Artem S. Tashkinov writes: Don't buy an Android phone in China, boffins have warned, as they come crammed with preinstalled apps transmitting privacy-sensitive data to third-party domains without consent or notice. The research, conducted by Haoyu Liu (University of Edinburgh), Douglas Leith (Trinity College Dublin), and Paul Patras (University of Edinburgh), suggests that private information leakage poses a serious tracking risk to mobile phone customers in China, even when they travel abroad in countries with stronger privacy laws.

In a paper titled "Android OS Privacy Under the Loupe: A Tale from the East," the trio of university boffins analyzed the Android system apps installed on the mobile handsets of three popular smartphone vendors in China: OnePlus, Xiaomi and Oppo Realme. The researchers looked specifically at the information transmitted by the operating system and system apps, in order to exclude user-installed software. They assume users have opted out of analytics and personalization, do not use any cloud storage or optional third-party services, and have not created an account on any platform run by the developer of the Android distribution. A sensible policy, but it doesn't seem to help much. Within this limited scope, the researchers found that Android handsets from the three named vendors "send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators."

While Oracle's existing Java corporate licensing agreements are still in effect, "the Named User Plus Licensing (user licenses) and Processor licenses (server licensing) are no longer available for purchase," reports IT World Canada. And that's where it gets interesting: The new pricing model is based on employee count, with different price tiers for different employee counts. The implication is that everyone in the organization is counted for licensing purposes, even if they don't use Java software.

As a result, companies that use Java SE may face significant price increases. The change will primarily affect large companies with many employees, but it will also have a significant impact on medium-sized businesses. Although Oracle promises to allow legacy users to renew under their current terms and conditions, sources say the company will likely pressure users to adopt the new model over time.
The move is "likely to rile customers that have a fraction of employees who work with Java," Oracle partners told CRN, though "the added complexity is an opportunity for partners to help customers right-size their spending." Jeff Stonacek, principal architect at House of Brick Technologies, an Omaha, Neb.-based company that provides technical and licensing services to Oracle clients, and chief technical officer of House of Brick parent company OpsCompass, told CRN that the change has already affected at least one project, with his company in the middle of a license assessment for a large customer. He called the change "an obvious overstep."

"Having to license your entire employee count is not reasonable because you could have 10,000 employees, maybe only 500 of them need Java," Stonacek said. "And maybe you only have a couple of servers for a couple of applications. But if you have to license for your entire employee count, that just doesn't make sense...." Stonacek and his team have been talking to customers about migrating to Open Java Development Kit (JDK), a free and open-source version of Java Standard Edition (SE), although that was a practice started before the price change.

He estimated that about half of the customers his team talks to are able to easily move to OpenJDK. Sometimes, customers have third-party applications that are written for Java and unchangeable as opposed to custom applications that in-house engineers can just rewrite.... Ron Zapar, CEO of Naperville, Ill.-based Oracle partner Re-Quest, told CRN that even without a direct effect on partners from the Java license change, the move makes customers question whether they want to purchase Oracle Cloud offerings and other Oracle products lest they face future changing terms or lock-in.

Google has invested about $300mn in artificial intelligence startup Anthropic, making it the latest tech giant to throw its money and computing power behind a new generation of companies trying to claim a place in the booming field of "generative AI." From the report: The terms of the deal, through which Google will take a stake of around 10 per cent, requires Anthropic to use the money to buy computing resources from the search company's cloud computing division, according to three people familiar with the arrangement. Google's move highlights the influence that a small number of Big Tech companies have assumed over other companies working on AI, which need access to cloud computing platforms to handle the giant AI models developed by groups such as Anthropic. The search company's investment also echoes the $1bn cash-for-computing investment that Microsoft made in OpenAI three years ago.

An anonymous reader quotes a report from VentureBeat: Red Hat is perhaps best known as a Linux operating system vendor, but it is the company's OpenShift platform that represents its fastest growing segment. Today, Red Hat announced the general availability of OpenShift 4.12, bringing a series of new capabilities to the company's hybrid cloud application delivery platform. OpenShift is based on the open source Kubernetes container orchestration system, originally developed by Google, that has been run as the flagship project of the Linux Foundation's Cloud Native Computing Foundation (CNCF) since 2014. [...] With the new release, Red Hat is integrating new capabilities to help improve security and compliance for OpenShift, as well as new deployment options on ARM-based architectures. The OpenShift 4.12 release comes as Red Hat continues to expand its footprint, announcing partnerships with Oracle and SAP this week.

The financial importance of OpenShift to Red Hat and its parent company IBM has also been revealed, with IBM reporting in its earnings that OpenShift is a $1 billion business. "Open-source solutions solve major business problems every day, and OpenShift is just another example of how Red Hat brings business and open source together for the benefit of all involved," Mike Barrett, VP of product management at Red Hat, told VentureBeat. "We're very proud of what we have accomplished thus far, but we're not resting at $1B." [...]

OpenShift, like many applications developed in the last several decades, originally was built just for the x86 architecture that runs on CPUs from Intel and AMD. That situation is increasingly changing as OpenShift is gaining more support to run on the ARM processor with the OpenShift 4.12 update. Barrett noted that Red Hat OpenShift announced support for the AWS Graviton ARM architecture in 2022. He added that OpenShift 4.12 expands that offering to Microsoft Azure ARM instances. "We find customers with a significant core consumption rate for a singular computational deliverable are gravitating toward ARM first," Barrett said.

Overall, Red Hat is looking to expand the footprint of where its technologies are able to run, which also new cloud providers. On Jan. 31, Red Hat announced that for the first time, Red Hat Enterprise Linux (RHEL) would be available as a supported platform on Oracle Cloud Infrastructure (OCI). While RHEL is now coming to OCI, OpenShift isn't -- at least not yet. "Right now, it's just RHEL available on OCI," Mike Evans, vice president, technical business development at Red Hat, told VentureBeat. "We're evaluating what other Red Hat technologies, including OpenShift, may come to Oracle Cloud Infrastructure but this will ultimately be driven by what our joint customers want."

An anonymous reader quotes a report from The Verge: First, Anker told us it was impossible. Then, it covered its tracks. It repeatedly deflected while utterly ignoring our emails. So shortly before Christmas, we gave the company an ultimatum: if Anker wouldn't answer why its supposedly always-encrypted Eufy cameras were producing unencrypted streams -- among other questions -- we would publish a story about the company's lack of answers. It worked.

In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted -- they can and did produce unencrypted video streams for Eufy's web portal, like the ones we accessed from across the United States using an ordinary media player. But Anker says that's now largely fixed. Every video stream request originating from Eufy's web portal will now be end-to-end encrypted -- like they are with Eufy's app -- and the company says it's updating every single Eufy camera to use WebRTC, which is encrypted by default. Reading between the lines, though, it seems that these cameras could still produce unencrypted footage upon request.

That's not all Anker is disclosing today. The company has apologized for the lack of communication and promised to do better, confirming it's bringing in outside security and penetration testing companies to audit Eufy's practices, is in talks with a "leading and well-known security expert" to produce an independent report, is promising to create an official bug bounty program, and will launch a microsite in February to explain how its security works in more detail. Those independent audits and reports may be critical for Eufy to regain trust because of how the company has handled the findings of security researchers and journalists. It's a little hard to take the company at its word! But we also think Anker Eufy customers, security researchers and journalists deserve to read and weigh those words, particularly after so little initial communication from the company. That's why we're publishing Anker's full responses [here]. As highlighted by Ars Technica, some of the notable statements include: - Its web portal now prohibits users from entering "debug mode."
- Video stream content is encrypted and inaccessible outside the portal.
- While "only 0.1 percent" of current daily users access the portal, it "had some issues," which have been resolved.
- Eufy is pushing WebRTC to all of its security devices as the end-to-end encrypted stream protocol.
- Facial recognition images were uploaded to the cloud to aid in replacing/resetting/adding doorbells with existing image sets, but has been discontinued. No recognition data was included with images sent to the cloud.
- Outside of the "recent issue with the web portal," all other video uses end-to-end encryption.
- A "leading and well-known security expert" will produce a report about Eufy's systems.
- "Several new security consulting, certification, and penetration testing" firms will be brought in for risk assessment.
- A "Eufy Security bounty program" will be established.
- The company promises to "provide more timely updates in our community (and to the media!)."

Physicists at MIT have for the very first time observed a resonance between two colliding ultracold molecules. The findings have been published in the journal Nature. From the report: They found that a cloud of super-cooled sodium-lithium (NaLi) molecules disappeared 100 times faster than normal when exposed to a very specific magnetic field. The molecules' rapid disappearance is a sign that the magnetic field tuned the particles into a resonance, driving them to react more quickly than they normally would. The findings shed light on the mysterious forces that drive molecules to chemically react. They also suggest that scientists could one day harness particles' natural resonances to steer and control certain chemical reactions.

Overall, the discovery provides a deeper understanding of molecular dynamics and chemistry. While the team does not anticipate scientists being able to stimulate resonance, and steer reactions, at the level of organic chemistry, it could one day be possible to do so at the quantum scale. "One of the main themes of quantum science is studying systems of increasing complexity, especially when quantum control is potentially in the offing," says John Doyle, professor of physics at Harvard University, who was not involved in the group's research. "These kind of resonances, first seen in simple atoms and then more complicated ones, led to amazing advances in atomic physics. Now that this is seen in molecules, we should first understand it in detail, and then let the imagination wander and think what it might be good for, perhaps constructing larger ultracold molecules, perhaps studying interesting states of matter."

An anonymous reader quotes a report from Reuters: The Biden administration has stopped approving licenses for U.S. companies to export most items to China's Huawei, according to three people familiar with the matter. Huawei has faced U.S. export restrictions around items for 5G and other technologies for several years, but officials in the U.S. Department of Commerce have granted licenses for some American firms to sell certain goods and technologies to the company. Qualcomm in 2020 received permission to sell 4G smartphone chips to Huawei.

One person familiar with the matter said U.S. officials are creating a new formal policy of denial for shipping items to Huawei that would include items below the 5G level, including 4G items, Wifi 6 and 7, artificial intelligence, and high-performance computing and cloud items. Another person said the move was expected to reflect the Biden administration's tightening of policy on Huawei over the past year. Licenses for 4G chips that could not be used for 5g, which might have been approved earlier, were being denied, the person said. Toward the end of the Trump administration and early in the Biden administration, officials had still granted licenses for items specific to 4G applications. Chinese foreign ministry spokesperson Mao Ning said that China opposes the United States abusing an overly broad notion of national security to suppress Chinese firms unreasonably. The move "goes against the principles of the market economy and rules of international trade and finance, hurts the confidence the international community has in the U.S business environment and is blatant technological hegemony," Mao said during a press conference in Beijing on Tuesday.

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. The Register reports: The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device from the network," Microsoft wrote in a blog post. "This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature." Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.

According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they're behind a full VPN tunnel, they won't be able to reach Microsoft's Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network. Isolating the system is done via APIs. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions. Microsoft has outlined the APIs for both isolating the device and releasing it from lock down.

An anonymous reader quotes a report from Motherboard: Four pixelated cartoon characters talk to each other about coffee, Amazon deliveries, and veganism as they stand apart in a decorated NYC apartment. There is one woman and three men who seem to be the animated versions of Seinfeld's main characters, Elaine, Jerry, George, and Kramer. But unlike Seinfeld, these characters are set in a modern-era NYC, and their voices and bodies look and sound robotic. That's because "Nothing, Forever" is a live-streaming show that's almost entirely generated by algorithms. It's been streaming non-stop on Twitch since December 14. [...] Skyler Hartle, the co-creator of "Nothing, Forever," told Motherboard that the show was created as a parody to Seinfeld. "The actual impetus for this was it originally started its life as this weird, very, off-center kind of nonsensical, surreal art project," Hartle said. "But then we kind of worked over the years to bring it to this new place. And then, of course, generative media and generative AI just kind of took off in a crazy way over the past couple of years."

Hartle and his co-creator, Brian Habersberger, used a combination of machine learning, generative algorithms, and cloud services to build the show. Hartle told Motherboard that the dialogue is powered by OpenAI's GPT-3 language model and that there is very little human moderation of the stream, outside of GPT-3's built-in moderation filters. "Aside from the artwork and the laugh track you'll hear, everything else is generative, including: dialogue, speech, direction (camera cuts, character focus, shot length, scene length, etc), character movement, and music," one of the creators wrote in a Reddit comment. [...] Hartle also said that unlike most television shows, "Nothing, Forever" is able to change based on people's feedback that is received through the Twitch stream chat. "The show can effectively change and the narrative actually evolves based on the audience. One of the major factors that we're thinking about is how do we get people involved in crafting the narrative so it becomes their own," he said. "As generative media gets better, we have this notion that at any point, you're gonna be able to turn on the future equivalent of Netflix and watch a show perpetually, nonstop as much as you want. You don't just have seven seasons of a show, you have seven hundred, or infinite seasons of a show that has fresh content whenever you want it. And so that became one of our grounding pillars," Hartle said. "Our grounding principle was, can we create a show that can generate entertaining content forever? Because that's truly where we see the future emerging towards. Our goal with the next iterations or next shows that we release is to actually trade a show that is like Netflix-level quality."

Hot Hardware reports: When it comes to mechanical hard disk drive (HDDs), you'd be very hard pressed to find any data on failure rates reported by any of the major players, such as Western Digital, Seagate, and the rest. Fortunately for us stat nerds and anyone else who is curious, the folks at cloud backup firm Backblaze frequently issue reliability reports that give insight into the how often various models and capacities give up the ghost. At a glance, Backblaze's latest report highlights that bigger capacity drives -- 12TB, 14TB, and 16TB -- fail less often than smaller capacity models. A closer examination, however, reveals that it's not so cut and dry.

[...] In a nutshell, Backblaze noted an overall rise in the annual failure rates (AFRs) for 2022. The cumulative AFR of all drives deployed rose to 1.37 percent, up from 1.01 percent in 2021. By the end of 2022, Backblaze had 236,608 HDDs in service, including 231,309 data drives and 4,299 boot drives. Its latest report focuses on the data drives. [...] Bigger drives are more reliable than smaller drives, case close, right? Not so fast. There's an important caveat to this data -- while the smaller drives failed more often last year, they are also older, as can be seen in the graph above. "The aging of our fleet of hard drives does appear to be the most logical reason for the increased AFR in 2022. We could dig in further, but that is probably moot at this point. You see, we spent 2022 building out our presence in two new data centers, the Nautilus facility in Stockton, California and the CoreSite facility in Reston, Virginia. In 2023, our focus is expected to be on replacing our older drives with 16TB and larger hard drives," Backblaze says.

The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. BleepingComputer reports: KeePass is a very popular open-source password manager that allows you to manage your passwords using a locally stored database, rather than a cloud-hosted one, such as LastPass or Bitwarden. To secure these local databases, users can encrypt them using a master password so that malware or a threat actor can't just steal the database and automatically gain access to the passwords stored within it. The new vulnerability is now tracked as CVE-2023-24055, and it enables threat actors with write access to a target's system to alter the KeePass XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The next time the target launches KeePass and enters the master password to open and decrypt the database, the export rule will be triggered, and the contents of the database will be saved to a file the attackers can later exfiltrate to a system under their control. However, this export process launches in the background without the user being notified or KeePass requesting the master password to be entered as confirmation before exporting, allowing the threat actor to quietly gain access to all of the stored passwords. [...]

While the CERT teams of Netherlands and Belgium have also issued security advisories regarding CVE-2023-24055, the KeePass development team is arguing that this shouldn't be classified as a vulnerability given that attackers with write access to a target's device can also obtain the information contained within the KeePass database through other means. In fact, a "Security Issues" page on the KeePass Help Center has been describing the "Write Access to Configuration File" issue since at least April 2019 as "not really a security vulnerability of KeePass." If the user has installed KeePass as a regular program and the attackers have write access, they can also "perform various kinds of attacks." Threat actors can also replace the KeePass executable with malware if the user runs the portable version.

"In both cases, having write access to the KeePass configuration file typically implies that an attacker can actually perform much more powerful attacks than modifying the configuration file (and these attacks in the end can also affect KeePass, independent of a configuration file protection)," the KeePass developers explain. "These attacks can only be prevented by keeping the environment secure (by using an anti-virus software, a firewall, not opening unknown e-mail attachments, etc.). KeePass cannot magically run securely in an insecure environment." If the KeePass devs don't release a version of the app that addresses this issue, BleepingComputer notes "you could still secure your database by logging in as a system admin and creating an enforced configuration file."

"This type of config file takes precedence over settings described in global and local configuration files, including new triggers added by malicious actors, thus mitigating the CVE-2023-24055 issue."

To detect AI-generated text, Stanford researchers are proposing a new methodology "that leverages the unique characteristics of text generated by large language models (LLMs)," reports the tech-news site Neowin: "DetectGPT" is based around the idea that text generated by LLMs typically hover around specific regions of the negative curvature regions of the model's log probability function.... This method, called "zero-shot", allows DetectGPT to detect machine written text without any knowledge of the AI that was used to generate it....

As the use of LLMs continues to grow, the importance of corresponding systems for detecting machine-generated text will become increasingly critical. DetectGPT is a promising approach that could have a significant impact in many areas, and its further development could be beneficial for many fields.
The article also includes its obligatory amazing story about the current powers of ChatGPT. "I asked it how to build an obscure piece of Linux software against a modern kernel, and it told me how. It even generated code blocks with the bash commands needed to complete the task."

Then to test something crazier, Neowin asked ChatGPT to generate "a fictional resume for Hulk Hogan where he has no previous IT experience but wants to transition into a role as an Azure Cloud Engineer.

"It did that, too."

Thanks to Slashdot reader segaboy81 for sharing the story.

An anonymous reader shares Reuters' report from earlier this week: Microsoft Corp said on Wednesday it had recovered all of its cloud services after a networking outage took down its cloud platform Azure along with services such as Teams and Outlook used by millions around the globe. Azure's status page showed services were impacted in Americas, Europe, Asia Pacific, Middle East and Africa. Only services in China and its platform for governments were not hit. By late morning Azure said most customers should have seen services resume after a full recovery of the Microsoft Wide Area Network (WAN).

An outage of Azure, which has 15 million corporate customers and over 500 million active users, according to Microsoft data, can impact multiple services and create a domino effect as almost all of the world's largest companies use the platform.... Microsoft did not disclose the number of users affected by the disruption, but data from outage tracking website Downdetector showed thousands of incidents across continents.... Azure's share of the cloud computing market rose to 30% in 2022, trailing Amazon's AWS, according to estimates from BofA Global Research.... During the outage, users faced problems in exchanging messages, joining calls or using any features of Teams application. Many users took to Twitter to share updates about the service disruption, with #MicrosoftTeams trending as a hashtag on the social media site.... Among the other services affected were Microsoft Exchange Online, SharePoint Online, OneDrive for Business, according to the company's status page.

"I think there is a very big debate to be had on resiliency in the comms and cloud space and the critical applications," Symphony Chief Executive Brad Levy said.
From Microsoft's [preliminary] post-incident review: We determined that a change made to the Microsoft Wide Area Network (WAN) impacted connectivity between clients on the internet to Azure, connectivity across regions, as well as cross-premises connectivity via ExpressRoute.

As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them. The command that caused the issue has different behaviors on different network devices, and the command had not been vetted using our full qualification process on the router on which it was executed....

Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network. Due to the pause in these systems, some paths in the network experienced increased packet loss from 09:35 UTC until those systems were manually restarted, restoring the WAN to optimal operating conditions. This recovery was completed at 12:43 UTC.
Thanks to Slashdot reader bobthesungeek76036 for submitting the story.

AWS, Google and Microsoft are among creditors owed money after the FTX crypto exchange filed for bankruptcy in November. From a report: Since the once-hyped company went south, founder and former CEO Sam Bankman-Fried was arrested in the Bahamas in December, with charges including campaign finance violations and money laundering offences. He has maintained his innocence. In the meantime, Judge John Dorsey, overseeing the case, said names of creditors owed money should not be published until after a hearing in early January. Although names of individual investors have not been released, companies and institutional investors have been published.

Among them are a long list of enterprise tech companies presumably providing FTX's supporting technology. Cloud providers AWS, Microsoft and Google are among them. Data analytics platform Looker -- owned by Google -- is also on the list, as is marketing software HubSpot, file-sharing outfit Dropbox, and code repository GitHub. Device manufacturer Apple and webhosting firm GoDaddy are also named. It is impossible to say how much each company might be owed, although FTX has said $3.1 billion was outstanding to its top 50 creditors. Estimates suggest there are in the region of 1 million creditors, with the greatest two single claims being $226 million and $203 million.

U.S. Rep. Jake Auchincloss read a speech on the floor of the U.S. House that was generated by AI chatbot ChatGPT. "Auchincloss said he prompted the system in part to 'write 100 words to deliver on the floor of the House of Representatives' about the legislation," reports the Associated Press. "Auchincloss said he had to refine the prompt several times to produce the text he ultimately read. His staff said they believe it's the first time an AI-written speech was read in Congress." From the report: The bill, which Auchincloss is refiling, would establish a joint U.S.-Israel AI Center in the United States to serve as a hub for AI research and development in the public, private and education sectors. Auchincloss said part of the decision to read a ChatGPT-generated text was to help spur debate on AI and the challenges and opportunities created by it. He said he doesn't want to see a repeat of the advent of social media, which started small and ballooned faster than Congress could react. "I'm the youngest parent in the Democratic caucus, AI is going to be part of my life and it could be a general purpose technology for my children," said Auchincloss, 34.

The text generated from Auchincloss's prompt includes sentences like: "We must collaborate with international partners like the Israeli government to ensure that the United States maintains a leadership role in AI research and development and responsibly explores the many possibilities evolving technologies provide." "There were probably about a dozen of my colleagues on the floor. I bet none of them knew it was written by a computer," he said. Lawmakers and others shouldn't be reflexively hostile to the new technology, but also shouldn't wait too long before drafting policies or new laws to help regulate it, Auchincloss said. In particular, he argued that the country needs a "public counterweight" to the big tech firms that would help guarantee that smaller developers and universities have access to the same cloud computing, cutting edge algorithms and raw data as larger companies.

An anonymous reader quotes a report from TechCrunch: If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there's a chance your credit card number and personal information were exposed. Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders' information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses -- and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder's information.

The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: Any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data. Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.

But in this case, Sen wasn't the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database's contents of credit card data and would return it in exchange for a small sum of cryptocurrency. A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. [...] Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later. Many of the stores leaking customers' information claim to operate out of Hong Kong and were set up in the past few weeks. Some of the websites include: spraygroundusa.com, ihuahebuy.com, igoodlinks.com, ibuysbuy.com, lichengshop.com, hzoushop.com, goldlyshop.com, haohangshop.com, twinklebubble.store, and spendidbuy.com.

Alphabet's Google says it believes the complaint from the U.S. Department of Justice accusing the company of abusing its dominance in digital advertising is "without merit." From a report: The company also added it will "defend itself vigorously". The government on Tuesday said Google should be forced to sell its ad manager suite, tackling a business that generated about 12% of Google's revenue in 2021 while also playing a vital role in the search engine and cloud company's overall sales. Google, which depends on its advertising business for about 80% of its revenue, said the government was "doubling down on a flawed argument that would slow innovation, raise advertising fees and make it harder for thousands of small businesses and publishers to grow." The federal government has said its Big Tech investigations and lawsuits are aimed at leveling the playing field for smaller rivals who are up against a group of powerful companies that include Amazon, Facebook-owner Meta and Apple.

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. From a report: GoTo provides a platform for cloud-based remote working, collaboration, and communication, as well as remote IT management and technical support solutions. In November 2022, the company disclosed a security breach on its development environment and a cloud storage service used by both them and its affiliate, LastPass. At the time, the impact on the client data had yet to become known as the company's investigation into the incident with the help of cybersecurity firm Mandiant had just begun.

The internal investigation so far has revealed that the incident had a significant impact on GoTo's customers. According to a GoTo's security incident notification a reader shared with BleepingComputer, the attack affected backups relating to the Central and Pro product tiers stored in a third-party cloud storage facility. "Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility," reads the notice to customers.

An exotic green comet that has not passed Earth since the time of the Neanderthals has reappeared in the sky ready for its closest approach to the planet next week. The Guardian reports: Discovered last March by astronomers at the Zwicky Transient Facility at the Palomar Observatory in California, comet C/2022 E3 (ZTF) was calculated to orbit the sun every 50,000 years, meaning it last tore past our home planet in the stone age. The comet, which comes from the Oort cloud at the edge of the solar system, will come closest to Earth on Wednesday and Thursday next week when it shoots past the planet at a distance of 2.5 light minutes -- a mere 27m miles.

Comets are balls of primordial dust and ice that swing around the sun in giant elliptical orbits. As they approach the sun, the bodies warm up, turning surface ice into gas and dislodging dust. Together, this creates the cloud or coma which surrounds the comet's hard nucleus and the dusty tail that stretches out behind. Images already taken of comet C/2022 E3 reveal a subtle green glow that is thought to arise from the presence of diatomic carbon -- pairs of carbon atoms that are bound together -- in the head of the comet. The molecule emits green light when excited by the ultraviolet rays in solar radiation.

Since mid-January, the comet has been easier to spot with a telescope or binoculars. It is visible in the northern hemisphere, clouds permitting, as the sky darkens in the evening, below and to the left of the handle of the Plough constellation. It is heading for a fly-by of the pole star, the brightest star in Ursa Minor, next week. The window for spotting the comet does not stay open long. While the best views may be had about February 1 and 2, by the middle of the month the comet will have dimmed again and slipped from view as it hurtles back out into the solar system on its return trip to the Oort cloud.

Amazon and Stripe have signed an agreement that will see the two companies increase their use of each others' services, the companies said. Amazon plans to increase its use of Stripe's payments processing services, whereas Stripe will expand its use of Amazon Web Services.