FBI agent Rick Smith remembered seeing that Austrian-born Silicon Valley entrepreneur one year earlier — walking into San Francisco's Soviet Consulate in the early 1980s. Their chance reunion at a bar "would sow the seeds for a major counterintelligence campaign," writes a national security journalist in Politico, describing the collaboration as "an FBI-led operation that sold the Soviet Bloc millions in secretly sabotaged U.S. hi-tech."

The Austrian was already selling American tech goods to European countries, and "By the early 1980s, the FBI knew the Soviet Union was desperate for cutting-edge American technology, like the U.S.-produced microchips then revolutionizing a vast array of digital devices, including military systems..." Moscow's spies worked assiduously to steal such dual use tech or purchase it covertly. The Soviet Union's ballistic missile programs, air defense systems, electronic spying platforms, and even space shuttles, depended on it.... But such tech-focused sanctions-evasion schemes by America's foes offer opportunities for U.S. intelligence, too — including the opportunity to launch ultra-secret sabotage campaigns to alter sensitive technologies before they reach their final destination... Working under the FBI's direction, the Austrian agreed to pose as a crook, a man willing to sell prohibited technology to the communist Eastern Bloc... [T]he FBI and the Austrian would seed faulty tech to Moscow and its allies; drain the Soviet Bloc's coffers; expose its intelligence officers and secret American conspirators; and reveal to American counterspies exactly what tech the Soviets were after...

[T]he Soviet Bloc would unknowingly purchase millions of dollars' worth of sabotaged U.S. goods. Communist spies, ignorant that they were being played, would be feted with a literal parade in a Warsaw Pact capital for their success in purchasing this forbidden technology from the West... The Austrian's connections now presented a major opportunity. The Bulgarians, and their East German and Russia allies, were going to get that forbidden tech. But not before the FBI tampered with it first...

Some of the tech was subtly altered before the Bulgarians could get their hands on it. Some was rendered completely unusable. Some of it was shipped unadulterated to keep the operation humming — and allay any suspicions from the Eastern Bloc about what might be going on. And some of it never made its way to the Bulgarians at all. In one case, the bureau intercepted a $400,000 order of computer hardware from the San Jose-based firm Proquip and shipped out 6,000 pounds of sandbags instead.... Some suffered what appeared to be "accidental" wear-and-tear during the long journey to the Eastern Bloc, recalled Ed Appel [a former senior FBI official]. Other times, the FBI would tamper with the electronics so they would experience "chance" voltage overloads once Soviet Bloc operatives plugged them in. The sabotage could also be more subtle, designed to degrade machine parts or microchips over time, or to render hi-tech tools that required intense precision slightly, if imperceptibly, inaccurate.
The article concludes that "While the Soviet Union might have imploded over three decades ago... Russia's intelligence services are still scouring the globe for prohibited U.S. tech, particularly since Moscow's February 2022 invasion of Ukraine...

"Russia has reportedly even covertly imported household items like refrigerators and washing machines to rip out the microchips within them for use in military equipment."

Google's loss in an antitrust trial is just the beginning. According to Yahoo Finance's senior legal reporter, Google now also has to defend itself "against another perilous antitrust challenge that could inflict more damage." Starting in September, the tech giant will square off against federal prosecutors and a group of states claiming that Google abused its dominance of search advertising technology that is used to sell, buy, and broker advertising space online... Juggling simultaneous defenses "will definitely create a strain on its resources, productivity, and most importantly, attention at the most senior levels," said David Olson, associate professor at Boston College Law School.... The two cases targeting Google have the potential to inflict major damage to an empire amassed over the last two decades.

The second case that begins next month began with a lawsuit filed in the US District Court for the Eastern District of Virginia by the Justice Department and eight states in December 2020... Prosecutors allege that since at least 2015 Google has thwarted meaningful competition and deterred innovation through its ownership of the entities and software that power the online advertising technology market. Google owns most of the technology to buy, sell, and serve advertisements online... Google's share of the US and global advertising markets — when measured either by revenue or impressions — exceeded 90% for "many years," according to the complaint.

The government prosecutors accused Google of siphoning off $0.35 of each advertising dollar that flowed through its ad tech tools.
Thanks to Slashdot reader ZipNada for sharing the article.

Longtime Slashdot reader schwit1 shares a report from Ars Technica: The upper stage from a Chinese rocket that launched a batch of Internet satellites Tuesday has broken apart in space, creating a debris field of at least 700 objects in one of the most heavily-trafficked zones in low-Earth orbit. US Space Command, which tracks objects in orbit with a network of radars and optical sensors, confirmed the rocket breakup Thursday. Space Command initially said the event created more than 300 pieces of trackable debris. The military's ground-based radars are capable of tracking objects larger than 10 centimeters (4 inches). Later Thursday, LeoLabs, a commercial space situational awareness company, said its radars detected at least 700 objects attributed to the Chinese rocket. The number of debris fragments could rise to more than 900, LeoLabs said. The culprit is the second stage of China's Long March 6A rocket, which lifted off Tuesday with the first batch of 18 satellites for a planned Chinese megaconstellation that could eventually number thousands of spacecraft. The Long March 6A's second stage apparently disintegrated after placing its payload of 18 satellites into a polar orbit.

Space Command said in a statement it has "observed no immediate threats" and "continues to conduct routine conjunction assessments to support the safety and sustainability of the space domain." According to LeoLabs, radar data indicated the rocket broke apart at an altitude of 503 miles (810 kilometers) at approximately 4:10 pm EDT (20:10 UTC) on Tuesday, around 13-and-a-half hours after it lifted off from northern China. At this altitude, it will take decades or centuries for the wispy effect of aerodynamic drag to pull the debris back into the atmosphere. As the objects drift lower, their orbits will cross paths with SpaceX's Starlink Internet satellites, the International Space Station and other crew spacecraft, and thousands more pieces of orbital debris, putting commercial and government satellites at risk of collision.

After a 7.1 tremor struck southwestern Japan on Thursday, the country's meteorological agency issued its first-ever alert for a possible "megaquake." It marks the first time the warning has been issued under new rules drawn up after a 2011 earthquake, tsunami and nuclear disaster killed almost 20,000 people. Phys.org reports: The JMA's "megaquake advisory" warns that "if a major earthquake were to occur in the future, strong shaking and large tsunamis would be generated." "The likelihood of a new major earthquake is higher than normal, but this is not an indication that a major earthquake will definitely occur during a specific period of time," it added. The advisory concerns the Nankai Trough "subduction zone" between two tectonic plates in the Pacific Ocean, where massive earthquakes have hit in the past. [...]

Japan's government has previously said the next magnitude 8-9 megaquake along the Nankai Trough has a roughly 70 percent probability of striking within the next 30 years. In the worst-case scenario 300,000 lives could be lost, experts estimate, with some engineers saying the damage could reach $13 trillion with infrastructure wiped out. "The history of great earthquakes at Nankai is convincingly scary," geologists Kyle Bradley and Judith A Hubbard wrote in their Earthquake Insights newsletter. And "while earthquake prediction is impossible, the occurrence of one earthquake usually does raise the likelihood of another", they explained. "A future great Nankai earthquake is surely the most long-anticipated earthquake in history -- it is the original definition of the 'Big One'."

Bruce66423 writes: Sellafield [U.K.'s largest nuclear site] has apologised after pleading guilty to criminal charges relating to a string of cybersecurity failings at Britain's most hazardous nuclear site, which it admitted could have threatened national security.

Among the failings at the vast nuclear waste dump in Cumbria was the discovery that 75% of its computer servers were vulnerable to cyber-attacks, Westminster magistrates court in London heard. Information that could threaten national security was left exposed for four years, the nuclear watchdog revealed, and Sellafield said it had been performing critical IT health checks that were not, in fact, being carried out.

The Guardian's investigation also revealed concerns about external contractors being able to plug memory sticks into Sellafield's system while unsupervised and that its computer servers were deemed so insecure that the problem was nicknamed Voldemort after the Harry Potter villain because it was so sensitive and dangerous.

The good news is that the problem has been spotted. The bad news is that there can be no meaningful punishment for a government owned company. One can only hope that they will do better in the future.

Microsoft researchers said on Friday that Iran government-tied hackers tried breaking into the account of a "high ranking official" on the U.S. presidential campaign in June, weeks after breaching the account of a county-level U.S. official. From a report: The breaches were part of Iranian groups' increasing attempts to influence the U.S. presidential election in November, the researchers said in a report that did not provide any further detail on the "official" in question.

The report follows recent statements by senior U.S. Intelligence officials that they'd seen Iran ramp up use of clandestine social media accounts with the aim to use them to try to sow political discord in the United States. Iran's mission to the United Nations in New York told Reuters in a statement that its cyber capabilities were "defensive and proportionate to the threats it faces" and that it had no plans to launch cyber attacks.

Security researcher Grant Smith uncovered a large-scale smishing scam where scammers posing as the USPS tricked victims into providing their credit card details through fake websites. Smith hacked into the scammers' systems, gathered evidence, and collaborated with the USPS and a US bank to protect over 438,000 unique credit cards from fraudulent activity. Wired reports: The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she'd inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers. Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people's cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States -- California, the state with the most, had 141,000 entries -- with more than 1.2 million pieces of information being entered in total. "This shows the mass scale of the problem," says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

FTX has been ordered to pay $12.7 billion in relief to its customers, according to the Commodity Futures Trading Commission (CFTC). In a statement, CFTC Chairman Rostin Behnam said the crypto exchange drew customers in with "an illusion that it was a safe and secure place to access crypto markets," then misappropriated their customer deposits to make its own risky investments. Reuters reports: The repayment order implements a settlement between the CFTC and the bankrupt crypto exchange, which has committed to a bankruptcy liquidation that will repay customers whose deposits were locked during its late 2022 collapse. FTX has said that its customers will receive 100% recovery on their claims against the company, based on the value of their accounts at the time it filed for bankruptcy. The CFTC agreement resolves a potential roadblock to that repayment, ensuring that the government's lawsuit against FTX will not reduce the funds available to its customers. The CFTC agreed not to collect any payment from FTX until all its customers are repaid, with interest.

The CFTC settlement requires FTX to pay $8.7 billion in restitution and $4 billion in disgorgement, which will be used to further compensate victims for losses suffered during the exchange's collapse. [...] FTX is currently soliciting votes on its bankruptcy proposal but faces opposition from some customers who feel short-changed by the decision to repay them based on much-lower cryptocurrency prices from November 2022. Votes are due on Aug. 16, and FTX intends to seek final approval of its wind-down plan on Oct. 7.

An anonymous reader quotes a report from The Guardian: Amazon's $4 billion investment into US artificial intelligence startup Anthropic is to be examined in the latest investigation into technology tie-ups by the UK's competition watchdog. The Competition and Markets Authority (CMA) said on Thursday that it was launching a preliminary investigation into the deal, before deciding whether to refer it for an in-depth review. The deal, announced in March, included a $4 billion investment in Anthropic from Amazon, and a commitment from Anthropic to use Amazon Web Services "as its primary cloud provider for mission critical workloads, including safety research and future foundation model development." The regulator said it was "considering whether it is or may be the case that Amazon's partnership with Anthropic has resulted in the creation of a relevant merger situation." "We are an independent company. Our strategic partnerships and investor relationships do not diminish our corporate governance independence or our freedom to partner with others," said an Anthropic spokesperson said in a statement. "Amazon does not have a seat on Anthropic's board, nor does it have any board observer rights. We intend to cooperate with the CMA and provide them with a comprehensive understanding of Amazon's investment and our commercial collaboration."

The founder of Cambridge-based Riverlane, Steve Brierley, predicts quantum computing will have its "Sputnik" breakthrough within years. "Quantum computing is not going to be just slightly better than the previous computer, it's going to be a huge step forward," he said. Phys.org reports: His company produces the world's first dedicated quantum decoder chip, which detects and corrects the errors currently holding the technology back. In a sign of confidence in Riverlane's work and the sector in general, the company announced on Tuesday that it had raised $75 million in Series C funding, typically the last round of venture capital financing prior to an initial public offering. "Over the next two to three years, we'll be able to get to systems that can support a million error-free operations," said Earl Campbell, vice president of quantum science at Riverlane. This is the threshold where a quantum computer should be able to perform certain tasks better than conventional computers, he added.

Quantum computers are "really good at simulating other quantum systems", explained Brierley, meaning they can simulate interactions between particles, atoms and molecules. This could open the door to revolutionary medicines and also promises huge efficiency improvements in how fertilizers are made, transforming an industry that today produces around two percent of global CO2 emissions. It also paves the way for much more efficient batteries, another crucial weapon in the fight against climate change. "I think most people are more familiar with exponential after COVID, so we know how quickly something that's exponential can spread," said Campbell, inside Riverlane's testing lab, a den of oscilloscopes and chipboards. [...]

While today's quantum computers can only perform around 1,000 operations before being overwhelmed by errors, the quality of the actual components has "got to the point where the physical qubits are good enough," said Brierley. "So this is a super exciting time. The challenge now is to scale up... and to add error correction into the systems," he added. Such progress, along with quantum computing's potential to crack all existing cryptography and create potent new materials, is spurring regulators into action. "There's definitely a scrambling to understand what's coming next in technology. It's really important that we learn the lessons from AI, to not be surprised by the technology and think early about what those implications are going to be," said Brierley. "I think there will ultimately be regulation around quantum computing, because it's such an important technology. And I think this is a technology where no government wants to come second."

An anonymous reader quotes a report originally published by Business Insider: A Chinese state-backed company has launched its first 18 satellites in its bid to build a vast orbital network aimed at rivaling Starlink, according to local media. The launch on Monday by Shanghai Spacecom Satellite Technology involved 18 satellites and one rocket, per The China Securities Journal, which is run by state news agency Xinhua. According to the outlet, the rocket lifted off from the Taiyuan satellite and missile launch center in Shanxi province.

These satellites mark the first step in the company's effort to create a 15,000-strong network of Low Earth Orbit satellites, which the firm has dubbed the "Thousand Sails Constellation." The company said it plans to reach that final tally by 2030, per The China Securities Journal. Domestic media has widely called the project the Chinese version of Starlink, which runs about 6,000 satellites. Elon Musk has said that he plans to eventually host a network of 42,000 satellites.

The Thousand Sails Constellation, also known as the G60 project, is one of three planned major satellite networks in the country. Each is expected to field 10,000 or more satellites. Most are anticipated to orbit between 200 and 1,200 miles above the Earth's surface, which is also where Starlink satellites are generally found. The three constellations, along with dozens of ambitious space projects from other Chinese firms, have been fueled by a recent push from the central government to loop the private sector into its science and technology goals.

An anonymous reader quotes a report from the Associated Press: The government of Australia's most populous state ordered all public employees to work from their offices by default beginning Tuesday and urged stricter limits on remote work, after news outlets provoked a fraught debate about work-from-home habits established during the pandemic. Chris Minns, the New South Wales premier, said in a notice to agencies Monday that jobs could be made flexible by means other than remote working, such as part-time positions and role sharing, and that "building and replenishing public institutions" required "being physically present." His remarks were welcomed by business and real estate groups in the state's largest city, Sydney, who have decried falling office occupancy rates since 2020, but denounced by unions, who pledged to challenge the initiative if it was invoked unnecessarily.

The instruction made the state's government, Australia's largest employer with more than 400,000 staff, the latest among a growing number of firms and institutions worldwide to attempt a reversal of remote working arrangements introduced as the coronavirus spread. But it defied an embrace of remote work by the governments of some other Australian states, said some analysts, who suggested lobbying by a major newspaper prompted the change. "It seems that the Rupert Murdoch-owned Daily Telegraph in Sydney has been trying to get the New South Wales government to mandate essentially that workers go back to the office," said Chris F. Wright, an associate professor in the discipline of work at the University of Sydney. The newspaper cited prospective economic boons for struggling businesses.

The newspaper wrote Tuesday that the premier's decision "ending the work from home era" followed its urging, although Minns did not name it as a factor. But the union representing public servants said there was scant evidence for the change and warned the state government could struggle to fill positions. "Throughout the New South Wales public sector, they're trying to retain people," said Stewart Little, the General Secretary of the Public Service Association. "In some critical agencies like child protection we're looking at 20% vacancy rates, you're talking about hundreds of jobs." Little added that government offices have shrunk since 2020 and agencies would be unable to physically accommodate every employee on site. Minns said the state would lease more space, according to the Daily Telegraph. Further reading: Ordered Back To the Office, Top Tech Talent Left Instead, Study Finds

An anonymous reader quotes a report from the Washington Post: For the first time in 40 years, the Environmental Protection Agency has taken emergency action to stop the use of a pesticide (source may be paywalled; alternative source) linked to serious health risks for unborn babies. Tuesday's emergency order applies to dimethyl tetrachloroterephthalate, also known as DCPA, a weedkiller used on crops such as broccoli, Brussels sprouts, cabbage and onions. When pregnant farmworkers and others are exposed to the pesticide, their babies can experience changes to fetal thyroid hormone levels, which are linked to low birth weight, impaired brain development, decreased IQ and impaired motor skills later in life.

"DCPA is so dangerous that it needs to be removed from the market immediately," Michal Freedhoff, assistant administrator for the EPA's Office of Chemical Safety and Pollution Prevention, said in a statement. "It's EPA's job to protect people from exposure to dangerous chemicals. In this case, pregnant women who may never even know they were exposed could give birth to babies that experience irreversible lifelong health problems." The European Union banned DCPA in 2009. But the EPA has been slower to act, frustrating some environmental and public health advocates.

In an interview, Freedhoff said that EPA scientists have tried for years to get more information on health risks from the sole manufacturer of the pesticide, AMVAC Chemical. But she said the company refused to turn over the data, including a study on the effects of DCPA on thyroid development and function, until November 2023. "We did make some good-faith efforts to work with the company," Freedhoff said. "But in the end, we didn't think any of the measures proposed by the company would be implementable, enforceable or effective." "DCPA has been used in the United States since the late 1950s," notes the report. "After the pesticide is applied, it can linger in the soil, contaminating crops later grown in those fields, including broccoli, cilantro, green onions, kale and mustard greens."

"The emergency order Tuesday temporarily suspends all registrations of the pesticide under the Federal Insecticide, Fungicide and Rodenticide Act. The agency plans to permanently suspend these registrations within the next 90 days."

Google's payments to make its search engine the default on smartphone web browsers violates US antitrust law, a federal judge ruled Monday, handing a key victory to the Justice Department. From a report: Judge Amit Mehta in Washington said that the Alphabet unit's $26 billion in payments effectively blocked any other competitor from succeeding in the market. Antitrust enforcers alleged that Google has illegally maintained a monopoly over online search and related advertising. The government said that Google has paid Apple, Samsung and others billions over decades for prime placement on smartphones and web browsers. This default position has allowed Google to build up the most-used search engine in the world, and fueled more than $300 billion in annual revenue largely generated by search ads.

Illinois Governor J.B. Pritzker has signed a bill into law that will significantly curb the penalties companies could face for improperly collecting and using fingerprints and other biometric data from workers and consumers. From a report: The bill passed by the legislature in May and signed by Pritzker, a Democrat, on Friday amends the state's Biometric Information Privacy Act (BIPA) so that companies can be held liable only for a single violation per person, rather than for each time biometric data is allegedly misused.

The amendments will dramatically limit companies' exposure in BIPA cases and could discourage plaintiffs' lawyers from filing many lawsuits in the first place, management-side lawyers said. "By limiting statutory damages to a single recovery per individual ... companies in most instances will no longer face the prospect of potentially annihilative damages awards that greatly outpace any privacy harms," David Oberly, of counsel at Baker Donelson in Washington, D.C., said before the bill was signed. BIPA, a 2008 law, requires companies to obtain permission before collecting fingerprints, retinal scans and other biometric information from workers and consumers. The law imposes penalties of $1,000 per violation and $5,000 for reckless or intentional violations.

Reeling from security and optics issues, Microsoft appears to be trying to correct its story. An anonymous reader shares a report: Microsoft made it clear earlier this year that it was planning to make security its top priority, following years of security issues and mounting criticisms. Starting today, the software giant is now tying its security efforts to employee performance reviews. Kathleen Hogan, Microsoft's chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. "Everyone at Microsoft will have security as a Core Priority," says Hogan. "When faced with a tradeoff, the answer is clear and simple: security above all else."

A lack of security focus for Microsoft employees could impact promotions, merit-based salary increases, and bonuses. "Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards," Microsoft is telling employees in an internal Microsoft FAQ on its new policy. Microsoft has now placed security as one of its key priorities alongside diversity and inclusion. Both are now required to be part of performance conversations -- internally called a "Connect" -- for every employee, alongside priorities that are agreed upon between employees and their managers.

This week America's Securities and Exchange Commission filed fraud charges against the former CEO of the startup social media site "IRL"

The BBC reports: IRL — which was once considered a potential rival to Facebook — took its name from its intention to get its online users to meet up in real life. However, the initial optimism evaporated after it emerged most of IRL's users were bots, with the platform shutting in 2023...

The SEC says it believes [CEO Abraham] Shafi raised about $170m by portraying IRL as the new success story in the social media world. It alleges he told investors that IRL had attracted the vast majority its supposed 12 million users through organic growth. In reality, it argues, IRL was spending millions of dollars on advertisements which offered incentives to prospective users to download the IRL app. That expenditure, it is alleged, was subsequently hidden in the company's books.
IRL received multiple rounds of venture capital financing, eventually reaching "unicorn status" with a $1.17 billion valuation, according to TechCrunch. But it shut down in 2023 "after an internal investigation by the company's board found that 95% of the app's users were 'automated or from bots'."

TechCrunch notes it's the second time in the same week — and at least the fourth time in the past several months — that the SEC has charged a venture-backed founder on allegations of fraud... Earlier this week, the SEC charged BitClout founder Nader Al-Naji with fraud and unregistered offering of securities, claiming he used his pseudonymous online identity "DiamondHands" to avoid regulatory scrutiny while he raised over $257 million in cryptocurrency. BitClout, a buzzy crypto startup, was backed by high-profile VCs such as a16z, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.

In June, the SEC charged Ilit Raz, CEO and founder of the now-shuttered AI recruitment startup Joonko, with defrauding investors of at least $21 million. The agency alleged Raz made false and misleading statements about the quantity and quality of Joonko's customers, the number of candidates on its platform and the startup's revenue.

The agency has also gone after venture firms in recent months. In May, the SEC charged Robert Scott Murray and his firm Trillium Capital LLC with a fraudulent scheme to manipulate the stock price of Getty Images Holdings Inc. by announcing a phony offer by Trillium to purchase Getty Images.

America's Defense Department has launched a project "that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust," reports the Register — with an online event already scheduled later this month for those planning to submit proposals: The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA's hope [that's the Defense Department's R&D agency] is that AI models can help with the programming language translation, in order to make software more secure. "You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is 'here's some C code, please translate it to safe idiomatic Rust code,' cut, paste, and something comes out, and it's often very good, but not always," said Dan Wallach, DARPA program manager for TRACTOR, in a statement. "The research challenge is to dramatically improve the automated translation from C to Rust, particularly for program constructs with the most relevance...."

DARPA's characterization of the situation suggests the verdict on C and C++ has already been rendered. "After more than two decades of grappling with memory safety issues in C and C++, the software engineering community has reached a consensus," the research agency said, pointing to the Office of the National Cyber Director's call to do more to make software more secure. "Relying on bug-finding tools is not enough...."

Peter Morales, CEO of Code Metal, a company that just raised $16.5 million to focus on transpiling code for edge hardware, told The Register the DARPA project is promising and well-timed. "I think [TRACTOR] is very sound in terms of the viability of getting there and I think it will have a pretty big impact in the cybersecurity space where memory safety is already a pretty big conversation," he said.
DARPA's statement had an ambitious headline: "Eliminating Memory Safety Vulnerabilities Once and For All."

"Rust forces the programmer to get things right," said DARPA project manager Wallach. "It can feel constraining to deal with all the rules it forces, but when you acclimate to them, the rules give you freedom. They're like guardrails; once you realize they're there to protect you, you'll become free to focus on more important things."

Code Metal's Morales called the project "a DARPA-hard problem," noting the daunting number of edge cases that might come up. And even DARPA's program manager conceded to the Register that "some things like the Linux kernel are explicitly out of scope, because they've got technical issues where Rust wouldn't fit."

Thanks to long-time Slashdot reader RoccamOccam for sharing the news.

America's Senate "overwhelmingly passed major online safety reforms to protect children on social media," reports the Guardian.

"But with ongoing pushback from the tech industry and freedom of speech organizations, the legislation faces an uncertain future in the House." "It's a terrible idea to let politicians and bureaucrats decide what people should read and view online," freedom of speech group the Electronic Frontier Foundation said of the Senate's passage of Kosa... Advocates of Kosa reject these critiques, noting the bill has been revised to address many of those concerns — including shifting enforcement from attorneys general to the federal trade commission and focusing the "duty of care" provisions on product design features of the site or app rather than content specifically. A number of major LGBTQ+ groups dropped their opposition to the legislation following these changes, including the Human Rights Campaign, GLAAD and the Trevor Project.

After passing the Senate this week, the bill has now moved onto the House, which is on a six-week summer recess until September. Proponents are now directing their efforts towards House legislators to turn the bill into law. Joe Biden has indicated he would sign it if it passes. In a statement Tuesday encouraging the House to pass the legislation, the US president said: "We need action by Congress to protect our kids online and hold big tech accountable for the national experiment they are running on our children for profit...."

House speaker Mike Johnson of Louisiana has expressed support for moving forward on Kosa and passing legislation this Congress, but it's unclear if he will bring the bill up in the House immediately. Some experts say the bill is unlikely to be passed in the House in the form passed by the Senate. "Given the concerns about potential censorship and the possibility of minors' lacking access to vital information, pausing KOSA makes eminent sense," said Gautam Hans, associate clinical professor of law and associate director of the First Amendment Clinic at Cornell Law School. He added that the House may put forward its own similar legislation instead, or modify KOSA to further address some of these concerns.
The political news site Punchbowl News also noted this potentially significant quote: A House GOP leadership aide told us this about KOSA: "We've heard concerns across our Conference and the Senate bill cannot be brought up in its current form."
TechDirt argues that "Senator Rand Paul's really excellent letter laying out the reasons he couldn't support the bill may have had an impact."

Thanks to long-time Slashdot reader SonicSpike for sharing the news.

America's National Institute of Standards and Technology (NIST) has released a new open-source software tool called Dioptra for testing the resilience of machine learning models to various types of attacks.

"Key features that are new from the alpha release include a new web-based front end, user authentication, and provenance tracking of all the elements of an experiment, which enables reproducibility and verification of results," a NIST spokesperson told SC Media: Previous NIST research identified three main categories of attacks against machine learning algorithms: evasion, poisoning and oracle. Evasion attacks aim to trigger an inaccurate model response by manipulating the data input (for example, by adding noise), poisoning attacks aim to impede the model's accuracy by altering its training data, leading to incorrect associations, and oracle attacks aim to "reverse engineer" the model to gain information about its training dataset or parameters, according to NIST.

The free platform enables users to determine to what degree attacks in the three categories mentioned will affect model performance and can also be used to gauge the use of various defenses such as data sanitization or more robust training methods.

The open-source testbed has a modular design to support experimentation with different combinations of factors such as different models, training datasets, attack tactics and defenses. The newly released 1.0.0 version of Dioptra comes with a number of features to maximize its accessibility to first-party model developers, second-party model users or purchasers, third-party model testers or auditors, and researchers in the ML field alike. Along with its modular architecture design and user-friendly web interface, Dioptra 1.0.0 is also extensible and interoperable with Python plugins that add functionality... Dioptra tracks experiment histories, including inputs and resource snapshots that support traceable and reproducible testing, which can unveil insights that lead to more effective model development and defenses.
NIST also published final versions of three "guidance" documents, according to the article. "The first tackles 12 unique risks of generative AI along with more than 200 recommended actions to help manage these risks. The second outlines Secure Software Development Practices for Generative AI and Dual-Use Foundation Models, and the third provides a plan for global cooperation in the development of AI standards."

Thanks to Slashdot reader spatwei for sharing the news.