Wednesday Newsbytes: IRS Approved e-File Distributes Malware; You’re Probably in a Police Lineup; ChatGPT Acuses Teacher of Sexual Harassment; MS Edge to Allow Users to Block Video AutoPlay; TikTok Bans Explained… and more!
Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature news articles that grabbed our attention over the past week. We hope you find this week’s ‘Wednesday Newsbytes’ informative and interesting!
IRS-authorized eFile.com tax return software caught serving JS malware
eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.
Security researchers state the malicious JavaScript file existed on eFile.com website for weeks. BleepingComputer has been able to confirm the existence of the malicious JavaScript file in question, at the time.
Note, this security incident specifically concerns eFile.com and not IRS’ e-file infrastructure or identical sounding domains.
Just in time for tax season
eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called ‘popper.js’:
The development comes at a crucial time when U.S. taxpayers are wrapping up their IRS tax returns before the April 18th due date.
The highlighted code above is base64-encoded with its decoded version shown below. The code attempts to load JavaScript returned by infoamanewonliag[.]online:
The use of Math.random() at the end is likely to prevent caching and load a fresh copy of the malware—should the threat actor make any changes to it, every time eFile.com is visited. At the time of writing, the endpoint was no longer up.
BleepingComputer can confirm, the malicious JavaScript file ‘popper.js’ was being loaded by almost every page of eFile.com, at least up until April 1st…
Read more at Bleeping Computer.
A controversial facial recognition database, used by police departments across the nation, was built in part with 30 billion photos the company scraped from Facebook and other social media users without their permission, the company’s CEO recently admitted, creating what critics called a “perpetual police line-up,” even for people who haven’t done anything wrong.
The company, Clearview AI, boasts of its potential for identifying rioters at the January 6 attack on the Capitol, saving children being abused or exploited, and helping exonerate people wrongfully accused of crimes. But critics point to privacy violations and wrongful arrests fueled by faulty identifications made by facial recognition, including cases in Detroit and New Orleans, as cause for concern over the technology.
Clearview took photos without users’ knowledge, its CEO Hoan Ton-That acknowledged in an interview last month with the BBC. Doing so allowed for the rapid expansion of the company’s massive database, which is marketed on its website to law enforcement as a tool “to bring justice to victims.”
Ton-That told the BBC that Clearview AI’s facial recognition database has been accessed by US police nearly a million times since the company’s founding in 2017…
Read more at Business Insider.
ChatGPT falsely accused me of sexually harassing my students. Can we really trust AI?
What is most striking is that this false accusation was not just generated by AI but ostensibly based on a Washington Post article that never existed.
The rapid expansion of artificial intelligence has been much in the news recently, including the recent call by Elon Musk and more than 1,000 technology leaders and researchers for a pause on AI.
Some of us have warned about the danger of political bias in the use of AI systems, including programs like ChatGPT. That bias could even include false accusations, which happened to me recently.
I received a curious email from a fellow law professor about research that he ran on ChatGPT about sexual harassment by professors. The program promptly reported that I had been accused of sexual harassment in a 2018 Washington Post article after groping law students on a trip to Alaska.
AI response created false accusation and manufactured ‘facts’It was not just a surprise to UCLA professor Eugene Volokh, who conducted the research. It was a surprise to me since I have never gone to Alaska with students, The Post never published such an article, and I have never been accused of sexual harassment or assault by anyone.
When first contacted, I found the accusation comical. After some reflection, however, it took on a more menacing meaning…
Microsoft is making it easier to block annoying autoplay videos in Edge
You’ll be able to fully block web videos from automatically playing in Microsoft’s Edge browser.
Microsoft Edge is getting a block feature for autoplay videos. Microsoft has started testing the new block addition with Edge testers in the Canary channel, providing a this new option alongside existing allow and limit options for auto playing web videos.
The Microsoft Edge team says it has “heard your requests for strict blocking of media autoplay” after previously only offering a “limit” option that lets media autoplay depending on whether you’ve visited the page in the past and how you’ve interacted with it. The more restrictive block option is currently being rolled out. “We have started making the feature available to some of our Canary users and will continue to make it available to more customers over the coming weeks,” says Microsoft’s Edge team…
TikTok bans explained: Everything you need to know
Federal and state governments and some universities banned TikTok. ZDNET catches you up on the app’s current status.
The U.S. has had a rocky relationship with TikTok and its Beijing-based parent company ByteDance.
In 2020, former president Donald Trump proposed ByteDance sell parts of its company to Microsoft. If an American company controlled TikTok, it was presumed the app would be less of a security concern for the U.S. and other countries.
By late last year, the U.S. Congress approved a motion to ban TikTok on all federal government-issued devices. In March, President Joe Biden’s White House ordered all federal employees to remove the app from their devices within 30 days. A day later, the European Parliament ordered members from all three of its institutions to delete the app from government devices — and urged members to delete it from their personal devices, too.
More than half of U.S. states have also banned or partially banned TikTok from state-issued government devices…
Tor joins forces with VPN company to create new browser for increased privacy
Cookies. Fingerprinting. Tracking. Surveillance. Spyware. Geostalking.
It’s a rough neighborhood out there for denizens of the web.
Whether you want to anonymously provide whistle-blowing details on a corrupt business operation or you just want to check today’s weather, simply logging on is fraught with threats to your privacy.
This week, two major players in the field of online privacy joined forces to release a super-private browser that they say will “make life harder for those who collect data from you.”
Mullvad VPN, a highly respected service based in Sweden, where providers are legally protected from being forced to collect traffic-related data, joined with the Tor Project, begun in the 1990s with a commitment to the simple principle that “Internet users should have private access to an uncensored web,” to develop the Mullvad browser, which is free and available for download immediately.
“The mass surveillance of today is absurd,” Jan Jonsson, CEO at Mullvad VPN, said in a statement released Monday. “We want to free the internet from mass surveillance.”
Just any virtual privacy network is not enough, Jonsson maintains. Users need a trustworthy VPN coupled with “a privacy-focused browser” as good as the Tor Project’s.
Huge amounts of data are mined through most browsers. The Tor browser “is the best in the field of privacy-focused browsers,” Mullvad VPN stated in a press release this week. “That’s why we reached out to them.”
Tor has long been a preferred vehicle for anonymously accessing the web. Although Tor has earned a reputation for being host to unsavory and criminal activity, such as child pornography distribution and financial scams, it also serves an invaluable role as a refuge for dissidents, activists, journalists, whistleblowers and crime victims who need a strong veil of privacy for extremely sensitive online communications.
But while Tor is considered safe and secure, data still must pass through public relays…
WOOLLY MAMMOTH IS ON THE ‘MENU’ FOR AN AUSTRALIAN FOOD STARTUP
As cloning a mammoth enters the realm of reality from the world of science fiction, according to CNN, an Australian food startup has taken it one step further: What might mammoth meat taste like? (Scientists, after all, have already cooked up a batch of 50,000-year-old steppe bison stew). Whether or not the prospect of eating lab-manufactured mammoth meat sounds appetizing, if the cultured mammoth meat developed by a company called Vow proves viable, which they call a “mammoth meatball,” it all might just show a way to more sustainably produce meat in the future.
The “mammoth meatball,” which as of this report is not commercially available, isn’t really mammoth meat at all. It’s closer to imitation lamb with mammoth DNA mixed into it. What made the project possible are advances in DNA extraction technology from well-preserved ancient mammoth remains recovered from melting permafrost
HAPPY EASTER!
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles informative, interesting, fun, and helpful. Darcy & TC.
It’s springtime and time to get your computer ready for spring & summer. With our Spring Cleanup service, we’ll make that EASY for you. We’ll check your PC, clean it up, optimize it and get it ready for spring & summer.
Here’s what we’ll do for you:
- We’ll connect to your computer and do a deep scan for malware
- We’ll check your computer for suspicious and iffy programs and remove any we find (with your permission, of course)
- We’ll check your browser for problematic extensions/add-ons
- We’ll optimize your startups.
- We’ll optimize your settings and make sure your computer is set up for maximum performance.
- We’ll check for installed driver updaters and/or “one-click-fix” software known to degrade computer performance.
- Special Offer… When you purchase our spring cleanup special you’ll have the opportunity to purchase a SeniorPass for $25 off the regular price.
You’ll get all of the above for just $30.
After you purchase our Spring Cleanup Special you’ll be presented with a special opportunity to save $25 on a Cloudeight Senior Pass!
We’re offering this special for a limited time only!
Get more information and/or get your spring cleanup here!
*Note: Our Spring Cleanup Service does not include repairs.
Hay Easter t youot
Could you give me your recommendation for a password storage program please?
There are many programs on offer and as I highly respect your advice I am looking to you
Regards
Les from Oz
Here are the three password managers we use and recommend. All have free versions which have some restrictions (I use the free version of LastPass & Bitwarden). Darcy uses the paid version of RoboForm. You can read more about each from by clicking the links below. Even the paid versions of these password managers are very reasonable, but you may find the free versions adequate for your needs, as I do.
BitWarden
LastPass
RoboForm