Apple

Apple Headset Stalls, Struggles To Attract Killer Apps in First Year (msn.com) 68

Apple's $3,499 Vision Pro is struggling to attract major software-makers to develop apps for the device, a challenge that threatens to slow the progress of the company's biggest new product in a decade. WSJ: New apps released on the Vision Pro every month have slowed since its launch in January. Some of the most successful virtual-reality software developers have so far opted not to build apps for the headset. Without enough killer apps, certain users have found the device less useful and are opting to sell it. "It's a chicken-or-egg problem," said Bertrand Nepveu, who previously worked on the Vision Pro at Apple and is now an investor in this area at Triptyq Capital.

Nepveu and app developers think Apple should fund app makers to give them an incentive to port over their existing apps from other headsets or to develop fresh content. This practice has become common in the industry, with headset leader Meta Platforms funding many developers and even buying several app makers. The social-media company is a formidable competitor to Apple, with a market share of all headsets reaching 74% in the second quarter this year, according to Counterpoint Research.

Security

Credit Cards Don't Require Signatures. So Why Do We Still Sign? (msn.com) 136

An anonymous reader shares a report: The big financial moments in life used to be marked with a flourish of a pen. Buying a house. A car. Breakfast. Not anymore. Visa, Mastercard, Discover and American Express dropped the requirement to sign for charges like restaurant checks in 2018. They don't look at our scribbles to verify identity or stop fraud. Taps, clicks and electronic signatures took over the heavy lifting for many everyday purchases -- and many contracts, loan applications and even Social Security forms. The John Hancock was written off as a relic useful mainly to inflate the value of sports memorabilia. But signatures didn't die.

We continue to be asked to sign with ink on paper or using fingers on touch screens at many restaurants, bars and other businesses. And people keep signing card receipts out of habit -- even when there is no blank space for it -- because it feels weird not to, payment networks and retail groups say. "Traditions have this odd way of sticking around," said Doug Kantor, general counsel of the National Association of Convenience Stores. Signatures had been used to verify identity and agree to financial terms for centuries. Banks kept records of customer signatures to check against, but the sheer number of transactions and advancements in technology eventually made that impractical.

By the 1980s, charges could be processed electronically. Signatures were still used in cases of fraud or stolen cards. Banks could call merchants and ask them to present a signed receipt. Yet given how easy signatures are to forge, they proved limited as a fraud prevention tool. Now there are more sophisticated ways to determine whether cards are stolen or misused, according to Mark Nelsen, global head of consumer payments at Visa.

Businesses

Digital River Runs Dry (theregister.com) 14

Digital River has not paid numerous merchants since midsummer for software and digital products they sold through its MyCommerce platform. The Register: "After over 20 years of partnership with Digital River, Traction Software Ltd has been left feeling as though we've been 'rug pulled,'" Lee Midgley, managing director of Traction Software, told The Register. "For the past three months, we've experienced a complete halt in software sales revenue payments with no support, no direct contact, and only additional terms and conditions designed to delay resolution and extract more money from us.

"Astonishingly, Digital River continued to take sales from our loyal customers until we removed them from the order system. It now appears they have no intention of making payments and may be entering a liquidation process under a new CEO who has been involved in similar situations before."

The new CEO, Barry Kasoff, was first noted on the e-commerce biz website in August. Kasoff is also listed as the president of Realization Services, "a full-service strategic consulting firm specializing in turnaround management and value enhancement..." The privately-owned, Minnesota-based business appears to have laid off a significant number of employees, presumably the result of what its UK subsidiary describes as cost reduction initiatives implemented in late 2022.

AI

AI Threats 'Complete BS' Says Meta Senior Research, Who Thinks AI is Dumber Than a Cat (msn.com) 111

Meta senior research Yann LeCun (also a professor at New York University) told the Wall Street Journal that worries about AI threatening humanity are "complete B.S." When a departing OpenAI researcher in May talked up the need to learn how to control ultra-intelligent AI, LeCun pounced. "It seems to me that before 'urgently figuring out how to control AI systems much smarter than us' we need to have the beginning of a hint of a design for a system smarter than a house cat," he replied on X. He likes the cat metaphor. Felines, after all, have a mental model of the physical world, persistent memory, some reasoning ability and a capacity for planning, he says. None of these qualities are present in today's "frontier" AIs, including those made by Meta itself.
LeCun shared a Turing Award with Geoffrey Hinton and Hoshua Bengio (who hopes LeCun is right, but adds "I don't think we should leave it to the competition between companies and the profit motive alone to protect the public and democracy. That is why I think we need governments involved.")

But LeCun still believes AI is a very powerful tool — even as Meta joins the quest for artificial general intelligence: Throughout our interview, he cites many examples of how AI has become enormously important at Meta, and has driven its scale and revenue to the point that it's now valued at around $1.5 trillion. AI is integral to everything from real-time translation to content moderation at Meta, which in addition to its Fundamental AI Research team, known as FAIR, has a product-focused AI group called GenAI that is pursuing ever-better versions of its large language models. "The impact on Meta has been really enormous," he says.

At the same time, he is convinced that today's AIs aren't, in any meaningful sense, intelligent — and that many others in the field, especially at AI startups, are ready to extrapolate its recent development in ways that he finds ridiculous... OpenAI's Sam Altman last month said we could have Artificial General Intelligence within "a few thousand days...." But creating an AI this capable could easily take decades, [LeCun] says — and today's dominant approach won't get us there.... His bet is that research on AIs that work in a fundamentally different way will set us on a path to human-level intelligence. These hypothetical future AIs could take many forms, but work being done at FAIR to digest video from the real world is among the projects that currently excite LeCun. The idea is to create models that learn in a way that's analogous to how a baby animal does, by building a world model from the visual information it takes in.

In contrast, today's AI models "are really just predicting the next word in a text, he says... And because of their enormous memory capacity, they can seem to be reasoning, when in fact they're merely regurgitating information they've already been trained on."
Power

Were America's Electric Car Subsidies Worth the Money? (msn.com) 265

America's electric vehicle subsidies brought a 2-to-1 return on investment, according to a paper by the National Bureau of Economic Research. "That includes environmental benefits, but mostly reflects a shift of profits to the United States," reports the New York Times. "Before the climate law, tax credits were mainly used to buy foreign-made cars." "What the [subsidy legislation] did was swing the pendulum the other way, and heavily subsidized American carmakers," said Felix Tintelnot, an associate professor of economics at Duke University who was a co-author of the paper. Those benefits were undermined, however, by a loophole allowing dealers to apply the subsidy to leases of foreign-made electric vehicles. The provision sends profits to non-American companies, and since those foreign-made vehicles are on average heavier and less efficient, they impose more environmental and road-safety costs. Also, the researchers estimated that for every additional electric vehicle the new tax credits put on the road, about three other electric vehicle buyers would have made the purchases even without a $7,500 credit. That dilutes the effectiveness of the subsidies, which are forecast to cost as much as $390 billion through 2031.
The chief economist at Cox Automotive (which provided some of the data) tells the Times that "we could do better", but adds that the subsidies were "worth the money invested". But of course, that depends partly on how benefits were calculated: [U]ing the Environmental Protection Agency's "social cost of carbon" metric, they calculated the dollar cost of each model's lifetime carbon emissions from both manufacturing and driving. On average, emissions by gas-powered vehicles impose 57% greater costs than electric vehicles. The study then calculated harms from air pollution other than greenhouse gases — smog, for example. That's where electric vehicles start to perform relatively poorly, since generating the electricity for them still creates pollution. Those harms will probably fade as more wind and solar energy comes online, but they are significant. Finally, the authors added the road deaths associated with heavier cars. Batteries are heavy, so electric vehicles — especially the largest — are likelier to kill people in crashes.

Totaling these costs and then subtracting fiscal benefits through gas taxes and electricity bills, electric vehicles impose $16,003 in net harms, the authors said, while gas vehicles impose $19,239. But the range is wide, with the largest electric vehicles far outpacing many internal combustion cars.

By this methodology, a large electric pickup like the Rivian imposes three times the harms of a Prius, according to one of the study's co-authors (a Stanford professor of global environmental). And yet "we are subsidizing the Rivian and not the Prius..."
United Kingdom

Can the UK Increase Green Energy with 'Zonal Energy Pricing'? (theguardian.com) 63

To avoid overloading local electric grids, Britain's most productive windfarm "is paid to turn off," reports the Guardian — and across the industry these so-called "constraint payments" amount to billions every year.

"Government officials are hoping to correct the clear inefficiencies in the market by overhauling the market itself." Greg Jackson, the founder of Octopus Energy, told the Guardian: "It's grotesque that energy costs are rising again this winter, whilst we literally pay windfarms these extortionate prices not to generate. Locational pricing would instead mean that local people got cheap power when it's windy. Scotland would have the cheapest power in Europe, instead of among the most expensive, and every region would be cheaper than today. Companies would invest in infrastructure where we need it — not where they get the highest subsidies."

The changes could catalyse an economic osmosis of high energy users — such as datacentres and factories — into areas of the country with low energy prices, creating new job opportunities beyond the south-east. It could also spur the development of new energy projects — particularly rooftop solar — across buildings in urban areas where energy demand is high. This rebalancing of the energy market could save the UK nearly £49bn in accumulated network costs by 2040, according to a study commissioned by the energy regulator from FTI Consulting.

But others fear the changes could come at a deeper cost to Britain's climate goals — and bill payers too. The clean energy companies preparing to spend billions on building new wind and solar farms are concerned that a redrawing of the market boundaries could radically change the economics of new renewable energy projects — which would ultimately raise the costs, which would be passed on to consumers, or see the projects scrapped altogether... With stiff competition in the international markets for investment in clean energy, Renewable UK [the industry's trade group] fears that companies and their investors will simply choose to build new clean energy projects elsewhere.

"The debate has driven deep rifts across the industry," the article concludes, "between modernisers who believe the new price signals would give rise to a new, rational market and those who fear the changes risk unravelling Britain's low-carbon agenda...

"The government is expected to make a decision on how to proceed in the coming months, but the fierce debate between warring factions of the energy industry is likely to continue for far longer."

Thanks to long-time Slashdot reader AmiMoJo for sharing the news.
Crime

WSJ Profiles The 'Dangerous' Autistic Teen Cybercriminal Who Leaked GTA VI Clips (msn.com) 78

The Wall Street Journal delves into the origin story of that teenaged Grand Theft Auto VI leaker. Arion Kurtaj, now 19 years old, is the most notorious name that has emerged from a sprawling set of online communities called the Com... Their youthful inventiveness and tenacity, as well as their status as minors that make prosecution more complicated, have made the Com especially dangerous, according to law-enforcement officials and cybersecurity investigators. Some kids, they say, are recruited from popular online spaces like Minecraft or Roblox.... [William McKeen, a supervisory special agent with the FBI's Cyber Division] said the average age of anyone arrested for a crime in the U.S. is 37, while the average age of someone arrested for cybercrime is 19. Cybersecurity investigators have found posts they say suggest Kurtaj has been involved in online attacks since he was 11.
"He had limited social skills and trouble developing relationships, records say — and ultimately looked for approval in the booming world of cybercrime..." [When Kurtaj was 14] he landed in a residential school serving children with severe emotional and behavioral needs. Kurtaj was physically assaulted by a staff member at his school who was later convicted as a result, according to a person familiar with the case. In early 2021, his mother brought him home and removed him from government care, court records say. He never returned to school. He was 16.

A month after his mother pulled him out of school, investigators say that Kurtaj was part of a hacking group called Recursion Team that broke into the videogame firm Electronic Arts and stole 780 gigabytes of data. When Electronic Arts refused to engage, they dumped the stolen data online. Within a week of that hack, investigators had identified Kurtaj and provided his name to the FBI. Later in that summer of 2021, according to court records, Kurtaj partnered with another teenager, known as ASyntax, and several Brazilian hackers, and started calling themselves Lapsus$. The group hacked into the British telecommunications giant BT in an effort to steal money using a technique called SIM swapping... The hacks weren't always for money. In late 2021, Lapsus$ hacked into a website operated by Brazil's Ministry of Health and deleted the country's database of Covid vaccinations, according to law enforcement...

If the Com has a social center, it's a website called Doxbin, where users publish personal details, such as home addresses and phone numbers, of their online rivals in an attempt to intimidate each other. Kurtaj bought Doxbin in November 2021 for $75,000, according to Chainalysis. But after a few months, the previous owners accused Kurtaj of mismanaging the site and pressured him to sell it back. He relented. Then in January 2022, cybersecurity investigators say, he doxxed the entire site, publishing a database that included usernames, passwords and email addresses that he'd downloaded when he was the owner. For cybersecurity experts, it was a gold mine. "It helped investigators piece together which crimes were done by who," said Allison Nixon, chief research officer at Unit 221B, an online investigations firm.

Doxbin's owners responded with a dox of Kurtaj and his family, including his home address and photos of him, investigators say — setting up the chain of events that would put Kurtaj in the Travelodge.

After two weeks of "protective custody" there — during which time he was supposed to be computer-free — Kurtaj "was arrested a third time and charged with hacking, fraud and blackmail. Authorities said that while at the Travelodge, he broke into Uber and taunted the company by posting a link to a photo of an erect penis on the company's internal Slack messaging system, then stole software and videos from Rockstar Games. Stolen clips had popped up in a Grand Theft Auto discussion forum from a user named teapotuberhacker and stirred a frenzy.

"As officers collected evidence, the teen stood by, emotionless, police say...."

"Kurtaj's lawyers and some experts on autism have said a potential lifetime of incarceration isn't appropriate for a teenager like Kurtaj..."

Thanks to long-time Slashdot reader SpzToid for sharing the article.
United States

North Carolina Maker of High-Purity Quartz Back Operating After Hurricane (apnews.com) 25

Thursday the Associated Press reported: One of the two companies that manufacture high-purity quartz used for making semiconductors and other high-tech products from mines in a western North Carolina community severely damaged by Hurricane Helene is operating again. Sibelco announced on Thursday that production has restarted at its mining and processing operations in Spruce Pine, located 50 miles (80 kilometers) northeast of Asheville. [Per Wikipedia, its pre-hurricane population was 2,175.] Production and shipments are progressively ramping up to full capacity, the company said in a news release.

"While the road to full recovery for our communities will be long, restarting our operations and resuming shipments to customers are important contributors to rebuilding the local economy," Sibelco CEO Hilmar Rode said... A Spruce Pine council member said recently that an estimated three-quarters of the town has a direct connection to the mines, whether through a job, a job that relies on the mines or a family member who works at the facilities.

An announcement last week from Sibelco attributed its resilience to their long-standing commitment to sustainability, "which includes measures to mitigate the impact of extreme weather events such as Hurricane Helene." Initial assessments indicated their operating facilities sustained only minor damage.

And "the company previously announced that all its employees are safe," Sibelco reaffirmed in its announcement Thursday: Sibelco, with support from its contractors, has been contributing to the local recovery efforts by clearing debris, repairing roads, providing road building materials to the North Carolina Department of Transportation, installing temporary power generators for emergency shelters and local businesses, and working with the town of Spruce Pine to restart water supply to residents.

Additionally, Sibelco has incorporated the Sibelco Spruce Pine Foundation to further support the community's recovery. The company previously announced that it is making an immediate $1 million donation as seed money for the foundation. Anyone interested in learning more or contributing to this initiative should contact the foundation by email or by visiting our website for additional information and donation opportunities.

Businesses

Boeing Plans to Cut 17,000 Jobs - 10% of Its Workforce (msn.com) 89

"Boeing said Friday it will cull 10 percent of its workforce — roughly 17,000 jobs," reports the Washington Post, "as the aviation giant grapples with mounting losses and manufacturing disruptions amid a machinists strike that has dragged into a fifth week." Executives, managers and production employees will be affected by the cuts, chief executive Kelly Ortberg informed employees Friday in a memo. Boeing will also delay the launch of its 777X plane until 2026 due to ongoing challenges, Ortberg wrote... The layoffs add to the pain at Boeing, where a stalemate between the company's largest employee union dovetails with ongoing legal troubles and safety woes. The strike has halted production of some of the company's best-selling jets, further adding to its financial troubles. In the past five years, Boeing has lost more than $25 billion...

"Our business is in a difficult position, and it is hard to overstate the challenges we face together," Ortberg said in the memo. "The state of our business and our future recovery require tough actions...." Now at risk of a downgrade to its credit rating as its circumstances worsen, Boeing has taken other steps to reduce expenses, including imposing a hiring freeze and eliminating unnecessary travel.

"The strike by Boeing machinists is costing the company roughly $1 billion a month, according to estimates from S&P Global..."
China

US Officials Race To Understand Severity of China's Salt Typhoon Hacks (msn.com) 20

U.S. officials are racing to understand the full scope of a China-linked hack of major U.S. broadband providers, as concerns mount from members of Congress that the breach could amount to a devastating counterintelligence failure. From a report: Federal authorities and cybersecurity investigators are probing the breaches of Verizon Communications, AT&T and Lumen Technologies. A stealthy hacking group known as Salt Typhoon tied to Chinese intelligence is believed to be responsible. The compromises may have allowed hackers to access information from systems the federal government uses for court-authorized network wiretapping requests, The Wall Street Journal reported last week.

Among the concerns are that the hackers may have essentially been able to spy on the U.S. government's efforts to surveil Chinese threats, including the FBI's investigations. The House Select Committee on China sent letters Thursday asking the three companies to describe when they became aware of the breaches and what measures they are taking to protect their wiretap systems from attack. Spokespeople for AT&T, Lumen and Verizon declined to comment on the attack. A spokesman at the Chinese Embassy in Washington has denied that Beijing is responsible for the alleged breaches.

Combined with other Chinese cyber threats, news of the Salt Typhoon assault makes clear that "we face a cyber-adversary the likes of which we have never confronted before," Rep. John Moolenaar, the Republican chairman of the House Select Committee Committee on China, and Raja Krishnamoorthi, the panel's top Democrat, said in the letters. "The implications of any breach of this nature would be difficult to overstate," they said. Hackers still had access to some parts of U.S. broadband networks within the last week, and more companies were being notified that their networks had been breached, people familiar with the matter said. Investigators remain in the dark about precisely what the hackers were seeking to do, according to people familiar with the response.

Businesses

Bankruptcy Took Down the Redbox Machine. If Only Someone Could Take Them Away. (msn.com) 141

Retailers across the U.S. are grappling with the aftermath of Redbox's bankruptcy, tasked with removing 24,000 abandoned DVD-dispensing machines. CVS, Walgreens, Walmart, and others are facing logistical challenges and potential safety hazards, according to WSJ. The 890-pound kiosks, often hardwired into stores' electrical systems, require specialized removal.

Further reading: Redbox App Axed, Dashing People's Hopes of Keeping Purchased Content.
United States

FEMA Adds Misinformation To Its List of Disasters To Clean Up (theverge.com) 188

The Federal Emergency Management Agency (FEMA) is fighting misinformation on top of a major storm cleanup in Florida as Hurricane Milton rapidly intensifies just after Hurricane Helene rocked the state. From a report: FEMA Administrator Deanne Criswell told reporters on a call Tuesday that misinformation around the storms is "absolutely the worst I have ever seen," according to Politico. FEMA posted a rumor response page about the hurricane, and though it's not the first time it's taken that kind of approach, Criswell said, "I anticipated some of this, but not to the extent that we're seeing."

FEMA's rumor response page includes fact-checks to claims made by former President Donald Trump, like that the agency will only provide $750 to disaster survivors. FEMA says that's just the amount provided quickly through "Serious Needs Assistance" for food and emergency supplies, but survivors could still be eligible for other types of funds, too. Other fact-checks include debunking the false claim that FEMA disaster response resources were diverted to border issues. FEMA says "Disaster Relief Fund money has not been diverted to other, non-disaster related efforts."

Businesses

Bankrupt Fisker Unable To Port EV Data, Risking Multi-Million Dollar Fleet Deal (techcrunch.com) 59

An anonymous reader quotes a report from TechCrunch: Fisker's Chapter 11 bankruptcy has hit a major snag, as the company buying the startup's remaining fleet of electric SUVs says it might not complete the purchase because of a surprising technical issue. The buyer, a New York-area leasing company called American Lease, says in a new filing that Fisker now believes there is no way to transfer the information connected to each SUV to a new server not owned by the bankrupt EV startup. Since American Lease needs that information to operate the vehicles after Fisker is dissolved, the leasing company has filed an emergency objection to the startup's liquidation plan. Fisker was expected to have that plan confirmed in bankruptcy court as early as this Wednesday.

American Lease has already handed over "tens of millions of dollars" after the purchase agreement of the 3,000-plus Ocean SUVs was approved in July. These funds have been crucial because Fisker was using them to pay for the bankruptcy process. Fisker needed that money to keep itself alive long enough to settle its debts and also prepare to liquidate what it says is around $1 billion in assets that were, until recently, under control of an Austrian subsidiary that was going through its own insolvency process. [...] American Lease says in its filing that Fisker first brought up the possibility that it wouldn't be able to transfer the information to a new server on Friday, October 4, at 8 p.m. ET. And it says that this week, Fisker informed American Lease that it won't be possible at all.

"[American Lease] cannot overstate the significance of this unwelcome news, conveyed to it only after it has paid [Fisker] tens of millions of dollars under the Purchase Agreement," the leasing company's lawyers write in the filing. "It is unclear at the present time what, if anything, Debtor representatives have known about the impossibility or impracticability of implementing Porting of the Purchased Vehicles, and when they learned or otherwise knew of that critical information." American Lease is asking to delay Wednesday's hearing and be allowed to perform "expedited and targeted discovery" of Fisker and its representatives to find out more about when Fisker learned of this problem.

Bitcoin

Bitcoin Creator Suspect Says He is Not Bitcoin Creator Suspect (theregister.com) 36

The man identified as Bitcoin creator Satoshi Nakamoto in a new HBO documentary has something to say: Wrong again, world. From a report: In the just-released HBO film on the history of the world's biggest digital currency -- Money Electric: The Bitcoin Mystery -- documentary filmmaker Cullen Hoback comes to the conclusion that the anonymous creator of Bitcoin was none other than a long-time member of the community and early Bitcoin developer Peter Todd. Todd dismissed the claim in the documentary, released yesterday, and denied it again when asked by The Register.

"[Hoback's] evidence for me being Satoshi is the same kind of coincidence-based, circumstantial thinking that fuels conspiracies like QAnon," Todd told us in an email. "Which is ironic, given that [Hoback's] previous big project was a documentary on QAnon. He clearly didn't try to debunk his theories either." Hoback's previous project -- Q: Into the Storm -- aimed to unmask the person behind QAnon, perhaps giving him an interest in uncovering the identity of Satoshi Nakamoto. Todd, however, thinks Hoback was just trying to drum up interest in his new film.

"I think [Hoback] only included the Satoshi claim as a marketing ploy: he was really creating a documentary about Bitcoin, and needed a hook to get media attention," Todd said. "He picked me to accuse mainly because I was an unlikely candidate, which helped drum up even more attention. I don't think he had any interest in finding the real truth."

Bitcoin

Bitcoin Creator Is Peter Todd, HBO Film Says (politico.eu) 74

A new HBO documentary claims Canadian developer Peter Todd is Satoshi Nakamoto, the pseudonymous founder of bitcoin. The documentary's director, Emmy-nominated filmmaker Cullen Hoback, "comes to the conclusion by stitching together old clues and new ones," reports Politico. In the film's finale, Hoback confronted Todd and said: "It seems like you had these deep insights into bitcoin at the time?" Todd replies: "Well, yeah, I'm Satoshi Nakamoto." From the report: The admission, however, is not necessarily a smoking gun. Todd, who is a vocal backer of Ukraine and Israel on his X feed, is known to invoke the claim "I am Satoshi" as an expression of solidarity with the creator's bid for privacy. In an email to CoinDesk prior to the documentary's release, Todd reportedly denied he was the bitcoin creator: "Of course I'm not Satoshi," he said. If Todd is widely accepted as bitcoin's creator, the revelation would end more than a decade of speculation over the identity of a person whose work spawned a global, multibillion-dollar craze for digital currencies: a mania that has pushed back the frontiers of finance but also enabled widespread fraud and other illicit activities.

Todd is not unknown to enthusiasts of the stateless money system. As a longstanding bitcoin core developer known for communicating publicly with "Satoshi" before his disappearance from crypto forums in 2010, his name has always carried weight in the community. But he was rarely considered a prime suspect. A 39-year-old graduate of Ontario College of Art and Design in Toronto, Todd would have been 23 when the famous bitcoin white paper that first laid out the vision for the decentralized money system was being completed. Todd previously told a podcast he was about 15 years old when he first started communicating with key crypto influencers, known as the cypherpunks. "In investigations like these, digital forensics can only take you so far; they're like a compass," Hoback told POLITICO before the documentary aired. "Real answers can only be found offline."

Privacy

MoneyGram Says Hackers Stole Customers' Personal Information, Transaction Data (techcrunch.com) 6

An anonymous reader quotes a report from TechCrunch: U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers' personal information and transaction data during a cyberattack last month. The company said in a statement Monday that an unauthorized third party "accessed and acquired" customer data during the cyberattack on September 20. The cyberattack -- the nature of which remains unknown -- sparked a week-long outage that resulted in the company's website and app falling offline. MoneyGram says it serves over 50 million people in more than 200 countries and territories each year.

The stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. The data also includes a "limited number" of Social Security numbers and government identification documents, such as driver's licenses and other documents that contain personal information, like utility bills and bank account numbers. MoneyGram said the types of stolen data will vary by individual. MoneyGram said that the stolen data also included transaction information, such as dates and amounts of transactions, and, "for a limited number of consumers, criminal investigation information (such as fraud)."

Open Source

Fintech OpenBB Aims To Be More Than an 'Open Source Bloomberg Terminal' (techcrunch.com) 7

TechCrunch's Paul Sawers reports: Fledgling fintech startup OpenBB is revealing the next step in its plans to take on the heavyweights of the investment research world. The company is launching a new, free version of a product that will open its arsenal of data and financial tooling to more users. OpenBB is the handiwork of software engineer Didier Lopes, who launched the Python-based platform back in 2021 as a way for amateur investors and enthusiasts to do investment research using different datasets for free, via a command line interface (CLI). The company went on to raise $8.5 million in seed funding from OSS Capital and angel investors such as Ram Shriram, an early backer of Google. While the community-based, open source project has amassed some 50,000 users, OpenBB has also been building an enterprise incarnation called Terminal Pro. This paid version gives teams access to an interface, pre-built database integrations, an Excel add-in, and various security and support bolt-ons that would appeal to larger businesses. [...]

The all-new OpenBB Terminal -- not to be confused with the previous CLI-based OpenBB Terminal that the startup sunsetted in March -- is a full-fledged web app, though it strips out many of the premium features of Terminal Pro. It's fully customizable, can run on any operating system or platform, and provides access to an AI-enabled OpenBB copilot. Like the previous OpenBB Terminal, the all-new web app is also free to use. OpenBB Terminal is perhaps something of a middle ground between the CLI centricity of the open source project and the bells-and-whistles feature set of the enterprise product.

The OpenBB Terminal serves as a single end point for accessing financial information from some 100 data sources, spanning equity, options, forex, the macro economy, and more. Users can also throw all their new data into the mix -- the community has previously contributed financial datasets such as historical currency exchange rates and crypto pricing data. There are also a slew of extensions and toolkits to bring more functionality to OpenBB -- such as an AI stock analysis agent. Users are free to incorporate their own AI systems and large language models (LLMs), which might be particularly important for security and compliance use cases. But with the OpenBB Copilot, categorized as a "compound AI system," users can run natural-language queries about their data out of the box.
While OpenBB has been likened to an "open-source Bloomberg," TechCrunch notes that it's not a direct competitor due to Bloomberg's massive data resources and built-in chat functionality. OpenBB, however, offers flexibility with its open-source platform and customization options.

OpenBB filed for a trademark, but Bloomberg has requested an extension to potentially oppose it, despite the company asserting there's no link between OpenBB and Bloomberg's abbreviation "BBG". Lopes says the name originates from BlackBerry stock, where the founders had lost money during the meme stock craze.
The Almighty Buck

America Risks Running Out of Tickers for Single-Stock ETFs (yahoo.com) 40

U.S. exchanges' four-character limit for ETF tickers is creating fierce competition in the $10 trillion industry, particularly for single-stock funds. With 456,976 possible combinations, options narrow drastically when built around existing company tickers. MicroStrategy-inspired ETFs, for instance, leave issuers with just 52 choices using 'MST'. Memorable tickers are crucial for differentiation and can improve stock liquidity.
Python

The Treasurer of Python NZ Pleads Guilty To Stealing From the Society (interest.co.nz) 20

Long-time Slashdot reader Bismillah writes: Python New Zealand has gone through some rough times lately, with its then-treasurer stealing money from the society.. Things were looking really serious for a while, with Python NZ looking at being liquidated due to the theft of funds.

However, there is a silver lining to the story, as the free and open source movement rallied behind Python NZ and got them out of a serious pickle.

"Our friends at Linux Australia and at the Python Software Foundation went well above and beyond to support us, and save us," says Tom Eastman president of Python New Zealand, in an article from interest.co.nz.

He also says he hopes the treasure is ordered by the court to pay restitution. (In the article the treasurer confirms that he's pleaded guilty to the theft, which took place between February 2019 and October 2023 — leaving Python NZ owing conference supplies around $55,000.) "We had $26 in the bank accounts," Eastman tells the site.

The group now has new transparency and accountability measures...
IOS

iOS and Android Security Scare: Two Apps Found Supporting 'Pig Butchering' Scheme (forbes.com) 31

"Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users."

That's the title of a new report released this week by cybersecurity company Group-IB revealing the official Apple App Store and Google Play store offered apps that were actually one part of a larger fraud campaign. "To complete the scam, the victim is asked to fund their account... After a few seemingly successful trades, the victim is persuaded to invest more and more money. The account balance appears to grow rapidly. However, when the victim attempts to withdraw funds, they are unable to do so."

Forbes reports: Group-IB determined that the frauds would begin with a period of social engineering reconnaissance and entrapment, during which the trust of the potential victim was gained through either a dating app, social media app or even a cold call. The attackers spent weeks on each target. Only when this "fattening up" process had reached a certain point would the fraudsters make their next move: recommending they download the trading app from the official App Store concerned.

When it comes to the iOS app, which is the one that the report focussed on, Group-IB researchers said that the app remained on the App Store for several weeks before being removed, at which point the fraudsters switched to phishing websites to distribute both iOS and Android apps. The use of official app stores, albeit only fleetingly as Apple and Google removed the fake apps in due course, bestowed a sense of authenticity to the operation as people put trust in both the Apple and Google ecosystems to protect them from potentially dangerous apps.

"The use of web-based applications further conceals the malicious activity," according to the researchers, "and makes detection more difficult." [A]fter the download is complete, the application cannot be launched immediately. The victim is then instructed by the cybercriminals to manually trust the Enterprise developer profile. Once this step is completed, the fraudulent application becomes operational... Once a user registers with the fraudulent application, they are tricked into completing several steps. First, they are asked to upload identification documents, such as an ID card or passport. Next, the user is asked to provide personal information, followed by job-related details...

The first discovered application, distributed through the Apple App Store, functions as a downloader, merely retrieving and displaying a web-app URL. In contrast, the second application, downloaded from phishing websites, already contains the web-app within its assets. We believe this approach was deliberate, since the first app was available in the official store, and the cybercriminals likely sought to minimise the risk of detection. As previously noted, the app posed as a tool for mathematical formulas, and including personal trading accounts within an iOS app would have raised immediate suspicion.

The app (which only runs on mobile phones) first launches a fake activity with formulas and graphics, according to the researchers. "We assume that this condition must bypass Apple's checks before being published to the store. As we can see, this simple trick allows cybercriminals to upload their fraudulent application to the Apple Store." They argue their research "reinforces the need for continued review of app store submissions to prevent such scams from reaching unsuspecting victims". But it also highlights "the importance of vigilance and end-user education, even when dealing with seemingly trustworthy apps..."

"Our investigation began with an analysis of Android applications at the request of our client. The client reported that a user had been tricked into installing the application as part of a stock investment scam. During our research, we uncovered a list of similar fraudulent applications, one of which was available on the Google Play Store. These apps were designed to display stock-related news and articles, giving them a false sense of legitimacy."

Slashdot Top Deals