If you want a job at McDonald’s today, there’s a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions.

Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants—including all the personal information they shared in those conversations—with tricks as straightforward as guessing that an administrator account's username and password was “123456."

On Wednesday, security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.

Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. “I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more,” says Carroll. “So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.”

When WIRED reached out to McDonald’s and Paradox.ai for comment, a spokesperson for Paradox.ai shared a blog post the company planned to publish that confirmed Carroll and Curry’s findings. The company noted that only a fraction of the records Carroll and Curry accessed contained personal information, and said it had verified that the administrator account with the “123456” password that exposed the information “was not accessed by any third party” other than the researchers. The company also added that it’s instituting a bug bounty program to better catch security vulnerabilities in the future. “We do not take this matter lightly, even though it was resolved swiftly and effectively,” Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”

In its own statement to WIRED, McDonald’s agreed that Paradox.ai was to blame. “We’re disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us,” the statement reads. “We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection.”

Carroll says he became interested in the security of the McHire website after spotting a Reddit post complaining about McDonald's hiring chatbot wasting applicants' time with nonsense responses and misunderstandings. He and Curry started talking to the chatbot themselves, testing it for “prompt injection” vulnerabilities that can enable someone to hijack a large language model and bypass its safeguards by sending it certain commands. When they couldn't find any such flaws, they decided to see what would happen if they signed up as a McDonald's franchisee to get access to the backend of the site, but instead spotted a curious login link on McHire.com for staff at Paradox.ai, the company that built the site.

On a whim, Carroll says he tried two of the most common sets of login credentials: The username and password “admin," and then the username and password “123456.” The second of those two tries worked. “It's more common than you'd think,” Carroll says. There appeared to be no multifactor authentication for that Paradox.ai login page.

With those credentials, Carroll and Curry could see they now had administrator access to a test McDonald's “restaurant” on McHire, and they figured out all the employees listed there appeared to be Paradox.ai developers, seemingly based in Vietnam. They found a link within the platform to apparent test job postings for that nonexistent McDonald's location, clicked on one posting, applied to it, and could see their own application on the backend system they now had access to. (In its blog post, Paradox.ai notes that the test account had “not been logged into since 2019 and frankly, should have been decommissioned.”)

That's when Carroll and Curry discovered the second critical vulnerability in McHire: When they started messing with the applicant ID number for their application—a number somewhere above 64 million—they found that they could increment it down to a smaller number and see someone else's chat logs and contact information.

The two security researchers hesitated to access too many applicants' records for fear of privacy violations or hacking charges, but when they spot-checked a handful of the 64-million-plus IDs, all of them showed very real applicant information. (Paradox.ai says that the researchers accessed seven records in total, and five contained personal information of people who had interacted with the McHire site.) Carroll and Curry also shared with WIRED a small sample of the applicants' names, contact information, and the date of their applications. WIRED got in touch with two applicants via their exposed contact information, and they confirmed they had applied for jobs at McDonald's on the specified dates.

The personal information exposed by Paradox.ai's security lapses isn't the most sensitive, Carroll and Curry note. But the risk for the applicants, they argue, was heightened by the fact that the data is associated with the knowledge of their employment at McDonald's—or their intention to get a job there. “Had someone exploited this, the phishing risk would have actually been massive,” says Curry. “It's not just people's personally identifiable information and résumé. It's that information for people who are looking for a job at McDonald's, people who are eager and waiting for emails back.”

That means the data could have been used by fraudsters impersonating McDonald's recruiters and asking for financial information to set up a direct deposit, for instance. “If you wanted to do some sort of payroll scam, this is a good approach,” Curry says.

The exposure of applicants' attempts—and in some cases failures—to get what is often a minimum-wage job could also be a source of embarrassment, the two hackers point out. But Carroll notes that he would never suggest that anyone should be ashamed of working under the Golden Arches.

“I have nothing but respect for McDonald’s workers,” he says. “I go to McDonald's all the time.”

"A single jab of a breakthrough gene therapy could reverse hearing loss in people within weeks, according to new research.

The cutting-edge therapy improved hearing in children and adults with congenital deafness or severe hearing impairment, with a 7-year-old regaining almost full hearing in a clinical trial, researchers from Sweden’s Karolinska Institutet said.

The clinical trial, detailed in the journal Nature Medicine, showed that a healthy copy of the OTOF gene injected in the inner ear improved hearing of all 10 participants.

The small-scale trial included people who had a genetic form of deafness or severe hearing impairment caused by mutations in a gene called OTOF.

These mutations cause a deficiency of the protein otoferlin, which plays a key role in transmitting sound signals from the ear to the brain.

While the therapy seemed to work best in children, researchers said, it could benefit adults as well."

The story has haunted her for nearly 35 years. Robbery while threatened by a cicada. Marquisa Kellogg just can't shake it.

Kellogg's name was in papers and magazines all over the country in 1987. A brief police account of her story spread just as quickly as Brood X did that year.

Dateline Cincinnati: Two men armed with a cicada are suspected of stealing $24 from a restaurant's cash register after using the winged insect to briefly scare away the cashier, police say. The two men walked into the Grand Slam Restaurant brandishing a cicada. They thrust the bug at the cashier, Marquisa Kellogg, 22, who then fled from her post, police said. Later, after Ms. Kellogg had recovered and returned to the register, she found that it was missing $25.

If it had happened today, we would say the story went viral. At least 60 newspapers picked up the story.

"One magazine had a cicada with a little gun saying, 'Stick 'em up!'" Kellogg said.

Gutierrez, 28, was in the in the Miami-Dade county courtroom defending 49-year-old Claudy Charles, who was accused of setting his car alight.

As Gutierrez argued Charles’ car had merely spontaneously combusted, the lawyer’s pants seemed to do the same.

Witnesses in the courtroom told the Miami Herald the moment was "surreal," as Gutierrez rushed out of the courtroom while smoke billowed from his pocket.

Gutierrez said as the heat intensified, he hurried into the bathroom where he tossed the battery in water. He was able to return to the courtroom with a singed pocket.

"This was not staged," Gutierrez said. "No one thinks that a battery left in their pocket is somehow going to 'explode. After careful research, I now know this can happen. I am not the only one this has happened to, but I am in a position to shed light on the situation."

Even in their raw form, two of the asperigimycins knocked out leukemia cells in lab tests. One souped-up version, tweaked with a fatty acid found in royal jelly, worked just as well as traditional leukemia treatments like cytarabine. The team also discovered that a human gene, SLC46A3, acts like a gateway, helping the drug sneak inside cancer cells, a small clue that could help improve delivery of future treatments.

As for side effects? So far, the asperigimycins don’t seem to mess with other healthy cells, which is rare for cancer meds. They work by disrupting microtubules, those tiny scaffolding-like structures cancer cells need to divide and multiply.

The next step is testing in animals and, hopefully, clinical trials. Until then, it’s another reminder that nature, especially the parts of it that used to terrify us, might still be hiding some of our best medicine.

cure of ra

The tiny unmanned aerial vehicle (UAV) features hair-thin legs and two wings, which can be controlled via a smartphone.

Built by researchers at the National University of Defence Technology (NUDT) in China’s Hunan province, the mosquito drones come equipped with sensors that make them useful for covert military operations.

“Here in my hand is a mosquito-like type of robot,” Liang Hexiang, a student at NUDT, told CCTV 7, a state-run military channel.

“Miniature bionic robots like this one are especially suited to information reconnaissance and special missions on the battlefield.”

The gadget is part of a growing trend of micro drones for use in both commercial and military applications.

József Szájer announced his resignation as a member of the European Parliament for Prime Minister Viktor Orbán’s Fidesz party on Sunday. The married official admitted to attending what he called a “private party” in Brussels on Friday night, despite the Belgian capital being under coronavirus lockdown.

At least 20 naked men — including several diplomats — were discovered at a gathering above a gay bar in central Brussels, according to Belgian newspaper La Dernière Heure, which described it as an “orgy.”

Szájer, 59, was injured trying to jump from a first-floor window, according to the public prosecutor’s office, but was apprehended by authorities, who found narcotics in his backpack.

Unable to produce identification, Szájer was escorted by police to his residence, where he presented a diplomatic passport that confirmed his identity.

Szájer was arrested, but tried to claim European parliamentary immunity, police said, leading to the involvement of Belgium’s foreign ministry.

It was during the covid lockdown so he was supposed to stay indoors, I think that may have been what did the trick.

What's trending on X these days? It's the British F-35 fighter jet that made an emergency landing at Kerala’s Thiruvananthapuram International Airport and has continued to remain there for weeks together.

The aircraft, a part of the HMS Prince of Wales Carrier Strike Group of the UK's Royal Navy and is reportedly worth over $110 million. But money is not the talk point.

Netizens have turned the stranded jet into an internet sensation, just for memes and hilarious messages. Noting how the aircraft ended on a fake buying-and-selling website and even got an edited Aadhar version, it is clear that social media users are not interested in serious aviation news around it. For them, it's all about the humour right now.

Tractor-trailer spills mozzarella cheese along I-80 in Pennsylvania

Crews were called at 5:03 a.m. after Pennsylvania State Police responded to a crash involving three tractor-trailers. Snow Shoe Fire said there was a 200-yard debris field, and shredded mozzarella cheese was scattered along the highway.

One of the other trucks involved was carrying hand wipes. They added that no injuries were reported, nor was hazmat needed. PennDOT arrived at the scene to take over.

Drivers are advised to exercise extreme caution when traveling on I-80 through the area.

The time capsule was created by businessman Harold Davisson to preserve memories of that time for his friends and family.

Clark Kolterman, chairman of the Fourth of July celebration committee, went to school with Davisson’s daughter as a teenager.

“Many people know about the time capsule,” Kolterman said. “They’ve heard about it for the last 50 years, and Harold, in his wisdom wanted it to be open so that people there could remember it.”

The capsule contains a brand-new Chevrolet Vega from 1975, as well as a Kawasaki motorcycle.

The removal of these items will require complicated equipment, so organizers will have them out before the celebrations begin on July 4.

Kolterman said the Chevrolet will be prepared so that it can be driven in a parade that day, finally adding to the car’s zero mileage.

The beaver gnawed its way through an aspen tree which then fell on both BC Hydro lines and a Telus fibre-optic cable line strung along BC Hydro poles between Topley and Houston.

The resulting power outage affected just 21 customers but the fibre optics damage affected Telus customers in Burns Lake, Granisle, Haida Gwaii, the Hazeltons, Kitimat, Prince George, Prince Rupert, Smithers, Terrace, Thornhill, Houston, Topley, Telkwa, Fraser Lake and Vanderhoof.

CityWest, the utilities company owned by the City of Prince Rupert, also had its customers affected because it uses the Telus fibre optics line.

BC Hydro official Bob Gammer said crews identified a beaver as the culprit because of chew marks at the bottom of the downed tree.

“They are all my children and will all have the same rights! I don’t want them to tear each other apart after my death,” he said, after revealing that he recently wrote his will.

Durov revealed the number of children he has fathered on his social media last year. He said a doctor told him that it was his “civic duty” to donate his “high quality donor material,” which he did over the course of 15 years.

According to Bloomberg, Durov is worth an estimated $13.9 billion, but he dismissed such estimates as “theoretical,” telling Le Point: “Since I’m not selling Telegram, it doesn’t matter. I don’t have this money in a bank account. My liquid assets are much lower – and they don’t come from Telegram: they come from my investment in bitcoin in 2013.”

This is slightly less weird than the title makes it sound. He has 6 children and the rest he was a sperm donor for. Still weird but in a different way

To investigate, the scientists enlisted the help of six pregnant Japanese Black cows. They painted each cow in one of three ways: black and white stripes to resemble a zebra, only black stripes, or no paint at all (the control group).

As Japanese Black cows are naturally black, the animals with the painted black stripes did not appear much different than normal. However, this intervention was to ensure that any repelling of flies was not due to the smell of paint.

The researchers then observed the cows, counting their fly-repelling behaviors. These included beating the ears, throwing the head, and stamping the legs, as well as tail flicks and skin twitches. The team also took photos of the side of each animal to record the number of biting flies that were present. Lastly, they placed sticky transparent sheets on the ground next to each animal to trap flies in the area so that they could determine the species of the insects.

I smell a job opportunity

Excerpt from this NPR story:

A new study suggests that Anna's Hummingbirds in the western United States are not only keeping up with human influence on their habitat, they're thriving.

According to a recent study in Global Change Biology, a journal focused on environmental change, the use and prevalence of hummingbird feeders — like those red and clear plastic ones filled with homemade sugar water — changed the size and shape of the birds' beaks. The range of the hummingbird also spread from the southern part of California all the way up the West coast into Canada.

"Very simplified, the bills get longer and they become more slender, and that helps to have a larger tongue inside that can get more nectar from the feeder at a time," says Alejandro Rico-Guevara, a professor of biology at the University of Washington and senior author on the study.

The study, which had been in the works since 2019 and had 16 collaborators across 12 different institutions, also found that the beaks of males grew pointier over time to allow them to fight off competing males at the feeders. The hummingbirds also moved further north, eventually showing up in much cooler temperatures as they chased the growing popularity of the bird feeders. The study also noted the influence of the growing abundance of eucalyptus forests, another human-influenced food source for the hummingbirds as the trees were introduced to California from Australia in the 1900s.

Truck Carrying Gaming Dice Spills Onto Highway, Rolls A Perfect 756,000

“Though unfortunate it happened, nobody got hurt and we now own an unofficial world record for the largest dice roll in history!”

The strange radio waves emerged during a search for another unusual phenomenon: high-energy cosmic particles known as neutrinos. Arriving at Earth from the far reaches of the cosmos, neutrinos are often called “ghostly” because they are extremely volatile, or vaporous, and can go through any kind of matter without changing.

Over the past decade, researchers have conducted multiple experiments using vast expanses of water and ice that are designed to search for neutrinos, which could shed light on mysterious cosmic rays, the most highly energetic particles in the universe. One of these projects was NASA’s Antarctic Impulsive Transient Antenna, or ANITA, experiment, which flew balloons carrying instruments above Antarctica between 2006 and 2016.

It was during this hunt that ANITA picked up anomalous radio waves that didn’t seem to be neutrinos.

The signals came from below the horizon, suggesting they had passed through thousands of miles of rock before reaching the detector. But the radio waves should have been absorbed by the rock. The ANITA team believed these anomalous signals could not be explained by the current understanding of particle physics.

Follow-up observations and analyses with other instruments, including one recently conducted by the Pierre Auger Observatory in Argentina, have not been able to find the same signals. The results of the Pierre Auger Collaboration were published in the journal Physical Review Letters in March.

The origin of the anomalous signals remains unclear, said study coauthor Stephanie Wissel, associate professor of physics, astronomy and astrophysics at the Pennsylvania State University.