Microsoft is adding a dedicated "Copilot" key to PC keyboards, adjusting the standard Windows layout for the first time since 1994. The key will open its AI assistant Copilot on Windows 10 and 11. On Copilot-enabled PCs, users can already invoke Copilot by pressing Windows+C. On other PCs, the key will open Search instead. ArsTechnica adds: A quick Microsoft demo video shows the Copilot key in between the cluster of arrow keys and the right Alt button, a place where many keyboards usually put a menu button, a right Ctrl key, another Windows key, or something similar. The exact positioning, and the key being replaced, may vary depending on the size and layout of the keyboard.

We asked Microsoft if a Copilot key would be required on OEM PCs going forward; the company told us that the key isn't mandatory now, but that it expects Copilot keys to be required on Windows 11 keyboards "over time." Microsoft often imposes some additional hardware requirements on major PC makers that sell Windows on their devices, beyond what is strictly necessary to run Windows itself.

An anonymous reader quotes a report from TechCrunch: Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch. "Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of all its customers. The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing. From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe's DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform. In other words, by hacking into only 14,000 customers' accounts, the hackers subsequently scraped personal data of another 6.9 million customers whose accounts were not directly hacked.

But in a letter sent to a group of hundreds of 23andMe users who are now suing the company, 23andMe said that "users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe." "Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures," the letter reads. [...] 23andMe's lawyers argued that the stolen data cannot be used to inflict monetary damage against the victims. "The information that was potentially accessed cannot be used for any harm. As explained in the October 6, 2023 blog post, the profile information that may have been accessed related to the DNA Relatives feature, which a customer creates and chooses to share with other users on 23andMe's platform. Such information would only be available if plaintiffs affirmatively elected to share this information with other users via the DNA Relatives feature. Additionally, the information that the unauthorized actor potentially obtained about plaintiffs could not have been used to cause pecuniary harm (it did not include their social security number, driver's license number, or any payment or financial information)," the letter read. "This finger pointing is nonsensical," said Zavareei. "23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing -- especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform."

"The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe's platform, not because they used recycled passwords," added Zavareei. "Of those millions, only a few thousand accounts were compromised due to credential stuffing. 23andMe's attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever."

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. From a report: Even though LastPass has repeatedly said that there is a 12-character master password requirement since 2018, users have had the ability to use a weaker one. "Historically, while a 12-character master password has been LastPass' default setting since 2018, customers still had the ability to forego the recommended default settings and choose to create a master password with fewer characters, if they wished to do so," LastPass said in a new announcement today.

LastPass has begun enforcing a 12-character master password requirement since April 2023 for new accounts or password resets, but older accounts could still use passwords with fewer than 12 characters. Starting this month, LastPass is now enforcing the 12-character master password requirement for all accounts. Furthermore, LastPass added that it will also start checking new or updated master passwords against a database of credentials previously leaked on the dark web to ensure that they don't match already compromised accounts.

Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. From a report: A zero-day exploit of Google account security was first teased by a cybercriminal known as "PRISMA" in October 2023, boasting that the technique could be used to log back into a victim's account even after the password is changed. It can also be used to generate new session tokens to regain access to victims' emails, cloud storage, and more as necessary. Since then, developers of infostealer malware -- primarily targeting Windows, it seems -- have steadily implemented the exploit in their code. The total number of known malware families that abuse the vulnerability stands at six, including Lumma and Rhadamanthys, while Eternity Stealer is also working on an update to release in the near future.

Eggheads at CloudSEK say they found the root of the exploit to be in the undocumented Google OAuth endpoint "MultiLogin." The exploit revolves around stealing victims' session tokens. That is to say, malware first infects a person's PC -- typically via a malicious spam or a dodgy download, etc -- and then scours the machine for, among other things, web browser session cookies that can be used to log into accounts.

Steam: As of January 1 2024, Steam has officially stopped supporting the Windows 7, Windows 8 and Windows 8.1 operating systems. After that date, existing Steam Client installations on these operating systems will no longer receive updates of any kind including security updates. Steam Support will be unable to offer users technical support for issues related to the old operating systems, and Steam will be unable to guarantee continued functionality of Steam on the unsupported operating system versions.

In order to ensure continued operation of Steam and any games or other products purchased through Steam, users should update to a more recent version of Windows. We expect the Steam client and games on these older operating systems to continue running for some time without updates after January 1st, 2024, but we are unable to guarantee continued functionality after that date. The Verge adds: 95.57 percent of surveyed Steam users are already on Windows 10 and 11, with nearly 2 percent of the remainder on Linux and 1.5 percent on Mac -- so we may be talking about fewer than 1 percent of users on these older Windows builds. Older versions of MacOS will also lose support on February 15th, just a month and a half from now.

"For several years, thousands more high-earning, well-educated workers have left California than have moved in," reports the Los Angeles Times: Even though California has experienced lopsided out-migration for decades, the financial blow has been cushioned by the kinds of people moving into the state: The newcomers were generally better educated and earned more money than those who left. Not now: That long-standing trend has reversed...

The reversal, largely in response to the state's high taxes and soaring cost of living, has begun to damage California's overall economy. And, by cutting into tax revenues, has delivered punishing blows to state and local governments. State budget analysts recently projected a record $68 billion deficit in the next fiscal year because of a 25% drop in personal income tax collection in 2023. Some city, county and other local taxing authorities, particularly in the San Francisco Bay Area, have also recorded revenue declines. With investors and high-income taxpayers receiving substantial compensation in the form of stocks, last year's sluggish stock market accounted for a major share of the decline in state income tax revenues. So did layoffs and financial weakness in the tech sector. But rising unemployment in the state and the growing flight of professionals, business operators and others making good salaries were also notable contributors. And those factors will be harder to reverse, at least in the foreseeable future.

"There's a price to pay for the movement of middle- and upper-income people and corporations," said Joel Kotkin, a fellow at Chapman University who has researched the flight from California and the resulting threat to the state's fiscal outlook. "People who are leaving are taking their tax dollars with them."

The accelerating exodus from California in recent years, of both companies and people, has been well documented. The pandemic-induced rise in remote work, inflated housing prices and changing social conditions have spurred more Californians to pull up stakes... Moody's Analytics economist Mark Zandi analyzed moves in and out of California for The Times using Equifax credit data, to zero in on the age of the movers. He found that since the pandemic in early 2020, California has lost residents in every age group, but by a significant margin the biggest net out-migration came from those 35 to 44 years old. "This is probably motivated by the severe housing affordability crisis in California," Zandi said. "It's all but impossible for them to become homeowners in the state."

Eric McGhee, a senior fellow at the Public Policy Institute of California, who has written about demographic trends in migration, thinks the increased loss of higher-educated Californians to other states in recent years can be traced in significant part to the rise of remote work since the pandemic. As more employers call workers back to the office, and the share of fully remote work appears to have settled at around 10% of all employees, McGhee expects the net out-migration from California to slow...

Even if the outflow of residents reverts to pre-pandemic levels, the broader economic climate doesn't bode well for the state's budget and economic outlook, at least in the immediate future. The U.S. economy is slowing, and California's economy is decelerating faster than the nation's, with the state's unemployment rate, most recently at 4.8%, already a full point higher than nationwide.
The article clarifies that "it's not just the sheer numbers of people who have left. What's different is that in each of the prior two years, more than 250,000 Californians with at least a bachelor's degree moved out, while an average of 175,000 college graduates from other states settled in California, according to an analysis of census data by William Frey, a demographer at the Brookings Institution. In prior periods over the last two decades, that balance was about even or slightly in California's favor."

And besides billionaires, "There's been a broader exodus of ordinary Californians in the upper-income spectrum as well. In the tax filing years 2020 and 2021, the average gross income of taxpayers who had moved from California to another state was about $137,000. That was up from $75,000 in 2015 and 2016, according to migration and personal income data from the Internal Revenue Service."

TechCrunch reports: Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi's government. Officials publicly doubted Apple's findings and announced a probe into device security.

India has never confirmed nor denied using the Pegasus tool, but nonprofit advocacy group Amnesty International reported Thursday that it found NSO Group's invasive spyware on the iPhones of prominent journalists in India, lending more credibility to Apple's early warnings. "Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Donncha Ã" Cearbhaill, head of Amnesty International's Security Lab, in the blog post.
Cloud security company Lookout has also published "an in-depth technical look" at Pegasus, calling its use "a targeted espionage attack being actively leveraged against an undetermined number of mobile users around the world." It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple's built-in messaging and email apps, and others. It steals the victim's contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device...

According to news reports, NSO Group sells weaponized software that targets mobile phones to governments and has been operating since 2010, according to its LinkedIn page. The Pegasus spyware has existed for a significant amount of time, and is advertised and sold for use on high-value targets for multiple purposes, including high-level espionage on iOS, Android, and Blackberry.
Thanks to Slashdodt reader Mirnotoriety for sharing the news.

"Remote-work numbers have dwindled over the past few years as employers issue return-to-office mandates," reports USA Today. "But will that continue in 2024?" The numbers started to slide after spring 2020, when more than 60% of days were worked from home, according to data from WFH Research, a scholarly data collection project. By 2023, that number had dropped to about 25% â' much lower than its peak but still a fivefold increase from 5% in 2019. But work-from-home numbers have held steady throughout most of 2023. And according to remote-work experts, they're expected to rebound in the years to come as companies adjust to work-from-home trends. "Return-to-office died in '23," said Nick Bloom, an economics professor at Stanford University and work-from-home expert. "There's a tombstone with 'RTO' on it...."

Though a number of companies issued return-to-work mandates this year, most are allowing employees to work from home at least part of the week. That makes 2024 the year for employers to figure out the hybrid model. "We're never going to go back to a five-days-in-the-office policy," said Stephan Meier, professor of business at Columbia University. "Some employers are going to force people to come back, but I think over the next year, more and more firms will actually figure out how to manage hybrid well." Thirty-eight percent of companies require full-time in-office work, down from 39% one quarter ago and 49% at the start of the year, according to software firm Scoop Technologies...

[Stanford economics professor] Bloom called remote-work numbers in 2023 "pancake-flat." Yes, large companies like Meta and Zoom made headlines by ordering workers back to the office. But, Bloom said, just as many other companies were quietly reducing office attendance to cut costs.
Bloom thinks holograms and VR devices are possible within five years. "In the long run, the thing that really matters is technology."

One paper estimates that currently 37% of America's jobs can be done entirely at home, according to the article, and ZipRecruiter's chief economist seems to agree, predicting as much as 33% America's work days will eventually be completed from home. "I think the numbers will gradually go up as this becomes more of an accepted norm as future generations grow up with it being so widely available, and as the technology for for doing it gets better."

And the article notes that the ZipRecruiter economist sees another factor fueling the trend. "Reluctant leaders aging out of the workforce will help, too, she said."

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. From a report: The attackers exploited the CVE-2021-43890 Windows AppX Installer spoofing vulnerability to circumvent security measures that would otherwise protect Windows users from malware, such as the Defender SmartScreen anti-phishing and anti-malware component and built-in browser alerts cautioning users against executable file downloads.

Microsoft says the threat actors use both malicious advertisements for popular software and Microsoft Teams phishing messages to push signed malicious MSIX application packages. "Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware," the company said.

LG just announced its latest 4K projector, the CineBeam Qube. It'll officially unveil the projector at CES 2024 in early January, but the company's giving curious consumers an early look. From a report: The CineBeam Qube has plenty of high-tech bells and whistles, but with a stylish design that LG calls "minimalist." There's also a handle that resembles a crank. Yeah this thing has an actual handle. The CineBeam Qube is built for portability. It's lightweight, at around three pounds, and the square form factor makes it easy to place just about anywhere. The 360-degree rotatable handle also helps with placement. LG's calling it "one of the smallest projectors available."

Of course, the most important part of any projector is, well, the projection. The Qube projects 4K UHD (3,840 x 2,160) resolution images that measure up to 120 inches. There's an RGB laser light source, a 450,000:1 contrast ratio and 154 percent coverage of the DCI-P3 color gamut. With these specs, that episode of Reacher will really pop. Speaking of streaming content, the projector runs on LG webOS 6.0 and offers access to all of the big streaming services, including Prime Video, Disney+, Netflix and YouTube.

Boeing instructed customer airlines to inspect their 787 Max jets for loose bolts, the Federal Aviation Administration (FAA) announced this week. From a report: The request comes after the manufacturer discovered two aircraft with missing bolts in the rudder control system, raising concerns about faults across all aircraft. "The issue identified on the particular airplane has been remedied," Boeing told CNN in a statement. "Out of an abundance of caution, we are recommending operators inspect their 737 Max airplanes and inform us of any findings." The inspection request entails a two-hour probe of the aircraft's safety-critical parts for each of the approximately 1,300 787 Max jets in service, the FAA said.

After falsified records for spare aircraft parts set off a frantic global search for suspect pieces, the aviation industry now faces another daunting task: adapting the archaic paperwork for 100 million components to the digital age. From a report: Since the middle of the year, maintenance shops and aerospace manufacturers have found thousands of engine parts with falsified records linked to a distributor called AOG Technics. Airlines from China to the US and Europe have had to pull planes from service and extract the dubious components, leaving jets grounded and racking up millions of dollars in costs.

The episode has prodded carriers and maintenance shops to bolster scrutiny of their vendors and the parts they receive. And it's given fresh weight to an ongoing push to digitize the paper-based records still prevalent in the industry to document the lifespan of every piece of an aircraft from the time that it's made to when it lands in a scrap heap. But any structural reforms to thwart would-be copycats of the scheme of which AOG is suspected are likely years away. The industry is accustomed to following standardized methods and only making fundamental changes after a detailed and often lengthy examination of potential safety risks -- and costs.

An anonymous reader quotes a report from SecurityWeek: Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. A statement said Monday's cyberattack had not "touched the data of the system," adding that experts were working to discover what consequences the attack could have. It said the system's services would resume at a later time. Local media reported that a cellphone provider and an air flight company were also targeted by Monday's cyberattacks, allegedly from Iranian-based hackers called Homeland Justice, which could not be verified independently.

Albania suffered a cyberattack in July 2022 that the government and multinational technology companies blamed on the Iranian Foreign Ministry. Believed to be in retaliation for Albania sheltering members of the Iranian opposition group Mujahedeen-e-Khalq, or MEK, the attack led the government to cut diplomatic relations with Iran two months later. The Iranian Foreign Ministry denied Tehran was behind an attack on Albanian government websites and noted that Iran has suffered cyberattacks from the MEK. In June, Albanian authorities raided a camp for exiled MEK members to seize computer devices allegedly linked to prohibited political activities. [...] In a statement sent later Tuesday to The Associated Press, MEK's media spokesperson Ali Safavi claimed the reported cyberattacks in Albania "are not related to the presence or activities" of MEK members in the country.

Google has indicated that it is ready to settle a class-action lawsuit filed in 2020 over its Chrome browser's Incognito mode. From a report: Arising in the Northern District of California, the lawsuit accused Google of continuing to "track, collect, and identify [users'] browsing data in real time" even when they had opened a new Incognito window. The lawsuit, filed by Florida resident William Byatt and California residents Chasom Brown and Maria Nguyen, accused Google of violating wiretap laws.

It also alleged that sites using Google Analytics or Ad Manager collected information from browsers in Incognito mode, including web page content, device data, and IP address. The plaintiffs also accused Google of taking Chrome users' private browsing activity and then associating it with their already-existing user profiles. Google initially attempted to have the lawsuit dismissed by pointing to the message displayed when users turned on Chrome's incognito mode. That warning tells users that their activity "might still be visible to websites you visit."

Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of. ArsTechnica: "The exploit's sophistication and the feature's obscurity suggest the attackers had advanced technical capabilities," Kaspersky researcher Boris Larin wrote in an email. "Our analysis hasn't revealed how they became aware of this feature, but we're exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering."

Other questions remain unanswered, wrote Larin, even after about 12 months of intensive investigation. Besides how the attackers learned of the hardware feature, the researchers still don't know what, precisely, its purpose is. Also unknown is if the feature is a native part of the iPhone or enabled by a third-party hardware component such as ARM's CoreSight. The mass backdooring campaign, which according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia, according to Russian government officials, came to light in June. Over a span of at least four years, Kaspersky said, the infections were delivered in iMessage texts that installed malware through a complex exploit chain without requiring the receiver to take any action. With that, the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. Although infections didn't survive a reboot, the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.

National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. TechCrunch: The private media conglomerate said in a legally required filing with Maine's attorney general that hackers stole personal information on 82,128 people during a December 2022 data breach. Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week.

According to Maine's notice, the company discovered the breach months later in August 2023, but did not say what specific personal information was taken. The data breach notice filed with Maine said that hackers also stole financial information, such as banking account numbers or credit card numbers in combination with associated security codes, passwords or secrets.

An anonymous reader writes: If you've ever performed a fresh reinstall of Windows 11, you'll know how long it takes and how much effort you need to make to get it started. Fortunately, Microsoft is taking note. As spotted in a recent update to the Windows 11 beta branch, the company is working on a way to reinstall your operating system through Windows Update, and no files are lost in the process.

The newest update to the Windows Insider beta branch has added a new feature titled "Fix Problems using Windows Update." The feature is still a work in progress, so it doesn't work as it should right now. However, if you're on the Windows 11 Insider beta branch, you can see the button for yourself on the Recovery page, among the Windows 11 backup settings.

Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. From a report: Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans. T-Mobile has proposed paying $1.3 billion to purchase the company. The company began notifying customers on December 22nd via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information.

"We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information," warns the Mint Mobile data breach notification. "Our investigation indicates that certain information associated with your account was impacted."

An anonymous reader shared this report from Fast Company: Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses [earlier this month]. The security council tells Fast Company it's also aware of recent intrusions by hackers linked to China's military at American infrastructure entities that include water and energy utilities in multiple states.

Neither the Iran-linked or China-linked attacks affected critical systems or caused disruptions, according to reports.

"We're seeing companies and critical services facing increased cyber threats from malicious criminals and countries," Anne Neuberger, the deputy national security advisor for cyber and emerging tech, tells Fast Company. The White House had been urging infrastructure providers to upgrade their cyber defenses before these recent hacks, but "clearly, by the most recent success of the criminal cyberattacks, more work needs to be done," she says... The attacks hit at least 11 different entities using Unitronics devices across the United States, which included six local water facilities, a pharmacy, an aquatics center, and a brewery...

Some of the compromised devices had been connected to the open internet with a default password of "1111," federal authorities say, making it easy for hackers to find them and gain access. Fixing that "doesn't cost any money," Neuberger says, "and those are the kinds of basic things that we really want companies urgently to do." But cybersecurity experts say these attacks point to a larger issue: the general vulnerability of the technology that powers physical infrastructure. Much of the hardware was developed before the internet and, though they were retrofitted with digital capabilities, still "have insufficient security controls," says Gary Perkins, chief information security officer at cybersecurity firm CISO Global. Additionally, many infrastructure facilities prioritize "operational ease of use rather than security," since many vendors often need to access the same equipment, says Andy Thompson, an offensive cybersecurity expert at CyberArk. But that can make the systems equally easy for attackers to exploit: freely available web tools allow anyone to generate lists of hardware connected to the public internet, like the Unitronics devices used by water companies.

"Not making critical infrastructure easily accessible via the internet should be standard practice," Thompson says.

An anonymous reader shared this report from Reuters: In February, a Canadian cybersecurity firm delivered an ominous forecast to the U.S. Department of Defense. America's secrets — actually, everybody's secrets — are now at risk of exposure, warned the team from Quantum Defen5e (QD5). QD5's executive vice president, Tilo Kunz, told officials from the Defense Information Systems Agency that possibly as soon as 2025, the world would arrive at what has been dubbed "Q-day," the day when quantum computers make current encryption methods useless. Machines vastly more powerful than today's fastest supercomputers would be capable of cracking the codes that protect virtually all modern communication, he told the agency, which is tasked with safeguarding the U.S. military's communications.

In the meantime, Kunz told the panel, a global effort to plunder data is underway so that intercepted messages can be decoded after Q-day in what he described as "harvest now, decrypt later" attacks, according to a recording of the session the agency later made public. Militaries would see their long-term plans and intelligence gathering exposed to enemies. Businesses could have their intellectual property swiped. People's health records would be laid bare... One challenge for the keepers of digital secrets is that whenever Q-day comes, quantum codebreakers are unlikely to announce their breakthrough. Instead, they're likely to keep quiet, so they can exploit the advantage as long as possible.
The article adds that "a scramble is on to protect critical data. Washington and its allies are working on new encryption standards known as post-quantum cryptography... Beijing is trying to pioneer quantum communications networks, a technology theoretically impossible to hack, according to researchers...

"In a quantum communications network, users exchange a secret key or code on subatomic particles called photons, allowing them to encrypt and decrypt data. This is called quantum key distribution, or QKD."