An anonymous reader quotes a report from Gizmodo, written by Jody Serrano: In the early aughts, my wheezing dialup connection often operated as if it were perpetually out of breath. Thus, unlike my childhood friends, it was near to impossible for me to watch videos, TV shows, or listen to music. Far from feeling limited, I felt like I was lucky, for I had access to an encyclopedia of lovingly curated pages about anything I wanted to know -- which in those days was anime -- the majority of which was conveniently located on GeoCities. For all the zoomers scrunching up their brows, here's a primer. Back in the 1990s, before the birth of modern web hosting household names like GoDaddy and WP Engine, it wasn't exactly easy or cheap to publish a personal website. This all changed when GeoCities came on the scene in 1994.

The company gave anyone their own little space of the web if they wanted it, providing users with roughly 2 MB of space for free to create a website on any topic they wished. Millions took GeoCities up on its offer, creating their own homemade websites with web counters, flashing text, floating banners, auto-playing sound files, and Comic Sans. Unlike today's Wild Wild Internet, websites on GeoCities were organized into virtual neighborhoods, or communities, built around themes. "HotSprings" was dedicated to health and fitness, while "Area 51" was for sci-fi and fantasy nerds. There was a bottom-up focus on users and the content they created, a mirror of what the public internet was like in its infancy. Overall, at least 38 million webpages were built on GeoCities. At one point, it was the third most-visited domain online. Yahoo acquired GeoCities in 1999 for $3.6 billion. The company lived on for a decade more until Yahoo shut it down in 2009, deleting millions of sites.

Nearly two decades have passed since GeoCities, founded by David Bohnett, made its debut, and there is no doubt that the internet is a very different place than it was then. No longer filled with webpages on random subjects made by passionate folks, it now feels like we live in a cyberspace dominated by skyscrapers -- named Facebook, Google, Amazon, Twitter, and so on -- instead of neighborhoods. [...] We can, however, ask GeoCities' founder what he thinks of the internet of today, subsumed by social media networks, hate speech, and more corporate than ever. Bohnett now focuses on funding entrepreneurs through Baroda Ventures, an early-stage tech fund he founded, and on philanthropy with the David Bohnett Foundation, a nonprofit dedicated to social justice and social activism that he chairs. Right off the bat, Bohnett says something that strikes me. It may, in fact, be the sentence that summarizes the key distinction between the internet of the '90s-early 2000s and the internet we have today. "GeoCities was not about self-promotion," Bohnett told Gizmodo in an interview. "It was about sharing your interest and your knowledge." When asked to share his thoughts on the internet of today, Bohnett said: "... The heart of GeoCities was sharing your knowledge and passions about subjects with other people. It really wasn't about what you had to eat and where you've traveled. [...] It wasn't anything about your face." He added: "So, what has surprised me is how far away we've gotten from that original intent and how difficult it is [now]. It's so fractured these days for people to find individual communities. [...] I've been surprised at sort of the evolution away from self-generated content and more toward centralized programing and more toward sort of the self-promotion that we've seen on Facebook and Instagram and TikTok."

Bohnett went on to say that he thinks it's important to remember that "the pace of innovation on the internet continues to accelerate, meaning we're not near done. In the early days when you had dial up and it was the desktop, how could you possibly envision an Uber?"

"We're still in that trajectory where there's going to be various technologies and ways of communicating with each other, [as well as] wearable devices, blockchain technology, virtual reality, that will be as astounding as Uber seemed in the early days of GeoCities," added Bohnett. "I'm very, very excited about the future, which is why I continue to invest in early-stage startups because as I say, the pace of innovation accelerates and builds on top of itself. It's so exciting to see where we might go."

Thousands of Solana users collectively lost about $4.5 million worth of SOL and other tokens from Tuesday night into early Wednesday, and now there's a likely explanation for why: it's being blamed on a private key exploit tied to mobile software wallet Slope. From a report: On Wednesday afternoon, the official Solana Status Twitter account shared preliminary findings through collaboration between developers and security auditors, and said that "it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications."

"This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure," the thread continues. "While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service." "There is no evidence the Solana protocol or its cryptography was compromised," the account added. Some Phantom wallets were also drained of their SOL and tokens in the attack, however it appears that those wallets' holders had previously interacted with a Slope wallet. "Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope," the Phantom team tweeted today.

An anonymous reader quotes a report from BleepingComputer: Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. The discovery belongs to cybersecurity firm CloudSEKE, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. When integrating mobile apps with Twitter, developers will be given special authentication keys, or tokens, that allow their mobile apps to interact with the Twitter API. When a user associates their Twitter account with this mobile app, the keys also will enable the app to act on behalf of the user, such as logging them in via Twitter, creating tweets, sending DMs, etc.

As having access to these authentication keys could allow anyone to perform actions as associated Twitter users, it is never recommended to store keys directly in a mobile app where threat actors can find them. CloudSEK explains that the leak of API keys is commonly the result of mistakes by app developers who embed their authentication keys in the Twitter API but forget to remove them when the mobile is released. [...] One of the most prominent scenarios of abuse of this access, according to CloudSEK, would be for a threat actor to use these exposed tokens to create a Twitter army of verified (trustworthy) accounts with large numbers of followers to promote fake news, malware campaigns, cryptocurrency scams, etc. "CloudSEK shared a list of impacted applications [...] with apps between 50,000 and 5,000,000 downloads," reports BleepingComputer. They are not disclosing the list because they are still vulnerable to exploitation and Twitter account takeover.

Indonesia has lifted its ban on Steam and Yahoo now that both companies complied with the country's restrictive laws that regulate online activity. From a report: The Indonesian Ministry of Communication and Information (Kominfo) announced the news in a translated update on Twitter, noting that Counter-Strike: Global Offensive and Dota 2 are back online as well. Last week, Indonesia blocked access to Steam, PayPal, Yahoo, Epic Games, and Origin after the companies failed to meet a deadline to register with the country's database. This requirement is bundled with a broader law, called MR5, that Indonesia first introduced in 2020. The law gives the Indonesian government the authority to order platforms to take down content considered illegal as well as request the data of specific users. In 2021, the digital rights group Electronic Frontier Foundation (EFF) called the policy "invasive of human rights." Although PayPal has yet to comply, Indonesia unblocked access to the service for five days starting July 31st to give users a chance to withdraw money and make payments. According to the Indonesian news outlet Antara News, PayPal reportedly plans on registering with the country's database soon.

A sad announcement was posted online today, reports CNN: "Last night, my mother, Nichelle Nichols, succumbed to natural causes and passed away. Her light however, like the ancient galaxies now being seen for the first time, will remain for us and future generations to enjoy, learn from, and draw inspiration," Johnson said in a statement shared to Nichols' official site on Sunday. "Hers was a life well lived and as such a model for us all."

Nichols died from natural causes, he said...

George Takei, who portrayed the USS Enterprise's helmsman Hikaru Sulu, posted a touching tribute to his co-star.

"I shall have more to say about the trailblazing, incomparable Nichelle Nichols, who shared the bridge with us as Lt. Uhura of the USS Enterprise, and who passed today at age 89," wrote Takei on Twitter. "For today, my heart is heavy, my eyes shining like the stars you now rest among, my dearest friend."

"We lived long and prospered together," he added with a photo of the pair making the iconic Vulcan salute.
It was Nichols herself who came up with the name "Uhura" for her character, she revealed years in a 2010 interview. After the series Nichols authored the science fiction novels Saturn's Child and Saturna's Quest, as well as a memoir titled Beyond Uhura — Star Trek and Other Memories.

But Nichols also served on the board of directors of the National Space Society (a charity advocating for space advocacy) — and maintained ties to other real-world space agencies. "Nichols was always interested in space travel," according to a NASA web page. "She flew aboard the C-141 Astronomy Observatory, which analyzed the atmospheres of Mars and Saturn on an eight hour, high altitude mission." But in addition, "From the late 1970's until the late 1980's, NASA employed Nichelle Nichols to recruit new astronaut candidates" (including Dr. Sally Ride).

"Ten years on from discovery, there's still a lot left to learn about the Higgs boson!" tweeted a researcher anticipating their experiment on the Large Hadron Collider.

But on Facebook, there's posts calling CERN "a demonic/Evil machine that opens up portals to other dimensions/Hell/other spiritual worlds" and "brings in demons wicked spirits/High Evil Principalities." And USA Today reports that similar posts making that same claim "have amassed hundreds of interactions on Facebook and Twitter." (Their article then goes on to assure readers that "the claim is baseless.")

In fact, USA Today's "Fact Check" feature spent some time investigating the claims of a demonic machine opening portals to hell, and after exhaustive research can report that at this time "There is no evidence scientists at CERN are engaged in anything other than scientific-related activities." Physics experts told USA TODAY scientists use the Large Hadron Collider to collide particles at very high energies to study matter. There is no truth to the claim that scientists at CERN are communicating with demonic entities and using the collider to open up a portal to hell, Dejan Stojkovic, a physics professor at the University at Buffalo, told USA TODAY in an email.
The physics behind his explanation is interesting: "To create a black hole or a wormhole, even microscopic ones, with our current technology, in the context of our standard theories of gravity, we need an accelerator as big as the whole universe," Stojkovic said. "So there is no chance whatsoever to create such a portal at the [Large Hadron Collider]."

"Since these are previously unexplored energies in a controlled environment, we might expect production of some new elementary particles that we did not know if they existed," Stojkovic said. "However, these are microscopic particles, so there is no chance such a portal would open."
Facebook has now attached a warning to its user's post about a demonic machine opening up portals to hell, notifying users that the post contains "False information." (It adds that this assertion has been "checked by independent fact-checkers," linking back to USA Today's article for support.)

USA Today ends its analysis with a definitive summation: Based on our research, we rate FALSE the claim that scientists at CERN are communicating with demonic entities and opening a portal to hell. There is no evidence scientists at CERN are engaged in anything other than scientific-related activities. The collider cannot open up portals to other dimensions. Experts said scientists use the machine to collide particles at very high energies to study matter....

Our fact-check work is supported in part by a grant from Facebook.

Thanks to Slashdot reader Iamthecheese for sharing the story!

The 25-ton core stage of a Long March 5B rocket "reentered Earth's atmosphere over the Indian Ocean this afternoon," reports Space.com, citing an announcement on Twitter from the U.S. Space Command. Mission managers didn't screw anything up; this end-of-life scenario is built into the Long March 5B's design, to the consternation of exploration advocates and much of the broader spaceflight community. This disposal strategy is reckless, critics say, given that the big rocket doesn't burn up completely upon reentry.

Indeed, 5.5 tons to 9.9 tons (5 to 9 metric tons) of the Long March 5B likely survived all the way to the ground today, experts with The Aerospace Corporation's Center for Orbital Reentry and Debris Studies have estimated. And it's possible that falling rocket chunks caused some injuries or infrastructure damage today, given where the Long March 5B reentered. One observer appeared to capture the rocket's breakup from Kuching, in the Malaysian state of Sarawak, for example, posting video of the dramatic event on Twitter. "The video from Kuching implies it was high in the atmosphere at that time — any debris would land hundreds of km further along track, near Sibu, Bintulu or even Brunei," astrophysicist and satellite tracker Jonathan McDowell, of the Harvard-Smithsonian Center for Astrophysics, said via Twitter today. It's "unlikely but not impossible" that one or more chunks hit a population center, he added in another tweet....

"What really should have happened is, there should have been some fuel left on board for this to be a controlled reentry," Darren McKnight, a senior technical fellow at the California-based tracking company LeoLabs, said Thursday (July 28) during a Long March 5B reentry discussion that The Aerospace Corporation livestreamed on Twitter. "That would be the responsible thing to do...."

This was the third uncontrolled fall for a Long March 5B core stage to date.
NASA Administrator Bill Nelson also released a critical statement today pointing out that China "did not share specific trajectory information as their Long March 5B rocket fell back to Earth." All spacefaring nations should follow established best practices, and do their part to share this type of information in advance to allow reliable predictions of potential debris impact risk, especially for heavy-lift vehicles, like the Long March 5B, which carry a significant risk of loss of life and property.

Newsweek reports that "A huge piece of space debris appears to have fallen from the sky and landed on a sheep farm in Australia." On July 9, locals across the Snowy Mountains in southern New South Wales heard a bang, ABC Australia reported. It was heard for miles, by those as far away as Albury, Wagga Wagga and Canberra.... Sheep farmer Mick Miners then came across a strange, charred object on his ranch, south of Jindabyne, on July 25. "I didn't know what to think, I had no idea what it was," Miners told ABC Australia.

He found the 10 foot chunk of metal wedged into the ground in a remote part of his sheep paddock.

He was not the only one. His neighbor, Jock Wallace also found some strange debris in the area. "I didn't hear the bang, but my daughters said it was very loud," Wallace told ABC. "I think it's a concern, it's just fallen out of the sky. If it landed on your house it would make a hell of a mess."

Serial numbers were noted on the charred, pieces of debris. Australian National University College of Science astrophysicist Brad Tucker told ABC News that the debris is likely from the trunk section of the SpaceX Dragon spacecraft. The spacecraft launched in 2020, and the debris may have fallen as it re-entered the Earth's atmosphere.

Tucker told ABC that is may have been the largest piece of space debris to fall in Australia for decades — the last time was in 1979, when NASA's Skylab space station fell in Western Australia.
Thanks to long-time Slashdot reader 192_kbps for sharing the article!

In Twitter's 20th transparency report, the company says it saw "record highs" in the number of account data requests during the July-December 2021 reporting period, with 47,572 legal demands on 198,931 accounts. Engadget reports: The media in particular faced much more pressure. Government demands for data from verified news outlets and journalists surged 103 percent compared to the last report, with 349 accounts under scrutiny. The largest slice of requests targeting the news industry came from India (114), followed by Turkey (78) and Russia (55). Governments succeeded in withholding 17 tweets. As in the past, US demands represented a disproportionately large chunk of the overall volume. The country accounted for 20 percent of all worldwide account info requests, and those requests covered 39 percent of all specified accounts. Russia is still the second-largest requester with 18 percent of volume, even if its demands dipped 20 percent during the six-month timeframe.

The company said it was still denying or limiting access to info when possible. It denied 31 percent of US data requests, and either narrowed or shut down 60 percent of global demands. Twitter also opposed 29 civil attempts to identify anonymous US users, citing First Amendment reasons. It sued in two of those cases, and has so far had success with one of those suits. There hasn't been much success in reporting on national security-related requests in the US, however, and Twitter is still hoping to win an appeal that would let it share more details.

An anonymous reader shares a report: Google Stadia hasn't been as successful as the Internet super-giant wanted it to be. While the game streaming service did end up getting its foot in the door for a little while, it hasn't been making waves since its release, and many have theorized that Google would end up scuttling the service entirely in the relatively near future. This idea isn't without precedent, either, as Google is known to shut down underperforming services in surprisingly short order, and Google Stadia, in particular, isn't doing all that well in the grand scheme of things. The latest rumors suggest that the plans to shut down Stadia may be further along than some would think, with Google aiming to close it down before the end of 2022.

Google Stadia was originally announced in 2019, and while it was presented as the next big thing for gaming, it barely made a splash in the end. According to Twitter account Killed by Google, which keeps track of all the services that Google closes down, it might not be long before Stadia's time is up. It's a "he said, she said" situation, to be fair, but according to the account holder's sources, Google may shut down Stadia "by the end of summer." The source also claims that there'd be no license transfer of any sort, which means that any purchases made on Stadia would effectively be nullified as the service closes down.

An anonymous reader shares a report: From Elon Musk Twitter impersonators to dubious Discord chats, cryptocurrency and non-fungible token (NFT) scammers have stolen billions of dollars from investors over the last few years. But now, politicians and law enforcement are turning their attention to Apple and Google -- companies that operate huge app stores -- and how they review fraudulent crypto apps.

In letters to Apple CEO Tim Cook and Google CEO Sundar Pichai on Thursday, Sen. Sherrod Brown (D-OH) asked that the companies explain their processes in reviewing and approving crypto trading and wallet apps for download on their app stores. Brown's inquiry follows a recently released FBI report warning that 244 investors have been scammed out of $42.7 million from fraudulent cryptocurrency apps claiming to be credible investment platforms in under a year. "Crypto mobile apps are available to the public through app stores, including Apple's App Store," the senator wrote to Cook on Thursday. "While cryptocurrency apps have offered investors easy and convenient ways to trade cryptocurrency, reports have emerged of fake crypto apps that have scammed hundreds of investors."

Instagram's head defended the app against a user backlash, after the social network launched a series of changes intended to make it more like its arch-rival TikTok. The Guardian reports: The changes, which include an extremely algorithmic main feed, a push for the service's TikTok-style "reels" videos, and heavy promotion of the TikTok-style "remix" feature, have resulted in users struggling to find content from friends and family, once the bread and butter of the social network. "We're hearing a lot of concerns from all of you," Adam Mosseri said in a video posted to Twitter. "I'm hearing a lot of concerns about photos, and how we're shifting to video. We're going to continue to support photos, but I need to be honest: more and more of Instagram is going to become video over time. We're going to have to lean in to that shift while continuing to support photos."

The Instagram boss also defended the platform's new "recommendations" feature, which puts content from people users do not follow on to their feed. "The idea is to help you discover new and interesting things on Instagram that you might not even know exist," he said. "You can snooze all recommendations for up to a month, but we're going to try and get better at recommendations because we think it's one of the best ways to help creators reach a new audience and grow their following. He added: "We're going to need to evolve, because the world is changing quickly and we're going to need to change with it."

Instagram's makeover is widely seen as a response to TikTok's continued growth, in particular among younger American users. [...] By boosting algorithmic recommendations, allowing users to "remix" posts (akin to TikTok's "Duet" feature), and promoting full-screen vertical video above photos, Instagram is attempting to turn its main app experience into something similar to that of the Chinese-owned upstart. In a widely shared story, Kardashian clan member and social media star, Kylie Jenner, called on the service to "make Instagram Instagram again." She added: "Stop trying to be TikTok, I just want to see cute photos of my friends."

UPDATE: Instagram Is Walking Back Its Changes For Now

Saudi Arabia's Crown Prince Mohammed bin Salman said they are planning an initial public offering of the Kingdom's $500 billion megaproject Neom as soon as 2024. Arabian Business reports: Talking to reporters in Jeddah, the crown prince said the Kingdom is setting aside $80 billion for Neom Investment Fund, where it would invest in companies that agree to operate in the futuristic city, Bloomberg has reported. The announcement was witnessed by global investors including Bridgewater Associates founder Ray Dalio, Tim Collins of Ripplewood, Saudi Prince Alwaleed bin Talal and Kuwaiti retail billionaire Mohammed Alshaya.

The Saudi crown prince also unveiled funding details of Neom. First phase, which runs until 2030, will cost 1.2 trillion riyals, with about half of that covered by the Public Investment Fund. Officials will then seek to raise another 600 billion riyals from other sovereign wealth funds in the region, private investors in Saudi Arabia and abroad, and the planned IPO on Tadawul. The IPO, which could happen by 2024, will add more than 1 trillion riyals to the Kingdom's stock market, the crown prince noted. In addition to the news about the IPO, a teaser video was released, revealing the design for The Line: a "vertical city" some 500 meters tall, 170 kilometers in length, and covered in mirrors.

"Although it looks like a wall, The Line is actually supposed to be comprised of two huge parallel buildings, connected via walkways and divided into neighborhoods that are supposed to offer all the amenities of city life within a five-minute walking distance," reports The Verge.

"Vegetables will be 'autonomously harvested and bundled' from community farms; 'a high-speed train will run under the mirrored buildings'; the Line will include a stadium 'up to 1,000 feet above the ground,' and there'll be a marina for yachts under an arch between the buildings." A report from the Wall Street Journal in 2019 also noted robots will outnumber humans and hologram teachers will education genetically-enhanced students.

In the M2 MacBook Air, Apple has replaced an Intel-made component responsible for controlling the USB and Thunderbolt ports with a custom-made controller, meaning the last remnants of Intel are now fully out of the latest Mac. MacRumors reports: Earlier this month, the repair website iFixit shared a teardown of the new "MacBook Air," revealing a look inside the completely redesigned machine. One subtle detail that went largely unnoticed was that unlike previous Macs, the latest "MacBook Air" introduces custom-made controllers for the USB and Thunderbolt ports. iFixit mentioned it in their report, noting they located a "seemingly Apple-made Thunderbolt 3 driver, instead of the Intel chips we're familiar with." The new component was shared on Twitter earlier today, where it received more attention. Few details are known about the controllers, including whether they're custom-made by Apple or a third party.

Coinbase is facing a US probe into whether it improperly let Americans trade digital assets that should have been registered as securities, Bloomberg reported Tuesday, citing people familiar with the matter. From the report: The US Securities and Exchange Commission's scrutiny of Coinbase has increased since the platform expanded the number of tokens in which it offers trading, said two of the people, who asked not to be named because the inquiry hasn't been disclosed publicly. The probe by the SEC's enforcement unit predates the agency's investigation into an alleged insider trading scheme that led the regulator last week to sue a former Coinbase manager and two other people. "We are confident that our rigorous diligence process -- a process the SEC has already reviewed -- keeps securities off our platform, and we look forward to engaging with the SEC on the matter," Chief Legal Officer Paul Grewal said on Twitter.

ZDNet reports: Microsoft is rolling out a new security default for Windows 11 that will go a long way to preventing ransomware attacks that begin with password-guessing attacks and compromised credentials. The new account security default on account credentials should help thwart ransomware attacks that are initiated after using compromised credentials or brute-force password attacks to access remote desktop protocol (RDP) endpoints, which are often exposed on the internet.

RDP remains the top method for initial access in ransomware deployments, with groups specializing in compromising RDP endpoints and selling them to others for access.

The new feature is rolling out to Windows 11 in a recent Insider test build, but the feature is also being backported to Windows 10 desktop and server, according to Dave Weston, vice president of OS Security and Enterprise at Microsoft. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks — this control will make brute forcing much harder which is awesome!," Weston tweeted.

Weston emphasized "default" because the policy is already an option in Windows 10 but isn't enabled by default. That's big news and is a parallel to Microsoft's default block on internet macros in Office on Windows devices, which is also a major avenue for malware attacks on Windows systems through email attachments and links.... The defaults will be visible in the Windows Local Computer Policy directory "Account Lockout Policy".

The default "account lockout duration" is 10 minutes; the "account lockout threshold" is set to a maximum of 10 invalid logon attempts; a setting to "allow administrator account lockout" is enabled; and the "reset account lockout counter after" setting is set to 10 minutes.

This week America's Department of Defense "created an office to track unidentified objects in space and air, [and] under water," reports Space.com, "or even those that appear to travel between these domains." UFOs, or as they are now known, unidentified aerial phenomena (UAP) have been receiving newfound levels of government scrutiny not seen in decades. Multiple hearings and classified briefings have taken place in the halls of the U.S. Congress in recent months, and many lawmakers have expressed concern that America's airspace may not be as safe as we think due to the many sightings of unidentified objects military aviators and other armed forces personnel have reported.

With that in mind, the Department of Defense announced the creation of this new office in a statement published Wednesday (July 20). The office is known as the All-domain Anomaly Resolution Office, or AARO, and was established within the Office of the Under Secretary of Defense for Intelligence and Security... The office has six primary lines of effort: surveillance, collection and reporting; system capabilities and design; intelligence operations and analysis; mitigation and defeat; governance; and science and technology.
A statement from the U.S. Department of Defense spells out its mission:

• To synchronize efforts across the Department of Defense, and with other U.S. federal departments and agencies
• To detect, identify and attribute objects of interest in, on or near military installations, operating areas, training areas, special use airspace and other areas of interest
• As necessary, to mitigate any associated threats to safety of operations and national security.

Long-time Slashdot reader schwit1 notes the office already has its own Twitter feed, providing "updates and information relative to our examinations of unidentified anomalous phenomena across space, air, and maritime domains."

9to5Mac reports: A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted. The data — which ties Twitter handles to phone numbers and email addresses — has been offered for sale on a hacking forum, for $30,000... There is as yet no way to check whether your account is included in the Twitter data breach.
More details from the Restore Privacy security news site: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database allegedly acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.... The seller on the hacking forum goes by the username "devil" and claims that the dataset includes "Celebrities, to Companies, randoms, OGs, etc."

An anonymous reader quotes a report from Ars Technica: Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users to quickly receive support for common questions involving Atlassian products. The company warned the passcode was "trivial to obtain."

The company said that Questions for Confluence had 8,055 installations at the time of publication. When installed, the app creates a Confluence user account named disabledsystemuser, which is intended to help admins move data between the app and the Confluence Cloud service. The hardcoded password protecting this account allows for viewing and editing of all non-restricted pages within Confluence. "A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to," the company said. "It is important to remediate this vulnerability on affected systems immediately."

A day later, Atlassian was back to report that "an external party has discovered and publicly disclosed the hardcoded password on Twitter," leading the company to ratchet up its warnings. "This issue is likely to be exploited in the wild now that the hardcoded password is publicly known," the updated advisory read. "This vulnerability should be remediated on affected systems immediately." The company warned that even when Confluence installations don't actively have the app installed, they may still be vulnerable. Uninstalling the app doesn't automatically remediate the vulnerability because the disabledsystemuser account can still reside on the system. To figure out if a system is vulnerable, Confluence users can use these instructions Atlassian provided for locating such accounts.

According to the company, the two ways to fix the issue are to disable or remove the "disabledsystemuser" account.

An anonymous reader quotes a report from Motherboard: A video started circulating on Twitter Thursday of a Boston Dynamics-style robot dog firing a submachine gun into targets amid a snowy backdrop. This type of robot dog (it doesn't seem like the robot in the video is a Boston Dynamics Spot, just looks a lot like it) is famous for dancing, but now appears to have fulfilled every warning given by journalists and analysts. It's got a gun and it's ready to kill. A lot of questions remain. First, the robot dog doesn't seem to be able to handle the recoil of the gun well. As it fires its rounds, the barrel trails up and the dog has to take a minute to get its balance back. We also don't know if the dog is firing on its own or if, and this is more likely, someone is off-camera pulling the trigger remotely.

The robot's feet, various ports, and its front are completely different from Boston Dynamics' Spot. There's dozens of knockoffs of the Boston Dynamics dog selling on the international market. The one in the video appears to be a UnitreeYusu "technology dog" selling on AliExpress for about $3,000. The feet, port placement, and joint coverings are all the same. The robot also has strips of Velcro on either of its flanks. The left flank bears a Russian flag and the other appears with a wolf's head. In another video on the channel, a man wears a similar patch on his arm. It appears to be a wolf's head insignia commonly associated with Russian Special Operations Forces or Spetsnaz. That doesn't mean that Spetsnaz is using armed robot dogs, as pretty much anyone can buy a similar patch online in various places.

The gun is also Russian. It appears to be a PP-19 Vityaz, a submachine gun based on the AK-74 design. As the dog wanders around and fires, it sometimes moves in front of an armored personnel carrier with a unique triangular door. That's a BDRM-2, a Russian armored car that's been spotted recently in Ukraine. Finally, there's the account the video originally appeared on. Before making its way to Twitter, the video of the dog was posted to the YouTube account of Alexander Atamov on March 22, 2022. Atamov is listed on his LinkedIn profile as the founder of "HOVERSURF" and his Facebook page lists him as living in Moscow. He posted a picture of the robot dog on March 21. According to Facebook's translation of his post, he called the dog "Skynet."