British cybersecurity firm Sophos revealed this week that it waged a five-year battle against Chinese hackers who repeatedly targeted its firewall products to breach organizations worldwide, including nuclear facilities, military sites and critical infrastructure. The company told Wired that it traced the attacks to researchers in Chengdu, China, linked to Sichuan Silence Information Technology and the University of Electronic Science and Technology.

Sophos planted surveillance code on its own devices used by the hackers, allowing it to monitor their development of sophisticated intrusion tools, including previously unseen "bootkit" malware designed to hide in the firewalls' boot code. The hackers' campaigns evolved from mass exploitation in 2020 to precise attacks on government agencies and infrastructure across Asia, Europe and the United States. Wired story adds: Sophos' report also warns, however, that in the most recent phase of its long-running conflict with the Chinese hackers, they appear more than ever before to have shifted from finding new vulnerabilities in firewalls to exploiting outdated, years-old installations of its products that are no longer receiving updates. That means, company CEO Joe Levy writes in an accompanying document, that device owners need to get rid of unsupported "end-of-life" devices, and security vendors need to be clear with customers about the end-of-life dates of those machines to avoid letting them become unpatched points of entry onto their network. Sophos says it's seen more than a thousand end-of-life devices targeted in just the past 18 months.

"The only problem now isn't the zero-day vulnerability," says Levy, using the term "zero-day" to mean a newly discovered hackable flaw in software that has no patch. "The problem is the 365-day vulnerability, or the 1,500-day vulnerability, where you've got devices that are on the internet that have lapsed into a state of neglect."

Comcast says the latest installment of Call of Duty, released on October 25th, resulted in a whopping 19 percent of its overall traffic last week. The ISP says it's the company's "biggest weak in internet history." The Verge reports: It's not really possible to quantify that further, given Comcast didn't provide any specific numbers -- either about how many customers were downloading the game or how big their downloads were. Ranging between 84.4GB for the PlayStation version and 102GB for the PC edition Call of Duty: Black Ops 6 is, in the grand tradition of Call of Duty games, a hefty download. It can be as much as 300GB if players choose to go ahead and download Modern Warfare II and III and all the associated content packs and languages, as Activision explained in June. The announcement underscores "just how restrictive its 1.2TB data cap can be in 2024," notes The Verge. "For any players who did download the whole massive 300GB package, they'll have wiped out a huge chunk of their 1.2TB Xfinity data cap in one fell swoop."

"If they used their internet as normal otherwise, that could put them right up against or even blow past that cap. Given that my family used nearly 800GB last month without any notably large game downloads, it wouldn't be that hard at all."

The BBC interviewed scientists Charley Kline and Bill Duvall 55 years after the first communications were made over a system called Arpanet, short for the Advanced Research Projects Agency Network. "Kline and Duvall were early inventors of networking, networks that would ultimately lead to what is today the Internet," writes longtime Slashdot reader dbialac. "Duvall had basic ideas what might come of the networks, but they had no idea of how much of a phenomenon it would turn into." Here's an excerpt from the interview: BBC: What did you expect Arpanet to become?
Duvall: "I saw the work we were doing at SRI as a critical part of a larger vision, that of information workers connected to each other and sharing problems, observations, documents and solutions. What we did not see was the commercial adoption nor did we anticipate the phenomenon of social media and the associated disinformation plague. Although, it should be noted, that in [SRI computer scientist] Douglas Engelbart's 1962 treatise describing the overall vision, he notes that the capabilities we were creating would trigger profound change in our society, and it would be necessary to simultaneously use and adapt the tools we were creating to address the problems which would arise from their use in society."

What aspects of the internet today remind you of Arpanet?
Duvall: Referring to the larger vision which was being created in Engelbart's group (the mouse, full screen editing, links, etc.), the internet today is a logical evolution of those ideas enhanced, of course, by the contributions of many bright and innovative people and organisations.

Kline: The ability to use resources from others. That's what we do when we use a website. We are using the facilities of the website and its programs, features, etc. And, of course, email. The Arpanet pretty much created the concept of routing and multiple paths from one site to another. That got reliability in case a communication line failed. It also allowed increases in communication speeds by using multiple paths simultaneously. Those concepts have carried over to the internet. Today, the site of the first internet transmission at UCLA's Boetler Hally Room 3420 functions as a monument to technology history (Credit: Courtesy of UCLA) As we developed the communications protocols for the Arpanet, we discovered problems, redesigned and improved the protocols and learned many lessons that carried over to the Internet. TCP/IP [the basic standard for internet connection] was developed both to interconnect networks, in particular the Arpanet with other networks, and also to improve performance, reliability and more.

How do you feel about this anniversary?
Kline: That's a mix. Personally, I feel it is important, but a little overblown. The Arpanet and what sprang from it are very important. This particular anniversary to me is just one of many events. I find somewhat more important than this particular anniversary were the decisions by Arpa to build the Network and continue to support its development.

Duvall: It's nice to remember the origin of something like the internet, but the most important thing is the enormous amount of work that has been done since that time to turn it into what is a major part of societies worldwide.

Federal Communications Commission Chair Jessica Rosenworcel outlined a vision for universal connectivity last week that merges satellite and ground-based networks. The FCC recently became the first regulator to establish a framework for supplemental coverage from space (SCS). "Satellites may be in our skies, but they are the anchor tenant in our communications future," said Rosenworcel, calling for seamless integration of fiber, cellular, wireless, and satellite infrastructure into a unified network. The vision comes as the FCC's Affordable Connectivity Program recently ended due to funding depletion.

AI slop is flowing onto every major platform where people post online -- and Medium is no exception. Wired: The 12-year-old publishing platform has undertaken a dizzying number of pivots over the years. It's finally on a financial upswing, having turned a monthly profit for the first time this summer. Medium CEO Tony Stubblebine and other executives at the company have described the platform as "a home for human writing." But there is evidence that robot bloggers are increasingly flocking to the platform, too.

Earlier this year, WIRED asked AI detection startup Pangram Labs to analyze Medium. It took a sampling of 274,466 recent posts over a six-week period and estimated that over 47 percent were likely AI-generated. "This is a couple orders of magnitude more than what I see on the rest of the internet," says Pangram CEO Max Spero. (The company's analysis of one day of global news sites this summer found 7 percent as likely AI-generated.)

The strain of slop on Medium tends toward the banal, especially compared with the dadaist flotsam clogging Facebook. Instead of Shrimp Jesus, one is more apt to see vacant dispatches about cryptocurrency. The tags with the most likely AI-generated content included "NFT" -- out of 5,712 articles tagged with this phrase over the last several months, Pangram found that 4,492, or around 78 percent, came back as likely AI-generated -- as well as "web3," "ethereum," "AI," and, for whatever reason, "pets."

AT&T has signed a $1 billion multi-year deal with Corning to acquire fiber and connectivity solutions. Reuters reports: With the U.S. wireless market facing a slowdown, telecom companies such as AT&T and rival Verizon have doubled down on their high-speed internet businesses, an area that has long been dominated by broadband companies such as Comcast. Demand has also been growing for AT&T's plans that allow customers to combine its high-speed fiber data with its wireless phone service for a discount. In the third quarter, AT&T reported 28.3 million fiber passings, or the number of potential customer locations a fiber network passes by. It remains on track to pass more than 30 million fiber passings by the end of 2025.

"Google essentially disappeared us from the internet," says the couple who created price-comparison site Foundem in 2006. Google's search results for "price comparison" and "comparison shopping" buried their site — for more than three years.

Today the BBC looks at their 15-year legal battle, which culminated with a then record €2.4 billion fine (£2 billion or $2.6 billion) for Google, which was deemed to have abused its market dominance. The case has been hailed as a landmark moment in the global regulation of Big Tech. Google spent seven years fighting that verdict, issued in June 2017, but in September this year Europe's top court — the European Court of Justice — rejected its appeals.

Speaking to Radio 4's The Bottom Line in their first interview since that final verdict, Shivaun and Adam explained that at first, they thought their website's faltering start had simply been a mistake. "We initially thought this was collateral damage, that we had been false positive detected as spam," says Shivaun, 55. "We just assumed we had to escalate to the right place and it would be overturned...." The couple sent Google numerous requests to have the restriction lifted but, more than two years later, nothing had changed and they said they received no response. Meanwhile, their website was "ranking completely normally" on other search engines, but that didn't really matter, according to Shivaun, as "everyone's using Google".

The couple would later discover that their site was not the only one to have been put at a disadvantage by Google — by the time the tech giant was found guilty and fined in 2017 there were around 20 claimants, including Kelkoo, Trivago and Yelp... In its 2017 judgement, the European Commission found that Google had illegally promoted its own comparison shopping service in search results, whilst demoting those of competitors... "I guess it was unfortunate for Google that they did it to us," Shivaun says. "We've both been brought up maybe under the delusion that we can make a difference, and we really don't like bullies."

Even Google's final defeat in the case last month did not spell the end for the couple. They believe Google's conduct remains anti-competitive and the EC is looking into it. In March this year, under its new Digital Markets Act, the commission opened an investigation into Google's parent company, Alphabet, over whether it continues to preference its own goods and services in search results... The Raffs are also pursuing a civil damages claim against Google, which is due to begin in the first half of 2026. But when, or if, a final victory comes for the couple it will likely be a Pyrrhic one — they were forced to close Foundem in 2016.
A spokesperson for Google told the BBC the 2024 judgment from the European Court of Justice only relates to "how we showed product results from 2008-2017. The changes we made in 2017 to comply with the European Commission's Shopping decision have worked successfully for more than seven years, generating billions of clicks for more than 800 comparison shopping services.

"For this reason, we continue to strongly contest the claims made by Foundem and will do so when the case is considered by the courts."

NoWayNoShapeNoForm writes: OpenVault believes that data caps on broadband are not a problem because most people do not exceed their existing data caps. OpenVault contends that people that do exceed their broadband data caps are simply being forgetful — leaving a streaming device on 24x7, or deploying unsecure WiFi access points, or reselling their service within an apartment building.

Yes, there may be some ISPs that have older networks that they have not upgraded. Or maybe they are unable to increase network capacity in "the middle mile" of their networks, but the Covid pandemic certainly encouraged many ISPs to upgrade their networks and capacity while many ISPs that had broadband data caps ended that feature.

Perhaps the biggest problem, according to OpenVault, is that most broadband users do not really have any idea how much bandwidth they "consume" every month. If Internet access is a service that people want to treat as a "utility", then you have to ask, Would they keep the water running after finishing their shower?
In the article Ookla's VP of Smart Communities adds that "Scrolling through social media feeds for hours can 'push' hundreds of videos to the user, many of which may be of no interest — they just start running." So the main driver for usage-based billing wasn't to increase revenue, OpenVault CEO Mark Trudeau tells the site, but to "balance the network a little more..." (Though he then also adds that sometimes a subscriber could also be reselling broadband service in their apartment building, "And that's not even legal.")

"If one or two customers on a given node is causing issues for 300 others, where those 300 are not getting the service that they paid for, then that's a problem right?" he said.

Having said that, the article also points out that "Many major fiber providers, like AT&T, Frontier, Google Fiber and Verizon Fios, don't have data caps at all."

Former Nvidia engineer Luke Durant, working with the Great Internet Mersenne Prime Search (GIMPS), recently discovered the largest known prime number: (2^136,279,841)-1 or M136279841 (where the number following the letter M represents the exponent). The achievement was detailed on Mersenne.org. Tom's Hardware reports: This is the largest prime number we've seen so far, with the last one, M82589933, being discovered six years prior. What makes this discovery particularly fascinating is that this is the first GIMPS discovery that used the power of data center GPUs. Mihai Preda was the first one to harness GPU muscle in 2017, says the GIMPS website, when he "wrote the GpuOwl program to test Mersenne numbers for primarilty, making his software available to all GIMPS users." When Luke joined GIMPS in 2023, they built the infrastructure needed to deploy Preda's software across several GPU servers available in the cloud.

While it took a year of testing, Luke's efforts finally bore fruit when an A100 GPU in Dublin, Ireland gave the M136279841 result last October 11. This was then corroborated by an Nvidia H100 located in San Antonio, Texas, which confirmed its primality with the Lucas-Lehmer test.

The Browser Company is developing a new, much simpler browser distinct from Arc, which has proven too complex for mainstream adoption despite a strong following among power users. The Verge's David Pierce reports: Arc is not dying, [says CEO Josh Miller]. He says that over and over, in fact, even after I tell him the YouTube video the company just released sounds like the thing companies say right before they kill a product. It's just that Arc won't change much anymore. It'll get stability updates and bug fixes, and there's a team at The Browser Company dedicated to those. "In that sense," Miller says, "it feels like a complete-ish product." Most of the team's energy and time will now be dedicated to starting from scratch. "Arc was basically this front-end, tab management innovation," Miller says. "People loved it. It grew like a weed. Then it started getting slow and started crashing a lot, and we felt bad, and we had to learn how to make it fast. And we kind of lost sight, in some ways, of the fact that we've got to do the operating system part."

The plan this time is to build not just a different interface for a browser, but a different kind of browser entirely -- one that is much more proactive, more powerful, more AI-centric, more in line with that original vision. Call it the iPhone of web browsers, or the "internet computer," or whatever other metaphor you like. The idea is to turn the browser into an app platform. Miller still wants to do it, and he wants to do it for everyone. What does that look like? Miller is a bit vague on the details. The new browser, which Miller intimates could launch as soon as the beginning of next year, is designed to come with no switching costs, which means among other things that it will have horizontal tabs and fewer ideas about organization. The idea is to "make the first 90 seconds effortless" in order to get more people to switch. And then, slowly, to reveal what this new browser can do.

An anonymous reader quotes a report from Ars Technica: Earlier this year, we reported on the video game archivists asking for a legal DMCA exemption to share Internet-accessible emulated versions of their physical game collections with researchers. Today, the US Copyright Office announced once again that it was denying that request, forcing researchers to travel to far-flung collections for access to the often-rare physical copies of the games they're seeking.

In announcing its decision, the Register of Copyrights for the Library of Congress sided with the Entertainment Software Association and others who argued that the proposed remote access could serve as a legal loophole for a free-to-access "online arcade" that could harm the market for classic gaming re-releases. This argument resonated with the Copyright Office despite a VGHF study that found 87 percent of those older game titles are currently out of print. "While proponents are correct that some older games will not have a reissue market, they concede there is a 'healthy' market for other reissued games and that the industry has been making 'greater concerted efforts' to reissue games," the Register writes in her decision. "Further, while the Register appreciates that proponents have suggested broad safeguards that could deter recreational uses of video games in some cases, she believes that such requirements are not specific enough to conclude that they would prevent market harms."

A DMCA exemption for remote sharing already exists for non-video-game computer software that is merely "functional," as the Register notes. But the same fair use arguments that allow for that sharing don't apply to video games because they are "often highly expressive in nature," the Register writes. In an odd footnote, the Register also notes that emulation of classic game consoles, while not infringing in its own right, has been "historically associated with piracy," thus "rais[ing] a potential concern" for any emulated remote access to library game catalogs. That footnote paradoxically cites Video Game History Foundation (VGHF) founder and director Frank Cifaldi's 2016 Game Developers Conference talk on the demonization of emulation and its importance to video game preservation. "The moment I became the Joker is when someone in charge of copyright law watched my GDC talk about how it's wrong to associate emulation with piracy and their takeaway was 'emulation is associated with piracy,'" Cifaldi quipped in a social media post.

Cable companies, advertising firms, and newspapers are asking courts to block a federal "click-to-cancel" rule that would force businesses to make it easier for consumers to cancel services. From a report: Lawsuits were filed yesterday, about a week after the Federal Trade Commission approved a rule that "requires sellers to provide consumers with simple cancellation mechanisms to immediately halt all recurring charges."

Cable lobby group NCTA-The Internet & Television Association and the Interactive Advertising Bureau trade group sued the FTC in the conservative US Court of Appeals for the 5th Circuit. The lawsuit claims the 5th Circuit is a proper venue because a third plaintiff, the Electronic Security Association, has its principal offices in Dallas. That group represents security companies such as ADT.

penciling_in writes: Pat Kane, Senior VP at Verisign, reports that on October 20th, ICANN and Verisign renewed the agreement under which Verisign will continue to act as Root Zone Maintainer for the Domain Name System (DNS) for another 8-year term. "The Root Zone sits atop the hierarchical architecture of the DNS and is essential to virtually all internet navigation, acting as the dynamic, cryptographically secure, global directory of all top-level domains that exist in the DNS. The Root Zone Maintainer is a unique role that ensures the cryptographic signing and publication of the Root Zone no less than once a day, without which, navigation on the internet would be impossible," the story adds.

The chief scientist of the Asia Pacific Network Information Center has a theory about why the world hasn't moved to IPv6. From a report: In a lengthy post to the center's blog, Geoff Huston recounts that the main reason for the development of IPv6 was a fear the world would run out of IP addresses, hampering the growth of the internet. But IPv6 represented evolution -- not revolution. "The bottom line was that IPv6 did not offer any new functionality that was not already present in IPv4. It did not introduce any significant changes to the operation of IP. It was just IP, with larger addresses," Huston wrote.

IPv6's designers assumed that the protocol would take off because demand for IPv4 was soaring. But in the years after IPv6 debuted, Huston observes, "There was no need to give the transition much thought." Internetworking wonks assumed applications, hosts, and networks would become dual stack and support IPv6 alongside IPv4, before phasing out the latter. But then mobile internet usage exploded, and network operators had to scale to meet unprecedented demand created by devices like the iPhone. "We could either concentrate our resources on meeting the incessant demands of scaling, or we could work on IPv6 deployment," Huston wrote.

Norway plans to enforce a strict minimum social media age of 15 to protect children from harmful content and the influence of algorithms. The Guardian reports: The Scandinavian country already has a minimum age limit of 13 in place. Despite this, more than half of nine-year-olds, 58% of 10-year-olds and 72% of 11-year-olds are on social media, according to research by the Norwegian media authority. The government has pledged to introduce more safeguards to prevent children from getting around the age restrictions -- including amending the Personal Data Act so that social media users must be 15 years old to agree that the platform can handle their personal data, and developing an age verification barrier for social media.

"It sends quite a strong signal," the prime minister told the newspaper VG on Wednesday. "Children must be protected from harmful content on social media. These are big tech giants pitted against small children's brains. We know that this is an uphill battle, because there are strong forces here, but it is also where politics is needed." While he said he understood that social media could offer lonely children a community, self-expression must not be in the power of algorithms. "On the contrary, it can cause you to become single-minded and pacified, because everything happens so fast on this screen," he added. "It is also about giving parents the security to say no," said Kjersti Toppe, the minister for children and families. "We know that many people really want to say no, but don't feel they can."

An anonymous reader quotes a report from Ars Technica: It's been just a week since US telecom regulators announced a formal inquiry into broadband data caps, and the docket is filling up with comments from users who say they shouldn't have to pay overage charges for using their Internet service. The docket has about 190 comments so far, nearly all from individual broadband customers.

Federal Communications Commission dockets are usually populated with filings from telecom companies, advocacy groups, and other organizations, but some attract comments from individual users of telecom services. The data cap docket probably won't break any records given that the FCC has fielded many millions of comments on net neutrality, but it currently tops the agency's list of most active proceedings based on the number of filings in the past 30 days. "Data caps, especially by providers in markets with no competition, are nothing more than an arbitrary money grab by greedy corporations. They limit and stifle innovation, cause undue stress, and are unnecessary," wrote Lucas Landreth.

"Data caps are as outmoded as long distance telephone fees," wrote Joseph Wilkicki. "At every turn, telecommunications companies seek to extract more revenue from customers for a service that has rapidly become essential to modern life." Pointing to taxpayer subsidies provided to ISPs, Wilkicki wrote that large telecoms "have sought every opportunity to take those funds and not provide the expected broadband rollout that we paid for."

In response to Trump-appointed FCC Commissioner Nathan Simington's coffee refill analogy, internet users "Jonathan Mnemonic" and James Carter wrote, "Coffee is not, in fact, internet service." They added: "Cafes are not able to abuse monopolistic practices based on infrastructural strangleholds. To briefly set aside the niceties: the analogy is absurd, and it is borderline offensive to the discerning layperson."

chalsall writes: After more than six years of work since the last discovery, the Great Internet Mersenne Prime Search (GIMPS) has found the 52nd known Mersenne Prime number. This is also the largest prime number known to humans.

The number is 2^136,279,841-1, which is 41,024,320 decimal digits long.

Luke Durant, a researcher from San Jose, CA, found it after contributing a fantastic amount of compute to the GIMPS project.

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online."

Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back." Kahle and his team see the mission of the Internet Archive as a noble one — to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive.

Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year...

[N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive — and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone."
"Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online: As a library community, we are seeing other cyber attacks — for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend."

For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon.

Thank you for your patience and ongoing support.

An anonymous reader shares a report: If you dread the thought of calling to change an airline ticket or negotiate your internet bill, a new artificial intelligence tool may provide a solution. DoNotPay, which offers an assortment of consumer-friendly services like tracking subscriptions, generating burner phone numbers, and searching for unclaimed property, now features a bot that will call customer service numbers for users, navigate through phone menus and sit through hold music, then politely but firmly advocate on users' behalf.

The company shared examples of its AI calling a cellphone provider for help porting a phone number and talking with an airline to cancel a flight within the 24-hour cancellation window. Joshua Browder, CEO and founder of DoNotPay, says getting updates on lost luggage and seeking compensation for flight delays are also common use cases. DoNotPay already offered tools to connect to customer service agents via chat windows, and to draft and send emails, faxes, and even snail mail to companies on behalf of users.

But while the service's artificial intelligence had enough smarts to wait on hold for users, then hand over a call when an agent was available, until recently AI models were not capable of carrying on a convincing voice conversation with a human operator in real time. Browder says that changed with Open AI's GPT-4o model, unveiled in May. "That has reduced the delay by about 70%, so instead of it taking three seconds to come up with a response, it now takes under a second, and that's finally fast enough to hold these phone conversations," he says. "So now we're doing thousands of these calls."