Slashdot

An anonymous reader quotes a report from Wired: An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US. Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site's backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. "The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk," Darby wrote in a statement. "We take our responsibilities to protect customer data very seriously." CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address -- and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures. By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users and claims on its website that it has handled more than 800,000 bags for customers. [...] The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a "rate limiting" security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. "Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. "The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything."

Read more of this story at Slashdot.

Palantir has secured a massive $10 billion contract with the U.S. Army to unify 75 contracts into a single AI-focused enterprise framework, streamlining procurement and enhancing military readiness. CNBC reports: The agreement creates a "comprehensive framework for the Army's future software and data needs" that provides the government with purchasing flexibility and removes contract-related fees and procurement timelines, according to a release. Palantir co-founder and CEO Alex Karp has been a vocal proponent of protecting U.S. interests and joining forces on AI to fend off adversaries. Earlier this year, Palantir delivered its first two AI-powered systems in its $178 million contract with the U.S. Army. In May, the Department of Defense boosted its Maven Smart Systems contract to beef up AI capabilities by $795 million.

Read more of this story at Slashdot.

Atlassian laid off 150 employees via a pre-recorded video. "While not specifically outlined, the affected staff seem to be from the company's European operations, with The Australian saying that Cannon-Brooke's overshared that it would be difficult to axe its European staff due to contract arrangements, but that the company had already begun moving in that direction," reports CyberDaily. While the company claims the cuts weren't directly caused by AI, it has simultaneously rolled out AI-enhanced customer service tools and emphasized automation as a key part of its digital transformation strategy. From the report: Atlassian CEO and co-founder Mike Cannon-Brookes sent the video titled "Restructuring the CSS Team: A Difficult Decision for Our Future" to staff on Wednesday morning (30 July), informing them that 150 staff had been made redundant. The video reportedly did not make it seem that the decision was difficult, but rather said it would allow its staff "to say goodbye." The video itself did not announce who was leaving, but it told employees they would have to wait 15 minutes for an email about their employment. Those who were terminated had their laptops blocked immediately. They reportedly will receive six months' pay. "AI is going to change Australia," [said former co-CEO and co-founder Scott Farquhar]. "Every person should be using AI daily for as many things as they can. Like any new technology, it will feel awkward to start with, but every business person, every business leader, every government leader, and every bureaucrat should be using it." He also said that governments should be implementing AI more broadly. [...] Commenting on the termination, Farquhar said the mass termination was due to the customer service team no longer being needed in the same capacity, as larger clients required less complex support following a move to the cloud.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Amazon CEO Andy Jassy sees an opportunity to deliver ads to users during their conversations with the company's AI-powered digital assistant, Alexa+, he said during Amazon's second-quarter earnings call Thursday. "People are excited about the devices that they can buy from us that has Alexa+ enabled in it. People do a lot of shopping [with Alexa+]; it's a delightful shopping experience that will keep getting better," said Jassy on the call with investors and Wall Street analysts. "I think over time, there will be opportunities, as people are engaging in more multi-turn conversations, to have advertising play a role to help people find discovery, and also as a lever to drive revenue." [...] Amazon has made Alexa+ free for Prime customers (who pay $14.99 a month) and added a $20-a-month subscription tier for Alexa+ on its own. Jassy suggested on Thursday that Alexa+ could eventually include subscription tiers beyond what's available today -- perhaps an ad-free tier. Up until now, ads have only appeared in Alexa in limited ways. Users may occasionally see a visual ad on Amazon's smart display device, the Echo Show, or hear a pre-recorded ad in between songs on one of Alexa's smart speakers. But Jassy's description of an AI-generated ad that Alexa+ delivers in a multistep conversation, which could help users find new products, is uncharted territory for Amazon and the broader tech industry. Marketers have expressed interest in advertising in AI chatbots, and specifically Alexa+, but exactly how remains unclear. [...] Jassy is betting that users will talk to Alexa+ more than Alexa, which could drive more advertising and more shopping on Amazon.com. However, early reviews of Alexa+ have been mixed. Amazon has reportedly struggled to ship some of Alexa+'s more complicated features, and the rollout has been slower than many expected. There's a lot to figure out before Amazon puts ads in Alexa+. Like most AI models, Alexa+ is not immune to hallucinations. Before advertisers agree to make Alexa+ a spokesperson for their products, Amazon may have to come up with some ways to ensure that its AI will not offer false advertising for a product. Jassy seems enthusiastic about making advertising a larger part of Amazon business. Amazon's advertising revenue went up 22% in the second quarter, compared to the same period last year. Delivering ads in AI chatbot conversations may also raise privacy concerns. People tend to talk more with AI chatbots compared to deterministic assistants, like the traditional Alexa and Siri products. As a result, generative AI chatbots tend to collect more information on users. Some users might be unsettled by having that information sold to advertisers and having ads appear in their natural language conversations with AI.

Read more of this story at Slashdot.

India's national university ranking will start penalizing institutions if a sizable number of papers published by their researchers are retracted -- a first for an institutional ranking system. Nature: The move is an attempt by the government to address the country's growing number of retractions due to misconduct. Many retractions correct honest mistakes in the literature, but others arise because of misconduct. India has had more papers retracted than any country apart from China and the United States, according to an analysis of the public database maintained by Retraction Watch of retractions over the past three decades. But whereas less than 1 paper is retracted for every 1,000 papers published in the United States, more than 3 are retracted for every 1,000 published in China, and the figure is 2 per 1,000 in India. The majority in India and China are withdrawn because of misconduct or research-integrity concerns.

Read more of this story at Slashdot.

An anonymous reader shares a report: Yesterday, when Epic won its Google antitrust lawsuit for a second time, it wasn't quite clear how soon Google would need to start dismantling its affirmed illegal monopoly. Today, Google admits the answer is: 14 days. Google has just 14 days to enact major changes to its Google Play app store, and the way it does business with phonemakers, cellular carriers, and app developers, unless it wins an emergency stay (pause) from the Ninth Circuit Court of Appeals as it continues to appeal. It must stop forcing apps to use Google Play Billing, allow app developers to freely steer their users to other platforms, and limit the perks it can offer in exchange for preinstalled apps, among other changes.

Read more of this story at Slashdot.

An anonymous reader shares a report: Apple CEO Tim Cook appears unfazed by concerns that advancements in AI could topple the iPhone's dominance. During Thursday's earnings call, Wamsi Moen, an analyst with Bank of America, asked Cook directly how Apple is preparing for a world where dependence on screen-based devices "significantly diminishes," thanks to advances in AI. Cook didn't seem to see an imminent threat to Apple's hero product. "When you when you think about all the things an iPhone can do, from connecting people to bringing app and game experiences to life, to taking photos and videos, to helping users explore the world and conduct their financial lives and pay for things and so much more, you know, it's difficult to see a world where iPhone's not living in it," Cook said. "And that doesn't mean that we are not thinking about other things as well," Cook added, "but I think that the devices are likely to be complementary devices, not substitution." Apple said yesterday it had sold 3 billion iPhones since the product's launch in 2007

Read more of this story at Slashdot.

A Brussels court has issued an unusually broad site-blocking order targeting Internet Archive's Open Library alongside shadow libraries including Anna's Archive, Libgen, and Z-Library. The order, requested by publishing and author organizations, directs an unprecedented range of intermediaries to take action beyond traditional ISP blocks. Search engines, DNS resolvers, advertisers, domain name services, CDNs, hosting companies, and payment processors -- including Google, Microsoft, Cloudflare, Amazon Web Services, PayPal, and Starlink -- must restrict access to the targeted sites. The court found "clear and significant infringement" in the ex parte proceeding.

Read more of this story at Slashdot.

BrianFagioli writes: Google is changing its mind about killing off all goo.gl short links. The company had originally planned to shut them down entirely by August 25, 2025. That decision sparked concern among developers, educators, journalists, and everyday users who rely on these links across the web. Now, just weeks before the deadline, Google is taking a softer approach. It turns out the company is only going to disable goo.gl links that haven't seen any activity since late 2024. If your link is still being used or clicked, it should keep working. This adjustment comes after what Google describes as community feedback.

Read more of this story at Slashdot.

Verizon has confirmed it will raise customer fees despite announcing a three-year price lock in April. The carrier said the "vast majority" of customers will see increases of "less than 30 cents." A Reddit thread cited by The Verge suggests the Administrative and Telco Recovery Charge will rise 28 cents to $3.78 per voice line, while data-only plan charges could increase $2.37 to $3.97 per line. The changes may take effect September 1.

Read more of this story at Slashdot.

Major video game publishers have abandoned plans to sell new releases at $80 after initially signaling support for the elevated price point earlier this year, according to Bloomberg. Microsoft reversed course in late July, announcing The Outer Worlds 2 and other holiday titles including Call of Duty will sell for $70 instead of the previously planned $80. Take-Two Interactive's Borderlands 4 and Sony's Ghost of Yotei were also priced at $70 after initial $80 expectations. Electronic Arts said it will not adjust prices for the near future, with the upcoming Battlefield 6 selling for $70. Production costs have grown tenfold over the past decade while sales have not increased proportionally.

Read more of this story at Slashdot.

Microsoft researchers have identified 40 occupations [PDF] with the highest exposure to AI, ranking jobs by how closely their tasks align with AI's current capabilities. The study analyzed 200,000 real-world conversations from Copilot users and compared AI performance against occupational data. Interpreters and translators top the list, followed by historians and passenger attendants. Customer service and sales representatives, comprising about 5 million U.S. jobs, also face significant AI competition. Knowledge workers performing computer, math, or administrative tasks showed high vulnerability, as did sales positions involving information sharing and explanation. The research found occupations requiring Bachelor's degrees demonstrate higher AI applicability than those with lower educational requirements. First, the top 10 least affected occupations by generative AI: 1. Dredge Operators 2. Bridge and Lock Tenders 3. Water Treatment Plant and System Operators 4. Foundry Mold and Coremakers 5. Rail-Track Laying and Maintenance Equipment Operators 6. Pile Driver Operators 7. Floor Sanders and Finishers 8. Orderlies 9. Motorboat Operators 10. Logging Equipment Operators Now, the top 40 most affected occupations by generative AI:1. Interpreters and Translators 2. Historians 3. Passenger Attendants 4. Sales Representatives of Services 5. Writers and Authors 6. Customer Service Representatives 7. CNC Tool Programmers 8. Telephone Operators 9. Ticket Agents and Travel Clerks 10. Broadcast Announcers and Radio DJs 11. Brokerage Clerks 12. Farm and Home Management Educators 13. Telemarketers 14. Concierges 15. Political Scientists 16. News Analysts, Reporters, Journalists 17. Mathematicians 18. Technical Writers 19. Proofreaders and Copy Markers 20. Hosts and Hostesses 21. Editors 22. Business Teachers, Postsecondary 23. Public Relations Specialists 24. Demonstrators and Product Promoters 25. Advertising Sales Agents 26. New Accounts Clerks 27. Statistical Assistants 28. Counter and Rental Clerks 29. Data Scientists 30. Personal Financial Advisors 31. Archivists 32. Economics Teachers, Postsecondary 33. Web Developers 34. Management Analysts 35. Geographers 36. Models 37. Market Research Analysts 38. Public Safety Telecommunicators 39. Switchboard Operators 40. Library Science Teachers, Postsecondary.

Read more of this story at Slashdot.

Financial Times: The UK's highest court has partially overturned a landmark motor finance judgment that threatened to leave banks on the hook for tens of billions of pounds in compensation for allegedly deceiving consumers with hidden commissions on car loans. The Supreme Court's decision has been keenly awaited by investors as well as millions of consumers who were poised to claim redress from the banks. The government has been considering legislation to limit the fallout. The controversy over car finance shot to prominence after a bombshell Court of Appeal judgment in October that awarded compensation to three people who claimed they were misled by banks concealing the payment of commissions to dealerships. The $58.3 billion car finance scandal centers on hidden commissions paid by lenders to car dealers who arranged loans without disclosing the payment amounts and terms to borrowers. Under discretionary commission arrangements, dealers received larger payments when they persuaded car buyers to accept higher interest rates on loans. The practice affected roughly 90% of new car purchases and many secondhand vehicles, potentially exposing millions of motorists to mis-selling.

Read more of this story at Slashdot.

Internal Revenue Service Commissioner Bill Long said the agency will end its Direct File program after a limited pilot and one full filing season. From a report: President Donald Trump's massive spending and policy bill includes funding to research and "replace any direct e-file programs run by the Internal Revenue Service." Already, the program is "gone," Long said at a tax professional summit on July 28, Bloomberg Law reports. "You've heard of Direct File, that's gone," Long said. "Big beautiful Billy wiped that out. I don't care about Direct File. I care about direct audit."

Read more of this story at Slashdot.

Microsoft has discontinued Windows 11 SE, its education-focused operating system designed for low-cost school PCs. The company confirmed that Windows 11 SE will not receive the upcoming version 25H2 update and support will end in October 2026, including security updates and technical assistance. Launched in 2021 as a Chrome OS competitor, Windows 11 SE featured artificial limitations like reduced multitasking capabilities and restricted app installation to create a simplified experience for students. The discontinuation leaves Microsoft without a dedicated lightweight Windows edition for the education market, where Chromebooks have gained significant popularity over the past decade.

Read more of this story at Slashdot.

Australia's spy chief has warned that defense workers are exposing themselves to foreign intelligence services through LinkedIn profiles that detail classified projects and security clearances. Director-General Mike Burgess said over 35,000 Australians on the platform indicate access to sensitive information, with 7,000 mentioning defense work and 400 listing involvement in the AUKUS nuclear submarine program. Foreign spies routinely scour professional networking sites posing as consultants and recruiters, Burgess said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: It's a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain "https://chatgpt.com/share," you can find strangers' conversations with ChatGPT. Sometimes, these shared conversation links are pretty dull — people ask for help renovating their bathroom, understanding astrophysics, and finding recipe ideas. In another case, one user asks ChatGPT to rewrite their resume for a particular job application (judging by this person's LinkedIn, which was easy to find based on the details in the chat log, they did not get the job). Someone else is asking questions that sound like they came out of an incel forum. Another person asks the snarky, hostile AI assistant if they can microwave a metal fork (for the record: no), but they continue to ask the AI increasingly absurd and trollish questions, eventually leading it to create a guide called "How to Use a Microwave Without Summoning Satan: A Beginner's Guide." ChatGPT does not make these conversations public by default. A conversation would be appended with a "/share" URL only if the user deliberately clicks the "share" button on their own chat and then clicks a second "create link" button. The service also declares that "your name, custom instructions, and any messages you add after sharing stay private." After clicking through to create a link, users can toggle whether or not they want that link to be discoverable. However, users may not anticipate that other search engines will index their shared ChatGPT links, potentially betraying personal information (my apologies to the person whose LinkedIn I discovered). According to ChatGPT, these chats were indexed as part of an experiment. "ChatGPT chats are not public unless you choose to share them," an OpenAI spokesperson told TechCrunch. "We've been testing ways to make it easier to share helpful conversations, while keeping users in control, and we recently ended an experiment to have chats appear in search engine results if you explicitly opted in when sharing." A Google spokesperson also weighed in, telling TechCrunch that the company has no control over what gets indexed. "Neither Google nor any other search engine controls what pages are made public on the web. Publishers of these pages have full control over whether they are indexed by search engines."

Read more of this story at Slashdot.

Reddit wants to become a full-fledged search engine, leveraging its vast repository of human-generated content and expanding its AI-powered Reddit Answers tool. In its latest note (PDF) to investors, CEO Steve Huffman says the company is "concentrating our resources on the areas that will drive results for our most pressing needs," including "making Reddit a go-to search engine." The Verge reports: Huffman says that "every week, hundreds of millions of people come to Reddit looking for advice, and we're turning more of that intent into active users of Reddit's native search." Reddit's core search has more than 70 million weekly active unique users -- Reddit overall averages 416.4 million weekly active unique users -- and Reddit Answers, the platform's AI search tool that it launched in December, has 6 million weekly users, up from 1 million weekly users in the first quarter of this year. To continue to build out search, Reddit is "expanding Reddit Answers globally, integrating it more deeply into the core search experience, and making search a central feature across Reddit," Huffman says.

Read more of this story at Slashdot.

alternative_right shares a report from Phys.org: Researchers have created a microphone that listens with light instead of sound. Unlike traditional microphones, this visual microphone captures tiny vibrations on the surfaces of objects caused by sound waves and turns them into audible signals. In the journal Optics Express, the researchers describe the new approach, which applies single-pixel imaging to sound detection for the first time. Using an optical setup without any expensive components, they demonstrate that the technique can recover sound by using the vibrations on the surfaces of everyday objects such as leaves and pieces of paper. [...] To demonstrate the new visual microphone, the researchers tested its ability to reconstruct Chinese and English pronunciations of numbers as well as a segment from Beethoven's Fur Elise. They used a paper card and a leaf as vibration targets, placing them 0.5 meters away from the objects while a nearby speaker played the audio. The system was able to successfully reconstruct clear and intelligible audio, with the paper card producing better results than the leaf. Low-frequency sounds (1 kHz) showed slight distortion that improved when a signal processing filter was applied. Tests of the system's data rate showed it produced 4 MB/s, a rate sufficiently low to minimize storage demands and allow for long-term recording. "Currently, this technology still only exists in the laboratory and can be used in special scenarios where traditional microphones fail to work," said research team leader Xu-Ri Yao from Beijing Institute of Technology in China. "We aim to expand the system into other vibration measurement applications, including human pulse and heart rate detection, leveraging its multifunctional information sensing capabilities."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: A 515-mile (829km) lightning flash has set a new record as the longest ever identified. The World Meteorological Organization (WMO) confirmed the new world record for the flash registered on October 22, 2017, over the Great Plains in the US. It stretched from east Texas to near Kansas City, Missouri, roughly the distance between Paris and Venice. The previous record of 768km was also recorded in the Great Plains, a hotspot for severe thunderstorms, on April 29, 2020. Since 2016, scientific advances in space-based mapping have allowed for lightning flashes to be measured over a broader space, allowing these long flashes to be recorded. This event was one of the first flashes to be documented using the National Oceanic and Atmospheric Administration's latest model of orbital satellite, known as a geostationary operational environmental satellite. [...] The advances in technology have also allowed for the recording of the greatest duration for a single lightning flash. The record is a flash that lasted 17.1 seconds during a thunderstorm over Uruguay and northern Argentina on June 18, 2020. The findings have been published in the journal Bulletin of the American Meteorological Society.

Read more of this story at Slashdot.