Agregátor RSS

Po kolikáté ?

Policisté v Praze zadrželi dva cizince těsně po tom, co do bankomatu nainstalovali skimmovací zařízení s cílem dostat se k penězům klientů. U zadržených mužů pak policisté zajistili i celou řadu nástrojů k páchání této trestné činnosti a vysílačky, informoval ve středu policejní mluvčí Jan Daněk.

Užitečný příspěvek "14 Ways to Create a Secure Password in 2019" na stále potřebné téma jak vytvářet a pamatovat si hesla od Jacka Forstera.

25+ Free Security Tools That You Need to Start

Přehled bezplatných silných antivirových a dalších bezpečnostních programů, které vám mohou pomoci udržet vaše citlivé informace v bezpečí.

Email was one of the earliest forms of communication on the internet, and if you’re reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now it’s still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isn’t very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, let’s start by saying that setting up email encryption yourself is not the most convenient process. You don’t need a degree in cryptography or anything, but it will take a dash of tech savvy. We’ll walk you through the process later on in this article.

Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure it’s safe. All encryption takes place in the background. While we can vouch for Tutanota, it’s worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.

If you’d prefer to configure your own email encryption, keep reading.

See Affiliated Events too.

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses.
The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam´s agencies in enforcing the law and protecting the public from hackers. It also lays out what the government needs to do to thwart looming threats to its computer networks.

Let´s (not) Encrypt

If you´ve been following the news for the last few years it will come as no surprise that the Justice Department is not a fan of the common man having access to encryption.
The report bemoans the current state of encryption and its ability to keep the government from gathering and analyzing traffic for criminal investigations. The word ´encryption´ comes up 17 times in the report, not once in a favorable light.
In the past several years, the Department has seen the proliferation of default encryption where the only person who can access the unencrypted information is the end user, the report reads.
The advent of such widespread and increasingly sophisticated encryption technologies that prevent lawful access poses a significant impediment to the investigation of most types of criminal activity.

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.

Ray Ozzie thinks he has an approach for accessing encrypted devices that attains the impossible: It satisfies both law enforcement and privacy purists. (?)

EFAIL furore not over yet, even though it´s easy to fix.

However, PGP´s creator Phil Zimmerman, Protonmail´s Any Yenn, Enigmail´s Patrick Brunschwig, and Mailvelope´s Thomas Oberndörfer are still concerned that misinformation about the bug remains in the wild.

Yenn tried to refute the EFAIL “don´t use PGP” on May 25, and the four have followed up with this joint post.

According to a Venafi survey of 512 security professionals attending RSA Conference 2018, sixty-four percent of respondents say their personal encryption usage has increased due to recent geopolitical changes.

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

Since 2010, communication service providers have migrated to encrypted services ´by default´, a process that accelerated following the Snowden disclosures, said the National Strategic Assessment of Serious and Organised Crime 2018

US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares.

The National Institute of Standards and Technology wants comments on the best way to design criteria to evaluate new encryption standards for small computing devices.

NIST will eventually ask researchers and cryptographers for algorithms that could be used to encrypt data on small, "constrained devices," such as sensors, RFID tags, industrial controllers and smart cards that are being incorporated into automobiles, internet-of-things devices, the smart grid and distributed control systems.

But first the agency needs to establish the requirements and evaluation criteria that will guide the review of the algorithms.

[7 minut čtení] Cashback portály odměňují za to, že nakupujete na internetu. Jaký je výběr z tuzemských cashbacků, jak fungují a podle čeho se liší? Cashback portály nabízí možnost získat zpět peníze z nákupů na internetu. Fungují jako prostředník mezi internetovým obchodem a zákazníkem. Na tuzemské e-commerce scéně je na výběr hned z několika cashback portálů. Při rozhodování, který cashback portál využít, hraje největší roli nejen výběr z nabízených spolupracujících e-shopů a jejich zaměření, ale také výše bonusů, ať už za registraci, či doporučení, nebo procentuální odměny za nákupy.

[3 minuty čtení] Nová a dlouho očekávaná verze nástroje John the Ripper 1.9.0-jumbo-1 přináší po letech spoustu čerstvých novinek. Mimo jiné umí lámat hesla na FPGA, na kterých je možné dosáhnout vyššího výkonu než na GPU. John the Ripper je zřejmě nejstarším stále vyvíjeným nástrojem pro lámání hesel z dostupných hašů. První verze vyšla už v roce 1996 a dnes tento užitečný nástroj naleznete na mnoha různých platformách. Mezi uživateli je oblíbený zejména pro svou konfigurovatelnost, velké množství podporovaných algoritmů a jednoduché použití.

[3 minuty čtení] V dnešním díle postřehů z bezpečnosti se podíváme, proč kočky nemají rády Cisco, na 0-day zranitelnost v populárním kecálku WhatsApp, posvítíme si na Stack Overflow a na skupinu za bankovním malware GozNym. Velmi závažná zranitelnost byla objevena v zařízeních značky Cisco, která umožňuje potenciálním útočníkům nainstalovat do zařízení persistentní backdoor. Ohroženo je široké spektrum zařízení jako jsou routery, switche nebo firewally. Zranitelnost byla nazvána Thrangrycat (CVE-2019–1649) a dle výzkumníků z Red Balloon postihuje všechna zařízení Cisco s podporou Trust Anchor Module (TAm). TAm je hardwarová funkcionalita secure boot nacházející se na téměř všech zařízeních vyrobených po roce 2013, která zajišťuje, že firmware je autentický a nemodifikovaný.

12nm APU Picasso, nástupce Raven Ridge, by mohlo nezanedbatelně posunout taktovací frekvence. Není vyloučeno, že oproti svému předchůdci přidá 300 MHz…

I was under the impression that the speed limits in the map data came from some authoritative source, but an experience on the highway today …

Link to Full Article: Read Here