It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Campbell, Calif. based Barracuda said it hired incident response firm Mandiant on May 18 after receiving reports about unusual traffic originating from its Email Security Gateway (ESG) devices, which are designed to sit at the edge of an organization's network and scan all incoming and outgoing email for malware. On May 19, Barracuda identified that the malicious traffic was taking advantage of a previously unknown vulnerability in its ESG appliances, and on May 20 the company pushed a patch for the flaw to all affected appliances (CVE-2023-2868).

In its security advisory, Barracuda said the vulnerability existed in the Barracuda software component responsible for screening attachments for malware. More alarmingly, the company said it appears attackers first started exploiting the flaw in October 2022. But on June 6, Barracuda suddenly began urging its ESG customers to wholesale rip out and replace -- not patch -- affected appliances. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company's advisory warned. "Barracuda's recommendation at this time is full replacement of the impacted ESG." [...] In addition to replacing devices, Barracuda says ESG customers should also rotate any credentials connected to the appliance(s), and check for signs of compromise dating back to at least October 2022 using the network and endpoint indicators the company has released publicly.

Prof Henning Wackerhage, a molecular exercise physiologist on the team at the Technical University of Munich, said a trial would compare how humans fared after taking daily taurine or placebo supplements. "It will probably be very difficult to look at whether they live longer, but at least we can check if they live healthier for longer, and that of course is the goal for medicine."

Yadav's team homed in on taurine as a potential driver of the ageing process in 2012 when an analysis of blood compounds found that levels of the amino acid dropped dramatically with age in mice, monkeys and humans. By the age of 60, taurine levels in a typical person slumped to one-third of that seen in five-year-olds, they found. The discovery prompted the team to test the impact of extra taurine on middle-aged mice. "Whatever we checked, taurine-supplemented mice were healthier and appeared younger than the control mice," Yadav said, noting they had denser bones, stronger muscles, better memory and younger looking immune systems. "Taurine made animals live healthier and longer lives by affecting all the major hallmarks of ageing." Beyond improving health, mice on taurine lived longer -- on average an extra 10% for males and 12% for females, amounting to an additional three to four months, the equivalent of seven or eight human years. A comparable dose for humans would be three to six grams a day.

The scientists next looked at whether boosting taurine benefited animals that were much closer biologically to humans. A six-month trial in middle-aged macaques found that a daily taurine pill appeared to boost health by preventing weight gain, lowering blood glucose and improving bone density and the immune system. Other evidence suggests taurine supplementation may have some effect in humans. Yadav and his team analysed medical data from 12,000 Europeans aged 60 and over. Those with higher taurine levels had less obesity, type 2 diabetes and high blood pressure, and lower levels of inflammation. Strenuous sessions on an exercise bike were found to boost taurine levels, the researchers report in Science.

Without a major trial to demonstrate the safety or any benefits of taurine supplements, the scientists are not recommending people boost their intake through pills, energy drinks or dietary changes. Taurine is made naturally in the body and is found in meat and shellfish diets, but the healthiest diets are largely plant-based. Some energy drinks contain taurine, but the scientists warn they also contain other substances that may not be safe to consume at high levels.

"While research and development of AI is worthwhile, it is irresponsible to unleash a system on the public that is known to make up 'facts' about people," his attorney John Monroe told The Register. According to the complaint, a journalist named Fred Riehl, while he was reporting on a court case, asked ChatGPT for a summary of accusations in a complaint, and provided ChatGPT with the URL of the real complaint for reference. (Here's the actual case [PDF] the reporter was trying to save time on reading for those curious.)

What makes the situation even odder is that the case Riehl was reporting on was actually filed by a group of several gun rights groups against Washington's Attorney General's office (accusing officials of "unconstitutional retaliation", among other things, while investigating the groups and their members) and had nothing at all to do with financial accounting claims. When Riehl asked for a summary, instead of returning accurate information, or so the case alleges, ChatGPT "hallucinated" that Mark Walters' name was attached to a criminal complaint -- and moreover, that it falsely accused him of embezzling money from The Second Amendment Foundation, one of the organizations suing the Washington Attorney General in the real complaint.

ChatGPT is known to "occasionally generate incorrect information" -- also known as hallucinations, as The Register has extensively reported. The AI platform has already been accused of writing obituaries for folks who are still alive, and in May this year, of making up fake legal citations pointing to non-existent prior cases. In the latter situation, a Texas judge said his court would strike any filing from an attorney who failed to certify either that they didn't use AI to prepare their legal docs, or that they had, but a human had checked them. [...] According to the complaint, Riehl contacted Alan Gottlieb, one of the plaintiffs in the actual Washington lawsuit, about ChatGPT's allegations concerning Walters, and Gottlieb confirmed that they were false. None of ChatGPT's statements concerning Walters are in the actual complaint.

The false answer ChatGPT gave Riehl alleged that Walters was treasurer and Chief Financial Officer of SAF and claimed he had "embezzled and misappropriated SAF's funds and assets." When Riehl asked ChatGPT to provide "the entire text of the complaint," it returned an entirely fabricated complaint, which bore "no resemblance to the actual complaint, including an erroneous case number." Walters is looking for damages and lawyers' fees. We have asked his attorney for comment. As for the amount of damages, the complaint says these will be determined at trial, if the case actually gets there.

This is likely the next step in a domino effect that should solidify NACS as the new charging standard for electric cars in North America. When Tesla announced last year that it opened up its proprietary charging connector to try to make it the industry standard in North America, we thought it might be too little too late, despite agreeing that Tesla's plug was a much superior design than the current CCS standard. However, we were proven wrong last month when Ford announced that it will integrate the NACS in its future electric vehicles.

GM CEO Mary Barra confirmed that General Motors will also adopt NACS with the help of Tesla in future electric vehicles. Barra made the announcement with Tesla CEO Elon Musk on Twitter. She said that the first vehicles with the plug will come in 2025 and like Ford, GM EV owners will all have access to Tesla's Supercharger network starting in 2024 with a CCS to NACS adapter. Like Ford, GM's Bara referenced the more efficient design of Tesla's connector and the "robustness" of Tesla's Supercharger network as reasons to adopt the standard.

Mark Zuckerberg doesn't seem fazed by Apple's introduction of the Vision Pro. In a companywide meeting with Meta employees today that The Verge watched, the CEO said Apple's device didn't present any major breakthroughs in technology that Meta hadn't "already explored" and that its vision for how people will use the device is "not the one that I want." He also pointed to the fact that Meta's upcoming Quest 3 headset will be much cheaper, at $499 compared to the Vision Pro's $3,499 price tag, giving Meta the opening to reach a wider user base.

"I think that their announcement really showcases the difference in the values and the vision that our companies bring to this in a way that I think is really important," Zuckerberg told employees, who were gathered at the company's Menlo Park, California, headquarters for its first all-hands meeting since 2020. Zuckerberg said that the Quest is about "people interacting in new ways and feeling closer" while also "about being active and doing things." "By contrast, every demo that they showed was a person sitting on a couch by themself," he said of Apple's WWDC keynote earlier this week. "I mean, that could be the vision of the future of computing, but like, it's not the one that I want."

Google's chief people officer, Fiona Cicconi, wrote an email to employees at the end of the day on Wednesday, which included doubling down on office attendance, reasoning that "there's just no substitute for coming together in person." "Of course, not everyone believes in 'magical hallway conversations,' but there's no question that working together in the same room makes a positive difference," Cicconi's email read. "Many of the products we unveiled at I/O and Google Marketing Live last month were conceived, developed and built by teams working side by side."

Her note said the company will start including their three days per week as a part of their performance reviews and teams will start sending reminders to workers "who are consistently absent from the office." Cicconi even asked already-approved remote workers to reconsider. "For those who are remote and who live near a Google office, we hope you'll consider switching to a hybrid work schedule. Our offices are where you'll be most connected to Google's community." A separate internal document showed that already-approved remote workers may be subject to reevaluation if the company determines "material changes in business need, role, team, structure or location."

In the U.S., the company will periodically track whether employees are adhering to the office attendance policy using badge data, and executives are currently reviewing local requirements to implement in other countries, one of the documents states. If workers don't follow the policy after an extended period of time, human resources will reach out about "next steps." Going forward, Cicconi said, new fully remote work will only be granted "by exception only."

The bill, HB61, would ban "interactive computer services" from allowing people under 18 to sign up for their own accounts without parental consent. The bill's definition of online services is extremely broad, seemingly barring minors from creating social media accounts on sites like Instagram, accessing popular online games like Roblox and Fortnite, or even registering for an email address. The bill also goes as far as allowing parents to cancel the terms of service contracts their children entered into when signing up for existing accounts.

As of publication, it's unclear how the state plans to enforce these new rules, but it calls on state entities to review the bill and provide feedback before it would go into effect. The Louisiana State Legislature passed the bill unanimously on Tuesday, sending it to Gov. John Bel Edwards' desk for final approval. The ban would go into effect August 1st of next year if he chooses to sign it.

During the pandemic, the demand for smart TVs dwindled as the supply chain for critical TV components became unreliable and consumers began tightening up on frivolous spending. Amid this smart TV demand slump, one of the world's top TV chipmakers, Taiwan-based Realtek, was hit with multiple meritless lawsuits by an alleged patent troll, Future Link Systems. These actions, Realtek said, drained its resources, made Realtek appear unreliable as a TV-chip supplier, and created "the harmful illusion of supply chain uncertainties in an already constrained industry." Determined to defend its reputation and maintain its dominant place in the market, Realtek filed a lawsuit (PDF) this week in a US district court in California. In it, the TV chipmaker alleged that Future Link launched "an unprecedented and unseemly conspiracy" with the world's leading TV-chip supplier, Taiwan-based MediaTek, and was allegedly paid a "bounty" to file frivolous patent infringement claims intended to drive Realtek out of the TV-chip market.

The scheme allegedly worked like this: Future Link "intentionally and knowingly" asked a US district court in Texas and the US International Trade Commission "for injunctions prohibiting importation of Realtek TV Chips and devices containing the same into the United States," Realtek alleged. This allowed MediaTek to reap the benefits of diminished competition in that market, Realtek claimed. Today, Reuters reported that MediaTek has officially responded to Realtek's allegations, vowing to defend itself against the lawsuit and claiming that MediaTek will supply evidence to dispute Realtek's claims.

Realtek's lawsuit seeks a jury trial to fight back against MediaTek and Future Link, as well as IPValue Management, which the complaint said owns and operates Future Link. The TV chipmaker alleged that defendants violated unfair competition laws in California, as well as federal laws. Any damages won from the lawsuit will be donated to charity, Realtek said. Realtek's complaint likens MediaTek to "robber barons of the Industrial Age," allegedly seeking to destroy competition and secure a monopoly in the TV-chip market. "With this action, Realtek seeks to stop a modern robber baron and its hired henchmen, protect itself from ongoing injury, and guard against the destruction of competition in the critical semiconductor industry by holding defendants accountable for their conspiracy," the complaint said.

At an all-hands meeting with workers on Thursday, Zuckerberg announced a range of technologies at various stages of development, with some for internal use but many designed directly for consumers. One, for example, will allow customers to use a text prompt to modify their own photos and share them in Instagram Stories.

Another will bring AI agents with different personalities and capabilities to help or entertain. That's focused initially for use in Messenger and WhatsApp. The company is also hosting an internal hackathon in July focused on generative AI.

The Downloader app, which combines a web browser with a file manager, is back in the Google Play Store after an absence of nearly three weeks. As we previously reported, Google suspended the app based on a Digital Millennium Copyright Act (DMCA) complaint from several Israeli TV companies that said the app "allows users to view the infamous copyright infringing website known as SDAROT." But that same website could be viewed on any standard browser, including Google's own Chrome app.

"The app was removed on May 19th due to the DMCA takedown request," developer Elias Saba wrote in a blog post today. "Instead of recognizing the absurdity of the claim that a web browser is somehow liable for all the unauthorized use of copyrighted content on the Internet, Google took a backseat and denied my appeal to have the app reinstated." The free app has been downloaded over 5 million times on Google Play and is available on the Amazon app store for devices such as Fire TVs. In addition to the rejected appeal, Saba filed a DMCA counter notification with Google. That "started a 10-business-day countdown for the [TV companies'] law firm to file legal actions against me," Saba wrote today. "Due to the app being removed on a Friday and the Memorial Day holiday, 10 business days had elapsed with no word from the law firm on June 6th and I contacted Google to have the app reinstated."

Today, the tech giant announced that Password Manager, which generates unique passwords and autofills them across platforms, will soon gain biometric authentication on PC. (Android and iOS have had biometric authentication for some time.) When enabled, it'll require an additional layer of security, like fingerprint recognition or facial recognition, before Chrome autofills passwords.

Exactly which types of biometrics are available in Password Manager on desktop will depend on the hardware attached to the PC, of course (e.g. a fingerprint reader), as well as whether the PC's operating system supports it. Beyond "soon," Google didn't say when to expect the feature to arrive.

In order to avoid incurring charges I will delete Apollo's API token on the evening of June 30th PST. Until that point, Apollo should continue to operate as it has, but after that date attempts to connect to the Reddit API will fail. I will put up an explainer in the app prior to that which will go live at that date. I will also provide a tool to export any local data you have in Apollo, such as filters or favorites.

The world is rapidly running out of "carbon budget," the amount of carbon dioxide that can be poured into the atmosphere if we are to stay within the vital threshold of 1.5C above pre-industrial temperatures, according to a study published in the journal Earth System Science Data on Thursday.

Only about 250bn tonnes of carbon dioxide can now be emitted, to avoid the accumulation of CO2 in the atmosphere that would raise temperatures by 1.5C. That is down from 500bn tonnes just a few years ago, and at current annual rates of greenhouse gas emissions, of about 54bn tonnes a year over the past decade, it would run out well before the end of this decade. Prof Piers Forster, the director of the Priestley Centre for Climate Futures at the University of Leeds, and lead author of the paper, said: "This is the critical decade for climate change. Decisions made now will have an impact on how much temperatures will rise and the degree and severity of impacts we will see as a result."

Apple and Epic, in separate court filings, mounted challenges to a ruling by a three-judge panel of the San Francisco-based 9th U.S. Circuit Court of Appeals. Lawyers for the two companies said the panel should rehear the case or the court should convene "en banc," as an 11-judge panel, to reconsider the dispute. The April three-judge ruling upheld a 2021 order in California federal court in Epic's lawsuit which accused Apple of unlawfully requiring software developers to pay up to 30% in commissions on consumers' in-app purchases.

The trial judge found that Apple violated a California state unfair competition law, but not U.S. antitrust provisions. Apple's new filingchallenged a nationwide injunction over conduct Apple said was "procompetitive and does not violate the antitrust laws." Epic's 9th Circuit filing argued that its claims against Apple directly implicate the "core purpose" of U.S. antitrust law to foster competition. Epic also argued that the appeals court did not conduct a "rigorous" balancing between asserted asserted consumer benefits and anticompetitive effects of Apple's practices.

Link Tracking Protection is a new feature automatically activated in Mail, Messages, and Safari in Private Browsing mode. It detects user-identifiable tracking parameters in link URLs, and automatically removes them.

Adding tracking parameters to links is one way advertisers and analytics firms try to track user activity across websites. Rather than storing third-party cookies, a tracking identifier is simply added to the end of the page URL. This would circumvent Safari's standard intelligent tracking prevention features that block cross-site cookies and other methods of session storage. Navigating to that URL allows an analytics or advertising service at the destination to read the URL, extract those same unique parameters, and associate it with their backend user profile to serve personalized ads.