Tag: disputes
Virologist Disputes WSJ Report on a Minority Opinion Suggesting Covid ‘Lab Leak’ Origin
DevNull127 writes: Four U.S. agencies have concluded that the Covid-19 virus originated at the Wuhan market, the Wall Street Journal reports. The U.S. National Intelligence Council reached the same conclusion. Then there’s two more agencies (including America’s CIA) that are “undecided.”
But there is one agency that decided — with “low confidence” — that the virus had somehow leaked from a lab. (And the FBI also decided with “moderate confidence” on that same theory.) “The new report highlights how different parts of the intelligence community have arrived at disparate judgments about the pandemic’s origin,” writes the Wall Street Journal — adding that unfortunately U.S. officials “declined” to give any details on what led to the Energy Department’s position.
The Wall Street Journal also notes:
Despite the agencies’ differing analyses, the update reaffirmed an existing consensus between them that Covid-19 wasn’t the result of a Chinese biological-weapons program, the people who have read the classified report said….
Some scientists argue that the virus probably emerged naturally and leapt from an animal to a human, the same pathway for outbreaks of previously unknown pathogens. Intelligence analysts who have supported that view give weight to “the precedent of past novel infectious disease outbreaks having zoonotic origins,” the flourishing trade in a diverse set of animals that are susceptible to such infections, and their conclusion that Chinese officials didn’t have foreknowledge of the virus, the 2021 report said.
Also responding to the Department of Energy’s outlying position was a virologist at the Vaccine and Infectious Disease Organization at Canada’s University of Saskatchewan, who posted a series of observations on Twitter:
The available evidence shows overwhelmingly that the pandemic started at Huanan market via zoonosis. I have no idea what this evidence that Department of Energy has is. All I know that it is “weak” and resulted in a conclusion of “low confidence”.
It reportedly comes from the DOE’s own network of national labs rather than through spying. But I do know that to be consistent with the available scientific evidence, the DOE has to explain how the virus emerged twice over 2 wks in humans at the same market the size of a tennis court, over 8 km & across a river from the only lab in Wuhan working on SARSr-CoVs….
Claims of a progenitor at WIV are pure speculation & unsupported by evidence…. Despite 3 years of a global search for this evidence, it has not materialized, while evidence supporting zoonosis associated with Huanan has continued to stack up. At some point, an absence of evidence might just be evidence of absence.
Read more of this story at Slashdot.
KeePass Disputes Vulnerability Allowing Stealthy Password Theft
While the CERT teams of Netherlands and Belgium have also issued security advisories regarding CVE-2023-24055, the KeePass development team is arguing that this shouldn’t be classified as a vulnerability given that attackers with write access to a target’s device can also obtain the information contained within the KeePass database through other means. In fact, a “Security Issues” page on the KeePass Help Center has been describing the “Write Access to Configuration File” issue since at least April 2019 as “not really a security vulnerability of KeePass.” If the user has installed KeePass as a regular program and the attackers have write access, they can also “perform various kinds of attacks.” Threat actors can also replace the KeePass executable with malware if the user runs the portable version.
“In both cases, having write access to the KeePass configuration file typically implies that an attacker can actually perform much more powerful attacks than modifying the configuration file (and these attacks in the end can also affect KeePass, independent of a configuration file protection),” the KeePass developers explain. “These attacks can only be prevented by keeping the environment secure (by using an anti-virus software, a firewall, not opening unknown e-mail attachments, etc.). KeePass cannot magically run securely in an insecure environment.” If the KeePass devs don’t release a version of the app that addresses this issue, BleepingComputer notes “you could still secure your database by logging in as a system admin and creating an enforced configuration file.”
“This type of config file takes precedence over settings described in global and local configuration files, including new triggers added by malicious actors, thus mitigating the CVE-2023-24055 issue.”
Read more of this story at Slashdot.
Travel trouble: Rail, bus and highways workers strike as pay disputes continue
Taiwan’s semiconductor industry set to suffer after US/China trade disputes
Laying Off Five Security Staffers, Patreon Disputes Reports It’s Their Entire Security Team
But while a former senior security engineer posted on LinkedIn that “I and the rest of the Patreon Security Team are no longer with the company,” Patreon’s U.S. policy head, Ellen Satterwhite told Gizmodo that “a majority of our engineers working on security and vendors remain in place.”
“As part of a strategic shift of a portion of our security program, we have parted ways with five employees,” said Patreon in an emailed statement attributed to the company’s U.S. policy head, Ellen Satterwhite…. In response to further questions, Satterwhite also said “the entire internal Patreon security team was not laid off. As a matter of policy, we can’t share the exact number of Patreon employees working on security, but can confirm a majority of Patreon’s internal engineers working on security remain in place….”
Satterwhite noted that “we also partner with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments.” The reference to “external organizations” seemingly suggests that the company has outsourced much of its security operations.
“As a global platform, we will always prioritize the security of our creators’ and customers’ data,” wrote Satterwhite. “The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.”
Read more of this story at Slashdot.
Microsoft Disputes Sony’s Concerns About Call Of Duty Ownership
In a 27-page document related to the acquisition of Activision Blizzard, Microsoft attempts to refute Sony’s concerns that PlayStation Call of Duty players would switch to Xbox.
Sony recently claimed to CADE, Brazil’s regulatory committee, that Microsoft’s acquisition of Activision Blizzard, and by extension Call of Duty, would strongly influence consumers console buying choices. Microsoft responds to those claims in a new document, as reported by VGC, Microsoft states that Sony was the only company surveyed that made such claims. Microsoft also argues that Sony is “resentful” of competing with Game Pass and wants to squash any potential competition to its business model.
Microsoft deputes Sony’s claim that Call of Duty is in a class of its own when it comes to mass market video games, using Sony itself as a counter-example. The document argues that even though PlayStation has a massive set of loyal followers, it cannot be considered as a separate market from other video game consoles. Similarly, though Call of Duty has a large audience, it cannot be considered outside of competition with other titles.