Mediaboss Marketing

Why do people still download files from sketchy places and get compromised as a result?

One of the pieces of advice that security practitioners have been giving out for the past couple of decades, if not longer, is that you should only download software from reputable sites. As far as computer security advice goes, this seems like it should be fairly simple to practice.

But even when such advice is widely shared, people still download files from distinctly nonreputable places and get compromised as a result. I have been a reader of Neowin for over a couple of decades now, and a member of its forum for almost that long. But that is not the only place I participate online: for a little over three years, I have been volunteering my time to moderate a couple of Reddits forums (subreddits) that provide both general computing support as well as more specific advice on removing malware. In those subreddits, I have helped people over and over again as they attempted to recover from the fallout of compromised computers. Attacks these days are usually financially motivated, but there are other unanticipated consequences as well. I should state this is not something unique to Reddits users. These types of questions also come up in online chats on various Discord servers where I volunteer my time as well.

One thing I should point out is that both the Discord and Reddit services skew to a younger demographic than social media sites such as Twitter and Facebook. I also suspect they are younger than the average WeLiveSecurity reader. These people grew up digitally literate and have had access to advice and discussions about safe computing practices available since pre-school.

Despite having the advantage of having grown up with computers and information on securing them, how is it that these people have fallen victim to certain patterns of attacks? And from the information security practitioners side, where exactly is the disconnect occurring between what were telling people to do (or not do, as the case may be), and what they are doing (or, again, not doing)?

Sometimes, people will openly admit that they knew better but just did a dumb thing, trusting the source of the software when they knew it was not trustworthy. Sometimes, though, it appeared trustworthy, but was not. And at other times, they had very clearly designated the source of the malware as trustworthy even when it was inherently untrustworthy. Let us take a look at the most common scenarios that lead to their computers being compromised:

I would point out that these are not the only means by which people were tricked into running malware. WeLiveSecurity has reported on several notable cases recently that involved deceiving the user:

Do any of these scenarios seem similar to each other in any way? Despite the various means of receiving the file (seeking out versus being asked, using a search engine, video site or piracy site, etc.) they all have one thing in common: they exploited trust.

When security practitioners talk about downloading files only from reputable websites, it seems that we are often only doing half of the job of educating the public about them, or maybe even a little less, for that matter: weve done a far better job of telling people what kind of sites to go to (reputable ones, obviously) without explaining what makes a site safe to download from in the first place. So, without any fanfare, here is what makes a site reputable to download software from:

And thats it! In todays world of software, the publishers site could be a bit more flexible than what it historically has been. Yes, it could be a site with the same domain name as the publishers site, but it could also be that the files are located on GitHub, SourceForge, hosted on a content delivery network (CDN) operated by a third party, and so forth. That is still the publishers site, as it was explicitly uploaded by them. Sometimes, publishers provide additional links to additional download sites, too. This is done for a variety of reasons, such as to defray hosting costs, to provide faster downloads in different regions, to promote the software in other parts of the world, and so forth. These, too, are official download sites because they are specifically authorized by the author or publisher.

There are also sites and services that act as software repositories. SourceForge and GitHub are popular sites for hosting open-source projects. For shareware and trial versions of commercial software, there are numerous sites that specialize in listing their latest versions for downloading. These download sites function as curators for finding software in one place, which makes it easy to search and discover new software. In some instances, however, they also can have a darker side: Some of these sites place software wrappers around files downloaded from them that can prompt to install additional software besides the program you were looking for. These program bundlers may do things completely unrelated to the software they are attached to and may, in fact, install potentially unwanted applications (PUAs) on to your computer.

Other types of sites to be aware of are file locker services such as Box, Dropbox, and WeTransfer. While these are all very legitimate file sharing services, they can be abused by a threat actor: people may assume that because the service is trusted, programs downloaded from them are safe. Conversely, IT departments checking for the exfiltration of data may ignore uploads of files containing personal information and credentials because they are known to be legitimate services.

When it comes to search engines, interpreting their results can be tricky for the uninitiated, or people who are just plain impatient. While the goal of any search enginewhether it is Bing, DuckDuckGo, Google, Yahoo, or another is to provide the best and most accurate results, their core businesses often revolve around advertising. This means that the results at the top of the page in the search engine results are often not the best and most accurate results, but paid advertising. Many people do not notice the difference between advertising and search engine results, and criminals will take advantage of this through malvertising campaigns where they buy advertising space to redirect people to websites used for phishing and other undesirable activities, and malware. In some instances, criminals may register a domain name using typosquatting or a similar-looking top-level domain to that of the software publisher in order to make their website address less noticeable at first glance, such as example.com versus examp1e.com (note how the letter l has been released by the number 1 in the second domain).

I will point out that there are many legitimate, safe places to go on the internet to download free and trial versions of software, because they link to the publishers own downloads. An example of this is Neowin, for whom the original version of this article was written. Neowins Software download section does not engage in any type of disingenuous behavior. All download links either go directly to the publishers own files or to their web page, making Neowin a reliable source for finding new software. Another reputable site that links directly to software publishers downloads is MajorGeeks, which has been listing them on a near-daily basis for over two decades.

While direct downloading ensures that you get software from the company (or individual) that wrote it, that does not necessarily mean it is free of malware: there have been instances where malicious software was included in a software package, unintentionally or otherwise. Likewise, if a software publisher bundles potentially unwanted applications or adware with their software, then you will still receive that with a direct download from their site.

Special consideration should be applied to the various application software stores run by operating system vendors, such as the Apple App Store, the Google Play store, Microsofts Windows App stores, and so forth. One might assume these sites to be reputable download sites, and for the most part they are exactly that, but there is no 100% guarantee: Unscrupulous software authors have circumvented app stores vetting processes to distribute software that invade peoples privacy with spyware, display egregious advertisements with adware, and engage in other unwanted behaviors. These app stores do have the ability to de-list such software from their stores as well as remotely uninstall it from afflicted devices, which offers some remedy; however, this could be days or weeks (or more) after the software has been made available. Even if you only download apps from the official store, having security software on your device to protect it is a must.

Device manufacturers, retailers, and service providers may add their own app stores to devices; however, these may not have the ability to uninstall apps remotely.

With all of that in mind, you are probably wondering exactly what the malware did on the affected computers. While there were different families of malware involved, each of which having its own set of actions and behaviors, there were two that basically stood out because they were repeat offenders, which generated many requests for assistance.

And just in case you were wondering: I have never heard of anyone successfully decrypting their files after paying the ransom to the STOP/DJVU criminals. Your best bet at decrypting your files is to back them up in case a decryptor is ever released.

As far as its functionality goes, Redline Stealer performs some fairly common activities for information-stealing malware, such as collecting information about the version of Windows the PC is running, username, and time zone. It also collects some information about the environment where it is running, such as display size, the processor, RAM, video card, and a list of programs and processes on the computer. This may be to help determine if it is running in an emulator, virtual machine, or a sandbox, which could be a warning sign to the malware that it is being monitored or reverse engineered. And like other programs of its ilk, it can search for files on the PC and upload them to a remote server (useful for stealing private keys and cryptocurrency wallets), as well as download files and run them.

But the primary function of an information stealer is to steal information, so with that mind, what exactly does the Redline Stealer go after? It steals credentials from many programs including Discord, FileZilla, Steam, Telegram, various VPN clients such as OpenVPN and ProtonVPN), as well as cookies and credentials from web browsers such as Google Chrome, Mozilla Firefox, and their derivatives. Since modern web browsers do not just store accounts and passwords, but credit card info as well, this can pose a significant threat.

Since this malware is used by different criminal gangs, each of them might focus on something slightly different. In these instances, though, the targets were most often Discord, Google, and Steam accounts. The compromised Discord accounts were used to spread the malware to friends. The Google accounts were used to access YouTube and inflate views for certain videos, as well as to upload videos advertising various fraudulent schemes, causing the account to be banned. The Steam accounts were checked for games that had in-game currencies or items which could be stolen and used or resold by the attacker. These might seem like odd choices given all the things which can be done with compromised accounts, but for teenagers, these might be the most valuable online assets they possess.

To summarize, here we have two different types of malware that are sold as services for use by other criminals. In these instances, those criminals seemed to target victims in their teens and early twenties. In one case, extorting victims for an amount proportional to what sort of funds they might have; in the other case, targeting their Discord, YouTube (Google), and online games (Steam). Given the victimology, one has to wonder whether these criminal gangs are composed of people in similar age ranges, and if so, chose specific targeting and enticement methods they know would be highly effective against their peers.

Security practitioners advise people to keep their computers operating systems and applications up to date, to only use their latest versions, and to run security software from established vendors. And, for the most part: people do that, and it protects them from a wide variety of threats.

But when you start looking for sketchy sources to download from, things can take a turn for the worse. Security software does try to account for human behavior, but so do criminals who exploit concepts such as reputation and trust. When a close friend on Discord asks you to look at a program and warns that your antivirus software may incorrectly detect it as a threat, who are you going to believe, your security software or your friend? Programmatically responding to and defending against attacks on trust, which are essentially types of social engineering, can be difficult. In the type of scenarios explained here, it is user education and not computer code that may be the ultimate defense, but that is only if the security practitioners get the right messaging across.

The author would like to thank his colleagues Bruce P. Burrell, Alexandre Ct Cyr, Nick FitzGerald, Tom Foltn, Luk tefanko, and Righard Zwienenberg for their assistance with this article, as well as Neowin for publishing the original version of it.

Aryeh GoretskyDistinguished Researcher, ESET

Note: An earlier version of this article was published on tech news site Neowin.

View original post here:
You may not care where you download software from, but malware ... - We Live Security

AI's ability to write software has been steadily building. GitHub's Copilot, AWS' CodeWhisperer, Tabnine and other platforms offer assistance to developers through natural language interfaces, using open-source code to produce software.

Analyst firm Forrester refers to solutions like these as TuringBots, AI-powered software that can help plan, design, build, test and deploy application code. But the leap in generative AI interest is leading to questions about what impact the technology could have on the software creation process.

For enterprises aiming to leverage AI's capabilities in software production,clear guardrailsare needed to keep applications safe and processes running smoothly. Since adoption has already started, even at an experimental stage, CIOs must create policies to shape how they will be added to the development lifecycle.

"Shutting them down I don't think is the right policy," said Mike Gualtieri, VP, principal analyst at Forrester, speaking on a panel last month.

Instead, executives need to stay informed about the latest developments from the vendor landscape, figure out what works within the current ecosystem and make adoption decisions based on that, Gualtieri said.

AI tools can generate code, suggesting line after line even with the simplest prompt. But a protective layer must exist between machine-made code and production.

Adoption has grown, as shown in February, when GitHub's Copilot tool generated an average of 46% of code when developers used the tools,up from 27% in June.

It's important to remember AI writes code based on what's previously been built by humans, said Diego Lo Giudice, VP and principal analyst at Forrester.

"Is all the source code that exists out there perfectly secure and with no vulnerabilities? No, it's not," said Lo Guidice. "You still need to do your step of security checking and running security scanning tools."

Human involvement will be key to how generative AI will shape the software development lifecycle.

"You can never blame ChatGPT, you can never blame a TuringBot," said Gualteri. "You're still responsible."

Most organizations are still in the experimentation stageof their generative AI journeys. And despite potential data privacy risks and unknowns associated with generative AI, an emerging technology, executives think the benefits outweigh the risks.

"Each company might have a different approach, but have to start working with this technology, and understanding quickly how it can make our developers and development teams, and even the entire IT [unit], much more efficient," Lo Giudice said.

View post:
Generative AI needs guardrails as businesses add it to software ... - CIO Dive

This project promotes peer-to-peer learning by allowing learners to learn on their terms and progress at their own pace. Learners, like trainers, are engaged in the training process (empowerment). This strategy, to quickly answer a relevant question, will open the door to new training opportunities: (i) enabling the declaration of training needs, (ii) sharing knowledge, and (iii) expertise to create content online, quickly, easily, inexpensively with widespread access to low-speed internet. All growth opportunities will be implemented with the co-construction of digital solutions with identified partners and perfect coherence with ecosystems and low-speed internet configurations. Within the framework of e-MCCPO, teams identified in partnership with the UNFM will be central to a community of practice expert that contributes to driving change in the Pan American area. Relevant indicators will be generated by the general cancer registries of both countries involved for the first time in this atypical field.

Digital technologies will bring about significant changes in the organization and functioning of our healthcare systems. They will allow us to modernize current organizations and consider radically new and more efficient practices, especially if a new health crisis such as the COVID-19 crisis occurs again. In the Caribbean basin, bandwidth connection speeds may be limited. Nevertheless, providing solutions that maintain the responsiveness of a platform for access to training resources are innovative alternatives for these regions. Thanks to the experience of the Universit Numrique Francophone Mondiale (UNFM) in providing e-learning resources accessible at very low Internet speeds, the learning platform we propose has a solid experiential base for providing quality education online in an environment of shortage. [15]

Insofar as digital technology unleashes an immense potential for proximity innovation, healthcare professionals (innovators) will be able to adapt their clinical practice, modernize their communication or training methods, and exchange or obtain expert advice on complex clinical cases.

In the last few years, many innovative learning programs using RAFT have shown great success in the accessibility and diffusion of courses in areas of shortage [16]. The results of Dr. GUINDO Fatoumata SISSOKOs thesis, which evaluated the Malian experience on medical distance learning broadcasted by RAFT, have confirmed these observations. DUDAL is then the solution to support the digital learning strategy of this project in order to offer a low-cost and accessible educational option. [17] Regarding e-learning for medical education in low-resource countries, our digital strategy includes the suggestions in Sandra Barteits article [18]. As well, we propose (i) a thematic database on oncofertility and oncosexuality, (ii) a standardized and widely used framework for evaluating e-learning programs using the UNFM, and (iii) structured programs that integrate e-learning between recognized scientific institutions (CECOS, GEFRAUS, Toulouse University).

New horizons will open up for our scientists and physicians regarding training and learning aligned with an innovative digital strategy. These innovations are necessary to overcome the difficulties of coordination and training between local professionals. Related work will contribute to a continuum for implementing an ad-hoc training library. In addition, the innovators affiliation centers will be identified in the Caribbean as centers of competence and excellence in sexual and reproductive health care with high standards of clinical practice. This program can be replicated in other world regions, thanks to its low-cost interactivity and UNFMs global expertise in deploying training in developing countries. In this dynamic setting, the health care system will also have to evolve, if not revolutionize, in terms of organization and management. Content distribution and targeting are levers for optimizing site traffic and generating qualified leads.

Digitalization of audio-visual pedagogical resources combined with the performances of the networks provided by the RAFT offer many possibilities. Indexing such resources is a major challenge for expert practice community. Furthermore, the provision of high-tech equipment and the expertise of the UNFM will generate a network of community exchanges for continuing professional development and reinforcement of health behaviors as close as possible to the local health territories.

This project responds to the national priorities of Cuban and French health policies (cancer plans and national sexual health strategies). It will be implemented in liaison with the Cuban Health Agencies and learned societies and the French Embassy in Cuba. The project and its impact will be regularly evaluated by the Martinique and Cuba-INOR cancer registries. This proposal is a extension of the collaboration initiated with Cuba for the development of bilateral scientific and medical actions. Oncofertility and oncosexology care must be better integrated in the assessment of care in our regions. This is a new area of legal recommendations to be included in the standards of care.

Access to care in terms of a digital healthcare offer must be strengthened and developed in our territories even more than elsewhere. This complementary organization, part of a global and integrated digital logic, must ensure, thanks to the PRPH-3 cooperation program and complementary programs, standardized treatment paths according to institutional recommendations (INCa and MINSAP). We are currently working to contribute to a quality and functional cooperation network, fully involved, bringing expertise and skills through a care network for complex cases, workshops, e-learning, and practical training on expert sites.

Thanks to the PRPH-3, the furtherance of such collaborative projects with Cuba, will allow to identify and generate in a more precise way in the Caribbean region, clinical, demographic, socioeconomic or organizational determinants, at the origin of the heterogeneity of the medical assistance to procreation and sexual rehabilitation. The related work of this collaborative digital platform will contribute to the establishment of a continuum for cancer surveillance and associated Oncorrehabilitation, ultimately proposing a coherent value chain, federating health professionals around adapted training, expert medical management and shared know-how, for the benefit of patients and health professionals. Within this dynamic, each country will be identified as a center of competence and excellence in onco-rehabilitation.

Visit link:
International cooperation and the challenge of internet accessibility ... - BMC Medical Education

This transcript was prepared by a transcription service. This version may not be in its final form and may be updated.

Kate Linebaugh: Hey, it's Kate. We have a new reporter on our team, Jessica Mendoza. She's hosting today's episode. Here she is.

Jessica Mendoza: I'm curious, who taught you how to file your taxes?

Richard Rubin: I'm not sure I ever really learned. I learned mostly about taxes from writing about them.

Jessica Mendoza: Our colleague, Richard Rubin, covers US tax policy. What is your favorite tax reference in pop culture?

Richard Rubin: I was listening this morning to a song by the band Cake where they go, "You'll receive the federal funding, you can add another wink." It's like the perfect song to write about taxes too. It's about where the money comes from and where it goes.

Jessica Mendoza: The US tax system is something everyone loves to hate on.

Speaker 1: Sir, why did you wait until the last minute to pay your taxes?

Speaker 2: Because I'm an idiot. Happy?

Richard Rubin: The US is weird, right? The US, unlike a lot of other countries, has a very complicated income tax system, which makes my job fun, but I think it's something that people approach with a fair amount of trepidation.

Jessica Mendoza: Yes. Fun for rich, less fun for the average tax paying American.

Richard Rubin: Yes. I think, look...

Jessica Mendoza: Filing your taxes is probably never going to be fun, and it can also be expensive, but that might be about to change. This week, the IRS said it's planning to pilot a new tax filing system. And if people like it, it could make tax season more bearable and disrupt the tax prep industry.Welcome to The Journal, our show about money, business, and power. I'm Jessica Mendoza. It's Thursday, May 18th. Coming up on the show, how the IRS wants to change the way you file your taxes. Every year when tax season rolls around, Americans tend to do one of two things: they sit down and do their taxes themselves, or they pay someone else to do it.

Richard Rubin: You probably stick to your pattern, right? If you do TurboTax or H&R Block or Jimmy's Tax Service down the street or your uncle's favorite accountant, you get in that habit and you keep doing it. It becomes somewhat familiar, like raking the leaves in the fall or whatever. I can use the fancy expensive leaf blower thing, or you can do it by hand. You can rake them all up with a manual rake and you don't really think a lot about it.

Jessica Mendoza: When the government started collecting income taxes about 100 years ago, only high income Americans needed to file, and they would often have a personal accountant file the return to the IRS. But in the 1940s, the US had a war to pay for, so the government started taxing more Americans.

Richard Rubin: It was really World War II that turned it from what some have called a class tax into a mass tax, where you had just the bulk of Americans all of a sudden needing to file tax returns. It's in that World War II and post-war period where income tax filing became something that lots of people had to do every year.

Jessica Mendoza: As more people paid income taxes, the government also started offering them tax breaks, like you can get a tax cut if you have children or if you paid college tuition. As a result, the tax system became really complicated and harder for people to navigate. Private companies saw this as an opportunity. Two companies in particular came to dominate the tax prep industry, Intuit, which owns TurboTax, and H&R Block.

Richard Rubin: H&R Block is the granddaddy of tax prep companies. H&R Block was perfectly timed to meet that growing demand that was coming in that post-war period when the income tax was expanding and becoming much more of a cultural phenomenon and a necessity for the government.

Jessica Mendoza: These companies offered services usually for a fee. They made it easier for taxpayers to fill out and file their tax returns. But once these returns got to the IRS, things would slow down.

Richard Rubin: IRS used to have processing centers all over the country. Last year I went to one of them, this enormous building, and there were carts full of paper returns that had come in. They were just on the cart gradually rolling their way toward literally where people would take the return out, sit there with a red pen, circle the key numbers on the return, hand it down to the next person on the assembly line, whose job is to then look at the red pen circles, type those numbers into the system.

Jessica Mendoza: While the IRS was still processing paper returns, tax prep companies had started building software to help people fill out their tax forms.

Richard Rubin: In the 1990s, the IRS was saying, "Oh, there's these things called computers that's going to be a lot more efficient than giant piles of paper." The IRS was thinking, ooh, we've got these giant facilities. We've got truckloads of mail coming in. This does not seem like a modern tax filing service. We should upgrade it. How should we do it?

Jessica Mendoza: The answer they came to was to partner with companies that were already working on these online services, and for a while the partnership worked because, Rich says, people like the handholding.

Speaker 3: First, tell us a bit about yourself and we'll customize the questions to you, saving you valuable time. They're simple questions that don't require tax knowledge to answer like, did you get married, or did you buy a house?

Richard Rubin: That Q&A format that the accountant software or tax preparer uses is really useful because they're an interpreter between the government, this very complicated tones of tax documents, and you.

Jessica Mendoza: There was one important detail to the partnership between the IRS and tax prep companies. The Intuits and H&R Blocks of the world could charge customers a fee. These days it can cost as much as $200 to use their services, but the companies were also supposed to let some people use a free option. For example.

Richard Rubin: If your income is below $73,000, you can go to the IRS Free File website, and that's basically a portal through which you can use private company's tax software and that's free.

Jessica Mendoza: That was the deal, but it turned out that's not what was always happening. A 2019 ProPublica investigation found that some of the big tax prep companies were making it so complicated to get to the Free File service that some people ended up paying for tax prep even when they didn't have to. That got the companies in trouble with a number of states and the Federal Trade Commission.

Speaker 4: Yes, they said free, free, free on the website, but in fact, you had to pay once everything went through.

Richard Rubin: Intuit, which owns TurboTax, is paying out a legal settlement because it had been sued for guiding people away from the IRS Free File program into some of its paid services.

Jessica Mendoza: After it was sued last year, Intuit had to pay $141 million to people who should have been able to file for free, but paid for their services instead. Intuit did not admit any wrongdoing in the settlement.

Richard Rubin: I think that just led to a lot of frustration among Democrats like Senator Elizabeth Warren, Senator Tom Carper who've been interested in this.

Jessica Mendoza: These lawmakers say Americans aren't served well by these companies, and they started asking how the IRS could do better. In 2022, when Congress passed the Inflation Reduction Act, the bill included $80 billion for improvements to the IRS, and it asked the agency to explore what a new government tax filing system could look like. On Tuesday, the IRS released its report.

Richard Rubin: It's a report that says, okay, could the IRS do its own software, its own version effectively of TurboTax and H&R Block? That's the fundamental premise of this report is, could the government just do this? How much would it cost and would people want it?

Jessica Mendoza: That's after the break. After releasing its report this week, the IRS said it would test a new system for filing taxes directly with the government. The agency called it Direct File.

Richard Rubin: I think it's designed to be something that's more like TurboTax in H&R Block.

Jessica Mendoza: Theoretically, the IRS could use the information it already receives to autofill some tax returns, though this wouldn't be something they'd do until much later.

Richard Rubin: The IRS has from your employer your W-2. They know whether you have children. They know what your address was. The bigger killer IRS app is really what they call a pre-populated return, where the IRS takes the information it has about you, drafts your 1040, sends it to you and says, "Hey, does that look good? Sure? Done."

Jessica Mendoza: Is this new IRS filing system meant to replace what the private sector currently has in terms of options?

Richard Rubin: Well, IRS Commissioner Danny Werfel was telling reporters this week that it's not intended to replace or become the only way that you can file it, and they're not going to ban you from using TurboTax or an accountant. You can have whatever professional assistance you might want. Their aim is to just provide this as a public portal, a public service for people to use.

Jessica Mendoza: Would it be free to use?

Richard Rubin: Yes. It's absolutely designed to be something that's a free government service.

Jessica Mendoza: What problem is the IRS trying to solve with this new tool

Richard Rubin: They're trying to solve the problem that is lots of Americans pay for access to what some people think should be a core government service. The ability to file your tax return in an easy way to meet your obligations as a taxpayer should be something that the government lets you do in a straightforward way and enables that. They're basically trying to offer a public service that is now not really available, but which you might think you would expect the government to provide.

Jessica Mendoza: But before the IRS can roll out a new tax filing system of any kind, it will have to overcome some pretty major challenges.

Richard Rubin: One thing that the IRS recognize as it developed this report was the importance of customer service. That if people are on their compute at... Hopefully people will file promptly. But if it's 11:30 on April 14th and you're sitting there trying to figure out what you're doing, is there going to be someone there either via chat or via phone who can help you?

Jessica Mendoza: Another challenge, what to do with state taxes?

Richard Rubin: This is relatively easy for someone in Florida or Texas or a state that doesn't have an income tax filing requirement. But for people in New York, New Jersey, California, Minnesota, wherever, it is going to be a little trickier. How useful is this IRS tool going to be if you then have to go figure out some way to file your state taxes?

Jessica Mendoza: I'm thinking about that now and I'm like, I don't want to do that.

Richard Rubin: You don't want to do that, right? It's something they've got to figure out as they go forward is how well can they interface with state systems so that this provides the benefit it's intended to provide.

Jessica Mendoza: The IRS estimates that the whole project could cost between 60 million to $250 million a year depending on how many taxpayers use it. And not everyone is convinced it's a good idea or that the IRS can pull it off.

Richard Rubin: Republicans are very skeptical of this. They've argued that the IRS has other things it can do. They point correctly to a track record the IRS has that is quite mixed on information technology projects. There have been occasional times when personal data has been exposed for various reasons. There's legitimate concerns about privacy and security, as there are with private companies too, but that's something that you hear people raise concerns about.

Jessica Mendoza: Critics are also concerned about the government's incentives. Would the IRS want to maximize taxpayer refunds when it's also the agency in charge of collecting taxes?

Richard Rubin: Republicans are much more receptive than Democrats to this concern about the IRS being on both sides of the transaction, the IRS helping prepare the returns and then audit them. I expect a fair amount of political back and forth in the coming months over this.

Jessica Mendoza: Private companies are also fighting the IRS's proposal.

Richard Rubin: They've been increasing lobbying spending over the past year, and they're trying to persuade lawmakers, if not to intervene, to at least ask a lot of hard questions of the IRS. They're basically arguing that this is not necessary, that the system that we have now works well and that the IRS should focus on other things.

Jessica Mendoza: The IRS plans to build a version of Direct File and let some people try it out during the next tax season. Based on your reporting, how likely is it that this will actually turn into a system that the IRS winds up adopting?

Richard Rubin: I don't know. I think the extent to which the Biden administration and Democrats are in charge of the Treasury Department enabled to nudge this thing forward. They've indicated a pretty clear interest in trying to make something like this happen. But I think it also is just going to depend on how it's perceived.

Jessica Mendoza: But while the IRS pilots its idea, most of us will still have to do our taxes same as always.

Richard Rubin: For a lot of people, this is a chore and they're going to get the chore done. And if they have a government tool to do the chore, that's great. And if they got to pay for a private tool to do the chore, so be it. But this is really about your obligations as a citizen and a taxpayer. It still can be a very nerve-racking experience in part because you know that if you get something wrong, there are real consequences.

Jessica Mendoza: That's all for today, Thursday, May 18th. The Journal is a co-production of Gimlet and The Wall Street Journal. If you like our show, follow us on Spotify or wherever you get your podcasts. We're out every weekday afternoon. Thanks for listening. See you tomorrow.

Original post:
IRS Might Make Tax Season a Whole Lot Easier - The Journal ... - The Wall Street Journal

HBO Maxis set to become Max on May 23 with a new logo and fuller catalog. In addition to streaming everything on HBO Max, subscribers will have access to Discovery Plus programming and a slate of new TV shows and movies under the Warner Bros. banner. You may be wondering, though, whether this means plans and pricing are also changing.

There are no major price hikes set to go in effect, but there will be some changes to subscriptions. Here, we outline what you can expect on each subscription plan once Max rolls out.

Read more: Best Streaming Services of 2023

HBO Max currently has two subscription tiers: With Ads for $10 a month ($100 per year) and Ad-Free at $16 monthly ($150 annually). Both plans stream in HD with some 4K content, and you can stream on up to three devices simultaneously. The ad-free version comes with 30 downloads and the ability to watch if you're traveling to a country where HBO Max is available.

When Max arrives this month, you will be able to choose from three options or keep your current subscription. Dubbed Ad-Lite, Ad-Free and Ultimate, the new Max plans will have some slight changes in how they're packaged and what's offered. Ad-Lite includes ads, two streams and HD resolution, while the ad-free plan is essentially the same, but you get offline downloads and no ads. Like the current HBO Max, there are no restrictions on what content you can watch based on which Max subscription you have. All plans will grant access to the full Max library.

The chart below outlines Max's price tiers and how users will get two concurrent streams on the lower-priced plans. Though the monthly price is the same (for now), it's a switch from the current offerings.

Since its initial launch in May 2020, HBO Max has had a limited amount of 4K content on the platform. A select number of films and originals are available to stream in 4K on its ad-free plan only, and the service provides an updated list of those titles on its help page. Currently, you're able to stream roughly 35 titles, including House of the Dragon, Dune, Elvis, Game of Thrones, The Suicide Squad and a handful of others.

When Max launches, you will have to pay $20 per month to watch anything in 4K. For some, that means a $4 increase to upgrade to the Ultimate plan, which is packaged similarly to Netflix's $20 Premium subscription. It's unclear how many titles will be available in 4K on Max, but it will be more than what's on the platform now. Additionally, Warner Bros. Discovery has said some features -- like 4K -- will still be available on current subscription plans for six months as the app transitions to Max.

If you already have HBO Max, you don't have to do anything if you want Max when it launches. The platform will automatically upgrade with the new logo, features and catalog and customers will see the changes when opening the app on May 23. Some may be prompted to download the updated version of Max. If you want to change your subscription plan, you can do so through your billing provider. HBO Max/Warner-billed subscribers can switch plans in the settings section on your profile.

If you're not currently a subscriber, you can either sign up for HBO Max now and wait for the update, or register for a new Max plan when the service arrives next month.

Discovery Plus will remain a standalone streaming service that houses Discovery-branded content from networks like TLC, HGTV and Food Network. The service costs $5 per month for the ad-supported subscription and $7 a month without ads. There will not be any movies and TV shows from HBO, Warner, DC or HBO Max on the platform. However, Max will not have the entire catalog from Discovery Plus, but rather select titles.

At the time of this writing, Warner Bros. Discovery has not announced any bundles for customers who would like subscriptions to both Max and Discovery Plus.

Check out our other coverage on what the HBO Max rebrand means for you and what type of content you'll find on the new Max service.

View post:
HBO Max vs. Max Subscriptions: The Differences Explained - CNET