Agregátor RSS

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access. The agency is tracking the activity under the name UAC-0198. More than 100 computers are estimated to have been infected since July 2024, including those related to government bodies in the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Oživeno 12. srpna NASA oznámila, že je ochotna přenechat VIPER (Volatiles Investigating Polar Exploration Rover) jinému subjektu, který má zájem o jeho provozovaní. Chce si ovšem ponechat určitou kontrolu nad tím, co přesně se s ním bude dít. Od budoucího partnera se mj. očekává, že provede ...

Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud

The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come.

Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards. You can also read more about PQC and Google's role in the standardization process in this 2022 post from Cloud CISO Phil Venables.

What is PQC?

Encryption is central to keeping information confidential and secure on the Internet. Today, most Internet sessions in modern browsers are encrypted to prevent anyone from eavesdropping or altering the data in transit. Digital signatures are also crucial to online trust, from code signing proving that programs haven't been tampered with, to signals that can be relied on for confirming online identity.

Modern encryption technologies are secure because the computing power required to "crack the code" is very large; larger than any computer in existence today or the foreseeable future. Unfortunately, that's an advantage that won't last forever. Practical large-scale quantum computers are still years away, but computer scientists have known for decades that a cryptographically relevant quantum computer (CRQC) could break existing forms of asymmetric key cryptography.

PQC is the effort to defend against that risk, by defining standards and collaboratively implementing new algorithms that will resist attacks by both classical and quantum computers.

You don't need a quantum computer to use post-quantum cryptography, or to prepare. All of the standards released by NIST today run on the classical computers we currently use.

How is encryption at risk?

While a CRQC doesn't exist yet, devices and data from today will still be relevant in future. Some risks are already here:

• Stored Data Through an attack known as Store Now, Decrypt Later, encrypted data captured and saved by attackers is stored for later decryption, with the help of as-yet unbuilt quantum computers
• Hardware Products Defenders must ensure that future attackers cannot forge a digital signature and implant compromised firmware, or software updates, on pre-quantum devices that are still in use

For more information on CRQC-related risks, see our PQC Threat Model post.

How can organizations prepare for PQC migrations?

Migrating to new cryptographic algorithms is often a slow process, even when weaknesses affect widely-used crypto systems, because of organizational and logistical challenges in fully completing the transition to new technologies. For example, NIST deprecated SHA-1 hashing algorithms in 2011 and recommends complete phase-out by 2030.

That’s why it's crucial to take steps now to improve organizational preparedness, independent of PQC, with the goal of making your transition to PQC easier.

These crypto agility best practices can be enacted anytime:

• Cryptographic inventory Understanding where and how organizations are using cryptography includes knowing what cryptographic algorithms are in use, and critically, managing key material safely and securely
• Key rotation Any new cryptographic system will require the ability to generate new keys and move them to production without causing outages. Just like testing recovery from backups, regularly testing key rotation should be part of any good resilience plan
• Abstraction layers You can use a tool like Tink, Google's multi-language, cross-platform open source library, designed to make it easy for non-specialists to use cryptography safely, and to switch between cryptographic algorithms without extensive code refactoring
• End-to-end testing PQC algorithms have different properties. Notably, public keys, ciphertexts, and signatures are significantly larger. Ensure that all layers of the stack function as expected

Our 2022 paper "Transitioning organizations to post-quantum cryptography" provides additional recommendations to help organizations prepare and this recent post from the Google Security Blog has more detail on cryptographic agility and key rotation.

Google's PQC Commitments

Google takes these risks seriously, and is taking steps on multiple fronts. Google began testing PQC in Chrome in 2016 and has been using PQC to protect internal communications since 2022. In May 2024, Chrome enabled ML-KEM by default for TLS 1.3 and QUIC on desktop. ML-KEM is also enabled on Google servers. Connections between Chrome Desktop and Google's products, such as Cloud Console or Gmail, are already experimentally protected with post-quantum key exchange.

Google engineers have contributed to the standards released by NIST, as well as standards created by ISO, and have submitted Internet Drafts to the IETF for Trust Expressions, Merkle Tree Certificates, and managing state for hash-based signatures. Tink, Google's open source library that provides secure and easy-to-use cryptographic APIs, already provides experimental PQC algorithms in C++, and our engineers are working with partners to produce formally verified PQC implementations that can be used at Google, and beyond.

As we make progress on our own PQC transition, Google will continue to provide PQC updates on Google services, with updates to come from Android, Chrome, Cloud, and others.

Minetest (Wikipedie), multiplatformní open source voxelový herní engine a hra inspirovaná Minecraftem, byl vydán ve verzi 5.9.0. Podrobný přehled novinek v changelogu. Instalovat lze také z Flathubu a Snapcraftu.

Kernel mode not good enough for you? Maybe you'll like SMM of this

Updated  Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly underhand malware and rogue insiders, though the chip designer is only patching models made since 2020.…

Konference OpenAlt 2024 – jedinečné fórum, kde se každoročně sdružují lidé se zájmem o vývoj a využití svobodného a otevřeného softwaru a hardwaru, tvorbu, zpracování a zpřístupňování otevřených dat, svobodný přístup k informacím a vzdělávání – hledá přednášející. Konference proběhne 2. a 3. listopadu v prostorách FIT VUT v Brně.

Banky budou moci od září navýšit poplatek za předčasnou splátku hypotéky. Většina z nich toho využije. Které zůstanou čestnou výjimkou?

Zaměstnavatel nutil zaměstnankyni skončit pracovní poměr, podepsat dlužní úpis na 1,5 milionu Kč a splacení zajistit zástavní smlouvou na její nemovitost, jinak že půjde do vězení a neuvidí své dítě. „Podepište dohodu o rozvázání pracovního poměru, nebo podáme trestní oznámení.“ Může vám někdo takto vyhrožovat?

Po popisu standardních textových i grafických režimů karty VGA se zaměříme na popis režimů nestandardních. Bude se z velké části jednat o různé úpravy grafického režimu 13H s rozlišením 320×200 pixelů a s 256 barvami.

V červenci ohlášenou akvizici se podařilo uzavřít velmi rychle, prakticky během měsíce. AMD tak podstatně posílila softwarový vývoj v AI segmentu…

Když před 66 miliony let dopadla u dnešního Yucatánu planetka a ukončila křídu i celé druhohory, některé linie tehdejších organismů to přežily a následně zažily explozi diverzity. Jejich genomy dnes představují cenné svědectví o tehdejších apokalyptických časech. Ptáci jsou výtečným příkladem.

Hraje pro vás úhlopříčka displeje důležitou roli, nebo si mobil primárně vybíráte podle jiných parametrů? A pokud na velikosti záleží, preferujete spíš větší, nebo menší mobily? Škálu větší/menší nebudeme definovat přesně, protože se pravidelně posouvá. Dnes už „compacty“ a „mini“ prakticky ...

Thanks to antiviral medications, HIV infection is no longer a death sentence. With a cocktail of drugs, people with HIV can keep the virus in check. Introduced more recently, PrEP, or pre-exposure prophylaxis, can guard uninfected people from potential infections.

The pills, taken with a sip off water, have protected pregnant women at high risk of HIV. The treatment also dramatically slashes the risk of catching the virus in other populations.

But antivirals come with side effects. Nausea, fatigue, dizziness, and pain are common. When taken for years—which is typical—the drugs raise cholesterol levels and increase the chances of depression, diabetes, and liver and kidney damage. They’re also expensive and very hard to come by in some regions of the world. As an alternative, scientists have long been working on an HIV vaccine, but so far to no avail.

This week, an international team led by Dr. Leor Weinberger at the University of California, San Francisco, tapped into an age-old idea in the battle against viruses, but with a modern twist.

One way to make vaccines is to create viruses stripped of harmful traits but still able to infect cells. In the new study, scientists built on this idea to develop a one-shot antiviral HIV therapy. By removing HIV’s disease-causing genes, the team created “benevolent twins” called TIPs—or therapeutic interfering particles—which outcompete HIV and limit its ability to reproduce.

A single shot of TIPs reduced the amount of virus inside infected monkeys by up to 10,000-fold and helped the treated animals live longer.

The new approach is a virus-like living drug. Like its evil twin, HIV, it replicates and spreads in the body. Because both viruses use the same cell machinery to reproduce, the engineered virus dominates precious resources, elbowing out disease-causing viruses and limiting their spread. TIPs also kept the virus’s levels at bay in cells from HIV-positive people.

Plans are underway to test the idea in humans. If safe and effective, the long-lasting shot could help people who don’t have regular access to antiviral drugs.

ART to TIPs

HIV is a formidable enemy. The virus rapidly evolves and spins out variants that outcompete efforts to combat it.

Scientists have long sought an HIV vaccine. Although several vaccines are in clinical trials, so far the virus has largely stymied researchers.

Antiviral drugs have had a better run. Dubbed ART, for antiretroviral therapy, these involve taking multiple medications every day to keep the virus at bay. The drugs have been game-changers for people with HIV. But they don’t cure the disease, and missing doses can reignite the virus.

Several new ideas are in the works. In 2019, stem cell implants freed three people of the virus. The implants came from people with a genetic mutation that naturally fights HIV. In July, a seventh person was reportedly “cured” of HIV using a similar strategy—although the donor cells only had one copy of the HIV-resistant gene, rather than two copies in previous cases.

While promising, cell therapies are expensive and technically difficult. Over a decade ago, Weinberger came up with a novel idea: Give people already infected with HIV a stripped-down variant without the ability to cause harm. Because both viruses require the same resources to reproduce, the benign twin could outcompete the deadly version.

“I think we need to try something new,” he recently told Science.

Tipping Point

HIV requires cells to replicate.

The virus grabs onto a type of immune cell and pumps its genetic material into the host. Then, hijacking the machinery in these cells, the virus integrates its DNA into the genome. The cells replicate these viral genes and assemble them into a new generation of sphere-like viruses, ready to be released into the bloodstream to further multiply and spread.

However, the entire process relies on limited resources. Here’s where TIPs come in.

The team grew HIV particles in petri dishes and deleted disease-causing genes over multiple generations. They were finally left with stripped-down versions of HIV, or TIPs.

In a way, the neutered HIV becomes a parasite that can fight off the natural virus. Because TIPs have fewer genetic letters, they replicate more quickly than natural HIV, allowing them to flood the cell and spread in lieu of their natural counterparts.

In a test, the team injected TIPs into six young macaque monkeys, infected with a synthetic monkey version of HIV a day later. After 30 weeks, in five treated monkeys, the single-shot treatment reduced the amount of virus in the watery part of their blood, or plasma, 10,000-fold. Viral levels also tanked in lymph nodes, where HIV swarms and replicates. In contrast, those who went untreated got increasingly sick.

A computer model translated these results for human therapy, suggesting TIPs could reduce HIV 1,000-fold or more in humans. Although not as dramatic as in monkeys, the single-shot treatment could reduce the virus to levels so low it couldn’t be transmitted to others.

A New Therapy?

Many people with HIV are already on antiviral drugs.

The team next asked if their shot could replace these drugs. In cells in petri dishes, they found TIPs sprang into action once the drugs were removed, limiting HIV growth and protecting cells.

In cells infected with multiple strains of HIV, the strains swap DNA and rearrange their genetic material, which is partly why HIV is so hard to tame with vaccines. Antiviral drugs can trigger this response and eventually cause resistance. TIPs, in contrast, seem to keep it at bay.

TIPs isn’t the only new treatment in town. Long-acting HIV drugs are in clinical trials, with some needing only two shots a year. But these still rely on antiviral drugs.

To be clear, TIPs doesn’t cure HIV. Like antiviral drugs, it keeps the virus at bay. But rather than taking a cocktail of pills every day, a single jab could last months with lower chance of resistance.

There are downsides, however. Like HIV, TIPs can be transmitted to others through bodily fluids, raising ethical issues about disclosure. The shots could also lead to dangerous immune flareups, although this didn’t happen in the monkey studies.

The team is planning to study potential toxicity to the genome and inflammation and further investigate how TIPs work once antiviral drugs have been halted in monkeys.

They’re also looking to recruit people with HIV, and another terminal illness, to test the effects of TIPs after stopping antiviral drugs. The goal is to begin the trial next year.

“The real test, of course, will be the upcoming human clinical trials,” said Weinberger in a press release. “But if TIPs prove effective, we could be on the brink of a new era in HIV treatment that could bring hope to millions of people—particularly in areas where access to antiviral drugs remains a challenge.”

Image Credit: HIV (blue) replicating from a T Cell (gold). NIAID / Flickr

Office of Inspector General (OIG) ostře zkritizovala dosavadní práci Boeingu na nosné raketě Space Launch System (SLS). Došlo k tomu poté, co odhalila závažné nedostatky v kontrole kvality. Ve zprávě zveřejněné 8. srpna uvedla, že konstrukci jádra a horních stupňů pro verzi SLS známou jako Block ...

Josef Průša představil (YouTube) novou 3D tiskárnu Original Prusa MK4S. Oproti loňskému modelu má MK4S zcela přepracované chlazení, které umožňuje mnohem rychlejší tisk při zachování stejně špičkové úrovně kvality výtisků. Cena sestavené tiskárny je 27990 Kč. Cena stavebnice je 20990 Kč.

Microsoft is urging all users of Office and Microsoft 365 to update the software as soon as possible, because hackers have started exploiting a serious vulnerability to access sensitive information on computers.

To be fully protected against the vulnerability, designated CVE-2024-38200, users need to install a security fix that will be released to the public on Aug. 13, this month’s Patch Tuesday, according to The Hacker News.

Tuesday’s security fixes will also close other publicized vulnerabilities, including CVE-2024-38202 and CVE-2024-21302, that could be used by hackers to downgrade Windows to an earlier version.

Byly zveřejněny (𝕏) zdrojové kódy počítačové hry Anodyne 2: Return to Dust běžící také na Linuxu.

Konsorcium Linux Foundation představilo iniciativu Open Model Initiative (OMI) s cílem vyvíjet, poskytovat a propagovat open source AI modely.

Nearly 50 different data points were accessed by cybercrim

An Arizona tech school will send letters to 208,717 current and former students, staff, and parents whose data was exposed during a January break-in that allowed an attacker to steal nearly 50 types of personal info.…