Slashdot (RSS Feed) 7 months ago

Meta Threatens To Pull Facebook And Instagram Out Of Nigeria Over $290 Million Fine According to Rest of the World, a major confrontation between Meta and the local authorities in Nigeria is currently taking place: "Local authorities have fined Meta $290 million for regulatory breaches, prompting the social media giant to threaten pulling Facebook and Instagram from the country." Techdirt reports: As with earlier EU fines imposed on the company, the sticking point is Meta's refusal to comply with local privacy laws [...]. The fine itself is small change for Meta, which had a net income of $62 billion on a turnover of $165 billion in 2024, and a market capitalization of $1.5 trillion. Meta's current revenues in Nigeria are relatively small, but its market shares are high: "According to social media performance tracker Napoleoncat, Meta has a massive presence in the country, with Facebook alone reaching about 51.2 million users as of May 2024, more than a fifth of the population. Instagram had 12.6 million Nigerian users as of November 2023, while WhatsApp had about 51 million users, making Nigeria the 10th largest market globally for the messaging app." Since many Nigerians depend on Meta's platforms, the company might be hoping that there will be public pressure on the government not to impose the fine in order to avoid a shutdown of its services there. But it is hard to see Meta carrying out its threat to walk away from a country expected to be the third most populous nation in the world by 2050. In 2100, the population of Nigeria could reach 541 million according to current projections. <a href="http://twitter.com/home?status=Meta+Threatens+To+Pull+Facebook+And+Instagram+Out+Of+Nigeria+Over+%24290+Million+Fine%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F25%2F05%2F13%2F2226214%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F25%2F05%2F13%2F2226214%2Fmeta-threatens-to-pull-facebook-and-instagram-out-of-nigeria-over-290-million-fine%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Meta Threatens To Pull Facebook And Instagram Out Of Nigeria Over $290 Million Fine - Slashdot

According to Rest of the World, a major confrontation between Meta and the local authorities in Nigeria is currently taking place: "Local autho...

at Slashdot.

Meta Threatens To Pull Facebook And Instagram Out Of Nigeria Over $290 Million Fine - Slashdot

According to Rest of the World, a major confrontation between Meta and the local authorities in Nigeria is currently taking place: "Local autho...

Slashdot (RSS Feed) 7 months ago

Google Wants To Make Stolen Android Phones Basically Unsellable Google is enhancing Android's Factory Reset Protection (FRP) to make stolen phones virtually unusable by detecting setup wizard bypasses and requiring a second factory reset until ownership is verified. Android Authority reports: You can factory reset an Android phone in several ways. However, triggering a reset through the Android recovery menu or Google's Find My Device service activates Factory Reset Protection (FRP). During setup after such a reset, the wizard requires you to verify ownership by either signing into the previously associated Google account or entering the device's former lock screen PIN, password, or pattern. Failing this verification step blocks setup completion, rendering the device unusable. [...] Factory Reset Protection (FRP) is a valuable feature that discourages theft by rendering stolen Android phones useless to potential buyers if wiped improperly. However, FRP isn't foolproof; thieves have discovered numerous methods over the years to circumvent it. These bypasses typically involve skipping the setup wizard, allowing someone to use the phone without entering the previous owner's Google account details or screen lock. During The Android Show: I/O Edition, Google announced plans to "further harden Factory Reset protections, which will restrict all functionalities on devices that are reset without the owner's authorization." While the company didn't elaborate much, a screenshot it shared suggests that Android will likely detect if someone bypasses the setup wizard and then force another factory reset, preventing unauthorized use until the user proves ownership. [...] Google stated this FRP improvement is coming "later this year." Since the stable Android 16 release is coming soon, this timeline suggests the feature won't be part of the initial launch. It might arrive later in one of Android 16's Quarterly Platform Releases (QPRs), but that remains to be seen. <a href="http://twitter.com/home?status=Google+Wants+To+Make+Stolen+Android+Phones+Basically+Unsellable%3A+https%3A%2F%2Fmobile.slashdot.org%2Fstory%2F25%2F05%2F13%2F2056206%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fmobile.slashdot.org%2Fstory%2F25%2F05%2F13%2F2056206%2Fgoogle-wants-to-make-stolen-android-phones-basically-unsellable%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Google Wants To Make Stolen Android Phones Basically Unsellable - Slashdot

Google is enhancing Android

at Slashdot.

Google Wants To Make Stolen Android Phones Basically Unsellable - Slashdot

Google is enhancing Android

Slashdot (RSS Feed) 7 months ago

Nextcloud Cries Foul Over Google Play Store App Rejection Nextcloud has accused Google of sabotaging its Android Files app by revoking the "All files access" permission, which the company says cripples functionality for its 824,000 users and forces reliance on limited alternatives like SAF and MediaStore. The Register reports: Nextcloud's Android Files app is a file synchronization tool that, according to the company, has long had permission to read and write all file types. "Nextcloud has had this feature since its inception in 2016," it said, "and we never heard about any security concerns from Google about it." That changed in 2024, when someone or something at Google's Play Store decided to revoke the permission, effectively crippling the application. Nextcloud was instructed to use "a more privacy-aware replacement." According to Nextcloud, "SAF cannot be used, as it is for sharing/exposing our files to other apps ... MediaStore API cannot be used as it does not allow access to other files, but only media files." Attempts to raise the issue with Google resulted in little more than copy-and-pasted sections of the developer guide. "Despite multiple appeals from our side and sharing additional background, Google is not considering reinstating upload for all files," Nextcloud said. The issue seems to stem from the Play Store. While a fully functional version is available on F-Droid, the Play Store edition is subject to Google's imposed limitations. Regarding the All files access permission, Google's developer documentation states: "If you target Android 11 and declare All files access, it can affect your ability to publish and update your app on Google Play." Nextcloud is clearly aggrieved by the change, as are its users. "This might look like a small technical detail but it is clearly part of a pattern of actions to fight the competition," it said. "What we are experiencing is a piece of the script from the big tech playbook." [...] Are there nefarious actors at play here, an automated process that auto-rejects apps with elevated access requirements, or is it just simple incompetence? "Either way," Nextcloud said, "it results in companies like ours just giving up, reducing functionality just to avoid getting kicked out of their app store." "The issue is that small companies -- like ours -- have pretty much no recourse," it added. Nextcloud went on to criticize oversight processes as slow-moving, with fines that sound hefty but amount to little more than a slap on the wrist. "Big Tech is scared that small players like Nextcloud will disrupt them, like they once disrupted other companies. So they try to shut the door." <a href="http://twitter.com/home?status=Nextcloud+Cries+Foul+Over+Google+Play+Store+App+Rejection%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F25%2F05%2F13%2F2045258%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F25%2F05%2F13%2F2045258%2Fnextcloud-cries-foul-over-google-play-store-app-rejection%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Nextcloud Cries Foul Over Google Play Store App Rejection - Slashdot

UPDATE: In an update to their blog post, "Nextcloud wrote that as of May 15, Google has offered to restore full file access permissions," r...

at Slashdot.

Nextcloud Cries Foul Over Google Play Store App Rejection - Slashdot

UPDATE: In an update to their blog post, "Nextcloud wrote that as of May 15, Google has offered to restore full file access permissions," r...

Slashdot (RSS Feed) 7 months ago

Office Apps on Windows 10 No Longer Tied To October 2025 End-of-Support Date Microsoft has quietly extended support for Office applications running on Windows 10 well beyond the operating system's October 14, 2025 end-of-support deadline. Microsoft 365 subscribers will now receive updates through October 2028, while perpetual license versions will follow their standard lifecycle policies -- Office 2021 until October 2026 and Office 2024 until October 2029. Windows Defender malware definitions will also continue "through at least October 2028" despite Windows 10's imminent retirement. This reverses Microsoft's previous stance that all Office applications would become unsupported when Windows 10 reaches end-of-life. <a href="http://twitter.com/home?status=Office+Apps+on+Windows+10+No+Longer+Tied+To+October+2025+End-of-Support+Date%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F25%2F05%2F13%2F177238%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F25%2F05%2F13%2F177238%2Foffice-apps-on-windows-10-no-longer-tied-to-october-2025-end-of-support-date%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Office Apps on Windows 10 No Longer Tied To October 2025 End-of-Support Date - Slashdot

Microsoft has quietly extended support for Office applications running on Windows 10 well beyond the operating system

at Slashdot.

Office Apps on Windows 10 No Longer Tied To October 2025 End-of-Support Date - Slashdot

Microsoft has quietly extended support for Office applications running on Windows 10 well beyond the operating system

Slashdot (RSS Feed) 7 months ago

The Stealthy Lab Cooking Up Amazon's Secret Sauce Amazon's decade-old acquisition of Annapurna Labs has emerged as a pivotal element in its AI strategy, with the once-secretive Israeli chip design startup now powering AWS infrastructure. The $350 million deal, struck in 2015 after initial talks between Annapurna co-founder Nafea Bshara and Amazon executive James Hamilton, has equipped the tech giant with custom silicon capabilities critical to its cloud computing dominance. Annapurna's chips, particularly the Trainium processor for AI model training and Graviton for general-purpose computing, now form the foundation of Amazon's AI infrastructure. The company is deploying hundreds of thousands of Trainium chips in its Project Rainier supercomputer being delivered to AI startup Anthropic this year. Amazon CEO Andy Jassy, who led AWS when the acquisition occurred, described it as "one of the most important moments" in AWS history. <a href="http://twitter.com/home?status=The+Stealthy+Lab+Cooking+Up+Amazon's+Secret+Sauce%3A+https%3A%2F%2Fslashdot.org%2Fstory%2F25%2F05%2F12%2F2124207%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fslashdot.org%2Fstory%2F25%2F05%2F12%2F2124207%2Fthe-stealthy-lab-cooking-up-amazons-secret-sauce%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

The Stealthy Lab Cooking Up Amazon

Amazon

at Slashdot.

The Stealthy Lab Cooking Up Amazon

Amazon

Slashdot (RSS Feed) 7 months ago

Reddit Turns 20 ZDNet's Steven Vaughan-Nichols marks Reddit's 20 years of being "the front page of the internet," recalling its evolution from a scrappy startup into a cultural powerhouse that shaped online discourse, meme culture, and the way millions consume news and entertainment. Slashdot is also given a subtle nod in the opening line of the article. An anonymous reader shares an excerpt: In 2005, if you were into social networks focused on links, you probably used Digg or Slashdot. However, two guys, Steve Huffman and Alexis Ohanian, recent graduates from the University of Virginia, wanted to create a hub where users could find, share, and discuss the internet's most interesting content. Little did they know where this idea would take them. After all, their concept was nothing new. Still, after Paul Graham, co-founder of Y Combinator, the startup accelerator and seed capital firm, had shot down their first idea -- a mobile food-ordering app -- they pitched what would become Reddit to Graham, and he gave it his blessing. Drawing inspiration from sites like Delicious, a now-defunct social bookmarking service, and Slashdot, Huffman and Ohanian envisioned Reddit as a platform that would combine the best aspects of both: a place for sharing timely, ephemeral news and fostering vibrant community discussions of not just technology, but any topic users cared about. Their guiding mission was to build "the front page of the internet," a simple, user-driven site where anyone could submit content, and the community, not algorithms or editors, would decide what was most important through voting and discussion. They deliberately prioritized user participation and conversation over flashy features or heavy editorial control. What set Reddit apart from its early rivals was its framework. Instead of one large all-in-one interface, the site borrowed the idea from pre-internet online networks, such as CompuServe, of smaller sub-networks devoted to a particular topic. These user-created communities, "subreddits," quickly set it apart from other social platforms. As Laurence Sangarde-Brown, co-founder of TechTree, wrote: "This design allows users to delve into focused discussions, ask questions, and exchange ideas on a scale unmatched by other platforms." That approach was not enough, though, to kick-start Reddit. The founders had to "fake it until they made it." They seeded the site with fake accounts to make it appear more active. Their efforts paid off, as real users soon flocked to the platform. Another crucial early change was when Reddit merged with Aaron Swartz's Infogami and introduced commenting. This move was vital for laying the groundwork for the site's interactive, community-driven experience. [...] So, where does Reddit go from here? We'll see. Reddit's legacy is one of transformation: from a scrappy startup to a global hub for conversation, collaboration, and sometimes controversy. As it celebrates 20 years, Reddit remains a testament to how important online communities can be in a world increasingly filled with AI slop. Still, Huffman believes Reddit's true value is coming. In a recent Reddit post, he wrote: "Reddit works because it's human. It's one of the few places online where real people share real opinions. That authenticity is what gives Reddit its value. If we lose trust in that, we lose what makes RedditReddit. Our focus is, and always will be, on keeping Reddit a trusted place for human conversation." Huffman concluded: "The last 20 years have proven how powerful online communities can be — and as we look ahead, I'm even more excited for what the next 20 will bring." <a href="http://twitter.com/home?status=Reddit+Turns+20%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F25%2F05%2F12%2F2112256%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F25%2F05%2F12%2F2112256%2Freddit-turns-20%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Reddit Turns 20 - Slashdot

ZDNet

at Slashdot.

Reddit Turns 20 - Slashdot

ZDNet

Slashdot (RSS Feed) 8 months ago

Microsoft Uses AI To Find Flaws In GRUB2, U-Boot, Barebox Bootloaders Slashdot reader zlives shared this report from BleepingComputer: Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit. The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device. While exploiting these flaws would likely need local access to devices, previous bootkit attacks like BlackLotus achieved this through malware infections. Miccrosoft titled its blog post "Analyzing open-source bootloaders: Finding vulnerabilities faster with AI." (And they do note that Micxrosoft disclosed the discovered vulnerabilities to the GRUB2, U-boot, and Barebox maintainers and "worked with the GRUB2 maintainers to contribute fixes... GRUB2 maintainers released security updates on February 18, 2025, and both the U-boot and Barebox maintainers released updates on February 19, 2025.") They add that performing their initial research, using Security Copilot "saved our team approximately a week's worth of time," Microsoft writes, "that would have otherwise been spent manually reviewing the content." Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability. Copilot also assisted in finding similar patterns in other files, ensuring comprehensive coverage and validation of our findings... As AI continues to emerge as a key tool in the cybersecurity community, Microsoft emphasizes the importance of vendors and researchers maintaining their focus on information sharing. This approach ensures that AI's advantages in rapid vulnerability discovery, remediation, and accelerated security operations can effectively counter malicious actors' attempts to use AI to scale common attack tactics, techniques, and procedures (TTPs). This week Google also announced Sec-Gemini v1, "a new experimental AI model focused on advancing cybersecurity AI frontiers." <a href="http://twitter.com/home?status=Microsoft+Uses+AI+To+Find+Flaws+In+GRUB2%2C+U-Boot%2C+Barebox+Bootloaders%3A+https%3A%2F%2Fnews.slashdot.org%2Fstory%2F25%2F04%2F05%2F0250250%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fnews.slashdot.org%2Fstory%2F25%2F04%2F05%2F0250250%2Fmicrosoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Microsoft Uses AI To Find Flaws In GRUB2, U-Boot, Barebox Bootloaders - Slashdot

Slashdot reader zlives shared this report from BleepingComputer: Microsoft used its AI-powered Security Copilot to discover 20 previously unknown...

at Slashdot.

Microsoft Uses AI To Find Flaws In GRUB2, U-Boot, Barebox Bootloaders - Slashdot

Slashdot reader zlives shared this report from BleepingComputer: Microsoft used its AI-powered Security Copilot to discover 20 previously unknown...

Slashdot (RSS Feed) 9 months ago

Malicious PyPI Package Exploited Deezer's API, Orchestrates a Distributed Piracy Operation A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News. Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloads from Deezer — a popular streaming service founded in France in 2007." Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions... The package is designed to log into Deezer, harvest track metadata, request full-length streaming URLs, and download complete audio files in clear violation of Deezer's API terms... [I]t orchestrates a distributed piracy operation by leveraging both user-supplied and hardcoded Deezer credentials to create sessions with Deezer's API. This approach enables full access to track metadata and the decryption tokens required to generate full-length track URLs. Additionally, the package routinely communicates with a remote server... to update download statuses and submit metadata, thereby centralizing control and allowing the threat actor to monitor and coordinate the distributed downloading operation. In doing so, automslc exposes critical track details — including Deezer IDs, International Standard Recording Codes, track titles, and internal tokens like MD5_ORIGIN (a hash used in generating decryption URLs) — which, when collected en masse, can be used to reassemble full track URLs and facilitate unauthorized downloads... Even if a user pays for access to the service, the content is licensed, not owned. The automslc package circumvents licensing restrictions by enabling downloads and potential redistribution, which is outside the bounds of fair use... "The malicious package was initially published in 2019, and its popularity (over 100,000 downloads) indicates wide distribution..." <a href="http://twitter.com/home?status=Malicious+PyPI+Package+Exploited+Deezer's+API%2C+Orchestrates+a+Distributed+Piracy+Operation%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F25%2F03%2F02%2F064255%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F25%2F03%2F02%2F064255%2Fmalicious-pypi-package-exploited-deezers-api-orchestrates-a-distributed-piracy-operation%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Malicious PyPI Package Exploited Deezer

A malicious PyPi package effectively turned its users

at Slashdot.

Malicious PyPI Package Exploited Deezer

A malicious PyPi package effectively turned its users

Slashdot (RSS Feed) 9 months ago

Apple's Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device Researchers at George Mason University discovered a vulnerability in Apple's Find My network that allows hackers to silently track any Bluetooth device as if it were an AirTag, without the owner's knowledge. 9to5Mac reports: Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using "hundreds" of GPUs to find a key match. The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation." In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person's flight path by tracking their game console. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this," said one of the researchers. Apple has acknowledged the George Mason researchers for discovering a Bluetooth exploit in its Find My network but has yet to issue a fix. "For now, they advise users to never allow unnecessary access to the device's Bluetooth when requested by apps, and of course, always keep their device's software updated," reports 9to5Mac. <a href="http://twitter.com/home?status=Apple's+Find+My+Network+Exploit+Lets+Hackers+Silently+Track+Any+Bluetooth+Device%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F25%2F02%2F28%2F013227%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F25%2F02%2F28%2F013227%2Fapples-find-my-network-exploit-lets-hackers-silently-track-any-bluetooth-device%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>

Apple

Researchers at George Mason University discovered a vulnerability in Apple

at Slashdot.

Apple

Researchers at George Mason University discovered a vulnerability in Apple