like political campaigns, and post them to social media sites, specifically Telegram, Twitter, and Instagram. 404 Media has also seen these images shared on a TikTok account that has since been removed. People being racist is not a technological problem. But we should pay attention to the fact that technology is "to borrow a programming concept" 10x'ing racist posters, allowing them to create more sophisticated content more quickly in a way we have not seen online before. Perhaps more importantly, they are doing so with tools that are allegedly "safe" and moderated so strictly, to a point where they will not generate completely harmless images of Julius Caesar. This means we are currently getting the worst of both worlds from Bing, an AI tool that will refuse to generate a nipple but is supercharging 4chan racists.

Technology

Men Overran a Job Fair For Women In Tech (wired.com) 692

"Every year the Grace Hopper Celebration, a conference and career fair aimed at non-males, brings women in the tech industry together," writes long-time Slashdot reader piojo. "This year, a large number of men showed up. The women were not pleased." Wired reports: AnitaB.org, the nonprofit that runs the conference, said there was "an increase in participation of self-identifying males" at this year's event. The nonprofit says it believes allyship from men is important and noted it cannot ban men from attending due to federal nondiscrimination protections in the US. Organizers expressed frustration. Past iterations of the conference have "always felt safe and loving and embracing," said Bo Young Lee, president of advisory at AnitaB.org, in a LinkedIn post. "And this year, I must admit, I didn't feel this way."

Cullen White, AnitaB.org's chief impact officer, said in a video posted to X, formerly Twitter, that some registrants had lied about their gender identity when signing up, and men were now taking up space and time with recruiters that should go to women. "All of those are limited resources to which you have no right," White said. [...] During the conference, videos posted to TikTok showed a sea of men waiting in line to enter the conference or speak with recruiters in the expo hall. Men and women are seen running into the expo as a staffer yells for them to slow down. Avni Barman, the founder of female-talent focused media platform Gen She, says she immediately noticed "tons" more men and a more chaotic scene this time compared to previous years.
According to Layoffs.fyi, tech companies around the world laid off more than 400,000 workers in 2022 and 2023. "As job cuts bite, all prospective tech workers have become more desperate for opportunities," reports Wired.
AI

Social Media Dunks on an AI-Generated 'Batman' Comic Strip (cbr.com) 110

"OpenAI's latest image generation model, DALL-E 3, makes it SO easy to create comic books!" posted Ammaar Reshi on Twitter. The former Palintir product manager (now a design manager at Brex) then shared "four panels for a fan-made Batman comic made in under five minutes."

Comic Book Resources reports that then "social media spent most of the day dunking on the post, criticizing the idea of celebrating the idea of a 'comic' created through 'A.I. art.'" Comic book artist Javier Rodriguez noted that this is no different from simply cutting and pasting other comic books into a comic... ["You could do the same thing a while ago with a photocopier and some scissors. Stealing other people's art seems easier now and lucrative for those behind generative models."] Comic book writer Sarah Horrocks called out the use of Brian Bolland's work... ["That's literally just Brian Bolland's Joker. The shamelessness of this 'technology' is appalling. I guess it's okay to steal. Just call it AI."]

Justine Bateman, the former actor who has become a vocal opponent of A.I. usage in the arts, explained that DC must act to legally protect usage like this in the future... ["@DCOfficial, the longer you wait to send legal teams to @OpenAI, etc to demand that generative #AI training sets containing your copyrighted work be deleted, the more you make your entire library 'fair use'..."]

NASA

NASA Opens OSIRIS-REx's Asteroid-Sample Canister (space.com) 21

Mike Wall writes via Space.com: OSIRIS-REx's asteroid-sample canister just creaked open for the first time in more than seven years. Scientists at NASA's Johnson Space Center (JSC) in Houston lifted the canister's outer lid on Tuesday (Sept. 26), two days after OSIRIS-REx's return capsule landed in the desert of northern Utah. "Scientists gasped as the lid was lifted," NASA's Astromaterials Research and Exploration Science (ARES) division, which is based at JSC, wrote Tuesday in a post on X (formerly Twitter). The operation revealed "dark powder and sand-sized particles on the inside of the lid and base," they added.

That powder once resided on the surface of an asteroid named Bennu, the focus of the OSIRIS-REx mission. OSIRIS-REx launched toward the 1,650-foot-wide (500 meters) Bennu in September 2016, arrived in December 2018 and snagged a hefty sample from the space rock in October 2020 using its Touch-and-Go Sample Acquisition Mechanism, or TAGSAM. The asteroid material landed in Utah inside OSIRIS-REx's return capsule on Sunday (Sept. 24), then made its way to Houston by plane on Monday (Sept. 25). It will be stored and curated at JSC, where the team will oversee its distribution to scientists around the world.

Researchers will study the sample for decades to come, seeking insights about the the solar system's formation and early evolution, as well as the role that carbon-rich asteroids like Bennu may have played in seeding Earth with the building blocks of life. But that work isn't ready to begin; the ARES team hasn't even accessed the main asteroid sample yet. Doing so requires disassembly of the TAGSAM apparatus, an intricate operation that will take considerable time.

AI

$260 Million AI Startup Releases 'Unmoderated' Chatbot Via Torrent (404media.co) 111

"On Tuesday of this week, French AI startup Mistral tweeted a magnet link to their first publicly released, open sourced LLM," writes Slashdot reader jenningsthecat. "That might be merely interesting if not for the fact that the chatbot has remarkably few guardrails." 404 Media reports: According to a list of 178 questions and answers composed by AI safety researcher Paul Rottger and 404 Media's own testing, Mistral will readily discuss the benefits of ethnic cleansing, how to restore Jim Crow-style discrimination against Black people, instructions for suicide or killing your wife, and detailed instructions on what materials you'll need to make crack and where to acquire them.

It's hard not to read Mistral's tweet releasing its model as an ideological statement. While leaders in the AI space like OpenAI trot out every development with fanfare and an ever increasing suite of safeguards that prevents users from making the AI models do whatever they want, Mistral simply pushed its technology into the world in a way that anyone can download, tweak, and with far fewer guardrails asking users trying to make the LLM produce controversial statements.
"My biggest issue with the Mistral release is that safety was not evaluated or even mentioned in their public comms. They either did not run any safety evals, or decided not to release them. If the intention was to share an 'unmoderated' LLM, then it would have been important to be explicit about that from the get go," Rottger told 404 Media in an email. "As a well-funded org releasing a big model that is likely to be widely-used, I think they have a responsibility to be open about safety, or lack thereof. Especially because they are framing their model as an alternative to Llama2, where safety was a key design principle."

The report notes that Mistral will be "essentially impossible to censor or delete from the internet" since it's been released as a torrent. "Mistral also used a magnet link, which is a string of text that can be read and used by a torrent client and not a 'file' that can be deleted from the internet."
Businesses

Epic Games Cutting 16 Percent of Its Workforce (kotaku.com) 54

According to Bloomberg's Jason Schreier, Epic games is laying off 16 percent of its current workforce, which amounts to almost 900 employees losing their jobs. Kotaku reports: A memo was shared this morning at the North Carolina company, seen by Kotaku, informing staff of the bad news. It explains that alongside 16 percent of staff being laid off, the company is also selling Bandcamp, and "spinning off" most of marketing company SuperAwesome.

"For a while now, we've been spending way more money than we earn," says the memo, sent to staff by CEO Tim Sweeney. "I have long been optimistic we could power through this transition without layoffs, but in retrospect I see that this was unrealistic." It seems that Fortnite's failure to continue growing was part of the problem. Sweeney reports that it's "starting to grow again," but this is driven by creator content "with significant revenue sharing."

Despite efforts to reduce spending, Sweeney says "we still ended up far short of financial sustainability." These layoffs, he hopes, will "stabilize our finances." "Laid-off Epic employees will receive six months severance and health benefits," Schreier said on X, adding that an "all-hands meeting [is] happening shortly."
Further reading: Apple Asks Supreme Court To Reverse App Store Ruling Won by Epic
Iphone

iPhone 15 Pro Owners Complain About Overheating Problems (wsj.com) 46

The new iPhone 15 Pro may be too hot for some to handle. Literally. WSJ: Apple's priciest new iPhones are heating up in some scenarios, reaching high temperatures that make them difficult to touch at certain times, according to reviews, tests by The Wall Street Journal and social-media posts from buyers in China, the U.S. and Canada. Some iPhone 14 Pro owners have noticed similar hot temperatures over the past year. The high temperatures in Apple's newest 15 Pro models -- typically when charging and using intensive apps -- are prompting concerns that the company might need to address overheating in software updates that could impact performance. Premium iPhones have long been a critical cash cow for Apple as smartphone demand has slumped globally.

The company is hoping the iPhone 15, especially its Pro models, will return its business to growth. Thomas Galvin, a 23-year-old from Cleveland, says his iPhone 15 Pro Max has been "super hot" and that he is considering returning it. Apple customer support told him the heat was a result of setting up the new phone, but even a few days later, it is still "way worse than the iPhone 13 Pro Max," he said. Other users on X (formerly known as Twitter) and Reddit have had similar complaints about the heat, with some mentioning that the phone had become so warm it is difficult to hold. The Wall Street Journal's Joanna Stern noted in her review last week that the iPhone 15 Pro Max hit 106 degrees Fahrenheit while charging. In further testing, the phone reached temperatures up to 112 degrees when simultaneously charging and doing processor-intensive tasks, such as gaming.

Security

Security Researcher Warns of Chilling Effect After Feds Search Phone At Airport (techcrunch.com) 97

SonicSpike shares a report: A U.S. security researcher is warning of a chilling effect after he was detained on arrival at a U.S. airport, his phone was searched, and was ordered to testify to a grand jury, only to have prosecutors reverse course and drop the investigation later. On Wednesday, Sam Curry, a security engineer at blockchain technology company Yuga Labs, said in a series of posts on X, formerly Twitter, that he was taken into secondary inspection by U.S. federal agents on September 15 after returning from a trip to Japan. Curry said agents with the Internal Revenue Service's Criminal Investigation (IRS-CI) unit and the Department of Homeland Security questioned him at Dulles International Airport in Washington DC about a "high profile phishing campaign," searched his unlocked phone, and served him with a grand jury subpoena to testify in New York the week after.

According to a photo of the subpoena that Curry posted, the grand jury was investigating wire fraud and money laundering. But Curry said he later received confirmation that the copy of his device data was deleted and the grand jury subpoena was canceled once prosecutors realized that Curry was investigating the theft of crypto, and not involved in it.

AI

AI-Generated 'Subliminal Messages' Are Going Viral 21

An anonymous reader quotes a report from Motherboard: Every week, the social media hype-train seems to find new ways to sensationalize generative AI tools. Most recently, a new technique that allows users to produce optical illusions went viral, with some describing the results as AI-generated images with "subliminal" messages. The technique, called ControlNet, essentially lets users have more control over the generated image by specifying additional inputs -- in this case, letting you create images or words within other images. Some users characterized this as a form of "hidden message" that could be used to implant suggestions in the form of subtle visual cues, like a McDonald's "M" logo appearing in the outlines of a movie poster.

ControlNet uses the AI image-generating tool Stable Diffusion, and one of its initial uses was generating fancy QR codes using the code as an input image. That idea was then taken further, with some users developing a workflow that lets them specify any image or text as a black-and-white mask that implants itself into the generated image -- kind of like an automated, generative version of the masking tool in Photoshop.
Security

Russian Zero-Day Seller Offers $20 Million for Hacking Android and iPhones (techcrunch.com) 33

A company that acquires and sells zero-day exploits -- flaws in software that are unknown to the affected developer -- is now offering to pay researchers $20 million for hacking tools that would allow its customers to hack iPhones and Android devices. From a report: On Wednesday, Operation Zero announced on its Telegram accounts and on its official account on X, formerly Twitter, that it was increasing payments for zero-days in those platforms tenfold, from $200,000 to $20 million. "By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform," the company wrote.

Operation Zero, which is based in Russia and launched in 2021, also added that "as always, the end user is a non-NATO country." On its official website, the company says that "our clients are Russian private and government organizations only." When asked why they only sell to non-NATO countries, Operation Zero CEO Sergey Zelenyuk declined to say. "No reasons other than obvious ones," he said. Zelenyuk also said that the bounties Operation Zero offer right now may be temporary, and a reflection of a particular time in the market, and the difficulty of hacking iOS and Android.

Slashdot Top Deals