ffkom writes: Modern x86 and ARM CPUs translate opcodes into ops, which are usually stored in a cache of their own for later re-use. Researchers from the university of Virginia have found a way to exploit this for side-channel attacks, where malicious code exfiltrates information from other processes or virtual machines based on measurable characteristics of the op-cache state, which they describe in their scientific paper.. This side-channel attack evades all previous fixes for SPECTRE-like attacks, and poses yet another difficult-to-address risk to all software that runs on CPUs that are used by possibly malicious code at the same time -- like code running on other people's computers ("the cloud") or code running on CPUs that at the same time run "sandboxes" with code from some untrusted sources on the Internet.

wiredmikey shares a report from SecurityWeek: Security researchers have shown how a Tesla -- and possibly other cars -- can be hacked remotely without any user interaction from a drone. This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models. "Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan," the report notes. Since the ConnMan component is widely used in the automotive industry, similar attacks could be launched against other vehicles.

Developer dekuNukem has detailed a methodology for refilling the DRM-protected detergent cassettes for a $486 portable dishwasher called Bob. Gizmodo reports: Bob is basically a small dishwasher that sits on your counter. It holds half a dozen dishes and some silverware, and you add water to the system by hand. It looks like a great alternative to a larger installed dishwasher or something nice for an apartment dweller. But it has a secret bit of DRM built in that keeps you wedded to the company's products. The Bob uses cassettes, called Rock and Pop (LOL!), that contain concentrated detergent and rinse liquids. The cassettes are similar to inkjet cartridges in that they store a small amount of information on a built-in chip -- in this case, a simple I2C EEPROM that can store a small amount of information. This chip stores the number of washes and will "cancel" a cassette when it's technically empty. The machine will then order new cassettes automatically. To Bob's credit, you can use your own detergent, but it isn't easy. And the cassettes aren't cheap.

"With shipping and VAT added, it costs a whopping $60 for 90 washes! That is 48p (67c) per wash. It might not sound like much, but it quickly adds up," wrote dekuNukem. "Over a year of daily washes, it would have cost $242 in Bob cassettes alone! Imagine paying that much recurring cost for a dishwasher!"

Using an EEPROM reader, they were able to pull the data from the cassette and even modify it, resulting in a simple system to reset the cartridges back to their original wash counts or, in one case, forcing the cassette to run about 70 more washes than originally advertised. Once dekuNukem figured out the coding mechanism, they had to figure out a way to refill the cassettes. They searched the internet for concentrated detergent offerings and found one that matched the website description exactly. "Refilling it yourself is more than 60 times cheaper, resulting in a massive 98% cost saving compared to buying new!" they wrote. The plans are available on dekuNukem's Github. You can also purchase the Cassette Rewinder, a pre-soldered board that will automatically reset the cassette EEPROM, for $29.99.

Amid the hodgepodge of Verizon Media assets that Apollo Global Management is buying from Verizon -- Yahoo Finance, TechCrunch, advertising technology, Yahoo Fantasy -- there's one cash flow stream that will not die: AOL. From a report: The famed internet company that once bought Time Warner for $182 billion and used to make billions of dollars annually selling dial-up modem access, still has a monthly subscription service called AOL Advantage. In 2015, 2.1 million people were still using AOL's dial-up service. That revenue stream has dried up. The number of dial-up users is now "in the low thousands," according to a person familiar with the matter.

But AOL still has a fairly lucrative base of customers who pay for technical support and identity theft services each month. There are about 1.5 million monthly customers paying $9.99 or $14.99 per month for AOL Advantage, said another person, who asked not to be named because the information is private. If average revenue per user is $10 per month, conservatively, that's $180 million of annual revenue.

EBay is open to the possibility of accepting cryptocurrency as a form of payment in the future and is looking at ways to get non-fungible tokens (NFTs) on its platform, the company said on Monday. Reuters reports: "We are always looking at the most relevant forms of payment and will continue to assess that going forward. We have no immediate plans, but it (cryptocurrency) is something we are keeping an eye on," eBay said in a statement to Reuters. In an interview with CNBC, Chief Executive Officer Jamie Iannone said that accepting virtual currency was an option the company was looking at.

EBay, which disappointed investors with a weak second-quarter profit forecast last week, said it was looking at a "number of ways" to get into the NFT space. NFTs, a type of digital asset that exists on a blockchain, have exploded in popularity this year, with NFT artworks selling for millions of dollars and musicians such as the Kings of Leon rock group embracing them for their latest album. "We're exploring opportunities on how we can enable it (NFTs) on eBay in an easy way," Iannone said on CNBC. "Everything that's collectible has been on eBay for decades and will continue to be for the next few decades."

AOL and Yahoo are being sold again, this time to a private equity firm. From a report: Wireless company Verizon will sell Verizon Media, which consists of the once-pioneering tech platforms, to Apollo Global Management in a $5 billion deal. Verizon said Monday that it will keep a 10% stake in the new company, which will be called Yahoo. Yahoo at the end of the last century was the face of the internet, preceding the behemoth tech platforms to follow, such as Google and Facebook. And AOL was the portal, bringing almost everyone who logged on during the internet's earliest days. Verizon spent about $9 billion buying AOL and Yahoo over two years starting in 2015, hoping to jump-start a digital media business that would compete with Google and Facebook.

Amazon CEO Jeff Bezos told U.S. lawmakers last year that the company has a policy prohibiting employees from using data on specific sellers to help boost its own sales. "I can't guarantee you that that policy has never been violated," he added. Now it's clear why he chose his words so carefully. POLITICO: An internal audit seen by POLITICO warned Amazon's senior leadership in 2015 that 4,700 of its workforce working on its own sales had unauthorized access to sensitive third-party seller data on the platform -- even identifying one case in which an employee used the access to improve sales. Since then, reports of employees using third-party seller information to bolster Amazon's own sales and evidence of lax IT access controls at the company suggest that efforts to fix the issue have been lackluster.

The revelations come as trustbusters worldwide are increasingly targeting Amazon, including over how it uses third-party seller data to boost its own offerings. The European Commission opened an investigation into precisely this issue in November 2020, with preliminary findings suggesting Amazon had breached EU competition law. "This is fuel for the suspicions I had," Dutch internet entrepreneur Peter Sorber said when told about the audit. Sorber sold children's clothes on Amazon, but 18 months after setting up his "Brandkids" store on the platform and entering the required sales data, his products disappeared from the search rankings. "You cannot ask a retailer to show his entire story with all sales statistics and then show that to your own purchasers. This is worse than not done. This is simply unfair competition," Sorber said.

"After more than 25 years of Canadian governments pursuing a hands-off approach to the online world, the government of Justin Trudeau is now pushing Bill C-10, a law that would see Canadians subjected to the most regulated internet in the free world," argues the Vancouver Sun (in an article shared by long-time Slashdot reader theshowmecanuck): Although pitched as a way to expand Canadian content provisions to the online sphere, the powers of Bill C-10 have expanded considerably in committee, including a provision introduced last week that could conceivably allow the federal government to order the deletion of any Facebook, YouTube, Instagram or Twitter upload made by a Canadian. In comments this week, NDP leader Jagmeet Singh indicated his party was open to providing the votes needed to pass C-10, seeing the bill as a means to combat online hate...

The users themselves may not necessarily be subject to direct CRTC regulation, but social media providers would have to answer to every post on their platforms as if it were a TV show or radio program. This might be a good time to mention that members of the current Liberal cabinet have openly flirted with empowering the federal government to control social media. In a September Tweet, Infrastructure Minister Catherine McKenna said that if social media companies "can't regulate yourselves, governments will." Guilbeault, the prime champion of Bill C-10, has spoken openly of a federal regulator that could order takedowns of any social media post that it deems to be hateful or propagandistic...

Basically, if your Canadian website isn't a text-only GeoCities blog from 1996, Bill C-10 thinks it's a program deserving of CRTC regulation. This covers news sites, podcasts, blogs, the websites of political parties or activist groups and even foreign websites that might be seen in Canada...

The penalties prescribed by Bill C-10 are substantial. For corporations, a first offence can yield penalties of up to $10 million, while subsequent offences could be up to $15 million apiece. If TikTok, Twitter, Facebook and YouTube are suddenly put in a situation where their millions of users must follow the same rules as a Canadian cable channel or radio station, it's not unreasonable to assume they may just follow Facebook's example [in Australia] and take the nuclear option.

This week the New York Times published their online investigation into the seamy world of the professional slander industry. (Alternate URL.)
At first glance, the websites appear amateurish. They have names like BadGirlReports.date, BustedCheaters.com and WorstHomeWrecker.com. Photos are badly cropped. Grammar and spelling are afterthoughts. They are clunky and text-heavy, as if they're intended to be read by machines, not humans. But do not underestimate their power...

One woman in Ohio was the subject of so many negative posts that Bing declared in bold at the top of her search results that she "is a liar and a cheater" — the same way it states that Barack Obama was the 44th president of the United States. For roughly 500 of the 6,000 people we searched for, Google suggested adding the phrase "cheater" to a search of their names. The unverified claims are on obscure, ridiculous-looking sites, but search engines give them a veneer of credibility. Posts from Cheaterboard.com appear in Google results alongside Facebook pages and LinkedIn profiles....

That would be bad enough for people whose reputations have been savaged. But the problem is all the worse because it's so hard to fix. And that is largely because of the secret, symbiotic relationship between those facilitating slander and those getting paid to remove it.
Who, exactly? The Times spoke to:

• Cyrus Sullivan, the Portland-based owner of one site who also runs a reputation-management service "to help people get 'undesirable information' about themselves removed from their search engine results. The 'gold package' cost $699.99. For those customers, Mr. Sullivan would alter the computer code underlying the offending posts, instructing search engines to ignore them...."

• 247Removal's owner Heidi Glosser, who "charges $750 or more per post removal, which adds up to thousands of dollars for most of her clients. To get posts removed, she said, she often pays an 'administrative fee' to the gripe site's webmaster. We asked her whether this was extortion. 'I can't really give you a direct answer,' she said." She appeared to have links to...

• Web developer Vikram Parmar, who seemed to be running several sites that produced slander while also simultaneously running sites that made money by removing that slander.

But finally, the Times reminded their readers that "in certain circumstances, Google will remove harmful content from individuals' search results, including links to 'sites with exploitative removal practices.' If a site charges to remove posts, you can ask Google not to list it.

"Google didn't advertise this policy widely, and few victims of online slander seem aware that it's an option. That's in part because when you Google ways to clean up your search results, Google's solution is buried under ads for reputation-management services..."

An anonymous reader quotes Inside.com's developer newsletter: GitHub is blocking Google's new third-party cookie tracking alternative, Federated Learning of Cohorts (FLoC), across all of GitHub Pages. Those GitHub Pages served from the github.io domain will now come with a Permissions-Policy: interest-cohort=() header set, although Pages sites with custom domains will not.

Several big names have also spoken out against the new alternative and implemented similar moves. WordPress is proposing automatically blocking FLoC by default on its websites, dubbing it a security risk. However, WordPress says it may add a setting that will enable admins to control whether FLoC is allowed.

Firefox, Brave, and Vivaldi have also issued similar moves...

One web developer recently published a guide showing others how to opt their site out of Google's FLoC Network. Developer Paramdeo Singh shows you how to ensure your web server doesn't participate in the network by adding a custom HTTP response header to web and proxy server configurations.

Last week came the news that Dan Kaminsky, security researcher (and popular speaker at security conferences), had passed away at the age of 42. In a half hour the DEF CON security convention will hold a special online memorial for Dan Kaminsky on Discord.

But interestingly, Kaminsky was also one of ICANN's "Trusted Community Representatives," part of a small community involved in a ceremonial root key generation, backup and signing process. (Since 2010 Kaminsky was one of the seven "Recovery Key Share Holders" entrusted with a fragment of a cryptographic key and reporting in for its annual inventory.)

So who will take Dan's place? Slashdot contacted ICANN's vice president of IANA Services, Kim Davies. His response? We maintain an open invitation for volunteers who believe they are qualified, and review those volunteers when a vacancy arises. The selection process is documented, but in essence means we try to maintain a balance of skills and geographic location so that in the aggregate the TCRs are diverse.

The selection is not in chronological order, and will not necessarily result in selecting someone who most matches Dan's attributes. Ultimately the replacement will be a volunteer that the evaluation panel feels best contrasts and complements the attributes of the remaining TCRs.
Davies also shared this remembrance of Dan Kaminsky: He played a critical role in the evolution of the DNS by bringing attention to the practical cache poisoning vulnerability he discovered. He was a greater collaborator who worked closely with us to rapidly address the issue in critical infrastructure, and then worked to promote technologies like DNSSEC that can mitigate it effectively in the long term. He really provided a significant catalyst that resulted in DNSSEC being put into widespread production in 2010.

His service as a Trusted Community Representative was just a part of his commitment to these issues, and while his work on the DNS is perhaps his most famous contribution, he has an amazing resume of accomplishments throughout his career.

Personally I found him a delight to work with and we are deeply mourning the loss.
Of course, there's another way to follow in Dan's footsteps. Long-time Slashdot reader destinyland writes: Jeff Moss, founder of DEF CON and Black Hat, has proposed nominating Kaminsky for the Internet Hall of Fame, or even creating a Kaminsky award to honor "the core ideals" of the security researcher. But there's another complementary direction to go in... Black Hat board member Matt Devost tweeted last weekend that, "No one that knew Dan Kaminsky well is talking about DNS today. They are talking about kindness, boundless energy and positivity, spontaneous adventures, and how hard he worked to lift others up. Want to emulate one of the greatest hackers of all time? Let that be your guide."

And last week a self-described hacker named Dr. Russ even tweeted, "In an effort to honor Dan Kaminsky's character and legacy, we should all make a random act of Kaminsky weekly. Make it a point to be kind and helpful to someone, friend or stranger. Legit helpful and kind, take it over the finish line. Be the persistent guide he was. Then do it again."

I propose we call that "pulling a Kaminsky."
Presumably in the way later generations in William Gibson's Count Zero talked of "pulling a Wilson...."

There was a big announcement this week from Mozilla. They've joined Fastly, Intel, and Microsoft "in announcing the incorporation and expansion of the Bytecode Alliance, a cross-industry partnership to advance a vision for fast, secure, and simplified software development based on WebAssembly." Building software today means grappling with a set of vexing trade-offs. If you want to build something big, it's not realistic to build each component from scratch. But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program.

Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains.

Mozilla helped create WebAssembly to allow the Web to grow beyond JavaScript and run more kinds of software at faster speeds. But as it matured, it became clear that WebAssembly's technical properties — particularly memory isolation — also had the potential to transform software development beyond the browser by resolving the tension described above. Several other organizations shared this view, and we came together to launch the Bytecode Alliance as an informal industry partnership in late 2019. As part of this launch, we articulated our shared vision and called for others to join us in bringing it to life... [W]e asked prospective members to be patient and, in parallel with ongoing technical efforts, worked to incorporate the Alliance as a formal 501(c)(6) organization. That process is now complete, and we're thrilled to welcome Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California at San Diego as official members of the Bytecode Alliance.

We have a real opportunity to change how software is built, and in doing so, enable small teams to build big things that are both secure and fast.

Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way. Mozilla believes that WebAssembly has the right technical ingredients to build a better, more secure Internet, and that the Bytecode Alliance has the vision and momentum to make it happen.

"Chromium-based web browser Opera is all set to fully integrate with blockchain domain name provider Unstoppable Domains," reports TechRadar, "in a bid to provide millions of its users with decentralized web access." Opera users will now be able to access decentralized websites hosted via the InterPlanetary File System (IPFS) using Unstoppable Domains' popular .crypto NFT addresses from the Opera browser. This will include platforms such as iOS, Android, Windows, Mac or Linux. Right now, Opera has over 320 million monthly active users across its offerings, following the addition of a crypto wallet to its browsers in 2019.

Unstoppable Domains was launched in 2018 and provides domain names to users with no renewal fees. Users of Unstoppable Domains are granted full ownership and control when they claim a domain because it is minted as an NFT on the Ethereum blockchain. Domain names such as .crypto replace complex wallet addresses for payments across over 40 cryptocurrency wallets and exchanges in addition to accessing the decentralized web through Opera.

Maciej Kocemba, Product Director at Opera said that the company believes in giving all people the ability to access the full web, regardless of the technology behind it.
The Opera product director was further quoted by Business Insider: "We have always supported web innovation, and the decentralized web or Web3 is the natural next wave. Making Unstoppable Domains accessible in the Opera browsers means our users can try blockchain technologies for themselves. Registering your .crypto domain, which is forever yours, is a great first step into Web3," the company's product director Maciej Kocemba said.

Opera is quickly becoming a leader in pushing for the adoption of Web 3.0, also often described as the decentralized web.

Florida is on track to be the first state in America to punish social media companies that ban politicians, reports NBC News, "under a bill approved Thursday by the state's Republican-led Legislature." Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill's passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations...

Suspensions of up to 14 days would still be allowed, and a service could remove individual posts that violate its terms of service. The state's elections commission would be empowered to fine a social media company $250,000 a day for statewide candidates and $25,000 a day for other candidates if a company's actions are found to violate the law, which also requires the companies to provide information about takedowns and apply rules consistently...

Florida Republican lawmakers have cited tech companies' wide influence over speech as a reason for the increased regulation. "What this bill is about is sending a loud message to Silicon Valley that they are not the absolute arbiters of truth," state Rep. John Snyder, a Republican from the Port St. Lucie area, said Wednesday... The Florida bill may offer Republicans in other states a road map for introducing laws that could eventually force social media companies and U.S. courts to confront questions about free speech on social media, including the questions raised by Thomas.

State Rep. Carlos Guillermo Smith, an Orlando area Democrat, said if Republicans want to stay on private services, they should follow the rules. "There's already a solution to deplatforming candidates on social media: Stop trafficking in conspiracy theories...."
NetChoice, a trade group for internet companies, argued the bill punishes platforms for removing harmful content, and that it would make it harder to block spam. But they also argued that the freedom of speech clause in the U.S. Constitution "makes clear that government may not regulate the speech of private individuals or businesses.

"This includes government action that compels speech by forcing a private social media platform to carry content that is against its policies or preferences."

Slashdot reader zantafio points out the bill specifies just five major tech companies — Google, Apple, Twitter, Facebook and Amazon.

And that the bill was also amended to specifically exempt Disney, Universal and any theme park owner that operates a search engine or information service.

Australian security software house Click Studios has told customers not to post emails sent by the company about its data breach, which allowed malicious hackers to push a malicious update to its flagship enterprise password manager Passwordstate to steal customer passwords. TechCrunch reports: Last week, the company told customers to "commence resetting all passwords" stored in its flagship password manager after the hackers pushed the malicious update to customers over a 28-hour window between April 20-22. The malicious update was designed to contact the attacker's servers to retrieve malware designed to steal and send the password manager's contents back to the attackers. In an email to customers, Click Studios did not say how the attackers compromised the password manager's update feature, but included a link to a security fix.

But news of the breach only became public after Danish cybersecurity firm CSIS Group published a blog post with details of the attack hours after Click Studios emailed its customers. Click Studios claims Passwordstate is used by "more than 29,000 customers," including in the Fortune 500, government, banking, defense and aerospace, and most major industries.

In an update on its website, Click Studios said in a Wednesday advisory that customers are "requested not to post Click Studios correspondence on Social Media." The email adds: "It is expected that the bad actor is actively monitoring Social Media, looking for information they can use to their advantage, for related attacks." "It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content," the company said. The report says Click Studios has remained extremely tightlipped about the situation. The company has refused to comment or respond to questions; it's also unclear if the company has disclosed the breach to U.S. and EU authorities, which require companies to disclose data breach incidents or face hefty fines.

Boris Johnson's personal mobile phone number has been freely available on the internet for the past 15 years, it has been revealed. The BBC reports: It was published in a think tank press release in 2006, but never deleted -- and appears to be the one the PM uses. Labour leader Sir Keir Starmer said it was "a serious situation [that] carries a security risk." But Chancellor Rishi Sunak said that, as far as he was aware, "all security protocols have been followed." It appears the number has been switched off but Downing Street still has not confirmed if the number will now be changed.

The think tank press release with the PM's number on it was related to Mr Johnson's then-job as a shadow higher education minister - and MP for Henley - and invited journalists to contact him for further comment. Two years later, he successfully stood to become mayor of London. Former national security adviser Lord Ricketts warned hostile states with "sophisticated cyber capabilities" or criminal gangs could now have access to Mr Johnson's digits. The crossbench peer also told BBC Radio 4's Today program that he would have thought changing your mobile number when becoming PM would be an "elementary security precaution these days."

Trade groups representing AT&T, Verizon and other telecom companies are opening fire on a new law requiring them to provide discounted internet service to low-income households in New York. From a report: New York's first-in-the-nation law could be adopted by other states at a time when the White House has signaled it wants to reduce broadband prices for all Americans. Driving the news: Trade associations USTelecom, CTIA, the New York State Telecommunications Association and others representing smaller companies filed a lawsuit Friday against New York's new law requiring providers in the state to offer broadband service for $15 a month to low-income households. New York estimates that 7 million people in 2.7 million households will qualify for the discounted service. "This program -- the first of its kind in the nation -- will ensure that no New Yorker will have to forego having reliable home internet service and no child's education will have to suffer due to their economic situation," Governor Andrew Cuomo said in a statement when he signed the legislation in April.

Hmmmmmm shares a report from The Guardian: The French government is planning to harden counter-terrorism laws, permitting the use of algorithms to detect online extremist activity, amid a growing political row over security in the run up to next year's presidential race. The interior minister, Gerald Darmanin, said attackers were now "isolated individuals, increasingly younger, unknown to intelligence services, and often without any links to established Islamist groups." This was a growing problem for France because they self-radicalized very quickly, within days or weeks. These attackers no longer used text messages or mobile phones to communicate but instead went online or used social media direct messaging, he said. Darmanin said algorithms would allow the state to potentially pick up if a person was repeatedly searching online for a topic such as beheadings. He argued that Google and other online commercial sites already used algorithms and the state should be able to as well, with independent oversight -- despite concern from some rights lawyers that there would not be enough transparency.

"The last nine attacks on French soil were committed by individuals who were unknown to the security services, who were not on a watchlist and were not suspected of being radicalised," Darmanin told France Inter radio. This meant new methods were needed, he said, adding that of 35 attacks prevented by the state since 2017, two were stopped by intelligence work online. Since 2017, French security agencies have been able to use algorithms to monitor messaging apps. The new bill would make that experimental use permanent and extend the use of algorithms to websites and web searches. The legislation makes permanent several temporary measures in use since France's state of emergency after the Islamist terrorist attacks in 2015. It would give security agencies more power to watch over and limit the movements of high-risk individuals after release from jail, for two years rather than one.

According to Bloomberg, Verizon is considering selling AOL and Yahoo -- two once high-flying dot-com brands it purchased in 2015 and 2017, respectively. Bloomberg reports: Verizon Media could fetch as much as $5 billion [...]. The company is talking to Apollo Global Management about a deal, they said. It couldn't immediately be learned how a deal would be structured or if other suitors may emerge. No final decision has been made and Verizon could opt to keep the unit. The move comes as Verizon divests tertiary media assets while ramping up its focus on its wireless business and the the rollout of its 5G service. Last year, it agreed to sell the HuffPost online news service to BuzzFeed Inc. and it unloaded the blogging platform Tumblr in 2019. This divestiture would mark Verizon's final retreat from an expensive foray into online advertising, a strategy that never really took off.

schwit1 shares a report from Threatpost: Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of "obstructing operations carried out relative to COVID-19 under the Emergency Management Act," the South Australia Police said in a statement announcing the arrest. His arrest may just be a drop in the bucket: Reports of other anti-vax campaigners doing the same thing abound. Law enforcement added an additional warning to would-be QR code scammers: "Any person found to be tampering or obstructing with business QR codes will likely face arrest and court penalty of up to $10,000." The police said no personal data was breached, but the incident highlights that truly all an attacker needs is a printer and a pack of Avery labels to do real damage.

In this case, the QR codes were being used by the South Australian government's official CovidSafe app to access a device's camera, scan the code and collect real-time location data to be used for contact tracing in case of a COVID-19 outbreak, ABC News Australia reported. That's a lot of personal data linked to a single QR code just waiting to be stolen. "In this instance, people who scanned the illegitimate QR code were redirected to a website distributing misinformation from the anti-vaxxer community," Bill Harrod, vice president of public sector at Ivanti, told Threatpost. "While this is concerning, the outcome could have been far more perilous."