Agregátor RSS

KYBERCENTRUM vydalo knihu ceského kryptologa a popularizátora Pavla Vondrušky, která dokazuje, jak muže veda o kódech a šifrách být fascinující a dobrodružná.
Kniha byla v drívejším vydání v edici OKO zcela vyprodána a nebylo ji možné získat.
Nyní je tedy možnost ji zakoupit v e-shopu KYBERCENTRA. Ale pozor k prodeji touto cestou bylo uvolnen pouze omezený pocet 200 kusu .

Kniha p?edního ?eského popularizátora kryptologie dokazuje, jak fascinující a dobrodružná m?že v?da o kódech a šifrách být.
Kniha vyšla v 2006 v nákladu 8000 ks a byla brzy zcela vyprodána.
Kniha nyní vyjde pomocí Crowdfundingu v rámci projektu Centra kybernetické bezpe?nosti, z. ú. (KyberCentrum).
Podpo?te tento projekt a stanete se vlastníci této knihy.

Kniha P.Vondrušky - Kryptologie, šifrování a tajná písma op?t vyjde.
Knihu lze získat v rámci projektu Kybercentra (Crowdfunding).

NIST has posted an update on their post-quantum cryptography program:

• Update


• NISTIR 8309 Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process

Po kolikáté ?

Policisté v Praze zadrželi dva cizince t?sn? po tom, co do bankomatu nainstalovali skimmovací za?ízení s cílem dostat se k pen?z?m klient?. U zadržených muž? pak policisté zajistili i celou ?adu nástroj? k páchání této trestné ?innosti a vysíla?ky, informoval ve st?edu policejní mluv?í Jan Dan?k.

Užite?ný p?ísp?vek "14 Ways to Create a Secure Password in 2019" na stále pot?ebné téma jak vytvá?et a pamatovat si hesla od Jacka Forstera.

25+ Free Security Tools That You Need to Start

P?ehled bezplatných silných antivirových a dalších bezpe?nostních program?, které vám mohou pomoci udržet vaše citlivé informace v bezpe?í.

Email was one of the earliest forms of communication on the internet, and if you’re reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now it’s still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isn’t very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, let’s start by saying that setting up email encryption yourself is not the most convenient process. You don’t need a degree in cryptography or anything, but it will take a dash of tech savvy. We’ll walk you through the process later on in this article.

Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure it’s safe. All encryption takes place in the background. While we can vouch for Tutanota, it’s worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.

If you’d prefer to configure your own email encryption, keep reading.

See Affiliated Events too.

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses.
The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam´s agencies in enforcing the law and protecting the public from hackers. It also lays out what the government needs to do to thwart looming threats to its computer networks.

Let´s (not) Encrypt

If you´ve been following the news for the last few years it will come as no surprise that the Justice Department is not a fan of the common man having access to encryption.
The report bemoans the current state of encryption and its ability to keep the government from gathering and analyzing traffic for criminal investigations. The word ´encryption´ comes up 17 times in the report, not once in a favorable light.
In the past several years, the Department has seen the proliferation of default encryption where the only person who can access the unencrypted information is the end user, the report reads.
The advent of such widespread and increasingly sophisticated encryption technologies that prevent lawful access poses a significant impediment to the investigation of most types of criminal activity.

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.

Ray Ozzie thinks he has an approach for accessing encrypted devices that attains the impossible: It satisfies both law enforcement and privacy purists. (?)

EFAIL furore not over yet, even though it´s easy to fix.

However, PGP´s creator Phil Zimmerman, Protonmail´s Any Yenn, Enigmail´s Patrick Brunschwig, and Mailvelope´s Thomas Oberndörfer are still concerned that misinformation about the bug remains in the wild.

Yenn tried to refute the EFAIL “don´t use PGP” on May 25, and the four have followed up with this joint post.

Od 1. září 2024 se změnila pravidla pro výpočet náhrady za předčasné splacení hypoték. Kterých úvěrů se tato změna týká a kolik zaplatíte, když budete chtít úvěr splatit dříve, než jste se smluvně zavázali?

GStreamer je multiplatformní framework založený na grafu filtrů, využívaný v přehrávačích jako Amarok či Banshee. S dynamickými pluginy a objekty GLib 2 umožňuje efektivní zpracování multimédií.

Pravidelná sonda do světa software. Podíváme se na nástroj pro sledování a diagnostiku CAN komunikace, budeme testovat gRPC API rozhraní a nakonec si vyzkoušíme pomocníka pro správu IoT zařízení z CLI.

Karty jsou vyrobené, dodané a čekají na skladech. AMD však oznámila, že k vydání dojde až v březnu. Co se děje?

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are.  Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.

The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates.  Like tacos, Patch Tuesday is here to stay.

In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”

Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry.  As a case in point, Adobe, among others, follows a similar patch cadence.

Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.

In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.

2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

Microsoft began the new year with a hefty patch release for January, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional testing on how MSI Installer, MSIX and AppX packages are installed, updated, and uninstalled. More info on Microsoft Security updates for January 2025.

For December’s Patch Tuesday, 74 updates and a zero-day fix for Windows

Microsoft released 74 updates with this Patch Tuesday update, patching Windows, Office and Edge — but none for Microsoft Exchange Server or SQL server. One zero-day (CVE-2024-49138) affecting how Windows desktops handle error logs requires a “Patch Now” warning, but the Office, Visual Studio and Edge patches can be added to your standard release schedule. There are also several revisions this month that require attention before deployment. More info on Microsoft Security updates for December 2024.

November: This Patch Tuesday release includes 3 Windows zero-day fixes

Microsoft’s November Patch Tuesday update addresses 89 vulnerabilities in Windows, SQL Server, .NET and Microsoft Office — and three zero-day vulnerabilities in Windows that mean a patch now recommendation for Windows platforms. Unusually, there are a significant number of patch “re-releases” that might also require IT admin attention. More info on Microsoft Security updates for November 2024.

October: A haunting Patch Tuesday: 117 updates (and 5 zero-day flaws)

This month’s Patch Tuesday delivers a large set of patches from Microsoft that fix 117 flaws, including five zero-day vulnerabilities. Though there are patches affecting Windows, SQL Server, Microsoft Excel and Visual Studio, only the Windows updates require a “Patch Now” schedule — and they’ll need a significant amount of testing because they cover a lot of features: networking, kernel and core GDI components and Microsoft Hyper-V. Printing should be a core focus for enterprise testing and the SQL Server updates will require a focus on internally developed applications. More info on Microsoft Security updates for October 2024

September: Latest Patch Tuesday update fixes 4 zero-days

Addressing four zero-days flaws (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 and CVE-2024-38217), this month’s Patch Tuesday release from Microsoft includes 79 updates to the Windows platform. There are no patches to Microsoft Exchange Server or the company’s development tools (Visual Studio or .NET). And Microsoft addressed a recently exploited vulnerability in Microsoft Publisher with two critical updates and nine patches rated important for Microsoft Office. More info on Microsoft Security updates for September 2024.

August: Patch Tuesday means patch now

Microsoft pushed out 90 updates in its August Patch Tuesday release, including fixes for five Windows zero-days (CVE-2024-38178, CVE-2024-38193, CVE-2024-38213, CVE-2024-38106, CVE-2024-38107) and one zero-day affecting Office (CVE-2024-38189). This means a “Patch Now” recommendation for both Windows and Microsoft Office. Microsoft offered several (pretty useful) mitigations and recommendations to reduce the impact of these security issues. More info on Microsoft Security updates for August 2024.