Bug

Security Bug In India's Income Tax Portal Exposed Taxpayers' Sensitive Data (techcrunch.com) 1

Posted by BeauHD from the would-you-look-at-that dept.
A now-fixed security flaw in India's income tax e-filing portal exposed millions of taxpayers' personal and financial data due to a basic IDOR vulnerability that let users view others' records by swapping PAN numbers. "The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India," reports TechCrunch. "The data also exposed citizens' Aadhaar number, a unique government-issued identifier used as proof of identity and for accessing government services." From the report: The researchers found that when they signed into the portal using their Permanent Account Number (PAN), an official document issued by the Indian income tax department, they could view anyone else's sensitive financial data by swapping out their PAN for another PAN in the network request as the web page loads. This could be done using publicly available tools like Postman or Burp Suite (or using the web browser's in-built developer tools) and with knowledge of someone else's PAN, the researchers told TechCrunch.

The bug was exploitable by anyone who was logged-in to the tax portal because the Indian income tax department's back-end servers were not properly checking who was allowed to access a person's sensitive data. This class of vulnerability is known as an insecure direct object reference, or IDOR, a common and simple flaw that governments have warned is easy to exploit and can result in large-scale data breaches.

"This is an extremely low-hanging thing, but one that has a very severe consequence," the researchers told TechCrunch. In addition to the data of individuals, the researchers said that the bug also exposed data associated with companies who were registered with the e-Filing portal. [...] It remains unclear how long the vulnerability has existed or whether any malicious actors have accessed the exposed data.
Hardware

Micro Center Partners With iFixit (nerds.xyz) 4

Posted by BeauHD from the DIY-FTW dept.
BrianFagioli shares a report from NERDS.xyz: Micro Center and iFixit have announced a partnership that combines the DIY repair giant's guides, parts, and toolkits with Micro Center's nationwide chain of computer and electronics stores. Customers browsing iFixit online can now find local Micro Center locations through a built-in locator and even stop in for a free consultation with a certified technician. Inside stores, shoppers will see iFixit toolkits and parts on shelves, while Micro Center's in-house technicians begin using iFixit's gear for professional repairs.
AI

Sora 2 Watermark Removers Flood the Web 11

Posted by BeauHD from the uncertain-future dept.
An anonymous reader quotes a report from 404 Media: Sora 2, Open AI's new AI video generator, puts a visual watermark on every video it generates. But the little cartoon-eyed cloud logo meant to help people distinguish between reality and AI-generated bullshit is easy to remove and there are half a dozen websites that will help anyone do it in a few minutes. A simple search for "sora watermark" on any social media site will return links to places where a user can upload a Sora 2 video and remove the watermark. 404 Media tested three of these websites, and they all seamlessly removed the watermark from the video in a matter of seconds.

Hany Farid, a UC Berkeley professor and an expert on digitally manipulated images, said he's not shocked at how fast people were able to remove watermarks from Sora 2 videos. "It was predictable," he said. "Sora isn't the first AI model to add visible watermarks and this isn't the first time that within hours of these models being released, someone released code or a service to remove these watermarks." [...] According to Farid, Open AI is decent at employing strategies like watermarks, content credentials, and semantic guardrails to manage malicious use. But it doesn't matter. "It is just a matter of time before someone else releases a model without these safeguards," he said.

Both [Rachel Tobac, CEO of SocialProof Security] and Farid said that the ease at which people can remove watermarks from AI-generated content wasn't a reason to stop using watermarks. "Using a watermark is the bare minimum for an organization attempting to minimize the harm that their AI video and audio tools create," Tobac said, but she thinks the companies need to go further. "We will need to see a broad partnership between AI and Social Media companies to build in detection for scams/harmful content and AI labeling not only on the AI generation side, but also on the upload side for social media platforms. Social Media companies will also need to build large teams to manage the likely influx of AI generated social media video and audio content to detect and limit the reach for scammy and harmful content." "I'd like to know what OpenAI is doing to respond to how people are finding ways around their safeguards," Farid said. "Will they adapt and strengthen their guardrails? Will they ban users from their platforms? If they are not aggressive here, then this is going to end badly for us all."
AI

OpenAI Bans Suspected China-Linked Accounts For Seeking Surveillance Proposals (reuters.com) 1

Posted by BeauHD from the cease-and-desist dept.
Longtime Slashdot reader schwit1 shares a report from Reuters: OpenAI said on Tuesday it has banned several ChatGPT accounts with suspected links to the Chinese government entities after the users asked for proposals to monitor social media conversations. In its latest public threat report (PDF), OpenAI said some individuals had asked its chatbot to outline social media 'listening' tools and other monitoring concepts, violating the startup's national security policy.

The San Francisco-based firm's report raises safety concerns over potential misuse of generative AI amid growing competition between the U.S. and China to shape the technology's development and rules. OpenAI said it also banned several Chinese-language accounts that used ChatGPT to assist phishing and malware campaigns and asked the model to research additional automation that could be achieved through China's DeepSeek. It also banned accounts tied to suspected Russian-speaking criminal groups that used the chatbot to help develop certain malware, OpenAI said.
Businesses

Anthropic and IBM Announce Strategic Partnership 4

Posted by BeauHD from the AI-partnerships dept.
Longtime Slashdot reader kamesh shares a report from TechCrunch: Tech behemoth IBM is teaming up with AI research lab Anthropic to bring AI into its software. Armonk, New York-based IBM announced it will be adding Anthropic's Claude large language model family into some of its software products on Tuesday. The first product to tap Claude will be IBM's integrated development environment, which is already available to a select group of customers. IBM also announced it created a guide in partnership with Anthropic on how enterprises can build, deploy, and maintain enterprise-grade AI agents. Terms of the deal were not disclosed.
Businesses

Qualcomm Is Buying Arduino, Releases New Raspberry Pi-Esque Arduino Board (arstechnica.com) 26

Posted by BeauHD from the mergers-and-acquisitions dept.
An anonymous reader quotes a report from Ars Technica: Smartphone processor and modem maker Qualcomm is acquiring Arduino, the Italian company known mainly for its open source ecosystem of microcontrollers and the software that makes them function. In its announcement, Qualcomm said that Arduino would "[retain] its brand and mission," including its "open source ethos" and "support for multiple silicon vendors." Qualcomm didn't disclose what it would pay to acquire Arduino. The acquisition also needs to be approved by regulators "and other customary closing conditions."

The first fruit of this pending acquisition will be the Arduino Uno Q, a Qualcomm-based single-board computer with a Qualcomm Dragonwing QRB2210 processor installed. The QRB2210 includes a quad-core Arm Cortex-A53 CPU and a Qualcomm Adreno 702 GPU, plus Wi-Fi and Bluetooth connectivity, and combines that with a real-time microcontroller "to bridge high-performance computing with real-time control." "Arduino will retain its independent brand, tools, and mission, while continuing to support a wide range of microcontrollers and microprocessors from multiple semiconductor providers as it enters this next chapter within the Qualcomm family," Qualcomm said in its press release. "Following this acquisition, the 33M+ active users in the Arduino community will gain access to Qualcomm Technologies' powerful technology stack and global reach. Entrepreneurs, businesses, tech professionals, students, educators, and hobbyists will be empowered to rapidly prototype and test new solutions, with a clear path to commercialization supported by Qualcomm Technologies' advanced technologies and extensive partner ecosystem."

CNBC notes in its reporting that this acquisition gives Qualcomm "direct access to the tinkerers, hobbyists and companies at the lowest levels of the robotics industry." From the report: Arduino products can't be used to build commercial products but, with chips preinstalled, they're popular for testing out a new idea or proving a concept. Qualcomm hopes that Arduino can help it gain loyalty and legitimacy among startups and builders as robots and other devices increasingly need more powerful chips for artificial intelligence. When some of those experiments become products, Qualcomm wants to sell them its chips commercially.
AI

Without Data Centers, GDP Growth Was 0.1% in the First Half of 2025, Harvard Economist Says (fortune.com) 51

Posted by msmash from the more-you-know dept.
U.S. GDP growth in the first half of 2025 was driven almost entirely by investment in data centers and information processing technology. The GDP growth would have been just 0.1% on an annualized basis without these technology-related categories, according to Harvard economist Jason Furman. Investment in information-processing equipment and software accounted for only 4% of U.S. GDP during this period but represented 92% of GDP growth.

Renaissance Macro Research estimated in August that the dollar value contributed to GDP growth by AI data-center buildout had surpassed U.S. consumer spending for the first time. Consumer spending makes up two-thirds of GDP. Tech giants including Microsoft, Google, Amazon, Meta and Nvidia poured tens of billions of dollars into building and upgrading data centers.
Google

Play Store Changes Coming This Month as SCOTUS Declines To Freeze Antitrust Remedies (arstechnica.com) 19

Posted by msmash from the changes-are-afoot dept.
An anonymous reader shares a report: Changes are coming to the Play Store in spite of a concerted effort from Google to maintain the status quo. The company asked the US Supreme Court to freeze parts of the Play Store antitrust ruling while it pursued an appeal, but the high court has rejected that petition. That means the first elements of the antitrust remedies won by Epic Games will have to be implemented in mere weeks.

The app store case is one of three ongoing antitrust actions against Google, but it's the furthest along of them. Google lost the case in 2023, and in 2024, US District Judge James Donato ordered a raft of sweeping changes aimed at breaking Google's illegal monopoly on Android app distribution. In July, Google lost its initial appeal, leaving it with little time before the mandated changes must begin.

[...] The more dramatic changes are not due until July 2026, but this month will still bring major changes to Android apps. Google will have to allow developers to link to alternative methods of payment and download outside the Play Store, and it cannot force developers to use Google Play Billing within the Play Store. Google is also prohibited from setting prices for developers.
AI

Youtube's Biggest Star MrBeast Fears AI Could Impact 'Millions of Creators' After Sora Launch (fortune.com) 42

Posted by msmash from the bleak-outlook dept.
An anonymous reader shares a report: YouTube megastar Jimmy Donaldson, the creator behind the platform's biggest channel MrBeast, is worried there are "scary times" ahead for the creator economy as AI video tools make it increasingly difficult to tell what is real.

"When AI videos are just as good as normal videos, I wonder what that will do to YouTube and how it will impact the millions of creators currently making content for a living.. scary times," Donaldson said on X on Sunday. Donaldson's concerns come on the heels of OpenAI's release of a Sora social media platform able to AI generated short-form videos, including of individuals who "upload" themselves onto the app. Meta launched its similar video-generating Vibes platform last month.
Television

RGB LED Is Getting Its Time in the Spotlight. Will TV Shoppers Tune In? (pcmag.com) 39

Posted by msmash from the closer-look dept.
Samsung, Hisense, TCL and Sony presented RGB LED TVs at IFA in Berlin last month. The technology replaces each standard LED backlight with a trio of red, green and blue LEDs to expand the range of colors a screen can display. Each manufacturer is using different name for the technology: Hisense has called it RGB-MiniLED, Samsung named it Micro RGB, Sony introduced Sony RGB Technology, and TCL branded it RGB Micro LED. The companies previously tried other monikers at CES.

Avi Greengart of Techsponential told PCMag the difference in color fidelity was not subtle when he viewed Samsung's version. PCMag found the Hisense 116UX the brightest TV with the widest color range he had evaluated. Both the 116-inch Hisense and Samsung's 115-inch model list at $30,000. TCL introduced RGB sets in China at prices starting at the equivalent of $1,150 for a 65-inch model. Greengart cautioned that it remained unclear whether the technology would rapidly decline in price or stay expensive like MicroLED.
Windows

Apple Turned the CrowdStrike BSOD Issue Into an Anti-PC Ad (theverge.com) 86

Posted by msmash from the BSOD dept.
An anonymous reader shares a report: It's been a while since Apple last mocked Windows security, but the iPhone maker has just released an ad that hits Windows hard. The eight-minute commercial pokes fun at the CrowdStrike Blue Screen of Death (BSOD) issue that took down millions of Windows machines last year.

Apple's ad follows The Underdogs, a fictional company that's about to attend a trade show, before a PC outage causes chaos and a Blue Screen of Death shuts down machines at the convention. If it wasn't clear Apple was mocking the infamous CrowdStrike incident, an IT expert appears in the middle of the ad and starts discussing kernel-level functionality, the core part of an operating system that has unrestricted access to system memory and hardware.
Social Networks

Denmark Aims To Ban Social Media For Children Under 15, PM Says (politico.eu) 30

Posted by msmash from the serenity-now dept.
The Danish government wants to introduce a ban on several social media platforms for children under the age of 15, as Prime Minister Mette Frederiksen announced Tuesday. From a report: "Mobile phones and social media are stealing our children's childhood," she said in her opening speech to the Danish parliament, the Folketing. "We have unleashed a monster," Frederiksen said, noting that almost all Danish seventh graders, where pupils are typically 13 or 14 years old, own a cellphone.

"I hope that you here in the chamber will help tighten the law so that we take better care of our children here in Denmark," she added. However, Frederiksen did not give further details on what such a ban would entail, nor does a bill on an age limit appear in the government's legislative program for the upcoming parliamentary year.
AI

OpenAI's Computing Deals Top $1 Trillion (ft.com) 37

Posted by msmash from the all-the-money-in-the-world dept.
OpenAI has signed about $1 trillion in deals this year for computing power to run its AI models, commitments that dwarf its revenue and raise questions about how it can fund them. From a report: Monday's deal with chipmaker AMD follows similar agreements with Nvidia, Oracle and CoreWeave, as OpenAI races to find the computing power it thinks it will need to run services such as ChatGPT.

The deals would give OpenAI access to more than 20 gigawatts of computing capacity, roughly equivalent to the power from 20 nuclear reactors, over the next decade. Each 1GW of AI computing capacity costs about $50bn to deploy in today's prices, according to estimates by OpenAI executives, making the total cost about $1tn. The deals have bound some of the world's biggest tech groups to OpenAI's ability to become a profitable business that can meet its increasingly steep financial obligations.
The Almighty Buck

Irish Basic Income Support Scheme For Artists To Be Made Permanent (www.rte.ie) 125

Posted by msmash from the how-about-that dept.
AmiMoJo writes: The Irish Government's basic income scheme for artists is set to become a permanent fixture from next year, with 2,000 new places to be made available under Budget 2026. Minister for Culture Patrick O'Donovan has secured agreement with other government departments to continue and expand the initiative, which had previously operated on a pilot basis. Participants in the scheme receive a weekly payment of $379.50.

The pilot programme, launched in 2022, provided basic income support to 2,000 artists and creative arts workers across Ireland. It aimed to support the arts sector's recovery following the COVID-19 pandemic, during which many artists experienced significant income loss due to restrictions on live performances and events. The scheme provides unconditional, regular payments to eligible artists and creative workers, allowing them to focus on their practice without the pressure of commercial viability. It is not means-tested and operates independently of social welfare payments. An independent evaluation of the pilot, published earlier this year, found that recipients reported increased time spent on creative work, reduced financial stress, and improved well-being.
Television

California Law Forces Netflix, Hulu To Turn Down Ad Volumes (politico.com) 32

Posted by msmash from the turn-it-down dept.
Gov. Gavin Newsom has signed a law banning excessively loud advertisements on streaming platforms like Netflix, Hulu and Amazon Prime that could become a de facto national standard. From a report: The new California law is aimed at addressing what the Federal Communications Commission has called a "troubling jump" in TV ad noise complaints, fueled by streamers airing commercials louder than the shows and movies they accompany.

It's modeled off a federal law passed in 2010 that caps ad volumes on cable and broadcast TV, but doesn't apply to streaming services. Given the Golden State's massive sway in the entertainment industry, the new law may strong-arm streamers into shushing commercials nationwide. "We heard Californians loud and clear, and what's clear is that they don't want commercials at a volume any louder than the level at which they were previously enjoying a program," Newsom said in a statement. "California is dialing down this inconvenience across streaming platforms."

Slashdot Top Deals