By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.

"Television is for appearing on - not for looking at."

"Until you've lost your reputation, you never realize what a burden it was."

Read 53 remaining paragraphs | Comments

"The desire to take medicine is perhaps the greatest feature which distinguishes man from animals."

An anonymous reader quotes a report from Motherboard, written by Aaron Gordon: Not quite three years ago, I bought a Pixel 3, Google's flagship phone at the time. It has been a good phone. I like that it's not too big. I dropped it a bunch, but it didn't break. And the battery life has not noticeably changed since the day I got it. I think of phones in much the same way I think of refrigerators or stoves. It's an appliance, something I need but feel no attachment to, and as long as it keeps fulfilling that need, I don't want to spend money replacing it for no real reason. The Pixel 3 fulfills my needs, so I don't want to spend $600 on the Pixel 6, which seems to be just another phone that does all the phone things. But I have to get rid of it because Google has stopped supporting all Pixel 3s. Despite being just three years old, no Pixel 3 will ever receive another official security update. Installing security updates is the one basic thing everyone needs to do for their own digital security. If you don't even get them, then you're vulnerable to every security flaw discovered since your last patch. In response to an email asking Google why it stopped supporting the Pixel 3, a Googles spokesperson said, "We find that three years of security and OS updates still provides users with a great experience for their device." This has been a problem with Android for as long as Android has existed. In 2015, my colleague Lorenzo Franceschi-Bicchierai wrote a farewell to Android because of its terrible software support and spotty upgrade rollouts. Android has long blamed this obvious issue on the fact that updates need to run through the cellphone company and phone manufacturer before being pushed to the user. At the time, Google didn't make any Android phones; the Nexus line was the closest thing, a partnership with other manufacturers like Motorola and HTC (I had one of those, too). But for the past six years, Google has made the Pixel line of phones. They are Google-made phones, meaning Google can't blame discontinuing security updates on other manufacturers, and yet, it announced that's exactly what it would do. Gordon goes on to say that he's "switching to an iPhone for the first time," noting how the most recent version of iOS can be installed on phones going as far back as the iPhone 6s, which was released more than six years ago. "Unless you routinely destroy your phone within two or three years, there's no justification from a sustainability perspective to keep using Android phones," he adds. "Of course, Apple is only good by comparison, as it also manufactures devices that are difficult to repair with an artificially short shelf life. It just happens to have a longer shelf life than Google."

Read more of this story at Slashdot.

I find that I feel writing a non-fiction subject oriented book is nonsense for non-academics. I feel a strong aversion to the idea of writing a non-fiction book, as people have suggested to me occasionly since university.

Different elements are part of that aversion:

• There’s a plethora of non-fiction books that to me seem 300 to 400 pages of anecdotal padding around a core idea that would fit on the backflap. Many such books lack tables of content and indexes, seemingly to better hide that one or few core ideas, so you need to go through all pages to find them.
• The motivation for non-fiction writers to write a book I often find suspect. Aimed at marketing and PR, in support of selling themselves as consultant for instance. Written not to serve an audience, or even find one, but as a branding prop. That makes the actual content often even thinner. Such as taking something anecdotal like “I had this great project I enormously enjoyed doing” and anointing it as the new truth, “Organise all your projects like this, it’s a universal method!”
• I equally find my own favourite topics suspect as material for writing a book. I don’t think any of the topics I work on, and have been working on, are deep enough or have enough solid foundation to stand on their own as a book. It could only become a range of anecdotes around ideas that themselves fit in a sentence or two. In my activities context and environment are key in working out how an idea can be made to work for a client, and that’s the work. That’s a good source of anecdotes, but not more. See the first bullet. A book about it would be a collection of opinions, and in my eyes would take a rather large amount of work to give those ideas a more solid footing.

In a conversation with E about this a few months ago, she said that’s a very arrogant stance towards authors (they have nothing to say), as well as belittling myself (I have nothing to say). I think those are both the same things, that most people, including me, don’t have enough to say to fill a book, to spend tens of thousands of words on. Many have enough to say on enough moments to at that time fill a great blogpost, article, a pamphlet (like the one about birthday unconferences shown in the right hand column), or an essay. But not a book, an artefact that seems such a heavyweight creation and production process in comparison. There are those who write a book by collating material that was previously written as blogposts, or as internal notes, and then somewhat rearranged. I see that as case in point more than counter argument.

As stated at the top, I make exceptions for academic books, explaining or introducing a field or actual research and their popular science counterparts, and for non-subject non-fiction, that e.g. describes a journey (geographically, or through life for instance, ‘true stories’, the history of a topic and how we ended up in the current situation, that sort of thing).
I also don’t mean fiction. Fiction’s role is very different, and any story that makes you read the next sentence and the next and the next is not what I mean here.
In that sense I very much appreciate the work of Cory Doctorow, who writes articles, essays, columns and blogposts about the topics he cares about, and writes fiction books to explore those same topics along different and novel routes.

Yet, our house holds many non-fiction books. A stack of books that keeps ever growing. So, why is that? Is it that there is more value in the whole, the collection of books read, and those unread, as opposed to the lack of value I perceive in any singular book in itself? Or maybe I don’t understand what writing a non-fiction book is, and what it is for. There are people reading my blog who have written non-fiction books. What were your motivations and aims? Why a book?

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.

New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed.

What’s most interesting to me about this new information is how the US used the Australians to get around domestic spying laws:

For legal reasons, the FBI did not monitor outgoing messages from Anom devices determined to be inside the U.S. Instead, the Australian Federal Police (AFP) monitored them on behalf of the FBI, according to previously published court records. In those court records unsealed shortly before the announcement of the Anom operation, FBI Special Agent Nicholas Cheviron wrote that the FBI received Anom user data three times a week, which contained the messages of all of the users of Anom with some exceptions, including “the messages of approximately 15 Anom users in the U.S. sent to any other Anom device.”

[…]

Stewart Baker, partner at Steptoe & Johnson LLP, and Bryce Klehm, associate editor of Lawfare, previously wrote that “The ‘threat to life; standard echoes the provision of U.S. law that allows communications providers to share user data with law enforcement without legal process under 18 U.S.C. § 2702. Whether the AFP was relying on this provision of U.S. law or a more general moral imperative to take action to prevent imminent threats is not clear.” That section of law discusses the voluntary disclosure of customer communications or records.

When asked about the practice of Australian law enforcement monitoring devices inside the U.S. on behalf of the FBI, Senator Ron Wyden told Motherboard in a statement “Multiple intelligence community officials have confirmed to me, in writing, that intelligence agencies cannot ask foreign partners to conduct surveillance that the U.S. would be legally prohibited from doing itself. The FBI should follow this same standard. Allegations that the FBI outsourced warrantless surveillance of Americans to a foreign government raise troubling questions about the Justice Department’s oversight of these practices.”

I and others have long suspected that the NSA uses foreign nationals to get around restrictions that prevent it from spying on Americans. It is interesting to see the FBI using the same trick.

Het Albert Schweitzer Ziekenhuis in Dordrecht deelde gisteravond beelden van hoe de terminaal zieke Natascha afscheid nam van haar Lieuwe. Het filmpje maakte veel los. "In alle ellende zag ik haar weer gelukkig zijn."

In de video is te zien hoe aan de achterzijde van het ziekenhuis Natascha en haar paard elkaar voor het laatst ontmoeten. Ziekenhuismedewerkers en nabestaanden die het afscheid regelden, krijgen op sociale media van duizenden mensen lof toegezwaaid.

Natascha's man Herman Edelman zag het ook niet helemaal aankomen, vertelt hij. Het ziekenhuis had hem, bijna twee maanden na het overlijden van zijn vrouw, gevraagd of ze de beelden op hun sociale media mochten delen. "Natascha had zoveel reacties fantastisch gevonden. Ze hield enorm veel van dieren. Ik denk dat ze iedereen zo'n afscheid gunde", vertelt hij aan de regionale omroep Rijnmond.

Duitsland

Een groot deel van haar leven lijdt Natascha aan multiple sclerose, een ziekte van het centrale zenuwstelsel. Voortbewegen gaat, maar wel steeds moeizamer. "Dit jaar ging het helaas hard achteruit", blikt Edelman terug. Er zijn open wonden en er wordt een been geamputeerd.

Paard Lieuwe woont op de boerderij van vriendin Femke Weijers, die woont in de Duitse deelstaat Nedersaksen. Natascha en Herman gaan er een paar keer per jaar een week logeren. Maar als Herman een tijdje ook ernstig ziek is kan Natascha drie jaar lang niet naar Duitsland. Ze ziet haar paard jaren niet.

"Toen we Natascha's behandeling stopten en ze wist dat het niet meer goed zou komen, zei ze tegen mij, tegen de thuiszorg en eigenlijk iedereen: mijn grootste wens is Lieuwe nog een keer zien", vertelt Herman. De verpleging van het Dordtse ziekenhuis regelt vervoer naar Duitsland via de Stichting Ambulance Wens, maar het is te laat. Natascha heeft inmiddels zoveel zuurstof nodig dat de flessen niet passen in de wagen.

Er wordt een poging bedacht om digitaal afscheid te nemen. "Ik weet niets van telefoons en van Facetime. Ik heb het geprobeerd, maar de verbinding was slecht en schokkerig. Een filmpje maken voelde ook niet goed", vertelt Femke. "Weet je, wij paardenmensen ruiken graag aan ons dier. Zo moest het zijn, Natascha moest Lieuwe voelen en ruiken. Niet op een scherm."

Als Herman aangeeft dat het nu echt hard achteruitgaat, neemt Femke een besluit. "Ik zei tegen mijn partner: gooi de tank maar vol en haal de trailer. Ik ga Lieuwe borstelen. En dan gaan we naar Dordrecht."

Teken van herkenning

Na onderling contact belt Herman het ziekenhuis. Herman: "Die reageerden fantastisch. 'Dat is goed', zeiden ze. 'Dit gaan we doen. Kom maar'." Een uur later zijn ze op weg naar Nederland, een reis van 400 kilometer. Alle betrokkenen geven toe: het was eigenlijk een compleet spontane actie. Geen idee of het zou lukken en of het een goed idee was.

Eenmaal bij het ziekenhuis aangekomen is Natascha in haar bed naar buiten gereden. "Samen met Lieuwe ben ik naar het bed gelopen. Anders dan bij een hond weet je het nooit helemaal zeker, maar ik denk dat hij haar herkende, Lieuwe snuffelde en stak zijn oren naar voren. Dat is een teken van herkenning", vertelt Femke. "Natascha pakte het touw vast, net als altijd. Lieuwe stond daar heel erg op zijn gemak. Toen Natascha haar zuurstofmasker afdeed drukte hij zijn neus tegen haar gezicht."

"Ik zag Natascha ontspannen, ze had eindelijk vrede met de situatie", zegt Herman. "In alle ellende zag ik haar weer gelukkig zijn. Glimlachen. Het was allemaal zo rustig, zo ontspannen."

Tijdens het afscheid knipte Femke nog wat manen af van Lieuwe. "'Nu kun je hem blijven ruiken en voelen', zei ik. De manen heeft ze tot het laatst in haar handen gehad."

Nog diezelfde dag glijdt Natascha door de morfine in een diepe slaap. Twee dagen later overlijdt ze op 47-jarige leeftijd. De manen van Lieuwe worden met haar begraven. Herman en Femke zijn het Albert Schweitzer Ziekenhuis diep dankbaar dat het afscheid zo is gegaan, ondanks alle coronadrukte.

Het ziekenhuis laat weten zoveel mogelijk mee te willen werken als patiënten afscheid willen nemen van een huisdier, maar een verzoek als dit niet eerder te hebben gehad. De betrokkenen op de verpleegafdeling zeggen dat het afscheid ook hen diep heeft geraakt.

wiredmikey shares a report from SecurityWeek: Security researchers at Google's Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. If that makes you scratch your head, that was exactly the reaction from Google's premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group's Pegasus surveillance tool on iPhones. "We assess this to be one of the most technically sophisticated exploits we've ever seen," Google's Ian Beer and Samuel Grob wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia. In its breakdown, Project Zero said the exploit effectively created "a weapon against which there is no defense," noting that zero-click exploits work silently in the background and does not even require the target to click on a link or surf to a malicious website. "Short of not using a device, there is no way to prevent exploitation by a zero-click exploit," the research team said. The researchers confirmed the initial entry point for Pegasus was Apple's proprietary iMessage that ships by default on iPhones, iPads and macOS devices. By targeting iMessage, the NSO Group hackers needed only a phone number of an AppleID username to take aim and fire eavesdropping implants. Because iMessage has native support for GIF images (especially those that loop endlessly), Project Zero's researchers found that this expanded the attack surface and ended up being abused in an exploit cocktail that targeted a security defect in Apple's CoreGraphics PDF parser. Within Apple's CoreGraphics PDF parser, the NSO exploit writers abused Apple's implementation of the open-source JBIG2, a domain specific image codec designed to compress images where pixels can only be black or white. Describing the exploit as "pretty terrifying," Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit. Apple patched the exploit in September and filed a lawsuit seeking to hold NSO Group accountable.

Read more of this story at Slashdot.

Iranians couldn't buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens. From a report: Millions of ordinary people in Iran and Israel recently found themselves caught in the crossfire of a cyberwar between their countries. In Tehran, a dentist drove around for hours in search of gasoline, waiting in long lines at four gas stations only to come away empty. In Tel Aviv, a well-known broadcaster panicked as the intimate details of his sex life, and those of hundreds of thousands of others stolen from an L.G.B.T.Q. dating site, were uploaded on social media. For years, Israel and Iran have engaged in a covert war, by land, sea, air and computer, but the targets have usually been military or government related. Now, the cyberwar has widened to target civilians on a large scale. In recent weeks, a cyberattack on Iran's nationwide fuel distribution system paralyzed the country's 4,300 gas stations, which took 12 days to have service fully restored. That attack was attributed to Israel by two U.S. defense officials, who spoke on the condition of anonymity to discuss confidential intelligence assessments. It was followed days later by cyberattacks in Israel against a major medical facility and a popular L.G.B.T.Q. dating site, attacks Israeli officials have attributed to Iran. The escalation comes as American authorities have warned of Iranian attempts to hack the computer networks of hospitals and other critical infrastructure in the United States. As hopes fade for a diplomatic resurrection of the Iranian nuclear agreement, such attacks are only likely to proliferate. Hacks have been seeping into civilian arenas for months. Iran's national railroad was attacked in July, but that relatively unsophisticated hack may not have been Israeli. And Iran is accused of making a failed attack on Israel's water system last year. The latest attacks are thought to be the first to do widespread harm to large numbers of civilians. Nondefense computer networks are generally less secure than those tied to state security assets.

Read more of this story at Slashdot.

Downloading pirated copies of videogames from the internet has been a thing for around three decades already but today’s scene stands apart from the earliest days of the web.

Where games of a few kilobytes once ruled the waves, these days files reaching tens of gigabytes are not unusual. Even now, not everyone has the bandwidth or time available to dedicate to grabbing these releases. Perhaps unsurprisingly though, people always step in to provide a way.

FitGirl is arguably the most famous videogame “repacker” in the world today. Of Russian origins and using the likeness of Amélie, FitGirl releases typically offer everything the average videogame pirate needs – games with protections removed (or bypassed), delivered via torrents, in a much smaller file size than the original.

With tens of millions of visits per month, FitGirl’s torrent index is one of the most popular around and is only growing in popularity. In part, that’s due to FitGirl’s popularity but also the quality of their releases. What isn’t mentioned often, however, is the sheer number of releases made by what is believed to be a single-person operation.

The Amelie Report October 2021

In what will hopefully become a regular feature detailing FitGirl’s work, in recent days the ‘Amelie Report’ for October 2021 was published on FitGirl’s site. It provides a unique insight not only into FitGirl’s releases but what appears to be an almost unhealthy dedication to the art of repacking and releasing.

In the month of October alone, FitGirl repacked an astonishing 157 games, which averages out to about five games every single day. An impressive 82% of those repacks (128) were of new games while 29 were updated titles.

“The source size of all releases, most of which are scene ISOs, is equal to 1370 GB (1.33 TB), which unpack to a size of 1905 GB (1.86 TB). The average unpacked size of the game comes to about 8.7 GB, while the median size is only 5.1 GB. Median here means that half of the games are larger than 5.1 GB and the rest half are smaller,” FitGirl reveals.

“When packed, those games take up from 698 GB to 808 GB, depending on selected components, which is basically half of the scene release sizes. The minimum average repack size comes to about 4.5 GB, while the median size is only 1.9 GB.”

In short and in broad terms, after pirated games are released by the original pirate groups, FitGirl’s repacking skills mean that they are redistributed to the masses more quickly and efficiently.

Repack Release Examples

The largest game repack released by FitGirl in October was Conan Exiles: Complete Edition, which began life as a 105GB file but after processing was cut down to just 45.5GB. The smallest was CADE PRIME which from a lofty 730MB was crunched down to 220MB. The size difference between games and their repacks can differ wildly though.

“The worst compression ratio recorded is for Disco Elysium: The Final Cut (9.5 GB –> 7.8 GB, only 17.9% saved), while the best result recorded is for Boomerang X (10.8 GB –> 859 MB), with a whopping amount of 92% traffic saved,” FitGirl reports.

Compression / Decompression

When FitGirl obtains releases and goes about the packing processes, plenty of things need to be done. Original ISOs have to be unpacked, analyzed, prepared and compressed, for example. FItGirl says that the overall processing speed is carried out at a rate of 63.5GB of data per day with compression writing speed taking place at roughly half that.

Importantly, when FitGirl releases are obtained by users, work has to be carried out on that end too. All of the compression has to be reversed on the users’ machines (similar to an automated unZIPping) and the overall time spent can be significant and heavily dependant on the hardware available.

“[S]tats show that the average repack installation time on a 16-threaded PC [with at least 16GB RAM] is 4 minutes 20 seconds with median timing being even lower, that is only 2 minutes. For slower machines [4-threaded CPU with 8GB of RAM], those numbers are 9 and 3 minutes respectively. Of course, there are slow installations (Killing Floor 2 will be killing your PC for two hours on a 4-threaded CPU), but average numbers are pretty low,” FitGirl explains.

Also, if users have a laptop rather than a desktop machine, FitGirl says that the installation time can be increased by a factor of 2 but that isn’t the only bottleneck.

“If you have an active antivirus, then multiply it by a factor of 1.2-2, but if you have an aggressive antivirus which checks ALL read/write data on the fly, then multiply it by a factor of 2-4. Yes, you guessed it right, being dumb is costly in 2021,” FitGirl adds.

While running an antivirus might slow down FitGirl repack game installations, turning off security tools isn’t generally advised for the average user. Then again, FitGirl is certainly not the average user, not by a long shot.

‘Amélie’ is probably the busiest and most productive gaming pirate online today and as things stand, there are no signs of a slowdown.

The full list of games released by FitGirl in October can be found here

From: TF, for the latest news on copyright battles, piracy and more.

As batteries start to pile up, carmakers, battery companies and researchers are trying to save them from ending up in landfills. From a report: Recyclers are primarily interested in extracting the valuable metals and minerals in the cells. Getting to these materials is complex and dangerous: After removing the steel casing, the battery pack needs to be unbundled into cells carefully, to avoid puncturing any hazardous materials. The electrolyte, a liquid whose job it is to move lithium ions between the cathode and anode, can catch fire or even explode if heated. Only once the pack has been dismantled, recyclers can safely extract the conductive lithium, nickel, copper, and cobalt. Used in the cathode, cobalt is the most sought-after material used in batteries. In its raw form, the rare, bluish-grey metal is predominantly sourced from the Democratic Republic of Congo, where miners work in perilous conditions. The world's major electric car manufacturers are already moving away from cobalt, deterred by the human rights abuses, shortages in the supply chain. That raises the question of whether recyclers will still find it worthwhile to dismantle newer battery types lacking the most valuable ingredients. "When you move to more sustainable materials, and lower cost materials, the incentive to recycle and recover them diminishes," says Jenny Baker, an energy storage expert at Swansea University. She likens this to a dilemma in consumer electronics: It is often cheaper to buy a new mobile phone than to get it fixed or recycled. [...] In a first step, recyclers typically shred the cathode and anode materials of spent batteries into a powdery mixture, the so-called black mass. In the board game analogy, this would be the first slide down on a snake, Gavin Harper, a research fellow at the University of Birmingham, explains. The black mass can then be processed in one of two ways to extract its valuable components. One method, called pyrometallurgy, involves smelting the black mass in a furnace powered with fossil fuels. It's a relatively cheap method but a lot of lithium, aluminium, graphite and manganese is lost in the process. Another method, hydrometallurgy, leaches the metals out of the black mass by dissolving it in acids and other solvents. This method, Harper says, would correspond to a shorter snake in the board game, because more material can be recovered: you fall back, but not by as many squares as when using pyrometallurgy. The process, however, consumes a lot of energy and produces toxic gases and wastewater.

Read more of this story at Slashdot.

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam:

As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company. After the mark is convinced, the scammer will have them get cash (sometimes out of investment or retirement accounts), and head to an ATM that sells cryptocurrencies and supports reading QR codes. Once the victim’s there, they’ll scan a QR code that the scammer sent them, which will tell the machine to send any crypto purchased to the scammer’s address. Just like that, the victim loses their money, and the scammer has successfully exploited them.

[…]

The “upgrade” (as it were) for scammers with the crypto ATM method is two-fold: it can be less friction than sending a wire transfer, and at the end the scammer has cryptocurrency instead of fiat. With wire transfers, you have to fill out a form, and you may give that form to an actual person (who could potentially vibe check you). Using the ATM method, there’s less time to reflect on the fact that you’re about to send money to a stranger. And, if you’re a criminal trying to get your hands on Bitcoin, you won’t have to teach your targets how to buy coins on the internet and transfer them to another wallet — they probably already know how to use an ATM and scan a QR code.

The topography that is emerging on the Lightning Network seems to be mimicking many things we find in nature.

The below is a direct excerpt of Marty's Bent Issue #1109: "A neural network is developing between Lightning Nodes." Sign up for the newsletter here.

Above is a visualization of the current Lightning Network topography made up of ~16,000 Lightning Nodes with ~140,000 payment channels opened between them. I don't know if I'm simply being duped by some visualization magic, but I can't help but think that we are all witnessing the emergence of something massive. Something that will have a profound effect on humanity that we can't quite comprehend yet. The topography that is emerging on the Lightning Network seems to be mimicking many things we find in nature as long time Bitcoin Core maintainer Wladimir van der Laan points out below.

I can't quite articulate it and I don't really have any concrete metrics to highlight, but this seems to be the way in which we would want the network topography to emerge; in a grassroots way that mimics the way complex systems of all different sizes tend to emerge in nature. Things like rivers, mycelium, neural pathways, and the cosmos. Again, there's nothing really concrete I can point to to explain what I believe is happening. It's more of an intuitive feeling that makes me believe we are on the right path.

Pulling on that thread, I also have a feeling we are at the precipice of an inflection point when it comes to Lightning Network adoption and innovation. Obviously there has been much progress made and the network is being stress tested with merchant adoption in El Salvador, but it feels as if we are approaching a moment where more and more builders are going to begin coming off the sidelines to bring new products to market that leverage Lightning. I could be wrong, it's simply a feeling I have and my feelings may be a bit biased. We shall see.

There is still much work to be done in regards to improving the security and privacy of the network for its users. I believe these areas will see significant improvement as well over the course of the next two to three years.

Reason's December special issue marks the 30th anniversary of the collapse of the Soviet Union. This story is part of our exploration of the global legacy of that evil empire, and our effort to be certain that the dire consequences of communism are not forgotten.

If the Soviet Union was notoriously incapable of producing blue jeans, smokeable cigarettes, and durable cars in the numbers its citizens craved, it was unrivaled at producing world-class chess grandmasters. From the end of World War II until the Evil Empire dissolved in 1991, all but one world champion—the American Bobby Fischer, who claimed the title in 1972 from one Soviet and surrendered it to another in 1975 when he refused to defend his crown—represented the USSR.

None was better than Garry Kasparov, who became world champion in 1985 at the tender, record-setting age of 22 and held the title until 2000. Widely considered the greatest chess player in modern history, he held the global top ranking for a total of 255 months between 1984 and his retirement in 2005.

Yet Kasparov was never a pliant supporter of the system that produced him—far from it. Born in 1963 to parents who were Jewish and Armenian, two minorities regarded as suspect, and raised in the relatively provincial city of Baku, Azerbaijan, he grew up feeling alienated from the Soviet Union's cultural and political centers in St. Petersburg and Moscow. Because of his chess prowess—which he emphasizes was greatly nurtured by the same government that immiserated and imprisoned so many of his countrymen—he was able to travel abroad for competitions, and he describes youthful trips to France and Germany as nothing short of revelatory. The casual "abundance" of what used to be called "the free world" "just felt different," he says. "I could immediately see the quality of life….It was different and it was more natural." Beyond the Iron Curtain, he encountered the anti-communist works of George Orwell and was able to read exiled dissident Alexander Solzhenitsyn's suppressed indictments of totalitarianism.

Kasparov joined the Communist Party of the Soviet Union in 1984 but was critical of the regime during that decade. In 1990, he joined the Democratic Party of Russia and became increasingly outspoken in favor of human rights, representative democracy, and limited government. In post-Soviet Russia, he used his celebrity and influence to spearhead attempts to build civil society and conduct fair elections, emerging as a leading critic of Russian leader Vladimir Putin. He aborted a run for president in 2007 only after authorities made it impossible for his followers to meet. By the early 2010s, he had been arrested for participating in unauthorized anti-government demonstrations and was widely believed to be the author of a popular petition demanding Putin's resignation. Today he resides in New York City and Croatia with his wife and two of his children; they cannot return to Russia for fear of persecution.

Kasparov continues to lobby for freedom, in the former Soviet Union and beyond. Since 2011, he has served as the chairman of the Human Rights Foundation, an organization that focuses on reform in closed societies such as North Korea, Venezuela, Iran, Saudi Arabia, and several former Soviet republics.

In September, Reason's Nick Gillespie spoke with the chess grandmaster in New York about what it was like to be the beneficiary of a catastrophically failed Soviet system and what lessons the world—especially American democratic socialists—should remember three decades after its collapse.

Yesterday I wrote about a Vancouver store offering plastic bags with embarrassing messages on them to encourage customers to use their own bags for their groceries. Under new laws that took effect on June 1, stores in the city must stop offering paper/plastic bags or charge for them.

NPR’s Planet Money team pulled some research together that suggests that banning plastic bags might do more harm than good (at least in the short term).

Taylor found these bag bans did what they were supposed to: People in the cities with the bans used fewer plastic bags, which led to about 40 million fewer pounds of plastic trash per year. But people who used to reuse their shopping bags for other purposes, like picking up dog poop or lining trash bins, still needed bags. “What I found was that sales of garbage bags actually skyrocketed after plastic grocery bags were banned,” she says. This was particularly the case for small, 4-gallon bags, which saw a 120 percent increase in sales after bans went into effect.

Trash bags are thick and use more plastic than typical shopping bags. “So about 30 percent of the plastic that was eliminated by the ban comes back in the form of thicker garbage bags,” Taylor says. On top of that, cities that banned plastic bags saw a surge in the use of paper bags, which she estimates resulted in about 80 million pounds of extra paper trash per year.

The waste issue is better, but paper bag production increases carbon emissions. And tote bags, particularly those made from cotton, aren’t great either.

The Danish government recently did a study that took into account environmental impacts beyond simply greenhouse gas emissions, including water use, damage to ecosystems and air pollution. These factors make cloth bags even worse. They estimate you would have to use an organic cotton bag 20,000 times more than a plastic grocery bag to make using it better for the environment.

Tags: economics   global warming   recycling

“Was Google’s decision to kill Google Reader actually the key turning point in the destruction of western civilization? Kills the decentralized web, gives rise to Twitter and Facebook becoming the algorithmic overlords. Maybe…”

- Vinay Gupta

America's Federal Bureau of Investigation "refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer," reports the Washington Post, "even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials." The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs. But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared. The planned takedown never occurred because in mid-July REvil's platform went offline — without U.S. government intervention — and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials... The FBI finally shared the key with Kaseya, the IT company whose software was infected with malware, on July 21 — 19 days after it was hit. Kaseya asked New Zealand-based security firm Emsisoft to create a fresh decryption tool, which Kaseya released the following day. By then, it was too late for some victims... On Tuesday, FBI Director Christopher A. Wray, testifying before Congress, indicated the delay stemmed in part from working jointly with allies and other agencies. "We make the decisions as a group, not unilaterally," he said, noting that he had to constrain his remarks because the investigation was ongoing... He also suggested that "testing and validating" the decryption key contributed to the delay. "There's a lot of engineering that's required to develop a tool" that can be used by victims, he said at a Senate Homeland Security Committee hearing. Emsisoft, however, was able to act quickly. It extracted the key from what the FBI provided Kaseya, created a new decryptor and tested it — all within 10 minutes, according to Fabian Wosar, Emsisoft chief technology officer. The process was speedy because the firm was familiar with REvil's ransomware. "If we had to go from scratch," Wosar said, "it would have taken about four hours."

Read more of this story at Slashdot.

Scientists have used a new form of hardened wood to create a steak knife that is nearly three times sharper than a stainless steel dinner table knife. It can even be washed in the dishwasher! New Atlas reports: This hardy new form of wood is the handiwork of scientists at the University of Maryland, who set out to supercharge the material's natural strength, which lies in the cellulose packed inside. Cellulose is the primary component of wood, accounting for 40 to 50 percent of the material, and itself has a higher strength-to-density ratio than many engineered materials, including ceramics, metals and polymers. But the remainder of wood, made up of the binding materials hemicellulose and lignin, dilutes its overall strength and limits its applications. The authors of the study set out remove these weaker parts of the wood while preserving the cellulose structures. "It's a two-step process," says senior author Teng Li. "In the first step, we partially delignify wood. Typically, wood is very rigid, but after removal of the lignin, it becomes soft, flexible, and somewhat squishy. In the second step, we do a hot press by applying pressure and heat to the chemically processed wood to densify and remove the water." The hardened wood was then carved into a knife and coated in mineral oil, which counters the natural tendency of cellulose to absorb water, extending the lifespan of the material, preserving the blade's sharpness and making it dishwasher safe. According to the team, the hard wood knife is almost three times sharper than a stainless steel dinner table knife and is 23 times times harder than natural wood. It was used to cut through a medium-well done steak with ease. The team was also able to produce nails using the new hard wood. Not only were they rust-resistant but they were just as sharp as regular steel nails. The research was published in the journal Matter.

Read more of this story at Slashdot.

In an important article in the October issue of The Atlantic titled "The New Puritans," Anne Applebaum takes eloquent aim at a growing illiberalism that has colonized large parts of civil society. It is dominated, Applebaum argues, by an arbitrary censoriousness, "ritualized apologies," and "public sacrifices." The ugly scenes it gives rise to are not recognizably American and do not belong in a truly free state or society. As Applebaum demonstrates, more and more cultural and civic institutions are succumbing to self-enslavement, paying obeisance to the angry mob and to an ideological...

I was in Enschede today for a conference, and had dinner in ‘Foodies’ right across the square from the railway station. I had planned it differently, but my used-to-be-favourite watering hole didn’t have the Grolsch fall bokbier I wanted, and my fav ‘for old times sake’ mutton shoarma restaurant had closed down because of the pandemic. I walked back towards the station and ended up in Foodies. Here there used to be La Cucina, previously La Cuisine in a different spot, which was E’s and my favourite restaurant in Enschede for many years. After they went out of business something else took over, and now it’s called Foodies. Good beers on tap, and some good wines, it turned out today. The food is nice enough, well above pub grub and at very reasonable prices (I think they should want to charge more for dishes and up their game), and as they are near the railway station you can eat there and never miss your connection.

The real story however is about the current proprietor. He used to be a student at the Leeuwarden hospitality management school. He was supposed to do an internship, but as everything was locked down due to the pandemic there was no internship to be had. Instead he decided to open up his own pub and restaurant, and with the help of his parents chose Foodies. His mom served me my drinks, temporarily she hoped/thought, and he ran the place, chatted with customers while serving. Becoming a restaurant owner is his internship.

I admire his entrepreneurial guts, and wish him well, a lot. He definitely succeeded in making the large venue look and feel cosy, something our fav restaurateurs of old never quite succeeded in in the same spot. I will return to Foodies on my next Enschede visit.

Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.

I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. We seem to have to do this every decade or so.) In our paper, we examine both the efficacy of such a system and its potential security failures, and conclude that it’s a really bad idea.

We had been working on the paper well before Apple’s announcement. And while we do talk about Apple’s system, our focus is really on the idea in general.

Ross Anderson wrote a blog post on the paper. (It’s always great when Ross writes something. It means I don’t have to.) So did Susan Landau. And there’s press coverage in the New York Times, the Guardian, Computer Weekly, the Financial Times, Forbes, El Pais (English translation), NRK (English translation), and — this is the best article of them all — the Register. See also this analysis of the law and politics of client-side scanning from last year.

The official Wizard of New Zealand, perhaps the only state-appointed wizard in the world, has been cast from the public payroll, spelling the end to a 23-year legacy. From a report: The Wizard, whose real name is Ian Brackenbury Channell, 88, had been contracted to Christchurch city council for the past two decades to promote the city through "acts of wizardry and other wizard-like services," at a cost of $16,000 a year. He has been paid a total of $368,000. The Wizard, who was born in England, began performing acts of wizardry and entertainment in public spaces shortly after arriving in New Zealand in 1976. When the council originally tried to stop him, the public protested. In 1982, the New Zealand Art Gallery Directors Association said he had become a living work of art, and then, in 1990, the prime minister at the time, Mike Moore, asked that he consider becoming the Wizard of New Zealand. "I am concerned that your wizardry is not at the disposal of the entire nation," Moore wrote on his official letterhead.

Read more of this story at Slashdot.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table. It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

Read more of this story at Slashdot.

An anonymous reader quotes a report from ScienceAlert: At some point in life, you have probably enjoyed a 'flow' state -- when you're so intensely focused on a task or activity, you experience a strong sense of control, a reduced awareness of your environment and yourself, and a minimized sense of the passing of time. It's also possible to experience 'team flow,' such as when playing music together, competing in a sports team, or perhaps gaming. In such a state, we seem to have an intuitive understanding with others as we jointly complete the task at hand. An international team of neuroscientists now thinks they have uncovered the neural states unique to team flow, and it appears that these differ both from the flow states we experience as individuals, and from the neural states typically associated with social interaction. Researchers found increased beta and gamma brain wave activity in the left middle temporal cortex. This region of the brain is typically associated with information integration and key functions like attention, memory, and awareness, which are "consistent with higher team interactions and enhancing many flow dimensions," the team writes. However, what was unique about team flow, was that participants' neural activity appeared to synchronize. When participants were performing the task as a unit, their brains would mutually align in their neural oscillations (beta and gamma activity), creating a "hyper-cognitive state between the team members." If brains can be functionally connected through inter-brain synchrony, does this mean it is not only our brain that contributes to our consciousness? It's a curious question, but the authors warn it is much too soon to tell. "Based on our findings, we cannot conclude that the high value of integrated information correlates with a modified form of consciousness, for instance, 'team consciousness'," they write. "Its consistency with neural synchrony raises intriguing and empirical questions related to inter-brain synchrony and information integration and altered state of consciousness." The study was published in the journal eNeuro.

Read more of this story at Slashdot.

University students in courses from engineering to physics are having to be taught what files and folders are, The Verge reports, because that's not how they've grown up using computers. Whenever they need a file, they just search for it. PCGamer summarizes the findings: "I tend to think an item lives in a particular folder. It lives in one place, and I have to go to that folder to find it," astrophysicist Catherine Garland said. "They see it like one bucket, and everything's in the bucket." Strange as it may seem to older generations of computer users who grew up maintaining an elaborate collection of nested subfolders, thanks to powerful search functions now being the default in operating systems, as well as the way phones and tablets obfuscate their file structure, and cloud storage, high school graduates don't see their hard drives the same way. "Students have had these computers in my lab; they'll have a thousand files on their desktop completely unorganized," Peter Plavchan, an associate professor of physics and astronomy at George Mason University, told The Verge. "I'm kind of an obsessive organizer ... but they have no problem having 1,000 files in the same directory. And I think that is fundamentally because of a shift in how we access files." As The Verge points out, "The first internet search engines were used around 1990, but features like Windows Search and Spotlight on macOS are both products of the early 2000s [...] While many of today's professors grew up without search functions on their phones and computers, today's students increasingly don't remember a world without them." This isn't necessarily a bad thing, or a reason to recoil in horror because how dare the youth of today do things differently, why the very idea. "When I was a student, I'm sure there was a professor that said, 'Oh my god, I don't understand how this person doesn't know how to solder a chip on a motherboard,'" Plavachan said. "This kind of generational issue has always been around." And Garland, the astrophysicist teaching an engineering course, has started using her PC's search function to find files in the same way her students do. "I'm like, huh ... I don't even need these subfolders," she said.

Read more of this story at Slashdot.

Companies of all shapes and sizes have run into many challenges regarding keeping their employees efficient and happy; the transition to virtual education and training over the past 18 months caught many off guard.

The Microsoft Forms team was excited to release Polls in Microsoft Teams meetings in November of 2020 to address some of these challenges. This allows meeting organizers to educate their attendees with engaging insight using polls.

Here we’ll share tips on ‘4’ distinct types of polls in Microsoft Teams. The end goal is to better assess meeting participation, membership information retention, overall focus of attendees in your meetings, and the openness of traditional in-person human interaction.

Microsoft Teams – Using Polls for Better Engagement in Teams Meetings

Always of the ‘work-in-progress’ mindset, Microsoft has heard your questions regarding employee engagement, effective information presentation, and education. It’s relatively straightforward in a conference room or huddle space to exhibit and absorb that ‘human’ interaction, but the ‘virtual reality’ of hybrid workplaces adds a layer of ambiguity about how effective meetings and their purposes can be.

Goal #1: Engage your audience early

Task: Poll attendees at the beginning of your meeting to reduce psychological distance and set expectations

How can we help attendees feel included in the meeting?

1. Ask a multiple-choice icebreaker question. Today, Polls in Teams meetings often automatically suggests such questions as you prepare for your polls.

2. Collect questions they have for a class or training session. Using a Word Cloud poll is an excellent way to allow for free expression.

3. Ask a multiple-choice knowledge check question related to the information about to be presented.

4. Setting expectations at the start of the meeting can also encourage engagement. You could add a Word Cloud poll question like, “What are you hoping to get out of today’s tutorial session?”

Goal #2: Help your audience reset and re-focus

Task: Poll attendees during your meeting to recapture wandering attention

Getting distracted can be very easy. Especially when working from home…you have your work browser tabs, your personal browser tabs, you have your children asking for just one more cookie, etc. Studies have shown that adults’ attention spans last around 20-30 minutes. Long class or training sessions could lead attendees to drop their concentration and fire up that Xbox Series X!

To help your attendees regain their focus on the topic at hand:

1. Ask a fun question, allowing them to ‘come back to the room.’
2. Check the status of your meeting attendees – ask them what they’ve learned and retained thus far.

Goal #3: Evaluate audience understanding of meeting content and encourage engagement

Poll attendees during the meeting for a quick knowledge check

During this meeting, keep in the mind the value of instant feedback. Immediate evaluation can enhance one’s sense of order and state of concentration. Use this to your advantage and launch a quick knowledge-check poll based on the information you’ve already covered. This will encourage attendees to stay engaged. Plus, you can always offer a dollar or two incentives for correct answers! ;)

Goal #4: Provide your audience with a sense of belonging and encourage future engagement

Task: At the end of your meeting, poll attendees by asking for honest feedback

Keeping that mantra of audience participation and worth/value throughout the meeting time, it would behoove you to present a poll at the closing of your meeting. You’re signaling how you want to include your meeting participants’ perspectives. This will likely give your attendees a sense of worth and enthusiasm for future meetings.

Multiple Choice Polls are a quick win – “On a scale from 1 – 5, how useful was the content presented in this meeting? On a scale of 1-5, how satisfied are you with today’s presenter? You need to make a choice here – Kirk or Picard?”

You can also use Word Cloud Polls to ask more open questions like, “What questions do you still have, or feel weren’t addressed in today’s meeting?”

Next Steps with Microsoft Teams Polls

We hope that these four tips, presented around the four goals to engage and assess your audience, provide guidance on the advantage of polls throughout the learning aspects of your organization. If you want to learn more about how to use Microsoft Forms (Polls) in Teams meetings, please visit this support page.

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.

In a bid to minimize these scenarios, a growing number of major companies are adopting “Security.txt,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.

The idea behind Security.txt is straightforward: The organization places a file called security.txt in a predictable place — such as example.com/security.txt, or example.com/.well-known/security.txt. What’s in the security.txt file varies somewhat, but most include links to information about the entity’s vulnerability disclosure policies and a contact email address.

The security.txt file made available by USAA, for example, includes links to its bug bounty program; an email address for disclosing security related matters; its public encryption key and vulnerability disclosure policy; and even a link to a page where USAA thanks researchers who have reported important cybersecurity issues.

Other security.txt disclosures are less verbose, as in the case of HCA Healthcare, which lists a contact email address, and a link to HCA’s “responsible disclosure” policies. Like USAA and many other organizations that have published security.txt files, HCA Healthcare also includes a link to information about IT security job openings at the company.

Having a security.txt file can make it easier for organizations to respond to active security threats. For example, just this morning a trusted source forwarded me the VPN credentials for a major clothing retailer that were stolen by malware and made available to cybercriminals. Finding no security.txt file at the retailer’s site using gotsecuritytxt.com (which checks a domain for the presence of this contact file), KrebsonSecurity sent an alert to its “security@” email address for the retailer’s domain.

Many organizations have long unofficially used (if not advertised) the email address security@[companydomain] to accept reports about security incidents or vulnerabilities. Perhaps this particular retailer also did so at one point, however my message was returned with a note saying the email had been blocked. KrebsOnSecurity also sent a message to the retailer’s chief information officer (CIO) — the only person in a C-level position at the retailer who was in my immediate LinkedIn network. I still have no idea if anyone has read it.

Although security.txt is not yet an official Internet standard as approved by the Internet Engineering Task Force (IETF), its basic principles have so far been adopted by at least eight percent of the Fortune 100 companies. According to a review of the domain names for the latest Fortune 100 firms via gotsecuritytxt.com, those include Alphabet, Amazon, Facebook, HCA Healthcare, Kroger, Procter & Gamble, USAA and Walmart.

There may be another good reason for consolidating security contact and vulnerability reporting information in one, predictable place. Alex Holden, founder of the Milwaukee-based consulting firm Hold Security, said it’s not uncommon for malicious hackers to experience problems getting the attention of the proper people within the very same organization they have just hacked.

“In cases of ransom, the bad guys try to contact the company with their demands,” Holden said. “You have no idea how often their messages get caught in filters, get deleted, blocked or ignored.”

GET READY TO BE DELUGED

So if security.txt is so great, why haven’t more organizations adopted it yet? It seems that setting up a security.txt file tends to invite a rather high volume of spam. Most of these junk emails come from self-appointed penetration testers who — without any invitation to do so — run automated vulnerability discovery tools and then submit the resulting reports in hopes of securing a consulting engagement or a bug bounty fee.

This dynamic was a major topic of discussion in these Hacker News threads on security.txt, wherein a number of readers related their experience of being so flooded with low-quality vulnerability scan reports that it became difficult to spot the reports truly worth pursuing further.

Edwin “EdOverflow” Foudil, the co-author of the proposed notification standard, acknowledged that junk reports are a major downside for organizations that offer up a security.txt file.

“This is actually stated in the specification itself, and it’s incredibly important to highlight that organizations that implement this are going to get flooded,” Foudil told KrebsOnSecurity. “One reason bug bounty programs succeed is that they are basically a glorified spam filter. But regardless of what approach you use, you’re going to get inundated with these crappy, sub-par reports.”

Often these sub-par vulnerability reports come from individuals who have scanned the entire Internet for one or two security vulnerabilities, and then attempted to contact all vulnerable organizations at once in some semi-automated fashion. Happily, Foudil said, many of these nuisance reports can be ignored or grouped by creating filters that look for messages containing keywords commonly found in automated vulnerability scans.

Foudil said despite the spam challenges, he’s heard tremendous feedback from a number of universities that have implemented security.txt.

“It’s been an incredible success with universities, which tend to have lots of older, legacy systems,” he said. “In that context, we’ve seen a ton of valuable reports.”

Foudil says he’s delighted that eight of the Fortune 100 firms have already implemented security.txt, even though it has not yet been approved as an IETF standard. When and if security.txt is approved, he hopes to spend more time promoting its benefits.

“I’m not trying to make money off this thing, which came about after chatting with quite a few people at DEFCON [the annual security conference in Las Vegas] who were struggling to report security issues to vendors,” Foudil said. “The main reason I don’t go out of my way to promote it now is because it’s not yet an official standard.”

Has your organization considered or implemented security.txt? Why or why not? Sound off in the comments below.

Users can display images as usual, but neither attackers nor tech platforms can see them

-- Read more on ScientificAmerican.com