Microsoft is confirming plans to deprecate its Publisher application in 2026. From a report: This writer has fond memories of Microsoft Publisher, which started life in 1991 as a desktop publisher for Windows 3.0. While alternatives existed in the form of Ventura Publisher, Timeworks, and later QuarkXPress, Microsoft Publisher was a useful tool to write newsletters. Unlike Word, Publisher was focused on layout and page design. Though it lacked many of the features of its competitors, it was responsible for some genuinely horrendous designs, and was popular due to its cheap price.

Despite not finding much favor with professionals, Microsoft Publisher continued to be updated over the years. Microsoft Publisher 97 was the first to turn up in the Microsoft Office suite, and the most recent edition, released in 2021, is available as part of Microsoft 365. However, all good things -- and Publisher -- must come to an end. Microsoft has warned that the end is nigh for its venerable designer. "In October 2026, Microsoft Publisher will reach its end of life," the company said. "After that time, it will no longer be included in Microsoft 365, and existing on-premises suites will no longer be supported. Until then, support for Publisher will continue, and users can expect the same experience as today."

An anonymous reader shares a report: In a recent support document, Apple states that putting wet devices in a bag of rice could "allow small particles of rice to damage your iPhone," although it doesn't go into further detail. The company also recommended against using other well-known hacks, such as using an external heat source to dry the phone or sticking a cotton swab into the connector. The company's warning on rice coincides with those of other repair experts, who have found that the rice hack works slower than simply leaving your iPhone on a counter to dry. Time is crucial in these situations, as the most important thing is to prevent the water from damaging the electronics inside the phone.

Encrypted messaging app Signal has launched new feature allowing users to conceal their phone numbers and instead use usernames, in a move aimed at boosting privacy protections long sought by cybersecurity experts and privacy advocates. From a report: Rather than give your phone number to other Signal contacts as the identifier they use to begin a conversation with you, in other words, you can now choose to be discoverable via a chosen handle -- or even to prevent anyone who does have your phone number from finding you on Signal.

The use of phone numbers has long been perhaps the most persistent criticism of Signal's design. These new privacy protections finally offer a fix, says Meredith Whittaker, Signal's executive director. "We want to build a communications app that everyone in the world can easily use to connect with anyone else privately. That 'privately' is really in bold, underlined, in italics," Whittaker tells WIRED. "So we're extremely sympathetic to people who might be using Signal in high-risk environments who say, 'The phone number is really sensitive information, and I don't feel comfortable having that disseminated broadly.'"

Adobe is adding a new generative AI experience to its Acrobat PDF management software, which aims to "completely transform the digital document experience" by making information in long documents easier to find and understand. From a report: Announced in Adobe's press release as "AI Assistant in Acrobat," the new tool is described as a "conversational engine" that can summarize files, answer questions, and recommend more based on the content, allowing users to "easily chat with documents" to get the information they need. It's available in beta starting today for paying Acrobat users.

The idea is that the chatbot will reduce the time-consuming tasks related to working with massive text documents -- such as helping students quickly find information for research projects or summarizing large reports into snappy highlights for emails, meetings, and presentations. AI Assistant in Acrobat can be used with all document formats supported by the app, including Word and PowerPoint. The chatbot abides by Adobe's data security protocols, so it won't store data from customer documents or use it to train AI Assistant. The new AI Assistant experience is available for Acrobat customers on Standard ($12.99 per month) and Pro ($19.99 per month) plans.

A coalition of global law enforcement agencies including the FBI and UK National Crime Agency have taken control of the LockBit ransomware gang's dark web site, replacing it with a notice saying their services had been disrupted by joint international action. The "Operation Cronos" task force includes Europol and enforcement agencies from a dozen countries across Europe, Asia and North America. LockBit is a prolific ransomware group that hacks corporate networks then threatens to leak stolen data unless ransom demands are paid. The notice said the operation against them was "ongoing and developing."

An anonymous reader shared an news report: Microsoft has fixed an issue where its Edge browser was again misbehaving, this time by automatically importing browsing data and tabs from Chrome without consent. I personally experienced the bug last month, after I rebooted my PC for a regular Windows update and Microsoft Edge automatically opened with the Chrome tabs I was working on before the update. I asked Microsoft repeatedly to explain why this behavior had occurred for myself and many other Windows users, but the company refused to comment. Microsoft has now quietly issued a fix in the latest Microsoft Edge update.

Here's how Microsoft describes the fix: "Edge has a feature that provides an option to import browser data on each launch from other browsers with user consent. This feature's state might not have been syncing and displaying correctly across multiple devices. This is fixed."

A few years ago, MIT researchers invented a cryptographic ID tag — but like traditional RFID tags, "a counterfeiter could peel the tag off a genuine item and reattach it to a fake," writes MIT News.

"The researchers have now surmounted this security vulnerability by leveraging terahertz waves to develop an antitampering ID tag that still offers the benefits of being tiny, cheap, and secure." They mix microscopic metal particles into the glue that sticks the tag to an object, and then use terahertz waves to detect the unique pattern those particles form on the item's surface. Akin to a fingerprint, this random glue pattern is used to authenticate the item, explains Eunseok Lee, an electrical engineering and computer science (EECS) graduate student and lead author of a paper on the antitampering tag. "These metal particles are essentially like mirrors for terahertz waves. If I spread a bunch of mirror pieces onto a surface and then shine light on that, depending on the orientation, size, and location of those mirrors, I would get a different reflected pattern. But if you peel the chip off and reattach it, you destroy that pattern," adds Ruonan Han, an associate professor in EECS, who leads the Terahertz Integrated Electronics Group in the Research Laboratory of Electronics.

The researchers produced a light-powered antitampering tag that is about 4 square millimeters in size. They also demonstrated a machine-learning model that helps detect tampering by identifying similar glue pattern fingerprints with more than 99 percent accuracy. Because the terahertz tag is so cheap to produce, it could be implemented throughout a massive supply chain. And its tiny size enables the tag to attach to items too small for traditional RFIDs, such as certain medical devices...

"These responses are impossible to duplicate, as long as the glue interface is destroyed by a counterfeiter," Han says. A vendor would take an initial reading of the antitampering tag once it was stuck onto an item, and then store those data in the cloud, using them later for verification."
Seems like the only way to thwart that would be carving out the part of the surface where the tag was affixed — and then pasting the tag, glue, and what it adheres to all together onto some other surface. But more importantly, Han says they'd wanted to demonstrate "that the application of the terahertz spectrum can go well beyond broadband wireless."

In this case, you can use terahertz for ID, security, and authentication. There are a lot of possibilities out there."

"I feel things fraying," says Nick Hilton, host of a neo-luddite podcast called The Ned Ludd Radio Hour.

But he's one of the more optimistic tech skeptics interviewed by the Guardian: Eliezer Yudkowsky, a 44-year-old academic wearing a grey polo shirt, rocks slowly on his office chair and explains with real patience — taking things slowly for a novice like me — that every single person we know and love will soon be dead. They will be murdered by rebellious self-aware machines.... Yudkowsky is the most pessimistic, the least convinced that civilisation has a hope. He is the lead researcher at a nonprofit called the Machine Intelligence Research Institute in Berkeley, California... "If you put me to a wall," he continues, "and forced me to put probabilities on things, I have a sense that our current remaining timeline looks more like five years than 50 years. Could be two years, could be 10." By "remaining timeline", Yudkowsky means: until we face the machine-wrought end of all things...

Yudkowsky was once a founding figure in the development of human-made artificial intelligences — AIs. He has come to believe that these same AIs will soon evolve from their current state of "Ooh, look at that!" smartness, assuming an advanced, God-level super-intelligence, too fast and too ambitious for humans to contain or curtail. Don't imagine a human-made brain in one box, Yudkowsky advises. To grasp where things are heading, he says, try to picture "an alien civilisation that thinks a thousand times faster than us", in lots and lots of boxes, almost too many for us to feasibly dismantle, should we even decide to...

[Molly Crabapple, a New York-based artist, believes] "a luddite is someone who looks at technology critically and rejects aspects of it that are meant to disempower, deskill or impoverish them. Technology is not something that's introduced by some god in heaven who has our best interests at heart. Technological development is shaped by money, it's shaped by power, and it's generally targeted towards the interests of those in power as opposed to the interests of those without it. That stereotypical definition of a luddite as some stupid worker who smashes machines because they're dumb? That was concocted by bosses." Where a techno-pessimist like Yudkowsky would have us address the biggest-picture threats conceivable (to the point at which our fingers are fumbling for the nuclear codes) neo-luddites tend to focus on ground-level concerns. Employment, especially, because this is where technology enriched by AIs seems to be causing the most pain....

Watch out, says [writer/podcaster Riley] Quinn at one point, for anyone who presents tech as "synonymous with being forward-thinking and agile and efficient. It's typically code for 'We're gonna find a way around labour regulations'...." One of his TrashFuture colleagues Nate Bethea agrees. "Opposition to tech will always be painted as irrational by people who have a direct financial interest in continuing things as they are," he says.
Thanks to Slashdot reader fjo3 for sharing the article.

From a blog post by Greg Kroah-Hartman: As was recently announced, the Linux kernel project has been accepted as a CVE Numbering Authority (CNA) for vulnerabilities found in Linux.

This is a trend, of more open source projects taking over the haphazard assignments of CVEs against their project by becoming a CNA so that no other group can assign CVEs without their involvment. Here's the curl project doing much the same thing for the same reasons. I'd like to point out the great work that the Python project has done in supporting this effort, and the OpenSSF project also encouraging it and providing documentation and help for open source projects to accomplish this. I'd also like to thank the cve.org group and board as they all made the application process very smooth for us and provided loads of help in making this all possible.

As many of you all know, I have talked a lot about CVEs in the past, and yes, I think the system overall is broken in many ways, but this change is a way for us to take more responsibility for this, and hopefully make the process better over time. It's also work that it looks like all open source projects might be mandated to do with the recent rules and laws being enacted in different parts of the world, so having this in place with the kernel will allow us to notify all sorts of different CNA-like organizations if needed in the future.
Kroah-Hartman links to his post on the kernel mailing list for "more details about how this is all going to work for the kernel." [D]ue to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team are overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team...

No CVEs will be assigned for unfixed security issues in the Linux kernel, assignment will only happen after a fix is available as it can be properly tracked that way by the git commit id of the original fix. No CVEs will be assigned for any issue found in a version of the kernel that is not currently being actively supported by the Stable/LTS kernel team.
alanw (Slashdot reader #1,822) worries this could overwhelm the CVE infrastructure, pointing to an ongoing discussion at LWN.net.

But reached for a comment, Greg Kroah-Hartman thinks there's been a misunderstanding. He told Slashdot that the CVE group "explicitly asked for this as part of our application... so if they are comfortable with it, why is no one else?"

This week the non-profit Rust Foundation announced the release of a report on what their Security Initiative accomplished in the last six months of 2023. "There is already so much to show for this initiative," says the foundation's executive director, "from several new open source security projects to several completed and publicly available security threat models."

From the executive summary: When the user base of any programming language grows, it becomes more attractive to malicious actors. As any programming language ecosystem expands with more libraries, packages, and frameworks, the surface area for attacks increases. Rust is no different. As the steward of the Rust programming language, the Rust Foundation has a responsibility to provide a range of resources to the growing Rust community. This responsibility means we must work with the Rust Project to help empower contributors to participate in a secure and scalable manner, eliminate security burdens for Rust maintainers, and educate the public about security within the Rust ecosystem...

Recent Achievements of the Security Initiative Include:

- Completing and releasing Rust Infrastructure and Crates Ecosystem threat models

- Further developing Rust Foundation open source security project Painter [for building a graph database of dependencies/invocations between crates] and releasing new security project, Typomania [a toolbox to check for typosquatting in package registries].

- Utilizing new tools and best practices to identify and address malicious crates.

- Helping reduce technical debt within the Rust Project, producing/contributing to security-focused documentation, and elevating security priorities for discussion within the Rust Project.

... and more!

Over the Coming Months, Security Initiative Engineers Will Primarily Focus On:

- Completing all four Rust security threat models and taking action to address encompassed threats

- Standing up additional infrastructure to support redundancy, backups, and mirroring of critical Rust assets

- Collaborating with the Rust Project on the design and potential implementation of signing and PKI solutions for crates.io to achieve security parity with other popular ecosystems

- Continuing to create and further develop tools to support Rust ecosystem, including the crates.io admin functionality, Painter, Typomania, and Sandpit

Some ZFS news from Phoronix this week. "At the end of last year OpenZFS 2.2.2 was released to fix a rare but nasty data corruption issue, but it turns out there are other data corruption bug(s) still lurking in the OpenZFS file-system codebase." A Phoronix reader wrote in today about an OpenZFS data corruption bug when employing native encryption and making use of send/recv support. Making use of zfs send on an encrypted dataset can cause one or more snapshots to report errors. OpenZFS data corruption issues in this area have apparently been known for years.

Since May 2021 there's been this open issue around ZFS corruption related to snapshots on post-2.0 OpenZFS. That issue remains open. A new ticket has been opened for OpenZFS as well in proposing to add warnings against using ZFS native encryption and the send/receive support in production environments.
jd (Slashdot reader #1,658) spotted the news — and adds a positive note. "Bugs, old and new, are being catalogued and addressed much more quickly now that core development is done under Linux, even though it is not mainstreamed in the kernel."

Connor Jones reports via The Register: A Ukrainian cybercrime kingpin who ran some of the most pervasive malware operations faces 40 years in prison after spending nearly a decade on the FBI's Cyber Most Wanted List. Vyacheslav Igorevich Penchukov, 37, pleaded guilty this week in the US to two charges related to his leadership role in both the Zeus and IcedID malware operations that netted millions of dollars in the process. Penchukov's plea will be seen as the latest big win for US law enforcement in its continued fight against cybercrime and those that enable it. However, authorities took their time getting him in 'cuffs. [...]

"Malware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national security at risk," said US attorney Michael Easley for the eastern district of North Carolina. "The Justice Department and FBI Cyber Squad won't stand by and watch it happen, and won't quit coming for the world's most wanted cybercriminals, no matter where they are in the world. This operation removed a key player from one of the world's most notorious cybercriminal rings. Extradition is real. Anyone who infects American computers had better be prepared to answer to an American judge."

This week, he admitted one count of conspiracy to commit a racketeer influenced and corrupt organizations (RICO) act offense relating to Zeus, and one count of conspiracy to commit wire fraud in relation to IcedID. Each count carries a maximum sentence of 20 years. His sentencing date is set for May 9, 2024. Zeus malware, a banking trojan that formed a botnet for financial theft, caused over $100 million in losses before its 2014 dismantlement. Its successor, SpyEye, incorporated enhanced features for financial fraud. Despite the 2014 takedown of Zeus, Penchukov moved on to lead IcedID, a similar malware first found in 2017. IcedID evolved from banking fraud to ransomware, severely affecting the University of Vermont Medical Center in 2020 with over $30 million in damages.

An anonymous reader quotes a report from BleepingComputer: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

An anonymous reader shares a report: More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department. That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of "Operation Dying Ember," according to the FBI's director. It affected routers running Ubiquiti's EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to "conceal and otherwise enable a variety of crimes," the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

Unlike previous attacks by Fancy Bear -- that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers -- the Ubiquiti intrusion relied on a known malware, Moobot. Once infected by "Non-GRU cybercriminals," GRU agents installed "bespoke scripts and files" to connect and repurpose the devices, according to the DOJ. The DOJ also used the Moobot malware to copy and delete the botnet files and data, according to the DOJ, and then changed the routers' firewall rules to block remote management access. During the court-sanctioned intrusion, the DOJ "enabled temporary collection of non-content routing information" that would "expose GRU attempts to thwart the operation." This did not "impact the routers' normal functionality or collect legitimate user content information," the DOJ claims. "For the second time in two months, we've disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers," said Deputy Attorney General Lisa Monaco in a press release.

Google Search Labs is testing a "Talk to a Live Representative" feature where it will "help you place the call, wait on hold, and then give you a call once a live representative is available." From a report: When you search for customer service numbers, which Google recently started surfacing for Knowledge Panels, you might see a prominent "Talk to a live representative" prompt. Very simply, Google will call the support line "for you and wait on hold until a customer service representative picks up." At that time, Google will call you so you can get on with your business.

To "Request a call," you first specify a reason for why you're calling. In the case of airlines, it's: Update existing booking, Luggage issue, Canceled flight, Other issue, Flight check-in, Missed my flight, and Delayed flight. You then provide your phone number, with Google sending SMS updates. The Request page will note the estimated wait time. After submitting, you can cancel the request at any time.

Following a hoax bomb threat sent via ProtonMail to schools in Chennai, India, police in the state of Tamil Nadu put in a request to block the encrypted email service in the region since they have been unable to identify the sender. According to Hindustan Times, that request was granted today. From the report: The decision to block Proton Mail was taken at a meeting of the 69A blocking committee on Wednesday afternoon. Under Section 69A of the IT Act, the designated officer, on approval by the IT Secretary and at the recommendation of the 69A blocking committee, can issue orders to any intermediary or a government agency to block any content for national security, public order and allied reasons. HT could not ascertain if a blocking order will be issued to Apple and Google to block the Proton Mail app. The final order to block the website has not yet been sent to the Department of Telecommunications but the MeitY has flagged the issue with the DoT.

During the meeting, the nodal officer representing the Tamil Nadu government submitted that a bomb threat was sent to multiple schools using ProtonMail, HT has learnt. The police attempted to trace the IP address of the sender but to no avail. They also tried to seek help from the Interpol but that did not materialise either, the nodal officer said. During the meeting, HT has learnt, MeitY representatives noted that getting information from Proton Mail, on other criminal matters, not necessarily linked to Section 69A related issues, is a recurrent problem.

Although Proton Mail is end-to-end encrypted, which means the content of the emails cannot be intercepted and can only be seen by the sender and recipient if both are using Proton Mail, its privacy policy states that due to the nature of the SMTP protocol, certain email metadata -- including sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times -- is available with the company. "We condemn a potential block as a misguided measure that only serves to harm ordinary people. Blocking access to Proton is an ineffective and inappropriate response to the reported threats. It will not prevent cybercriminals from sending threats with another email service and will not be effective if the perpetrators are located outside of India," said ProtonMail in a statement.

"We are currently working to resolve this situation and are investigating how we can best work together with the Indian authorities to do so. We understand the urgency of the situation and are completely clear that our services are not to be used for illegal purposes. We routinely remove users who are found to be doing so and are willing to cooperate wherever possible within international cooperation agreements."

An anonymous reader quotes a report from TechCrunch: The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency -- the DOD's military intelligence agency -- said, "numerous email messages were inadvertently exposed to the Internet by a service provider," between February 3 and February 20, 2023. TechCrunch has learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server that was spilling sensitive emails to the open internet. The cloud email server, hosted on Microsoft's cloud for government customers, was accessible from the internet without a password, likely due to a misconfiguration.

The DOD is sending breach notification letters to around 20,600 individuals whose information was affected. "As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure. DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing," said DOD spokesperson Cdr. Tim Gorman in an email to TechCrunch.

An anonymous reader quotes a report from Ars Technica: The European Court of Human Rights (ECHR) has ruled that weakening end-to-end encryption disproportionately risks undermining human rights. The international court's decision could potentially disrupt the European Commission's proposed plans to require email and messaging service providers to create backdoors that would allow law enforcement to easily decrypt users' messages. This ruling came after Russia's intelligence agency, the Federal Security Service (FSS), began requiring Telegram to share users' encrypted messages to deter "terrorism-related activities" in 2017, ECHR's ruling said. [...] In the end, the ECHR concluded that the Telegram user's rights had been violated, partly due to privacy advocates and international reports that corroborated Telegram's position that complying with the FSB's disclosure order would force changes impacting all its users.

The "confidentiality of communications is an essential element of the right to respect for private life and correspondence," the ECHR's ruling said. Thus, requiring messages to be decrypted by law enforcement "cannot be regarded as necessary in a democratic society." [...] "Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general, and indiscriminate surveillance of personal electronic communications," the ECHR's ruling said. "Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users' electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field."

Martin Husovec, a law professor who helped to draft EISI's testimony, told Ars that EISI is "obviously pleased that the Court has recognized the value of encryption and agreed with us that state-imposed weakening of encryption is a form of indiscriminate surveillance because it affects everyone's privacy." [...] EISI's Husovec told Ars that ECHR's ruling is "indeed very important," because "it clearly signals to the EU legislature that weakening encryption is a huge problem and that the states must explore alternatives." If the Court of Justice of the European Union endorses this ruling, which Husovec said is likely, the consequences for the EU's legislation proposing scanning messages to stop illegal content like CSAM from spreading "could be significant," Husovec told Ars. During negotiations this spring, lawmakers may have to make "major concessions" to ensure the proposed rule isn't invalidated in light of the ECHR ruling, Husovec told Ars. Europol and the European Union Agency for Cybersecurity (ENISA) said in a statement: "Solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well, which makes an easy solution impossible."

DuckDuckGo keeps adding new features to its browser; and while these features are common in other browsers, DuckDuckGo is giving them a privacy-minded twist. The latest is a private, end-to-end encrypted syncing service. There's no account needed, no sign-in, and the company says it never sees what you're syncing. From a report: Using QR codes and shortcodes, and a lengthy backup code you store somewhere safe, DuckDuckGo's browser can keep your bookmarks, passwords, "favorites" (i.e., new tab page shortcuts), and settings for its email protection service synced between devices and browsers. DuckDuckGo points to Google's privacy policy for using its signed-in sync service on Chrome, which uses "aggregated and anonymized synchronized browsing data to improve other Google products and services." DuckDuckGo states that the encryption key for browser sync is stored only locally on your devices and that it lacks any access to your passwords or other data.

Microsoft said Wednesday it had detected and disrupted instances of U.S. adversaries -- chiefly Iran and North Korea and to a lesser extent Russia and China -- using or attempting to exploit generative AI developed by the company and its business partner to mount or research offensive cyber operations. From a report: The techniques Microsoft observed, in collaboration with its partner OpenAI, represent an emerging threat and were neither "particularly novel or unique," the Redmond, Washington, company said in a blog post. But the blog does offer insight into how U.S. geopolitical rivals have been using large-language models to expand their ability to more effectively breach networks and conduct influence operations.

Microsoft said the "attacks" detected all involved large-language models the partners own and said it was important to expose them publicly even if they were "early-stage, incremental moves." Cybersecurity firms have long used machine-learning on defense, principally to detect anomalous behavior in networks. But criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI's ChatGPT upped that game of cat-and-mouse.