In the 1970s, Bob Metcalfe helped develop the primary technology that lets you send email or connect with a printer over an office network. From a report: In June 1972, Bob Metcalfe, a 26-year-old engineer fresh out of graduate school, joined a new research lab in Palo Alto, Calif., as it set out to build something that few people could even imagine: a personal computer. After another engineer gave up the job, Dr. Metcalfe was asked to build a technology that could connect the desktop machines across an office and send information between them. The result was Ethernet, a computer networking technology that would one day become an industry standard. For decades, it has connected PCs to servers, printers and the internet in corporate offices and homes across the globe.

For his work on Ethernet, the Association for Computing Machinery, the world's largest society of computing professionals, announced on Wednesday that Dr. Metcalfe, 76, would receive this year's Turing Award. Given since 1966 and often called the Nobel Prize of computing, the Turing Award comes with a $1 million prize. When Dr. Metcalfe arrived at the Palo Alto Research Center -- a division of Xerox nicknamed PARC -- the first thing he did was connect the lab to the Arpanet, the wide-area network that later morphed into the modern internet. The Arpanet transmitted information among about 20 academic and corporate labs across the country. But as PARC researchers designed their personal computer, called the Alto, they realized they needed a network technology that could connect personal computers and other devices within an office, not over long distances. Further reading: Ethernet Creator Makes the Inventors Hall of Fame (2007).

The Reg has seen two recent incidents of Russian developers being blocked from public development of FOSS code. One was a refusal on the Linux kernel mailing list, the other a more general block on Github. In the last week, these events have both caused active, and sometimes heated, discussions in FOSS developer communities. From the report: The GitHub account of developer Alexander Amelkin has been blocked, and his repositories marked as "archived" â" including ipmitool, whose README describes it as "a utility for managing and configuring devices that support the Intelligent Platform Management Interface." Unable to comment on Github itself, Amelkin described what happened on the project's older Soureforge page.

Amelkin works for Russian chipbuilder Yadro, which we described as working on RISC-V chips back in 2021. Microsoft is just obeying US law in this: according to the War and Sanctions database of the Ukrainian National Agency on Corruption Prevention, the NACP, Yadro is a sanctioned company. However, on LinkedIn, Amelkin disputes his employer's involvement. Over on Hacker News, commentators seem to be generally in favor of the move, although the discussion on LWN is more measured, pointing out both that there is little threat from server-management tools like this, but that Microsoft probably has no choice.

Amelkin is not alone. Over on the Linux Kernel Mailing List, a contribution from Sergey Semin has been refused with the terse notice: "We don't feel comfortable accepting patches from or relating to hardware produced by your organization. Please withhold networking contributions until further notice." Semin is a developer at chipmaker Baikal Electronics, a company whose website has been suspended for a year now, as we noted a year ago in a story that also mentions Yadro. We were reporting on Baikal's efforts to develop its own CPUs nearly a decade ago, mere months after the Russian annexation of Crimea. And once again, there is spirited debate over the move on the Orange Site.

Meta plans to cut its workforce by another 10,000 people, withdraw around 5,000 open roles that it has not filled and cancel some projects, company co-founder and CEO Mark Zuckerberg said Tuesday, confirming recent rumors that another round of layoffs was imminent. From a report: The announcement comes just four months after Meta revealed that it was eliminating about 11,000 roles as the social networking giant pushes to become more efficient this year. Combined, this means that Meta has effectively laid off -- or plans to lay-off -- roughly one-quarter of its workforce since the tail-end of last year. Facebook's parent firm said it expects the latest "restructuring" efforts to start in April, and the process to impact business groups in May. Zuckerberg said that the company will also cancel "lower priority projects," adding that it "underestimated the indirect costs" associated with these initiatives.

Fulfilment of initial promise made for the technology remains elusive. From a report: The Vienna University of Economics and Business (WU) has offered a tantalising prospect to people who want to learn but don't like to leave the house: join us 'virtually, for a postgraduate course in the metaverse.' Students signing up to WU's professional master of sustainability, entrepreneurship and technology programme can complete the entire part-time course -- attending lectures, meeting their classmates for a coffee and so on -- by just logging in via a laptop. The course -- developed in partnership with Tomorrow University of Applied Sciences, an edtech start-up based in Berlin -- is one of many examples where business schools have embraced the metaverse, 3D technology, virtual reality headsets and avatars to extend the reach of management and leadership training.

Setting up the course "provides us with greater reach, making the course more global," explains Barbara Stottinger, dean of WU's executive academy. However, she is quick to add: "Vienna is a great location so coming to campus is still pretty attractive to most of our students." And this is the problem at the heart of why many business schools have been reluctant to enter the metaverse for course tuition: studying in the real world has its advantages. Teaching the interpersonal skills of leadership and networking that are so integral to postgraduate management courses, like the MBA, is better done in person. It also avoids having to fund purchases of the hardware and software necessary for metaverse projects. Meanwhile, the metaverse has been caught in an extreme example of a 'hype cycle.' This is where wild enthusiasm about a new technology turns to widespread rejection, as its reality fails to live up to what is claimed for it.

An anonymous reader quotes a report from The Economic Times: Meta, the owner of Facebook andInstagram, is planning a fresh round of layoffs and will cut thousands of employees as soon as this week, according to people familiar with the matter. The world's largest social networking company is eliminating more jobs, on top of a 13% reduction in November, in a bid to become a more efficient organization. In its earlier round of cuts, Meta slashed 11,000 workers in what was its first-ever major layoff.

The company has also been working to flatten its organization, giving buyout packages to managers and cutting whole teams it deems nonessential, Bloomberg News reported in February, a move that is still being finalized and could affect thousands of staffers. The imminent round of cuts is being driven by financial targets and is separate from the "flattening," said the people, who asked not to be identified discussing internal matters. Meta, which has seen a slowdown in advertising revenue and has shifted focus to a virtual-reality platform called the metaverse, has been asking directors and vice presidents to make lists of employees that can be let go, the people said. This phase of layoffs could be finalized in the next week, according to the people.

FTX founder Sam Bankman-Fried "has been under house arrest at his parents' home on the Stanford campus since December," writes the Washington Post, "making the elite university the unlikely host to one of America's most notorious alleged white-collar criminals.

"Surrounded by student co-ops, fraternity houses and other faculty homes, he's the talk of the neighborhood." Bankman-Fried, the son of two Stanford law professors, was released on a $250 million bond secured by the Craftsman-style house. While awaiting his fraud trial later this year, Bankman-Fried wears an ankle bracelet to track his movements and plays with his new dog, Sandor, according to a Puck News report.... It remains to be seen what consequences Bankman-Fried, who pleaded "not guilty," might face. So far, his ability to be detained at home, instead of held in prison, is an exception to how most federal defendants are treated. The quiet, traffic-light Stanford neighborhood is quite the upgrade from Fox Hill, a notoriously rough prison in the Bahamas where Bankman-Fried was briefly held before being extradited.

If Bankman-Fried violates the terms of his bail agreement, his parents could lose their house, which they've owned since 1991 and is worth over $3.5 million, according to public property records....

The U.S. government has tried to restrict his access to virtual private networks and certain apps where messages disappear, but a final ruling has not been made. The judge presiding over his case asked in a hearing last month, "Why am I being asked to turn him loose in this garden of electronic devices?," highlighting that despite any restrictions the court might place on Bankman-Fried's use of technology, he remains in a home with his parents who also have a plethora of ways to be wired. On Friday, prosecutors proposed limiting Bankman-Fried to a flip-phone or "non-smartphone" that cannot access the internet, and that he be issued a new laptop "with limited functionalities." Prosecutors also want to place strict limits and monitoring tools on his parents' devices.
But meanwhile, among the student population, "There are party fliers with his likeness. He's a punchline in campus comedy sketches. Students ride their bikes by on dates.... When asked whether they could confirm a rumor that a nearby student co-op had attacked the Bankman-Fried home with eggs, Stanford campus police did not respond."

And one freshman/cryptocurrency enthusiast even stole a sign from in front of Bankman-Fried's house, then "paraded it around for selfies at a cryptocurrency networking event. The sign is currently growing mold in his dorm-room closet." Bankman-Fried, who grew up on campus, "certainly fits into what I regard as the kind of culture of Stanford," says Richard White, a retired Stanford history professor — even if the 30-year-old former billionaire left Silicon Valley to attend MIT. White and others characterize Stanford's culture as a place where faculty and students are emboldened to take big risks in conceiving the next hot start-up or breakthrough innovation, often with easy access to capital, the conviction that they're changing the world — and few consequences if things go south.
"Through his spokesman Mark Botnick, Bankman-Fried declined to comment for this article...."

In the land of patent litigation, all patent trolls want to file in the US Western District of Texas Court. This court is infamous for being sympathetic to patent plaintiffs. That's why patent litigator WSOU Investments, aka Brazos Licensing and Development, went after Dell, EMC, and VMware in this Court. Usually, this would have been the smart move. Not this time. District Judge Alan Albright granted the defendants a directed verdict, and that was the end of the matter. From a report: What happened was this: WSOU, although successful before with their carpet bombing patent lawsuit strategy, failed this time. According to the lead defense counsel and Gibson Dunn partner, Brian A. Rosenthal, "This case got to trial because the plaintiff refused to come to their senses before trial. We obtained a number of serious exclusions of evidence prior to trial, and told them very early on the case had no merit." The judge agreed.

That came as a surprise to those of us who watch patent lawsuits, so you don't have to. As Heather Meeker, the well-known open-source and intellectual property (IP) lawyer, said, "This is surprisingly defendant-friendly from Judge Albright, who has received a lot of criticism for making Waco such a patent plaintiff-friendly docket." Until now, WSOU had been very successful. As a Patent Assertion Entity (PAEs), its only goal is to profit by acquiring patents and then suing companies that might be using the patents' intellectual property (IP) assets. It does this by using its portfolio of technology patents to file numerous individual suits involving different patents against companies. WSOU's main tactic, as Unified Patents put it, "forces operating companies to either settle or fight, on average, eight lawsuits at once."

Most companies faced with the financial burden of struggling with so many lawsuits settle rather than fight. Not this time. For the first time, companies decided to take the issues to court. In this particular set of cases, WSOU claimed in a June 2020 lawsuit that the defendants had infringed on three cloud infrastructure networking patents, and sought $435 million in damages. Rosenthal argued that the patents in question were old and irrelevant to the defendants' interests. The defense team had informed WSOU in October 2020 that there was no proof of direct infringement, but the plaintiff persisted with the case, leading to exclusions of evidence prior to trial. So it was that on the first day of the trial, two of the patents were tossed out on evidentiary rulings, and the plaintiff rested its case on the third day. The defense then requested a directed verdict, which was granted by Albright, resulting in a win for the defendants. In short, even this patent-friendly court could find no evidence at all for WSOU's assertions.

In exchange for installing one of Heata's water-heating server units in your home, the UK networking company will offer you free hot water for a year. Tom's Hardware reports: The unit doesn't replace your existing heating unit, it works alongside it -- providing some, but not all, of your hot water needs. According to the company, the unit will provide "a useful base load" of hot water, and can provide up to 4.8kWh of hot water per day, though the exact amount will depend on usage as well as other factors. Heata is obligated to provide a minimum of 2.5kWh per day. Heata estimates its hosts will save up to 200 pounds per year, based on average household hot water use.

Heata will take care of the installation, which takes under two hours and has been tested with British Gas engineers and checked to ensure it doesn't invalidate cylinder warranties with "a leading cylinder manufacturer." Not everyone will be eligible to join Heata's trial, of course -- Heata's unit is designed for vented domestic hot water cylinders with a diameter of 425 - 450mm, and there will need to be an adequate amount of clearance space around the unit for the installation. The unit will need both electricity and broadband to run. Heata will take care of the electricity via reimbursement: the electricity used to run the unit will be metered (visible to the host), and Heata will credit the host for the electricity used at 10% above the market rate.

It's not quite as clear how the broadband will be taken care of -- in Heata's FAQ on its trial signup page, it says that Heata will need to connect to your broadband to communicate with the units. While the company assures that "most of the time the unit will simply be sending some monitoring information (temperatures/fan speeds etc) back to base)," so you "shouldn't notice any impact," that's still not great from a privacy standpoint. [...] As for the server, you won't be able to access it or use it to mine crypto or whatever you were hoping to do with it. Heata sells its compute services to businesses looking for sustainable alternatives to data centers. The Heata trial lasts for one year, and may be extended, "depending on how things go." Heata says it will take care of removing the installed unit and re-insulating the section of the cylinder that the unit was attached to.

An anonymous officer writes in an opinion piece via Military.com: It was the "reply-all" heard around the world. Around 06:30 Eastern time Feb. 2, approximately 13,000 Army inboxes pinged with an email from an unfamiliar sender. It was from a U.S. Army captain, asking to be removed from a distribution list. It initially seemed as though some unfortunate soul had inadvertently hit "reply-all" and made an embarrassing mistake. What followed can really be described only as professional anarchy, as thousands of inboxes became buried in an avalanche of email replies. Someone appears to have unwittingly edited an email distribution list, entitled "FA57 Voluntary Transfer Incentive Program," routing replies back to the entire list.

Most Army officers receive emails from human resources managers from time to time, usually sent using the blind copy (BCC) address line with replies routed to specific inboxes, preventing someone from accidentally triggering the mayhem that unfolded Feb. 2. The voluntary incentive program list, however, hadn't been so prudently designed and, in addition to 13,000 Army captains and some newly promoted majors, a single chief warrant officer, a Space Force captain and a specialist began to have their inboxes groan under the weight of inbound traffic. Within a few short hours of the initial email, predictable hilarity ensued. Hundreds of Army captains were sending emails asking to be removed from the distro list. In short order, hundreds of other captains replied, demanding that everyone stop hitting "reply-all" and berating their peers' professionalism (oblivious to the fact that they were also part of the problem). Many others found humor in the event, writing poems, sending memes and adding snarky comments to the growing dumpster fire. Before long, the ever-popular U.S. Army WTF! Moments Facebook page picked up on the mayhem and posted one of the memes that had been circulating in the email thread.

By 7 p.m. Eastern time, more than 1,000 emails had been blasted out to this massive group of Army officers. Those in different time zones (like Hawaii) came into work and were quickly overwhelmed by the deluge of emails clogging their inboxes. Some of the humorless officers resorted to typing in all caps "PLEASE REMOVE ME FROM THIS DISTRO," prompting at least two to three sarcastic replies in return. Other captains took the opportunity to blast out helpful (or not so helpful) instructions on how to properly create email sorting rules in Outlook. A few intrepid officers tried to Rickroll everyone, and one even wrote new lyrics to the tune of an Eminem song. A particularly funny officer wrote a Nigerian prince scheme email and blasted it out to the group. Eventually, someone created and shared a Microsoft Teams group to move the devolving conversation to a new forum, quickly amassing more than 1,700 members. What started off as a gloriously chaotic email chain quickly turned into one the largest and most successful professional networking opportunities most of us have ever seen. Officers from multiple branches and functional areas across the globe took to the Microsoft Teams page, sharing useful products, making professional connections, and generally raising everyone's esprit de corps. The group's creator even started a petition to promote the one specialist who was inadvertently added to the distro list.

9to5Mac is reporting that Apple pulled the Damus app from its App Store in China on Thursday, "with the developers being informed that the Nostr app 'includes content that is illegal in China.'" Apple rejected the app multiple times, applying the app review guidelines that would apply to a social networking service. In reality, all Damus does is provide access to Nostr feeds, so it would be more accurate to consider it akin to a web browser, with the developers having no control over, or responsibility for, the content of those feeds. Damus finally made it into the App Store this week.

Apple has now pulled Damus from the App Store in China. Damus developer William Casarin posted a screengrab of the notice, which claimed it included illegal content....

The app doesn't contain any content at all. It would be like banning Safari because it can be used to access the websites of terrorist organizations.

Nostr, a startup decentralized social network, got its Twitter-like Damus application listed on Apple's App Store. CoinDesk reports: Nostr is an open protocol that aims to create a censorship-resistant global social network. Media commentators have described it as a possible alternative to Elon Musk's Twitter. According to an article in Protos, Nostr is popular with bitcoiners partly because most implementations of it support payments over Bitcoin's Lightning Network.

Former Twitter CEO Jack Dorsey, who last year donated roughly 14 BTC (worth $245,000 at the time) to fund Nostr's development, hailed the debut of Damus on Apple's App Store as a "milestone for open protocols," in a tweet posted late Tuesday. As of press time, the tweet had been viewed 2.1 million times. According to the Nostr website, Damus is one of several Nostr projects, including Anigma, a Telegram-like chat; Nostros, a mobile client; and Jester, a chess application. You can download the iOS app here.

An anonymous reader shares Reuters' report from earlier this week: Microsoft Corp said on Wednesday it had recovered all of its cloud services after a networking outage took down its cloud platform Azure along with services such as Teams and Outlook used by millions around the globe. Azure's status page showed services were impacted in Americas, Europe, Asia Pacific, Middle East and Africa. Only services in China and its platform for governments were not hit. By late morning Azure said most customers should have seen services resume after a full recovery of the Microsoft Wide Area Network (WAN).

An outage of Azure, which has 15 million corporate customers and over 500 million active users, according to Microsoft data, can impact multiple services and create a domino effect as almost all of the world's largest companies use the platform.... Microsoft did not disclose the number of users affected by the disruption, but data from outage tracking website Downdetector showed thousands of incidents across continents.... Azure's share of the cloud computing market rose to 30% in 2022, trailing Amazon's AWS, according to estimates from BofA Global Research.... During the outage, users faced problems in exchanging messages, joining calls or using any features of Teams application. Many users took to Twitter to share updates about the service disruption, with #MicrosoftTeams trending as a hashtag on the social media site.... Among the other services affected were Microsoft Exchange Online, SharePoint Online, OneDrive for Business, according to the company's status page.

"I think there is a very big debate to be had on resiliency in the comms and cloud space and the critical applications," Symphony Chief Executive Brad Levy said.
From Microsoft's [preliminary] post-incident review: We determined that a change made to the Microsoft Wide Area Network (WAN) impacted connectivity between clients on the internet to Azure, connectivity across regions, as well as cross-premises connectivity via ExpressRoute.

As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them. The command that caused the issue has different behaviors on different network devices, and the command had not been vetted using our full qualification process on the router on which it was executed....

Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network. Due to the pause in these systems, some paths in the network experienced increased packet loss from 09:35 UTC until those systems were manually restarted, restoring the WAN to optimal operating conditions. This recovery was completed at 12:43 UTC.
Thanks to Slashdot reader bobthesungeek76036 for submitting the story.

Intel's disastrous Q4 2022 earnings found the company losing $661 million and its margins crashing to the lowest point in decades, so it isn't surprising that the company announced new cost-cutting measures. From a report: That includes news that it would no longer invest in new products for its networking switch business, effectively sunsetting the unit much like it recently decided to end its Optane Memory business. Surprisingly, Intel also pulled the rug from under its respected RISC-V Pathfinder program without a formal announcement, raising questions about its commitment to its other broad investments in the RISC-V ecosystem.

"NEX continues to do well and is a core part of our strategic transformation, but we will end future investments in our network switching product line, while still fully supporting existing products and customers," said Intel CEO Pat Gelsinger. "Since my return, we have exited seven businesses, providing in excess of $1.5 billion in savings," he added. However, Gelsinger also noted that he is still doing a thorough analysis across Intel's portfolio to look for other cost-saving measures in areas that don't generate strong returns. Intel's networking switch business stems from acquiring Barefoot networks in 2019 for an undisclosed sum (the company had raised $144 million over several investment rounds). The Tofino series of network switches gave Intel yet another tool in its arsenal of data center 'adjacencies' that it could leverage to expand its data center revenue. However, this unit faces stiff competition from entrenched players like Broadcom, Cisco, and Nvidia's Mellanox, making it an easy cost-cutting target.

The Linux Foundation's new Open Metaverse Foundation wants to unite industries "to work on developing open source software and standards for an inclusive, global, vendor-neutral and scalable Metaverse."

In a blog post this week the group's executive director explained the advantages of an open Metaverse: It can create new jobs and industries in the digital space. It can bridge the gap between the physical and digital worlds while providing an amazing world where anyone can create their own opportunities. An open Metaverse broadens commerce for digital ownership and consumables, and it offers shared experiences and learning opportunities for anyone with access. The future market value for all of this may exceed any single media market.

The potential for the Metaverse is boundless, but only if we pursue it as an open, collaborative endeavor. The mission of the Open Metaverse Foundation (OMF) is to foster a strong community of developers, engineers, academics and thought leaders who will solve the difficult challenges of building the open Metaverse through open source software and standards that enable portability and interoperability for an inclusive, global, scalable world, supporting interactive and immersive experiences for the benefit of any individual or industry.

Through the Foundation, we'll work together to discuss, pinpoint and create the building blocks to transform the emerging concept of the Metaverse into a reality — spanning digital assets, simulations, transactions, artificial intelligence, networking, security, privacy, and legal considerations.... Backend services, standards, and relationships are critical to success, including elements like digital ID representation for users and objects. Transactions must provide receipts for proof and commerce.... Worlds need a standard to communicate with other worlds so that users can move in and out without breaking the immersive experience. Providing an open standard to move objects across worlds is a huge part of what the OMF can deliver. Other technical challenges that demand open collaboration include the reshaping of our networks and internet to accommodate greater needs presented by the open Metaverse.

All of this can seem overwhelming. And it is, unless you have the proven expertise in community building, governance and other elements offered by the Linux Foundation, which provides the focus needed to create manageable, tangible tasks to complete. We've already set up several Foundational Interest Groups (FIGs), which provide a great starting place to engage with the OMF. These FIGs enable a focused, distributed decision structure for key topics, and provide targeted resources and forums for the identification of new ideas, getting work done, and onboarding new contributors....

Contributions to OMF projects are licensed under both Apache 2.0 and MIT, enabling anyone to use, modify, extend and distribute the source code without any fees or commercial obligations....

We look forward to working with a broad, global community to advance the promise of the Metaverse.

AltspaceVR is shutting down in March as Microsoft decimated its teams working in VR & AR this week as part of a major workforce reduction across the entire company. Upload VR reports: Altspace was one of the early VR-based social networking services alongside others like Rec Room and VRChat. As an independent startup Altspace ran out of money, but in 2017 Microsoft acquired it and continued the effort. Microsoft says it is shifting "our focus to support immersive experiences powered by Microsoft Mesh." We tried out Mesh on HoloLens 2 back in 2021 and were pretty impressed by its functionality, with the company saying it'll be officially launching the service as "a new platform for connection and collaboration, starting by enabling workplaces around the world."

Microsoft posted instructions for creators on how to download content before the March 10, 2023 shutdown date, while noting "AltspaceVR Worlds are not able to be downloaded in full or ported directly to another platform because AltspaceVR is a mix of Worlds made up of a collection of assets owned by a variety of different entities." "While you cannot download them in full, you are able to download items from your Worlds data, which we call meta-data," Microsoft explains, providing people files with references noted as comma-separated values. Here's an excerpt from Microsoft's "sunset" update on altvr.com: "The decision has not been an easy one as this is a platform many have come to love, providing a place for people to explore their identities, express themselves, and find community. It has been a privilege to help unlock passions among users, from educational opportunities for personal growth to the development of unique and wonderful events, groundbreaking art, and immersive experiences -- enabling this community to achieve more. With Mesh, we aspire to build a platform that offers the widest opportunity to all involved, including creators, partners and customers."

Apple today shared an update on its subscription businesses and global App Store, noting that the tech company has now paid out a record $320 billion to app developers since 2008 -- a number that reflects the revenue apps have generated, minus Apple's commission. From a report: In addition, the tech giant said it now has more than 900 million paid subscriptions across Apple services, with subscriptions on the App Store driving a "significant" part of that figure. [...] The company noted that more than 650 million visitors from 175 regions worldwide visit the App Store every week and it's still delivering new experiences. Among the highlights was the launch of Apex Legends on mobile earlier this year, and the growing popularity of a new form of social networking with BeReal, Apple's "app of the year."

Meta is kicking off the New Year with more privacy fines and corrective orders hitting its business in Europe. The latest swathe of enforcement relates to EU's General Data Protection Regulation (GDPR) complaints over the legal basis it claims to run behavioral ads. From a report: The Facebook owner's lead data protection watchdog in the region, the Irish Data Protection Commission (DPC), announced today that it's adopted final decisions on two of these long-running enquiries -- against Meta owned social networking site, Facebook, and social photo sharing service, Instagram. The DPC's press release today announces financial penalties of ~$223 million for Facebook and ~$191 million for Instagram -- and confirms the European Data Protection Board (EDPB)'s binding decision last month on these complaints that contractual necessity is not an appropriate basis for processing personal data for behavioral ads.

These new sanctions add to a pile of privacy fines for Meta in Europe last year -- including a $281 million penalty for a Facebook data-scraping breach; $429 million for an Instagram violation of children's privacy; $18 million for several historical Facebook data breaches; and a $63.6 million penalty over Facebook cookie consent violations -- making for a total of $792 million in (publicly disclosed) EU data protection and privacy fines handed down to the adtech giant in 2022. But now, in the first few days of 2023, Meta has landed financial penalties worth more than half last year's regional total -- and more sanctions could be coming shortly.

The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. From a report: The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices -- no passwords needed. Citrix also says the flaw is being actively exploited by threat actors. "We are aware of a small number of targeted attacks in the wild using this vulnerability," Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. "Limited exploits of this vulnerability have been reported." Citrix hasn't specified which industries the targeted organizations are in or how many have been compromised.

An anonymous reader quotes a report from KrebsOnSecurity: On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. The FBI's InfraGard program is supposed to be a vetted Who's Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation's critical infrastructures -- including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms. "InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks," the FBI's InfraGard fact sheet reads.

KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle "USDoD" and whose avatar is the seal of the U.S. Department of Defense. USDoD said they gained access to the FBI's InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a chief executive officer at a company that was highly likely to be granted InfraGard membership. The CEO in question -- currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans -- did not respond to requests for comment. USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO's name, and that the application included a contact email address that they controlled -- but also the CEO's real mobile phone number. "When you register they said that to be approved can take at least three months," USDoD said. "I wasn't expected to be approve[d]." But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved. While the FBI's InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. "If it was only the phone I will be in [a] bad situation," USDoD said. "Because I used the person['s] phone that I'm impersonating."

USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other. USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data. "InfraGard is a social media intelligence hub for high profile persons," USDoD said. "They even got [a] forum to discuss things." USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a tad high, given that it is a fairly basic list of people who are already very security-conscious. Also, only about half of the user accounts contain an email address, and most of the other database fields -- like Social Security Number and Date of Birth -- are completely empty. [...] While the data exposed by the infiltration at InfraGard may be minimal, the user data might not have been the true end game for the intruders. USDoD said they were hoping the imposter account would last long enough for them to finish sending direct messages as the CEO to other executives using the InfraGuard messaging portal.

For years, Cisco has relied on a widely used tactic to drive sales: The enterprise tech giant pitches customers on large bundles of products that include everything from its core networking products to more peripheral offerings from its sprawling portfolio, such as security software and its Webex videoconferencing app. But now customers are starting to resist buying the company's bundles, The Information reported Wednesday, citing current and former Cisco employees. From the report: Corporate IT departments, under pressure to save money, are picking through their Cisco enterprise agreements with a fine-toothed comb to cut out products they don't use as much, the people said. Industry executives say a similar trend is happening across the enterprise software industry, which spells problems for big firms such as Microsoft and Oracle that also encourage customers to buy a wide array of products in suites. Cisco's customers are balking at offers to renew contracts that include software licenses for tools the companies don't feel they use enough to justify, employees say. That has contributed to a slowing in sales of some of its subscription-based software, including Webex, AppDynamics and certain security products, employees say.