fidzu : nerd

Comments

18 May 2026 11:18pm GMT

Comments

18 May 2026 11:03pm GMT

The FBI is seeking up to $36 million for nationwide access to automated license plate reader (ALPRs) data, which could let it query vehicle movements across the U.S. and its territories through a commercial database. 404 Media reports: "The FBI has a crucial need for accessible LPRs to provide a diverse and reliable range of collections across the United States. This data should be available across major highways and in an array of locations for maximum usefulness to law enforcement," a statement of work, which describes what data the FBI is seeking access to, reads. ALPR cameras generally work by constantly scanning the color, brand, model, and license plate of vehicles that drive by. This creates a timestamped record of where a particular vehicle was at a specific time that law enforcement can then query, effectively letting them see exactly where someone drove across time. The technology has existed for decades, but has become more pervasive in recent years. The FBI says it is looking for a vendor that will let it log into a Software-as-a-Service system and then query the collected ALPR data with license plate information, a description of the vehicle, a time or date, and geolocation information. The FBI says it is looking for ALPR coverage in the following areas: Eastern 48 (East of the Mississippi River); Western 48 (West of the Mississippi River); Hawaii; Puerto Rico; Alaska; and outlying areas such as Guam, the U.S. Virgin Islands, or Tribal Territories. In effect, the FBI is looking for ALPR data nationwide and even beyond. An attached price template indicates the FBI is willing to pay $6 million for each of those broad areas, bringing the total to $36 million. The FBI says it intends to award the contract to a single vendor, but if any such vendor is unable to fulfill all of the requirements, the agency may award the contract to up to two vendors. The contract is specifically for the FBI's Directorate of Intelligence, which oversees the agency's intelligence mission. The FBI is not only a law enforcement agency, but also part of the Intelligence Community. The report notes that the contract appears aimed at vendors like Flock or Motorola Solutions, since they're some of the only companies able to provide the sort of data the FBI is seeking. Further reading: Small Town Fights Over Flock's AI-Enhanced Network of License Plate-Reading Cameras

Read more of this story at Slashdot.

18 May 2026 11:00pm GMT

A researcher known as Chaotic Eclipse has released a proof-of-concept exploit for a new Windows zero-day dubbed MiniPlasma, which BleepingComputer confirmed can grant SYSTEM privileges on fully patched Windows 11 systems. The researcher claims the bug is effectively a still-exploitable version of a 2020 flaw Microsoft said it had fixed. From the report: At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020. "After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched," explains Chaotic Eclipse. "I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes." BleepingComputer tested the exploit on a fully patched Windows 11 Pro system running the latest May 2026 Patch Tuesday updates. In our test, we used a standard user account, and after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image [here]. Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work in the latest Windows 11 Insider Preview Canary build. The exploit appears to abuse how the Windows Cloud Filter driver handles registry key creation through an undocumented CfAbortHydration API. Forshaw's original report said that the flaw could allow arbitrary registry keys to be created in the .DEFAULT user hive without proper access checks, potentially enabling privilege escalation. While Microsoft reports having fixed the bug as part of its December 2020 Microsoft Patch Tuesday, Chaotic Eclipse now claims the vulnerability can still be exploited.

Read more of this story at Slashdot.

18 May 2026 10:00pm GMT

DietPi 10.4 adds kernel security fixes for Copy Fail and Dirty Frag, plus a new Orange Pi 5B image and SBC package updates.

18 May 2026 9:55pm GMT

Comments

18 May 2026 9:29pm GMT

Nintendo is trying to secure a touchscreen-specific monster-catching patent that could be relevant to Palworld Mobile. Japan's patent office has initially rejected the application for lacking an inventive step over prior art, but the company could appeal or amend the claims. Games Fray reports: The Japan Patent Office (JPO) has now made a new monster-catching patent application by Nintendo public. Patent Application No. 2026-019762 covers monster-catching of the kind already asserted against the PC and console versions of Palworld and is from the same patent family as two of the three patents Nintendo is already asserting against Palworld, but with a touchscreen focus. Potential targets are the upcoming Palworld Mobile game and Tencent's Roco Kingdom: World, which is presently available only in China but likely to expand internationally. Nintendo filed the application this year with a request for a fast-tracked review. The JPO has indeed been quick, and the response is that Nintendo's application lacks an inventive step over the prior art. Nintendo already amended the claims in February and can try to amend them again. It can try to persuade the examiner and potentially appeal the decision. But the initial rejection suggests that Nintendo will not obtain the desired touchscreen monster-catching patent quickly. The rejection was communicated on April 24, 2026. Nintendo could abandon the application now, but Nintendo being Nintendo, they are more likely to try to persuade the examiner to arrive at a different conclusion, even though the reasons for the rejection are strong. In many patent examination processes, the initial rejection is essentially just an invitation to present one's best arguments. Here, however, the rejection notice is so well-reasoned that it will be an uphill battle for Nintendo. Nintendo's application would cover a touchscreen-controlled game in which a player moves through "a field in a virtual space," uses "a capture item for capturing a field character," and can summon "a battle character" to fight that creature. During combat, the game would display "a plurality of commands including at least an attack command and an item command," selected through "an operation input using the touch panel." The key claim is that when the capture item is used "during a battle" or "in a non-battle state," the game performs "a capture success determination," and, if successful, "the field character is captured and set to a state owned by the player."

Read more of this story at Slashdot.

18 May 2026 9:00pm GMT

CDC is working to move the infected American and six others to Germany.

18 May 2026 8:41pm GMT

Fake citations dashed a dude's "Are We Dating the Same Guy" revenge lawsuit.

18 May 2026 8:27pm GMT

"I think there's plenty of fire lit under them already."

18 May 2026 7:49pm GMT

ModuleJail is a new project that blacklists unused Linux kernel modules, helping reduce the attack surface exposed by recent local privilege escalation flaws.

18 May 2026 1:26pm GMT

Mozilla Firefox 151 adds PDF merging, local profile backups on Linux and macOS, stronger privacy protections, and Web Serial API support.

18 May 2026 1:04pm GMT