Enlarge / Chopping Yuzu into three parts is not a proposed legal remedy, for now... (credit: Yuzu)

Nintendo has filed a lawsuit against Tropic Haze LLC, the makers of the popular Yuzu emulator that the Switch-maker says is "facilitating piracy at a colossal scale."

The federal lawsuit —filed Monday in the District Court of Rhode Island and first reported on by Stephen Totilo —is the company's most expansive and significant argument yet against emulation technology that it argues "turns general computing devices into tools for massive intellectual property infringement of Nintendo and others' copyrighted works." Nintendo is asking the court to prevent the developers from working on, promoting, or distributing the Yuzu emulator, and requesting significant financial damages under the DMCA.

If successful, the arguments in the case could help overturn years of legal precedent that has protected emulator software itself, even as using those emulators for software piracy has remained illegal.

Enlarge (credit: Getty Images)

As part of a massive ongoing cyberattack that exploits flaws in MOVEit file transfer software, the personal data of millions of US citizens, including those residing in Louisiana and Oregon, have been exposed to criminal organizations, according to CNN . In the wider attack, hackers targeted government agencies as well as multiple global organizations, causing a breach that extends beyond US boundaries.

While the effects of the MOVEit hack have been ongoing throughout the month of June, the most recent intrusion has hit over 3.5 million residents of Oregon and potentially over 3 million residents of Louisiana, all possessing driver’s licenses or state ID cards. Information possibly compromised includes social security and driver’s license numbers. This breach has prompted the respective state authorities to educate residents on preventive measures against identity fraud.

While no specific perpetrator has been officially accused by the states, federal officials have linked the comprehensive MOVEit hacking campaign to a Russian ransomware group known as Clop, which has been exploiting the same software vulnerability and demanding multimillion-dollar ransoms, as previously reported on Ars.

Enlarge (credit: Getty Images)

Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned.

Exploit activities by one group likely began in August 2021 and last August by the other, according to an advisory jointly published by the Cybersecurity and Infrastructure Security Agency, the FBI, and the Multi-State Information Sharing and Analysis Center. From last November to early January, the server exhibited signs of compromise.

Vulnerability not detected for 4 years

Both groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX, which was located in the agency’s Microsoft Internet Information Services (IIS) web server. The advisory didn’t identify the agency other than to say it was a Federal Civilian Executive Branch Agency under the CISA authority.

Enlarge / This custom-built Game Boy Pocket SP can fold in half like a feisty clam. (credit: Allison Parrish )

Earlier this month, a programmer and hobbyist named Allison Parrish debuted a compact hack of the 1996 Nintendo Game Boy Pocket handheld game console. Taking inspiration from the later Game Boy Advance SP, she fabricated a custom plastic shell with a hinge so the older monochrome Game Boy can fold shut. She calls it the Game Boy Pocket SP.

In Parrish's extensive write-up of the mod, she explains that her hack began as something of a joke. The Game Boy modding community is popular right now, and one currently trending mod involves transplanting the circuitry of a folding Game Boy Advance SP (from 2003) into a non-folding custom shell . So she thought, "If y'all can take the hinge out of an SP, why can't I add a hinge to a Game Boy that never had one?"

Parrish, who is an assistant arts professor at NYU, built her complex folding mod over the summer using tools at her university department's ITP/IMA shop and the NYU Makerspace. Its unique clamshell design comes courtesy of a Game Boy Pocket motherboard she cut in half, along with custom-design flex PCBs (printed circuit boards) that route signals between the two folding halves. To pull it all together, Parrish designed a 3D-printed plastic shell using FreeCAD.

Enlarge / Linus Åkesson playing his homemade "Commodordion" in a YouTube video. (credit: Linus Åkesson )

In late October, a Swedish software engineer named Linus Åkesson unveiled a playable accordion—called " The Commodordion "—he crafted out of two vintage Commodore 64 computers connected with a bellows made of floppy disks taped together. A demo of the hack debuted in an 11-minute YouTube video where Åkesson plays a Scott Joplin ragtime song and details the instrument's creation.

Åkesson—a versatile musician himself—can actually play the Commodordion in real time like a real accordion. He plays a melody with his right hand on one C64 keyboard and controls the chord of a rhythm and bass line loop (that he can pre-record using the flip of a switch) using his left hand on the other keyboard.

A fair amount of custom software engineering and hardware hackery went into making the Commodordion possible, as Åkesson lays out in a post on his website. It builds off of earlier projects (that he says were intentionally leading up to this one), such as the Sixtyforgan (a C64 with spring reverb and a chromatic accordion key layout) and Qwertuoso , a program that allows live playing of the C64's famous SID sound chip .

Enlarge / An on-air capture of Weatherscan in 2020. Weatherscan shows 24/7 weather forecasts controlled by computer. (credit: TWC Archive )

In the early 2000s, Americans who wanted to catch the local weather forecast at any time might turn on their TV and switch over to Weatherscan, a 24-hour computer-controlled weather forecast channel with a relaxing smooth jazz soundtrack. After 23 years, The Weather Channel announced that Weatherscan will be shutting down permanently on or before December 9. But a group of die-hard fans will not let it go quietly into the night.

Launched in 1999, Weatherscan currently appears in a dwindling number of local American cable TV and satellite markets. It shows automated local weather information on a loop, generated by an Intellistar computer system installed locally for each market. Declining viewership and the ubiquity of smartphone weather apps are the primary reasons it's going offline.

As Weatherscan goes offline, more TV providers are displaying messages like this one. (credit: Blue Ridge)

There are also technical issues with maintaining the hardware behind the service. "Weatherscan has been dying a slow death over the course of the last 10 years because the hardware is aging," says Mike Bates, a tech hobbyist who collects and restores Weather Channel computer hardware as part of a group of die-hard fans who follow insider news from the company. "It's 20 years old now, and more and more cable companies have been pulling the service."

(credit: xxdigipxx )

The head of Kiwi Farms, the Internet forum best known for organizing harassment campaigns against trans and non-binary people, said the site experienced a breach that allowed hackers to access his administrator account and possibly the accounts of all other users.

On the site, creator Joshua Moon wrote :

The forum was hacked. You should assume the following.

• Assume your password for the Kiwi Farms has been stolen.
• Assume your email has been leaked.
• Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.

Moon said that the unknown individual or individuals behind the hack gained access to his admin account by using a technique known as session hijacking, in which an attacker obtains the authentication cookies a site sets after an account holder enters valid credentials and successfully completes any two-factor authentication requirements. The session hijacking was made possible after uploading malicious content to XenForo, a site Kiwi Farms uses to power its user forums.

Enlarge / A tin toy robot lying on its side. (credit: Getty Images )

On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a " prompt injection attack ," they redirected the bot to repeat embarrassing and ridiculous phrases.

The bot is run by Remoteli.io, a site that aggregates remote job opportunities and describes itself as "an OpenAI driven bot which helps you discover remote jobs which allow you to work from anywhere." It would normally respond to tweets directed to it with generic statements about the positives of remote work. After the exploit went viral and hundreds of people tried the exploit for themselves, the bot shut down late yesterday.

• 

  A screenshot of the Remoteli.io bot's Twitter bio. The bot experienced a prompt injection attack. [credit: Leastfavorite / Twitter ]

This recent hack came just four days after data researcher Riley Goodside discovered the ability to prompt GPT-3 with "malicious inputs" that order the model to ignore its previous directions and do something else instead. AI researcher Simon Willison posted an overview of the exploit on his blog the following day, coining the term "prompt injection" to describe it.