Personal data belonging to nearly all adults in Bulgaria has been stolen in a massive cyber-attack on the country's tax agency.
Among the stolen data were names, addresses and even some details of personal income.
Cyber-security researcher Vesselin Bontchev, assistant professor at the Bulgarian Academy of Sciences reiterates, "It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised."
The hack occurred in June but an email purportedly from one of the culprits was sent to Bulgarian media on Monday. It mocked the government's cyber-security standards as "a parody".
The email also contained an offer of access to the stolen data and said the trove contained information on more than five million people, as well as businesses.
Bulgarian police have said that while they have arrested and charged a 20-year-old man on suspicion of involvement in the attack, they are examining the possibility that others were involved.
The tax agency now faces a fine of up to 20 million euros.
Sent to us by: Roy W. Nash
Microsoft's future in Germany is in question again as the German state of Hesse declared the use of Office 365 to be illegal within its schools.
Hesse is one of the sixteen federal states of Germany, with a population of roughly six million -- around 14% of the entire population of Germany.
Although the press release specifically targets Office 365, it notes that competing cloud suites also do not satisfy German privacy regulations for use in schools. The Commissioner of Data Protection and Freedom of Information (HBDI) said, "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensibly set out. Therefore, it is also true that for schools the privacy-compliant use is currently not possible."
This isn't the first time part of Germany has publicly broken up with Microsoft Office; some German cities including Munich and Freiburg famously ditched Microsoft Office applications in favor of OpenOffice in the early 2000s. Those open source adoption programs have had a notoriously rough ride, plagued with interoperability issues—just because one town changes its office applications doesn't mean its neighboring towns, parent state, or even its own citizens have. The municipalities have also been targeted heavily with lobbying from Microsoft itself, up to and including Steve Ballmer (then Microsoft's CEO) interrupting a ski vacation to fly to Munich to try to cut a pro-Microsoft deal in person.
However, that early-2000s attempts to break free of Microsoft was a matter of choice. This time around though, the commissioner isn't just saying that schools would prefer not to use Microsoft, he's stating that their use of Office 365 is outright illegal.
In addition to the physical geography of the cloud, the HBDI is unhappy about telemetry in both Office 365 and Windows 10 itself. Neither can be disabled by end users or organizations, and the content of both remains undisclosed by Microsoft despite repeated inquiries.
It appears that the HBDI would rather not ditch Office outright, preferring to pressure Microsoft into compliance with German law. The office lays out the conditions under which schools could continue to use Office 365: it requires that all possible access to user data by third-parties be curtailed, and that the contents of Windows 10 and Office 365 telemetry be revealed in full. Until then, HBDI says, "schools can use other tools such as on-premise licenses on local systems."
Sent to us by: Roy W. Nash
Some early adopters of the Raspberry Pi 4, released on 24 June, are running into heat issues, especially with the official Pi 4 case making no provision for a heatsink or fan.
The Raspberry Pi 4 has a 1.5GHz quad-core 64-bit Arm Cortex-A72 CPU, for approximately three times the performance of the previous model. That inevitably generates more heat.
The Pi does not have a heatsink, but uses what the company calls "heat-spreading technology" to use the entire board as a kind of heatsink. This worked okay for the Pi 3, but the official FAQ for Pi 4 notes, "Under a continuously heavy processor workload, the Model 4B is more likely to throttle than a Model 3B+. You can add a heatsink if you wish, and this may prevent thermal throttling by keeping the chips below the throttling temperature."
When the Pi 4 heats up beyond 80°C (176°F), the CPU is throttled to reduce the temperature and a half-full red thermometer appears on the display, if one is connected. If the temperature goes up beyond 85, the GPU, which now supports dual monitors and 4K resolution, will be throttled as well.
It is no surprise that the Pi 4 gets hotter than its predecessor, it is marketed as a viable general-purpose PC, after all.
There is an issue though: if it frequently overheats in normal use, users are not getting full performance. Longevity of the components may also be affected.
Software engineer Martin Rowan has looked in detail at Pi 4 temperatures and concluded that it is "too hot to use enclosed". One of his complaints is that the official case "remains a fan-less design. Sadly this doesn't work out well with the increased thermal load." According to his measurements: "Compared to the Pi 3, the new Raspberry Pi 4 is running 80 per cent hotter and more than 100 per cent hotter when the new 4K display support is enabled."
A long thread on the Raspberry Pi forums shows that temperature issues are widespread, casting doubt on the design to supply the Pi 4 without taking any extra steps to improve heat dissipation.
The Pi 4 is still great value, of course, but adding a heatsink or a fan looks to be a sensible idea, even for undemanding applications. Heatsinks are a neat and silent solution, but fans appear to be the most effective.
Sent to us by: Roy W. Nash
The Facebook app to keep kids from talking to strangers online fails its one job.
As it turns out, letting the company with tons of privacy scandals run a messaging service for children might have been a bad idea.
Now there are multiple reports that a pitfall in the design of Facebook’s Messenger Kids app lets children talk to unauthorized users in group chat—aka exactly what the app was built not to do.
The app works like this: Once a parent has approved a contact, children as young as six are free to chat with that person through video, texts, silly gifs, etc. That works if the conversation’s only one-on-one, but Messenger Kids allows for group chats, and that’s where the issue of permissions gets tricky.
Thanks to a bug in the app, a kid could be invited to a group chat by a friend authorized to do so, but the users therein required no such authorization. Messenger Kids didn’t screen whether everyone in the chat was pre-approved to talk to one another, resulting in thousands of children talking to strangers on the internet through an app designed to stop that from happening.
The company began alerting users and quietly closing such group chats over the past week.
Facebook representative further explained, "We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats. We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety."
How long such an important and ostensively obvious loophole has been in Messenger Kids is anyone’s guess. But controversy has surrounded the app since its inception.
Ever since Facebook launched the service back in 2017, many child health care advocates have loudly voiced their disapproval for it. Nearly 100 of them signed a letter asking Facebook’s CEO Mark Zuckerberg to delete the app over concerns that increased screen time has been shown to cause stress, negative body images, and sleep deprivation, according to multiple studies the letter cites. Facebook later addressed some of these concerns by adding a “Sleep Mode” so parents could control how much time their children spent on the app.
Sent to us by: Robbie Ferguson