The New York Times reports on "an intense policy struggle" in America's national and state governments:

-On one side, large electric utilities and President Biden want to build thousands of miles of power lines to move electricity created by distant wind turbines and solar farms to cities and suburbs.

- On the other, some environmental organizations and community groups are pushing for greater investment in rooftop solar panels, batteries and local wind turbines.

And the result "could lock in an energy system that lasts for decades." At issue is how quickly the country can move to cleaner energy and how much electricity rates will increase... The option supported by Mr. Biden and some large energy companies would replace coal and natural gas power plants with large wind and solar farms hundreds of miles from cities, requiring lots of new power lines. Such integration would strengthen the control that the utility industry and Wall Street have over the grid. "You've got to have a big national plan to make sure the power gets from where it is generated to where the need is," Energy Secretary Jennifer Granholm said in an interview.

But many of Mr. Biden's liberal allies argue that solar panels, batteries and other local energy sources should be emphasized because they would be more resilient and could be built more quickly... In all probability, there will be a mix of solutions that include more transmission lines and rooftop solar panels. What combination emerges will depend on deals made in Congress but also skirmishes playing out across the country...

As millions of California homes went dark during a heat wave last summer, help came from an unusual source: batteries installed at homes, businesses and municipal buildings. Those batteries kicked in up to 6 percent of the state grid's power supply during the crisis, helping to make up for idled natural gas and nuclear power plants. Rooftop solar panels generated an additional 4 percent of the state's electricity... California showed that homes and businesses don't have to be passive consumers. They can become mini power plants, potentially earning as much from supplying energy as they pay for electricity they draw from the grid. Home and business batteries, which can be as small as a large television and as big as a computer server room, are charged from the grid or rooftop solar panels...

Regulators generally allow utilities to charge customers the cost of investments plus a profit margin, typically about 10.5 percent, giving companies an incentive to build power plants and lines... A 2019 report by the National Renewable Energy Laboratory, a research arm of the Energy Department, found that greater use of rooftop solar can reduce the need for new transmission lines, displace expensive power plants and save the energy that is lost when electricity is moved long distances. The study also found that rooftop systems can put pressure on utilities to improve or expand neighborhood wires and equipment.
The director of a Chicago-based environmental nonprofit tells the Times that "Solar energy plus storage is as transformative to the electric sector as wireless services were to the telecommunications sector."

In a weird twist, fossil fuel companies are now joining forces with local groups (including environmental groups) to fight the construction of new power lines.

Business Insider reports: A huge underground cryptocurrency mining operation has been busted by Ukraine police for allegedly stealing electricity from the grid. Police said they'd seized 5,000 computers and 3,800 games consoles that were being used in the illegal mine, the largest discovered in the country.

The mine, in the city of Vinnytsia, near Kyiv, stole as much as $259,300 in electricity each month, the Security Service of Ukraine said. To conceal the theft, the operators of the mine used electricity meters that did not reflect their actual energy consumption, officials said.

"Such illegal activity could lead to power surges and left people without electricity," the security service said.

"The giant ransomware attack against Kaseya might have been entirely avoidable," writes Engadget: Former staff talking to Bloomberg claim they warned executives of "critical" security flaws in Kaseya's products several times between 2017 and 2020, but that the company didn't truly address them... Employees reportedly complained that Kaseya was using old code, implemented poor encryption and even failed to routinely patch software. The company's Virtual System Administrator, the remote maintenance tool that fell prey to ransomware, was supposedly rife with enough problems that workers wanted the software replaced.

One employee claimed he was fired two weeks after sending executives a 40-page briefing on security problems. Others simply left in frustration with a seeming focus on new features and releases instead of fixing basic issues. Kaseya also laid off some employees in 2018 in favor of outsourcing work to Belarus, which some staff considered a security risk given local leaders' partnerships with the Russian government.

Kaseya has declined to comment...

The company's software was reportedly used to launch ransomware at least twice between 2018 and 2019, and it didn't significantly rethink its security strategy.
Engadget adds the Kaseya's software "was reportedly used to launch ransomware at least twice between 2018 and 2019, and it didn't significantly rethink its security strategy."

UPDATE: Branson's done it. "In a live broadcast during the vehicle's descent, Branson called the trip, 'an experience of a lifetime,'" reports NBC News: Branson's flight took off Sunday morning at around 10:30 a.m. ET, although the launch time was delayed by around 90 minutes because of overnight weather conditions at Spaceport America...

Branson was joined on his flight by pilots Dave Mackay and Michael Masucci and three mission specialists, all of whom are employees of Virgin Galactic: Chief astronaut instructor Beth Moses, lead operations engineer Colin Bennett and government affairs vice president Sirisha Bandla.

Virgin Galactic is expected to conduct several additional test flights before beginning commercial operations with private customers next year. The company has said the suborbital joyrides will likely cost more than $250,000 each, but final pricing has not yet been announced...

"It's taken 17 years to get to this flight, and of course a lot of personal wealth has been poured into it, but it also shows that this takes tenacity," said Greg Autry, a space policy expert at Arizona State University.
Earlier in the day, Virgin Galactic's Twitter feed shared a nice clip of the astronauts arriving on the launch site.

CBS News streamed their own live coverage at the top of this web page (as well as in their CBSN app), but also reported on the other options: With typical Branson fanfare, Sunday's flight will be broadcast live across Virgin Galactic's social media platforms, featuring appearances by Stephen Colbert and retired Canadian space station astronaut Chris Hadfield, along with the performance of a new song by singer-songwriter Khalid. Even SpaceX founder Elon Musk plans to be watching. "Will see you there to wish you the best," he tweeted Saturday.
And what did Jeff Bezos have to say before Branson launched his history-making flight? "Wishing you and the whole team a successful and safe flight tomorrow. Best of luck!"

Saturday CBS News offered this description of Branson's hopes: Richard Branson, the globe-trotting media mogul and founder of Virgin Galactic, plans to rocket into space Sunday morning on a flight that would make him the first owner of a private space company to launch aboard one of his own spacecraft. If all goes well, he will beat rival Jeff Bezos of Blue Origin, who is set to launch on July 20. Branson, two company pilots and three Virgin Galactic crewmates are launching from Spaceport America, near Truth or Consequences, New Mexico, on what's expected to be at least an hour-long flight, reaching altitudes a little over 50 miles above the Earth.

In two hours, Richard Branson (and five other Virgin Galactic employees) will attempt a historic flight to the edge of outer space. Bloomberg points out it will be followed 9 days later by Jeff Bezos's rocket trip with Blue Origin on July 20.

"Yeah, there's a little bit of competition in the who's going first or when things are happening," Virgin President Mike Moses, a former space shuttle manager at NASA, told CBS News. "But it's really not a race. It's not a competition. I know that sounds maybe a little shallow or disingenuous, but it's not. "It's a small community. I know dozens of people who work at Blue Origin, I know dozens and dozens of people at SpaceX, and we all used to work together at NASA. And I wish every single one of them the best.... Because all of us together is what's going to get humans into space and our culture to recognize that space travel is the foundation for the future for everyone..."

"This has been a long journey for him," Mike Moses said of Branson. "He's like a kid in a candy store here in training this week. He's bouncing around, he's happy, excited. ... But that excitement is really infectious. And so the whole crew is feeling it."
CNN points out that Branson has "narrowly avoided being killed numerous times in his nearly 71 years," including dangerous stunts like bunjee jumping that left him bloody and injured, as well as accidents during long-distance balloon flights while attempting to set records.

Here's how Branson describes some of them in his second autobiography, "Finding My Virginity," which includes an appendix called "75 Close Shaves": 1972: Survived a fishing boat sinking on honeymoon with my first wife, Kristen, off Mexico. We decided to jump off the boat and swim for shore, while the others stayed put -- we were the only survivors.

1976: Flew a microlight aircraft by mistake. It was the first time I'd sat in it, I had no idea how to fly it and accidentally took off. I was pulling wires out desperately. I cut the engine and managed to crash-land into a field. My instructor died in an accident the next day...

1986: On my first time skydiving, there was one cord that opened the parachute and one that got rid of it. I pulled the wrong cord by mistake. I was falling through the air before an instructor managed to yank my spare ripcord...

1989: I decided to make an entrance to my wedding with Joan, dangling from a helicopter in an all-white suit. I dropped into the shallow end of the pool by mistake, smashed my legs, and spent the whole wedding hobbling.

Remote-worker incentive programs are gradually expanding beyond Hawaii, Vermont, Indiana, and Tulsa, Oklahoma. Now Charleston, West Virginia is offering a $5,000 "relocation credit" to remote workers. And Ascend WV is offering $12,000 (with a year of free whitewater rafting, rock climbing and skiing...)

Politico discussed the strategies behind luring remote workers with former Intuit CEO Brad Smith (who helped launch the Ascend WV program) and Jim Justice, the state's billionaire governor: At a news conference in April, Justice announced the launch of the program alongside a bill signing of legislation that overhauls the state's corporate income tax law that he said would make West Virginia "the most attractive state in the nation for remote workers and for all businesses." A joyful Justice called West Virginians "frogs proud of their own pond" and labeled Ascend the No. 1 remote worker relocation program in the nation...

The idea is that West Virginia can become "the start-up state," Smith explains to me on a call from his home in Menlo Park, Calif. If you can incentivize ambitious, business minded folks to give overlooked West Virginia a chance, they'll fall in love with the place and stay for good, setting off a domino effect to jumpstart the state economy by creating new businesses and hiring locally, all while giving back to the state in tax dollars along the way and reversing the population decline. And the pool of remote workers is tenfold what it was before the pandemic now that employers everywhere are changing the way they view office work, which could mean high earners will consider a place with a low cost of living where their money can go further — like West Virginia.

A key selling point for Smith is that Ascend participants won't be competing for local jobs; they already have jobs elsewhere. Instead, they'll be spending their money locally, engaging with the community and seeing a place they never would have given a chance before, Smith says... "And their income is taxed in our state, which then creates tax funds to invest in infrastructure."

Prithwiraj Choudhury, a professor at Harvard Business School who studies remote work, believes programs like Ascend can have a positive long-term impact for host cities and will be a "game changer" for places like West Virginia. The Tulsa Remote program, operated by the George Kaiser Family Foundation, has shown payoff in both income tax revenue, projecting a boost of $1.4 million in 2020, and in community engagement; many of the 300-some participants continue to volunteer locally, according to Choudhury's research. Twenty-seven homes have been purchased by Tulsa Remote workers, according to the latest count. "Work from anywhere is here to stay, and people are going to relocate both permanently and for short durations," Choudhury said. "I think policy makers and politicians should view this as an opportunity for attracting tech workers and future entrepreneurs."

That focus on making outsiders happy, though, is at the root of the criticism of programs like Ascend.

CNN reports: As the bitcoin craze took off in 2017, a Long Island iced tea company sent its share price spiking as much as 380% merely by announcing a "pivot" to blockchain technology. Long Island Iced Tea Corp. even changed its name to Long Blockchain Corp. At the time, the episode underscored the excessive hype around the crypto space.

Now, regulators say the name change was at the heart of an illegal insider trading scheme.The Securities and Exchange Commission charged three people Friday with insider trading in advance of the announcement that sent Long Island Iced Tea Corp.'s stock price to the moon... December 21, 2017, Long Island Iced Tea Corp., until that point exclusively a soft drink maker, announced its makeover, describing the pivot to blockchain as a "once-in-a-generation opportunity."

Even though the company had no actual business tied to blockchain at the time, and no experience in the cryptocurrency space, its Nasdaq-listed share price skyrocketed and trading volume spiked by 1,000%.
But the company's leading shareholder had told a broker/stockholder who'd then tipped off a stock-trading friend (who within two hours of the announcement ended up with "$160,000 in illicit profits," the SEC said). CNN adds that all three have now been charged with insider trading.

"The SEC said Long Blockchain was delisted by the Nasdaq in February for allegedly making a 'series of public statements designed to mislead investors and to take advantage of the general investor interest in bitcoin and blockchain technology.'"

An anonymous reader quotes a report from NPR: Barry Diller made his name in the film industry as the chairman and CEO of two Hollywood studios, Paramount Pictures and what was then 20th Century Fox. Now, he is declaring the industry dead. "The movie business is over," Diller said in an exclusive interview with NPR on the sidelines of the Allen & Company Sun Valley Conference, a media and technology conference in Idaho. "The movie business as before is finished and will never come back." Yes, that has to do with a substantial decline in ticket sales and the closure of movie theaters during the coronavirus pandemic. But Diller, the chairman and senior executive of IAC, a company that owns Internet properties, said, "It is much more than that."

According to Diller, who ran Paramount and Fox several decades ago, streaming has altered the film industry in substantial ways, including the quality of movies now being made. Last year, several media conglomerates, including Disney and WarnerMedia, decided to debut new releases in movie theaters and on streaming services simultaneously. That was a radical change, and theater chains protested it. "There used to be a whole run-up," Diller said, remembering how much time, energy and money studios invested in distribution and publicity campaigns. The goal, he said, was to generate sustained excitement and enthusiasm for new movies. "That's finished," he said.

The way companies measure success is also different, according to Diller. "I used to be in the movie business where you made something really because you cared about it," he said, noting that popular reception mattered more than anything else. When asked about Quibi, the now-defunct streaming platform founded by Jeffrey Katzenberg, the former chairman of Walt Disney Studios, Diller said: "Quibi was just a bad idea. I mean, it's that simple."

"It was a bad idea that had no testing ground other than a big-scale investment," Diller said. "Otherwise, it would have slithered around for a while. But it was such a big-scale thing that it lived and died in a millisecond." Diller added: "It has no relevance on anything. The idea of professional, A-quality 10-minutes-or-less stuff just made no sense."

An anonymous reader quotes a report from Motherboard: You may have noticed recently that an Uber ride is more expensive than it used to be. As ride-hail companies Uber and Lyft hike prices to record heights during the COVID-19 pandemic, much commentary has settled on explaining this as a consequence of a "labor shortage" largely motivated by a lack of proper financial incentives. Drivers, the story goes, saw the new cash bonuses offered by companies to lure workers back as insufficient. Some, perhaps, decided they were not worth the risk of getting infected with COVID-19 or one of its budding variants, while other analyses suggested drivers were content with living on stimulus funds rather than money from driving. At the same time, the firms began curtailing subsidies that kept prices low enough to attract riders and work towards monopoly. Together, this has left us with a sudden and massive spike in ride-hail prices; Gridwise, a ride-hail driver assistance app, estimated that Uber has increased its prices by 79 percent since the second quarter of 2019.

While Uber and Lyft are reportedly thinking about offering new perks such as education, career, and expense programs, analysts admit these don't strike at core problems with the gig economy that were driving workers away before COVID-19 hit and are making it difficult to attract them now. In conversations with Motherboard, former and current ride-hail drivers pointed to a major factor for not returning: how horrible it is to work for Uber and Lyft. For some workers, this realization came long before the pandemic reared its head, and for others, the crisis hammered it home. Motherboard has changed some drivers' names or granted them anonymity out of their fear of retaliation. "If I kept driving, something was going to break," said Maurice, a former driver in New York who spent four years working for Uber and Lyft before the pandemic. "I already go nights without eating or sleeping. My back hurt, my joints hurt, my neck hurt, I felt like a donkey. Like a slave driving all the time."

"I've been driving for six years. Uber has taken at least 10,000 pounds in commission from me each year! They take 20 percent of my earnings, then offer me 200 pounds," Ramana Prai, a London-based Uber driver, told Motherboard. "I don't understand how they can take 60,000 pounds from me, then offer nothing when I'm in need. How can I provide for my partner and two kids with this? My employer has let me down."

"I woke up every day asking how long I could keep it up, I just didn't feel like a person," Yona, who worked for Lyft in California for the past six years until the pandemic, told Motherboard. "I got two kids, my mother, my sister, I couldn't see them. And I was doing all this for them but I could barely support them, barely supported myself."

"I was making even less than my sister and I was probably less safe too," Yona's sister, Destiny, told Motherboard. "She got out back in the spring, I hopped on and was coming back negative some days. I tried UberEats and DoorDash to see if that was any better, but stopped after a friend was almost robbed on a delivery. Okay, so the options are get covid or get robbed, then guess what: I'm doing none of them."

Motherboard argues that the degrading working conditions, as well as the poor pay, "are structurally necessary for ride-hail companies. They were necessary to attract and retain customers with artificially low prices, to burn through drivers at high rates that frustrate labor organizing, and bolster the narrative of gig work as temporary, transient, and convenient. It's no wonder, then, that drivers aren't coming back."

Microsoft is to give its non-executive staff a $1,500 bonus for their work during the pandemic. From a report: The company told the BBC it was a symbol of appreciation "during a uniquely challenging year." It added: "We are proud to recognise our employees with a one-time monetary gift." In the first quarter of 2021 Microsoft's profits rose 38% on the same period last year. The Verge reported that employees below vice-president level who joined no later than 31 March 2021 would receive the payment, including part-time workers. The big tech firms have done well during the pandemic and Microsoft is not the only firm to have made bonus payments to staff. In March 2020, Facebook gave employees a $1,000 bonus to help them with increased expenses caused by the pandemic, such as those associated with setting up a home office. Google made a similar $1,000 payment in May 2020. In December, Amazon gave front-line employees a $300 dollar bonus with part-time workers receiving $150.

The US Department of Commerce has sanctioned 14 Chinese tech companies over links to human rights abuses against Uyghur Muslims in Xinjiang, including one backed by a top Silicon Valley investment firm. From a report: DeepGlint, also known as Beijing Geling Shentong Information Technology Co., Ltd., is a facial recognition company with deep ties to Chinese police surveillance, and funding from US-based Sequoia Capital. Today the Commerce Department added it to its Entity List, which restricts US companies from doing business with listed firms without a special license. Sequoia did not immediately respond to a request for comment. DeepGlint co-founded a facial recognition lab in 2018 with Chinese authorities in Urumqi, the capital of Xinjiang, according to the South China Morning Post. It has also gained international bragging rights through the US National Institute of Standards and Technology's (NIST) Face Recognition Vendor Test. DeepGlint claimed top accuracy in the test as of January 2021, giving it a potent marketing tool in the security and surveillance industry. While DeepGlint has been accepted for a public offering on Shanghai's STAR stock exchange, the firm hasn't seen the commercial success of other AI startups in the country, explained Jeffrey Ding in his ChinAI newsletter last month. Since the firm is so heavily invested in government work, it has to follow slow government procurement cycles and is unlikely to score huge infrastructure projects, Ding writes.

In its latest rebuke to the ride-hailing giant Didi, China ordered 25 more of the company's apps removed from mobile stores on Friday, deepening the regulatory maelstrom that has engulfed the company since it went public on the New York Stock Exchange last week. From a report: The country's internet regulator said in its 10 p.m. announcement that the apps -- which include Didi's car-pooling app, its finance app and its app for corporate customers -- showed problems related to the collection and use of personal data. The latest announcement was nearly identical to one the same agency issued on Sunday, ordering a halt to downloads of Didi's main, consumer-facing app for the same reason. That order followed a separate one two days before that told Didi to stop registering new users while officials conducted a checkup of the company's network security practices. None of these recent commands offered any detail about the specific data and security problems that aroused officials" concerns. In a statement that was posted after midnight on Chinese social media, Didi said it would "sincerely accept and resolutely obey" the demands.

Beijing's sudden moves against Didi, which has been celebrated for years in China as a homegrown innovator and industry pacesetter, have jolted the company's new Wall Street shareholders. The clampdown has also spooked investors and start-ups in China, who are wary about what seems to be growing hostility by Chinese officials toward domestic companies that list shares on overseas exchanges. A listing on Wall Street, such as Alibaba's record-breaking one in 2014, was once seen in China as an ultimate validation of a company's business achievements.

Epic's legal spat with Apple over App Store practices will spill over to Australia. From a report: After a series of hearings and trials that stretched nearly nine months, Apple and Epic made their final pitches to a US District Court in California on May 24. Both companies now await Judge Yvonne Gonzalez Rogers' decision, but that doesn't mean the litigation is over. After a successful appeal Thursday by Epic, the case will soon be brought to an Australian court. At the center of the legal action is Apple's App Store. Epic's ultrapopular Fortnite was kicked off the iOS App Store in August after Epic built a direct payment system into the game that would allow it to bypass Apple's 30% fee for App Store purchases. Epic sued Apple immediately, accusing the company of anticompetitive practice. Epic argues that the App Store is monopolistic, that developers hoping to get their apps to customers have no choice but to go through the App Store -- and pay the fees associated with that. Apple calls Epic's lawsuit a marketing stunt and argues that the App Store gives developers access to a huge audience of iPhone and iPad users.

In November, Epic brought the issue to Australia, initiating proceedings against Apple by arguing that the iPhone-maker's practices contravene Australia's Competition and Consumer Act. Apple was able to appeal against the suit in April, arguing that the case should be settled in the US District Court. Epic quickly counter-appealed, arguing that public policy concerns justify a separate trial. Australia's Federal Court ruled in favor of Epic on Thursday. "This is a positive step forward for Australian consumers and developers who are entitled to fair access and competitive pricing across mobile app stores," an Epic spokesperson said. "We look forward to continuing our fight for increased competition in app distribution and payment processing in Australia and around the world."

The world's wind and solar energy capacity grew at a record rate last year while the oil industry recorded its steepest slump in demand since the second world war, according to BP. The Guardian reports: The impact of coronavirus lockdowns on the energy industry led carbon emissions to plummet by 6% on the year before, the sharpest decline since 1945, according to BP's annual review of the energy sector. But the report says the impact of Covid on carbon emissions needs to be replicated every year for the next three decades if governments hope to limit global heating to 1.5C above pre-industrial levels. "Yes, they were the biggest falls seen for 75 years," said Spencer Dale, BP's chief economist. "But they occurred against the backdrop of a global pandemic and the largest economic recession in postwar history. The challenge is to reduce emissions without causing massive disruption and damage to everyday lives and livelihoods."

Meanwhile the "relentless expansion of renewable energy" meant electricity generated by wind, solar and hydroelectricity plants was "relatively unscathed," Dale said. The report found that global wind and solar power capacity grew by 238GW in 2020, more than five times greater than the UK's total renewable energy capacity. The increase was mainly driven by China, which accounted for roughly half of the global increase in wind and solar energy production capacity, but even controlling for that 2020 was a record year for building wind and solar farms. Dale said the trend away from fossil fuels and towards renewable energy last year was "exactly what the world needs to see as it transitions to net zero."

Norwegian telco Telenor has quit Myanmar, selling its network there because the recent military coup has made it impossible to operate on its terms in the nation. The Register reports: A statement about the sale notes that Telenor had already written down the value of its Myanmar operation to $0. At the time of the write-down in May, Telenor valued the Myanmar assets at $780 million and said it would ponder its future presence in Myanmar depending on "developments in the country and the ability to contribute positively to the people of Myanmar" by offering "affordable mobile services [that] support the country's development and growth."

Company president and CEO Sigve Brekke now rates conditions in the nation as "increasingly challenging for Telenor for people security, regulatory and compliance reasons." "We have evaluated all options and believe a sale of the company is the best possible solution in this situation." The carrier has therefore sold its operations to M1 Group for $105 million. M1 Group describes itself as "a holding company that owns, manages and oversees investments engaged in diversified businesses." The group owns a stake in mobile carrier MTN, which operates mobile networks across Africa, the Middle East, and Afghanistan. Further reading: Myanmar's Internet Suppression

One of the new features announced at WWDC 2021 is iCloud Private Relay, a new security feature that lets users hide their real IP address from third-party servers so that they cannot track them across the web. It's called fingerprinting and it is quickly becoming a popular method for advertisers because it allows them to pull together information about your device to pinpoint your identity. As 9to5Mac reports, Apple's new fingerprint-blocking feature has the ad tech industry worried. From the report: As pointed out by a Digiday report, Private Relay comes to join forces with App Tracking Transparency, a feature introduced with iOS 14.5 to prevent apps from tracking users without asking permission. With ATT, Apple relies on developers to update their apps and ask users whether or not they want to be tracked. Private Relay is expected to considerably reduce user tracking at a deeper system level: "And herein lies the rub for ad execs. Apple has told them fingerprinting is off-limits but doesn't seem to be aggressively enforcing this policy. Few execs, however, believe this perceived inaction will last. Eventually, goes the thinking, Apple won't need to enforce a policy like ATT to rid its mobile operating system of fingerprinting -- it will have the technology to block it from ever happening in the first place. The reason: Private Relay."

However, this will probably result in even more companies upset with Apple. Nii Ahene, head of strategy at Tinuiti, warns that Apple needs to be careful to avoid Private Relay being considered "anti-competitive or too dictatorial," as the company has been facing accusations of monopolistic practices. Digiday reports: "'Apple needs to be careful when it uses its market position in a way that could be interpreted as either anti-competitive or too dictatorial,' said Nii Ahene, chief strategy officer at digital agency Tinuiti. 'This is why there's a gradual rollout of Apple's privacy plan. The company communicates what it will do early, starts to have conversations behind the scenes, and then over some time the enforcement of the ATT policy starts to kick in.'" When Apple introduced ATT, companies like Facebook publicly criticized the feature since it directly affects the advertising business, which is responsible for the main income of these companies. Now, it's only a matter of time before more companies speak out against iCloud Private Relay.

An anonymous reader quotes a report from ZDNet: Suppose you are in the business of generating passwords, it would probably be a good idea to use an additional source of entropy other than the current time, but for a long time, that's all Kaspersky Password Manager (KPM) used. In a blog post to cap off an almost two year saga, Ledger Donjon head of security research Jean-Baptiste Bedrune showed KPM was doing just that. "Kaspersky Password Manager used a complex method to generate its passwords. This method aimed to create passwords hard to break for standard password crackers. However, such method lowers the strength of the generated passwords against dedicated tools," Bedrune wrote.

One of the techniques used by KPM was to make letters that are not often used appear more frequently, which Bedrune said was probably an attempt to trick password cracking tools. "Their password cracking method relies on the fact that there are probably 'e' and 'a' in a password created by a human than 'x' or 'j', or that the bigrams 'th' and 'he' will appear much more often than 'qx' or 'zr'," he said. "Passwords generated by KPM will be, on average, far in the list of candidate passwords tested by these tools. If an attacker tries to crack a list of passwords generated by KPM, he will probably wait quite a long time until the first one is found. This is quite clever." The flip side was that if an attacker could deduce that KPM was used, then the bias in the password generator started to work against it.

"If an attacker knows a person uses KPM, he will be able to break his password much more easily than a fully random password. Our recommendation is, however, to generate random passwords long enough to be too strong to be broken by a tool." The big mistake made by KPM though was using the current system time in seconds as the seed into a Mersenne Twister pseudorandom number generator. "It means every instance of Kaspersky Password Manager in the world will generate the exact same password at a given second," Bedrune said. Because the program has an animation that takes longer than a second when a password is created, Bedrune said it could be why this issue was not discovered. "The consequences are obviously bad: every password could be bruteforced," he said. Bedrune added due to sites often showing account creation time, that would leave KPM users vulnerable to a bruteforce attack of around 100 possible passwords. "Kaspersky was informed of the vulnerability in June 2019, and released the fix version in October that same year," adds ZDNet. "In October 2020, users were notified that some passwords would need to be generated, with Kaspersky publishing its security advisory on 27 April 2021."

"All public versions of Kaspersky Password Manager liable to this issue now have a new logic of password generation and a passwords update alert for cases when a generated password is probably not strong enough," the security company said.

Google used anticompetitive practices in an attempt to "preemptively quash" Samsung's Galaxy Store, and prevent it from becoming a viable competitor to its own Play Store. From a report: That's according to an antitrust lawsuit filed by a coalition of three dozen state attorney general, which accuses Google of illegally attempting to control app distribution on Android. The suit also alleges Google paid off app developers to stop them circumventing its store. The allegations challenge one of Google's core defenses of its policies, which is that unlike Apple's iOS rules, Android allows both competing app stores and side-loading apps directly. The lawsuit is effectively claiming that this openness is a facade, because while customers technically have the choice of where to get their apps from, Google's business practices have prevented a viable app store competitor from emerging.

"Google felt deeply threatened when Samsung began to revamp its own app store, the Samsung Galaxy Store," the suit says, and describes Google's approach to the competing store as "a threat it needed to preemptively quash." The suit outlines a range of tactics Google allegedly used to prevent Samsung's store from becoming a viable competitor. It claims Google used revenue share agreements with Android phone manufacturers that "outright prohibited" pre-installing some other app stores, and that it made "a direct attempt to pay Samsung to abandon relationships with top developers and scale back competition through the Samsung Galaxy Store."

The computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian or related languages, according to a new report by a cybersecurity firm. NBC News reports: It's long been known that some malicious software includes this feature, but the report by Trustwave SpiderLabs, obtained exclusively by NBC News, appears to be the first to publicly identify it as an element of the latest attack, which is believed to be the largest ransomware campaign ever. "They don't want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way," said Ziv Mador, Trustwave SpiderLabs' vice president of security research.

Trustwave said the ransomware "avoids systems that have default languages from what was the USSR region. This includes Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian, Russian Moldova, Syriac, and Syriac Arabic." In May, cybersecurity expert Brian Krebs noted that ransomware by DarkSide, the Russia-based group that attacked Colonial Pipeline in May, "has a hard-coded do-not-install list of countries," including Russia and former Soviet satellites that mostly have favorable relations with the Kremlin. In general, criminal ransomware groups are allowed to operate with impunity inside Russia and other former Soviet states as long as they focus their attacks on the United States and the West, experts say. Krebs noted that in some cases, the mere installation of a Russian language virtual keyboard on a computer running Microsoft Windows will cause malware to bypass that machine.

A prenatal test taken by millions of pregnant women globally was developed by Chinese gene company BGI Group in collaboration with the Chinese military and is being used by the firm to collect genetic data, a Reuters review of publicly available documents found. From the report: The report is the first to reveal that the company collaborated with the People's Liberation Army (PLA) to develop and improve the test, taken in early pregnancy, as well as the scope of BGI's storage and analysis of the data. The United States sees BGI's efforts to collect and analyze human gene data as a national security threat. China's biggest genomics firm, BGI began marketing the test abroad in 2013. Branded NIFTY, it is among the world's top selling non-invasive prenatal tests (NIPT). These screen a sample of blood from a pregnant woman to detect abnormalities such as Down's syndrome in a developing fetus. So far more than 8 million women globally have taken BGI's prenatal tests, BGI has said. NIFTY is sold in at least 52 countries, including Britain, Europe, Canada, Australia, Thailand and India, but not the United States.

BGI uses leftover blood samples sent to its laboratory in Hong Kong and genetic data from the tests for population research, the company confirmed to Reuters. Reuters found the genetic data of over 500 women who took the test, including women in Europe and Asia, is also stored in the government-funded China National GeneBank in Shenzhen, which BGI runs. Reuters found no evidence BGI violated privacy agreements or regulations; the company said it obtains signed consent and destroys overseas samples and data after five years. "At no stage throughout the testing or research process does BGI have access to any identifiable personal data," the company said. However, the test's privacy policy says data collected can be shared when it is "directly relevant to national security or national defense security" in China. BGI said it "has never been asked to provide -- nor provided -- data from its NIFTY tests to Chinese authorities for national security or national defense purposes." "Non-invasive prenatal testing kits marketed by Chinese biotech firms serve an important medical function, but they can also provide another mechanism for the People's Republic of China and Chinese biotech companies to collect genetic and genomic data from around the globe," the U.S. National Counterintelligence and Security Center said.

China's foreign ministry said Reuters' findings reflected "groundless accusations and smears" of U.S. agencies.