Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission + - Whistleblower reports terrible things due to DOGE (youtube.com) 9

Submitted by echo123
echo123 writes: NLRB employee Daniel Berulis reports on CNN that within 15 minutes of DOGE staff receiving new accounts with access to highly sensitive Department of Labor (DoL) data, someone within Russia logged in with the correct username and password over 20 times, but were rejected by location-related conditional access policies. Additionally a traffic spike of 10Gb of data exiting DoL was witnessed which is highly unusual activity at anytime.

Also, DOGE is using Starlink to exfiltrate data, and Starlink is known to be hacked by Russia.

He also reports this activity is not limited to the DoL, it has been witnessed across the government I.T. infrastructure, and that sensitive databases have recently been exposed to the open internet.

Daniel Berulis also received a clear message to stop looking. Part of the package he received included drone footage of him walking his dog.

Fast forward to 4min 15seconds if you're in a hurry.

= = =

Via Reuters

Berulis alleged in the affidavit that there are attempted logins to NLRB systems from an IP address in Russia in the days after DOGE accessed the systems. He told Reuters Tuesday that the attempted logins apparently included correct username and password combinations but were rejected by location-related conditional access policies.

Berulis' affidavit said that an effort by him and his colleague to formally investigate and alert the Cybersecurity and Infrastructure Security Agency (CISA) was disrupted by higher-ups without explanation.

As he and his colleagues prepared to pass information they'd gathered to CISA he received a threatening note taped to the door of his home with photographs of him walking in his neighborhood taken via drone, Andrew Bakaj, Whistleblower Aid's chief legal counsel, said in his submission to Cotton and Warner.

"Unlike any other time previously, there is this fear to speak out because of reprisal," Berulis told Reuters. "We're seeing data that is traditionally safeguarded with the highest standards in the United States government being taken and the people that do try to stop it from happening, the people that are saying no, they're being removed one by one."

via NPR

The top Democrat on the House Oversight Committee is calling for an investigation into DOGE's access to the National Labor Relations Board following exclusive NPR reporting on sensitive data being removed from the agency.

Ranking Member Gerry Connolly, D-Va., sent a letter Tuesday to acting Inspector General at the Department of Labor Luiz Santos and Ruth Blevins, inspector general at the NLRB, expressing concern that DOGE "may be engaged in technological malfeasance and illegal activity."

"According to NPR and whistleblower disclosures obtained by Committee Democrats, individuals associated with DOGE have attempted to exfiltrate and alter data while also using high-level systems access to remove sensitive information—quite possibly including corporate secrets and details of union activities," Connolly wrote in a letter first shared with NPR. "I also understand that these individuals have attempted to conceal their activities, obstruct oversight, and shield themselves from accountability."

Submission + - 2nd generation Google Chromecasts stop working globaly (tomsguide.com)

Submitted by ospirata
ospirata writes: Users of Chromecast across the globe have reported that their dongles no longer work since Sunday (March 9). The error was firstly reported in the r/googlehome subreddit, and now is being updated by several IT-review sources (Links to Tom's Guide, NotebookCheck, AndroidAuthority)

Google is already working on a fix, which only affects the 2nd generation, including Chromecast Audio. In the meantime, users are advised not to reset to factory's default. But if they did already, a user suggested a hack to set the mobile date to before March 9 2025. So the device is reconnected to your network via Google Home app (in hope to automatically receive the fix, when available)

Submission + - Russian Hackers Targeted California, Indiana Democratic Parties (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: The group of Russian hackers accused of meddling in the 2016 U.S. presidential election earlier this year targeted the email accounts of Democratic state parties in California and Indiana, and influential think tanks in Washington and New York, according to people with knowledge of the matter. The attempted intrusions, many of which were internally flagged by Microsoft Corp over the summer, were carried out by a group often nicknamed “Fancy Bear.” The hackers’ activity provides insight into how Russian intelligence is targeting the United States in the run-up to the Nov. 3 election. The targets identified by Reuters, which include the Center for American Progress, the Council on Foreign Relations and the Washington-based Carnegie Endowment for International Peace, said they had not seen any evidence of successful hacking attempts.

Fancy Bear is controlled by Russia’s military intelligence agency and was responsible for hacking the email accounts of Hillary Clinton’s staff in the run-up to the 2016 election, according to a Department of Justice indictment filed in 2018. News of the Russian hacking activity follows last month's announcement here by Microsoft that Fancy Bear had attempted to hack more than 200 organizations, many of which the software company said were tied to the 2020 election. Microsoft was able to link this year's cyber espionage campaign to the Russian hackers through an apparent programming error that allowed the company to identify a pattern of attack unique to Fancy Bear, according to a Microsoft assessment reviewed by Reuters. The thrust of espionage operations could not be determined by Reuters. The Office of the Director of National Intelligence said in August here that Russian operations were attempting to undermine the campaign of presidential candidate Joe Biden.

Comment Re:Just use Postgresql (Score 1) 336

by einhverfr (#41045287) Attached to: Is MySQL Slowly Turning Closed Source?

But there is a huge difference.

For MySQL, the database primarily serves the application. The boss is the app developer who gets to tell the db (through the app) whether to treat zero dates as valid or not, or whether 2009-02-30 is a valid date. The app dev is king. This works well enough when there is only one application writing to any given relation (many readers is not a problem there because the writing app is king). But it doesn't work well as a data centralization and management solution. If you have 20 apps writing to the db and they may all be using different sql_mode settings, that is going to be a mess if they share relations.

For PostgreSQL, data is king. The applications consume managed data. The DBA is the one who gets to make the hard calls and every app developer gets to live with the decisions made. MySQL is thus a bottom app tier while PostgreSQL is a data management and centralization solution. They are *very different* and if you have 20 apps sharing the same relations, PostgreSQL will be far saner because multiple readers do not have to tolerate eachothers' sql_mode settings.

Comment Re:Just use Postgresql (Score 1) 336

by einhverfr (#41045153) Attached to: Is MySQL Slowly Turning Closed Source?

Well typically the installation is run as a root user (it doesn't have to be) because of file permissions considerations. However, it runs as a non-root-user and will actually fail to start if you try to run as root.

However there is absolutely no reason you can't run initdb as any user you'd like. you can't set up the startup scripts as a non-root user though for obvious reasons.

Comment Re:Absolutely amazed by this decision (Score 1) 385

by rodgerd (#40533603) Attached to: Used Software Can Be Sold, Says EU Court of Justice

Not necessarily. In the short term, I'm guessing Oracle will just make support, patches[1], and so on contingent on having a new-from-them license. Other "enterprise" vendors will do the same.

For stuff like Windows and whatnot, sure. But the business model Oracle were suing to prevent isn't that hard to cripple.

[1] Not that Oracle actually do meaningful security patching, e.g. TNSpoison.

Comment Re:Why not, it's just another work tool (Score 1) 364

by einhverfr (#39096137) Attached to: Ask Slashdot: Companies That Force Employees To Join Social Networks?

Also, I try to use social networking really with three categories of activities in mind:

1) Self-promotion: This stuff always goes on the social networking media. That';s what the media is there for!

2) Public thoughts: This is sort of like a mini-blog service. Things can go there if audience-appropriate.

3) Private activities and thoughts: No way in hell am I putting those on a social networking site!

Comment Re:What's the problem? (Score 1) 355

There is a great deal to learn from history. We might not always be able to avoid the hard lessons, but the easy lessons (i.e. what has worked) is far more productive anyway. And I think technology changes things less than you might think.... The technology is different but the human needs are the same, and the human flaws too.....

Comment Re:What's the problem? (Score 2) 355

Well, there are actually two uses for the yellow dots.

The first is tracking fake documents back to their source. There your idea has some merit.

The other is noting that a document was printed on a laser printer anyway. For example, TSA agents look at all id's with a blue light, presumably looking for these dots. A magnifying glass, looking at microprint on, say, passports would get further than the yellow light, and would not be more expensive or time consuming. Indeed the same magnifying glass might even show these yellow dots. The current scheme only catches cheap fakes. Someone mounting a major counterfeiting operation for things like visas and passports would use better technology than that though.

The issue that this is a cheap way to identify fakes is very dangerous because it is fairly easy to circumvent.

Slashdot Top Deals

A triangle which has an angle of 135 degrees is called an obscene triangle.

Close