Agregátor RSS

In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses. Styx Stealer, a derivative of the Phemedrone Stealer, is capable of stealing browser data, instant messenger sessions from Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The Linux kernel, the central nervous system of many devices worldwide, interfaces computer hardware and its processes and user processes. Because of its prevalence and importance, vulnerabilities within its code are of grave concern.

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea (DPRK) — specifically the threat actor known as BlueNoroff — such as KANDYKORN and RustBucket," Kandji securityRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium vulnerabilities that threaten user safety and privacy. Chromium is the open-source web browser project that is the basis of Chrome and many other widely used browsers.

Say what you will about generative AI (genAI) enterprise perceptions, but it’s certainly neither nuanced nor balanced. 

For months, virtually everyone thought genAI was going to solve all business and global problems. Then the reality pendulum swung the other way, with various reports and experts arguing it won’t work, nothing will come of it, the “bubble is bursting” and simply, “the numbers aren’t there.” 

Consider Gartner’s report that “at least 30% of generative AI (genAI) projects will be abandoned after proof of concept by the end of 2025, due to poor data quality, inadequate risk controls, escalating costs or unclear business value.” The problem with the Gartner figure is that roughly that same percentage of all IT projects never survive trial tests — so it’s not clear how genAI is worse. 

Of course, there’s the report about the CIO of a major pharmaceutical who paid Microsoft to have 500 employees use Copilot, only to have the CIO cancel the project after six months, saying it delivered slides that looked like “middle school presentations.” (Note: At least most middle school slideshows quickly get to the point, unlike every Microsoft presentation I have seen. But I digress.)

The practical truth is that both views are wrong. GenAI tools absolutely have value, but it won’t come easy. IT needs to do a lot more homework. 

What kind of homework?

Clean your data: As I noted recently about Agentic RAG strategies, many enterprises suffer from terrible data. It’s out-of-date, error-ridden, obtained from dubious sources, and might unintentionally contain sensitive data (including PII and health data) that is not supposed to be there. No genAI magic can ever work if the data foundation is a mess. Have your team generate pristine data and your AI ROI has a chance.

Select more ideal projects: This is actually a twofer: First, talk with your team about genAI particulars so you can identify where the technology can help. GenAI can indeed handle anything, but it can only handle a very small subset really well. Secondly, far too many projects have been selected because, as an experiment, execs wanted to see what genAI can truly do. You need to be far more selective if you want to give genAI a fair chance.

Assess your hallucination comfort zone: This is arguably the most crucial. GenAI will hallucinate, and it will do so with no predictability. There are mechanisms you can deploy to reduce hallucinations a small degree — such as using AI to double-check AI, as is being attempted by Morgan Stanley, as well as limiting the data sources genAI is permitted to use.

But hallucinations can’t be stopped, and many argue they can’t even be meaningfully reduced. That means difficult conversations. What tasks do you need done where you can tolerate a few blatant lies here and there? Do you want to ban its use with anything customer-facing, such as customer service chatbots? 

Even using it to summarize documents or meeting notes requires a discussion. How much human oversight can you apply before the efficiency goes away?  One way to look at it: What projects do you have that are complex enough to benefit from genAI but not important enough that lies/errors are not deal-killers? 

Be realistic about ROI objectives

Line-of-business chiefs are used to running ROI objectives by someone in the CFO’s office or at least a division general manager’s office. With genAI efforts, it’s essential to also check with an IT specialist who intimately understands what the technology can and can’t do. 

My recommendation: Start with the genAI expert — don’t even discuss it with the number-crunchers until IT okays goals that are reasonable from a tech perspective.

Is it even something you want to bring to the CFO’s office at all? If this is experimentation to see what genAI can do — a perfectly reasonable goal at this point — then perhaps it doesn’t need a spreadsheet-friendly ROI yet.

Rita Sallam, distinguished vice president analyst at Gartner who tracks genAI strategies, said she understands the frustrations CIOs have when trying to apply ROI standards to genAI. 

“You can’t get your hands around the actual value,” Sallam said. “There is additional work on your data that has to be done. Your proof of concept needs to be a proof of value. There is a certain percentage that will fail due to lack of the right data, the right guardrails or the absence of being able to properly demonstrate the value. Enterprises are sometimes not acknowledging the foundations that are necessary for genAI success.”

Another industry AI expert, Wirespeed CTO Jake Reynolds, was more blunt. “Believe how excited I was to learn we’re now moving away from statistics and math and instead using a drunken toddler to make these decisions for us,” he said. 

About those hallucinations

And about the concept of hallucinations, some experts have questioned whether the hallucination concept is being handled appropriately, mostly because it puts the blame on the software. GenAI is not necessarily malfunctioning when it hallucinates: it is doing precisely what it was programmed to do.

“AI hallucination is all that genAI does,” said Symbol Zero CEO Rafael Brown. “All that it does is throw things together, like throwing pasta and sauce at a wall and waiting to see what sticks. This is done based on what the viewer likes and doesn’t like. There’s no real rhyme or reason. There’s isn’t true structure, context, simulation, or process. There is no skill, insight, emotion, judgment, inspiration, synthesis, iteration, revision, or creation. It’s like a word jumble or a word salad generator. It’s not even as good as Scrabble or Boggle. It’s better to think of it as AI Mad Libs — trust your business, your future, and your creation to AI Mad Libs.”

Data encryption is critical. Whether you’re using a PC provided by your employer or working from your own personal computer, encryption ensures that thieves and anyone else who might get their hands on your PC can’t view any sensitive private data.

Storage encryption can be complex on Windows PCs. This guide will tell you everything you need to know, including the difference between traditional BitLocker encryption and new “Device Encryption,” how to ensure your PC’s data is safe, and how to encrypt removable devices — just in case.

I’ll also explain what you need to know about recovering from BitLocker encryption errors. When the CrowdStrike meltdown occurred, many people booted their PCs only to see a blue screen that demanded a BitLocker recovery key. Hopefully, this won’t happen to you. In case it ever does, you should be prepared.

Want more Windows PC tips? Come check out my free Windows Intelligence newsletter for three new things to try every Friday and a free in-depth Windows Field Guide e-book (a $10 value).

What is BitLocker?

BitLocker is Microsoft’s storage encryption technology. First introduced in Windows Vista, it’s still part of Windows 11 and Windows 10 today. BitLocker is designed to encrypt entire volumes. In other words, BitLocker is designed to encrypt entire partitions on your hard drive.

When activated, BitLocker stores your PC’s files on disk in an encrypted manner. Think of them as being stored in a “scrambled” form — a thief can’t just pull your PC’s storage drive out and access your files. They’ll need the encryption key to access them.

BitLocker is often configured to function in “transparent” mode, automatically unlocking itself when you boot your computer. This uses the TPM (Trusted Platform Module) hardware in your computer to unlock the drive. The TPM stores the encryption key and provides it only if the Windows operating system doesn’t appear to have been tampered with.

This technology is a critical way for businesses to secure their company’s data. That’s why businesses will often enforce BitLocker usage on their managed PCs. But it’s also a useful way for individuals to secure their personal data. If someone does get their hands on your laptop, they won’t be able to access the files without the key. Even if they boot the laptop up, they’ll need to sign into your Windows user account to access your files.

If you ever have an issue with BitLocker, you will be asked to provide a BitLocker recovery key. If you set up BitLocker yourself, Windows prompted you to store it somewhere safe. If you set it up through your workplace, they have a copy. A copy will be stored with your Microsoft account in some situations, too.

BitLocker vs. Device Encryption: What’s the difference?

Back in the Windows 7 days, BitLocker was only offered on Professional, Enterprise, and Education versions of Windows. The average PC running a Home version of Windows didn’t have access to a built-in storage encryption technology.

That’s somewhat true today. The full version of BitLocker, also known as BitLocker Drive Encryption, is only available on Professional versions of Windows and higher. If you’re an individual who wants access to the full BitLocker set of tools on your PC, you’ll have to pay to upgrade to the Professional edition of Windows 11 (or Windows 10) if your PC came with the Home edition.

However, starting with Windows 8.1 and carrying on to Windows 10 and Windows 11 today, Microsoft began offering something called “Device Encryption” or “BitLocker Device Encryption.” This technology uses BitLocker under the hood. It doesn’t offer the full set of BitLocker configuration options, though, and it only works if a PC has the right hardware — a TPM 2.0 chip, for example, which is one of the hardware features officially required for Windows 11.

Device Encryption is designed to “just work” on the average modern PC. It only works if you sign into Windows with a Microsoft account or a work or school account. If you do, Windows will automatically activate Device Encryption (assuming your PC has the right hardware), protecting your files with encryption.

Since you’ve signed in with a Microsoft account, a work account, or a school account, Windows will back up your BitLocker recovery key to your Microsoft account — or your employer’s or school’s systems. This ensures the average PC user will have a way to access their recovery key if they ever have an error.

For the average person, that Microsoft account requirement is something to be aware of. If you choose to sign into your PC with a local user account, you won’t be able to use Device Encryption. For optimal security, you will want to sign in with a Microsoft account or pay for a Professional edition of Windows and use the full BitLocker experience.

How to check if your PC’s storage is encrypted

For these methods, you’ll want to be signed into Windows with an Administrator account. The options may not appear if you’re signed in with a Standard user account.

To check for Device Encryption on Windows 11, open the Settings app, select “Privacy & security,” and then click “Device encryption” under Security. If Device Encryption is active, it will be set to “On.”

The Settings app will only show a “Device encryption” option if your PC supports it.

Chris Hoffman, IDG

On Windows 10, open the Settings app, select “Update & Security,” and click “Device encryption” in the left pane. If Device encryption is active, you will see a message saying “Device encryption is on.”

If you do not see a “Device encryption” option in the Settings app at all, your PC doesn’t support it — or you’re signed into Windows with a Standard user account.

If your PC has Device Encryption, the only option is to turn it “On” or “Off.”

Chris Hoffman, IDG

You can also look in File Explorer. Look under “This PC” and check the icons for each drive in your computer. If you see a padlock in the drive’s icon, it’s encrypted in some way — either with BitLocker Drive Encryption or with Device Encryption.

Windows will show a lock icon next to encrypted drives.

Chris Hoffman, IDG

You can control BitLocker options and see whether a storage device is encrypted by opening the classic Control Panel window, selecting “System and Security,” and then clicking “BitLocker Drive Encryption” or “Device Encryption.” You will see one of the two options here, depending on which technology your PC has.

BitLocker Drive Encryption offers more options than Device Encryption.

Chris Hoffman, IDG

How to encrypt a removable drive

If you have a PC with the full BitLocker Drive Encryption experience — not the Device Encryption feature found on Home editions of Windows 11 and Windows 10 — you can also encrypt removable storage devices. This uses a feature called “BitLocker To Go,” and it can be used with USB flash drives, SD cards, and external hard drives.

To do so, open the Control Panel, click “System and Security,” and select “BitLocker Drive Encryption.” You’ll see an option to encrypt a removable drive under “Removable data drives.”

How to find your BitLocker recovery key

BitLocker should normally “just work.” Most people will hopefully never see a BitLocker recovery key blue screen at boot. However, CrowdStrike’s extreme failure caused this screen to pop up on millions of PCs. It may also be caused by a hardware problem or if you need to pull a storage drive from one computer or access it on another.

In this case, you’ll need your BitLocker recovery key. If you use a device managed by your employer or educational institution, your work or school systems will have the recovery key backed up, and you can request it from them.

If you sign into your PC with a Microsoft account and Windows automatically enabled Device Encryption, you will need to access it from Microsoft. Visit Microsoft’s BitLocker recovery key page and sign in with your Microsoft account to find it.

If you set up BitLocker Drive Encryption yourself, Windows prompted you to save and store a recovery key as part of the setup process. You may have printed it on a piece of paper or stored it on a USB drive.

If your PC is working fine, you can also create a backup copy of your recovery key at any time. To do so, open the Control Panel, click “System and Security,” and select either “BitLocker Drive Encryption” or “Device Encryption.” From this window, you’ll find links to back up a copy of each drive’s recovery key.

Microsoft has a detailed guide on finding your BitLocker recovery key. If you’ve lost all copies of the recovery key and your PC is asking for it — this may happen if you set up BitLocker yourself on a personal PC and then didn’t print the recovery key or lost your backup copies of it — you won’t be able to access the files on your PC. You will have to restore your files from any backups you might have.

What about VeraCrypt and TrueCrypt?

If you’d like to encrypt a Windows PC’s storage but you don’t want to use BitLocker for some reason, you can turn to an open-source alternative. This was more common before Windows offered built-in Device Encryption on modern PCs, as people with Home versions of Windows could encrypt them using this software without paying to upgrade to a Professional edition of Windows.

Years ago, TrueCrypt was the go-to solution for this. The TrueCrypt project shut down in 2014, warning that the software was “not secure as it may contain unfixed security issues” and recommending Windows PC users switch to BitLocker.

The nature of these alleged security issues was never fully explained. The successor, VeraCrypt, took the project’s code and built on it, fixing security issues and continuing to develop it. The code has been independently audited, and issues found were fixed. If you are going to use an open-source drive encryption tool on Windows, you should likely go with VeraCrypt.

I recommend most people use some form of BitLocker — BitLocker Drive Encryption or Device Encryption — if possible. BitLocker is integrated with Windows, and it should work well. You are more likely to experience data loss or other problems or incompatibilities with a third-party solution like VeraCrypt.

Everyone should have encryption

Ultimately, basic storage encryption is a necessity on any modern PC — unless you have a desktop PC that stays locked up in a secure office, perhaps. But the average laptop needs this feature for data security. A lost laptop shouldn’t be a major data security concern, whether you’re using a computer from your employer or your own personal PC.

Every other modern platform — Android, ChromeOS, macOS, and iOS — offers storage encryption by default. With Device Encryption, Windows 11 now offers encryption on most new devices by default. That will be even more true in the fall of 2024, when Windows 11’s 24H2 update will enable Device Encryption on more PC hardware configurations.

Want more Windows analysis that cuts through the jargon and explains what really matters? Check out my free Windows Intelligence newsletter — I’ll send you three things to try every Friday. Plus, get free copies of Paul Thurrott’s Windows 11 and Windows 10 Field Guides (a $10 value) for signing up.

Občanští vědci, kteří se účastní projektu „Backyard Worlds: Planet 9, našli hyperrychlou hvězdu • Ta se řítí Mléčnou dráhou rychlostí asi 600 kilometrů za sekundu • Kromě toho se ale pyšní ještě dalšími superlativy

Chytré hodinky mají potenciál, které však zůstal nevyužitý • Hodinky jsem přestal používat hned z několika důvodů • Rozptylují, vydrží málo na jedno nabití a často jen suplují telefon

Zatímco se v souvislosti s podzimem mluví o vydání Ryzenů 9000X3D, chystá AMD ještě na konec léta levnější řešení - šestijádrový Ryzen 5 7600X3D…

Segment nejlevnějších herních karet odbývá AMD i Nvidia léta starými modely z předchozí generace. A ani jejich cena není atraktivní. Karty s čipem od Intelu tak dnes za podobné peníze nabídnou více výkonu.

Hoped to dodge child support payments, now faces 81 months inside – and a bigger bill than ever

A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased.…

Ač už je MacBook Air o dvě generace dál, i původní model s armovým čipem M1 z roku 2020 má pořád co nabídnout. A protože už jej Apple přestal vyrábět, stávající kusy vyprodávají za zajímavější ceny. Tu nejnižší nabízí CZC, kde notebook standardně stojí 21 490 Kč, ake momentálně jej obchod zlevnil ...

Drony našly v uplynulých letech uplatnění v celé řadě segmentů, od fotografování a natáčení videí z výšky, přes kontrolu plodin v zemědělství a konče doručováním potravin a zásilek. Švédská IKEA je nasadila ve svých skladech a nyní rozšiřuje jejich využití. Drony s umělou inteligencí budou pracovat ...

Pozdě ale přece, nebo s křížkem po funusu? Čeština má pro tuto situaci celou řadu úsloví, ale těžko říct, které je nejvýstižnější. Mobilní Radeon RX 7800M se totiž očekával podstatně dříve…

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown. The attack chains commence with phishing messages with photos of alleged prisoners of war (

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown. The attack chains commence with phishing messages with photos of alleged prisoners of war (Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]