Agregátor RSS

There's also chatter about whether medium severity scare is actually code red nightmare

Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.…

Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.

Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity. The Hacker Newshttp://www.blogger.com/profile/[email protected]

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020. The 840 Mpps DDoS attack is said to have been a combination of a TCP

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020. The 840 Mpps DDoS attack is said to have been a combination of a TCP Newsroomhttp://www.blogger.com/profile/[email protected]

Raspberry Pi OS, oficiální operační systém pro Raspberry Pi, byl vydán v nové verzi 2024-07-04. Přehled novinek v poznámkách k vydání. Vypíchnout lze nový kompozitor Labwc, alternativa k Wayfire. Chromium bylo povýšeno na verzi 125.0.6422.133, Firefox na verzi 126.0, Linux na verzi 6.6.31, …

Samsung je aktivní ve vývoji svých vlastních mobilních aplikací • Poté je však "schovává" ve vlastním obchodě Galaxy Store • Vybíráme aplikace, které by měly být už v základní výbavě

KDE3 ako desktopové rozhranie malo svoje miesto aj v starších vydaniach živej distribúcii Slax, ak máte záujem môžte vyskúšať neoficialne vydanie tentokrát v podobe s Trinity Desktop Environment.

The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s a good chance you’re looking for solutions to manage this risk. In 2022, a new framework was coined by Gartner

The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s a good chance you’re looking for solutions to manage this risk. In 2022, a new framework was coined by GartnerThe Hacker Newshttp://www.blogger.com/profile/[email protected]

Barevný e-ink je hlavní předností čtečky Kobo • Líbit se bude také rozumná cena • Limitem je méně českého obsahu a horší komfort s nahráváním knih

Around and around Starliner goes, and when it comes down, nobody knows. What we do know is that thanks to poor development and engineering, Boeing’s stock will come down soon.

I remember a time when Boeing was one of the top American companies. Indeed, it was the very model of a modern technology enterprise. Then things changed. In 1997, after its merger with McDonnell Douglas, the company prioritized financial engineering over actual engineering and MBAs over aeronautic engineers.

Thereafter, one questionable decision after another was made, and corners were cut. The result? A once-proud American manufacturer is now better known for fatal crashes of its 737 Max 8 planes in 2017 and 2018 and this year’s explosive midflight loss of a 737 Max 9 door plug. These are the results of bad engineering and lousy quality assurance.

Editor’s note, July 8, 2024: Two days after this article was published, Boeing pleaded guilty to conspiring to defraud the federal government, a felony charge, and pay a $487.2 million fine in relation to the fatal 737 Max crashes.

Now, as I write this, I see that Boeing’s Starliner spaceship remains parked at the International Space Station. When will it come down bearing its astronauts, Butch Wilmore and Suni Williams? I don’t know. They certainly don’t know. None of us know.

Just don’t say they’re stranded. Boeing’s vice president for its Commercial Crew Program, Mark Nappi, insists, “We’re not stuck on the ISS.” Uh, folks, they’re stranded, and the astronauts are stuck.

I doubt very much that they’ll be coming down on Starliner. Just getting to ISS, five of Starliner’s 28 thrusters stopped working due to helium leaks. NASA engineers got four thrusters to work again … and discovered four more leaks. That’s five known leaks to date.

While the astronauts get more time in space than they ever planned, down here on Earth at NASA’s White Sands Test Facility in New Mexico, they’re testing an identical thruster to work out what’s going on and how to fix it.

I wish them luck. Personally, you couldn’t get me back on Starliner for love or money. I worked at NASA’s Goddard Space Flight Center (GSFC) mission control during the Challenger disaster. That was more than bad enough.

Instead, I suggest the astronauts hitch a ride with the SpaceX Dragon Crew-9, which is still docked at ISS.  

This episode may be the straw that will break Boeing’s back.

Lessons for tech leaders

What does all this have to do with your business and technology? A lot.

What your company does may not be a matter of life and death, but your customers still expect you to do your best for them, not your stockholders. For too long, businesses have labored under the delusion that shareholder wealth is more important than the creation of stakeholder value.

The result is that companies prioritize their next quarter’s results over the overall health of their business. Specifically, Boeing didn’t just cut the fat from its teams; it also cut and outsourced its muscle. Financial engineering should never trump actual engineering. 

For example, quality assurance went out the window. Instead of testing, testing, and then testing again, Boeing neglected this fundamental principle of both software and hardware engineering. Make sure you don’t.

In particular, if something is mission-critical, treat it that way!

Take, for example, the very fuselages of the 737s. In 2005, Boeing cut costs by selling its Witchica-based manufacturing site to Onex, a private equity firm that buys struggling businesses, slashes costs, and resells them. There went years of experience and a quality-first culture.

That plant would re-emerge as Spirit AeroSystems, Boeing’s third-party manufacturing partner. Whether Boeing overseeing its quality assurance would have improved anything is an open question, but there can be no doubt that Spirit’s products were shoddy and second-rate under a cost-saving mandate.

Never, ever outsource mission-critical work. What Boeing used to do best was engineering and manufacturing. I don’t know what your company does best, but neglecting your expertise to cut costs is a fool’s move.

Now Boeing has repurchased Spirit for about $8.3 billion. The company finally has figured out it can’t fix its problems without fixing its fundamental manufacturing problems. Somehow, I think Boeing would have done better if it’d never spun out its major manufacturing side in the first place.

The moral of the story? Never let MBAs driven by the bottom line take over an engineering company building airplanes and spaceships. The same’s true for your company. Yes, make profits for your owners, but never forget that long-term success comes from putting quality work for your customers first.

More by Steven J. Vaughan-Nichols:

• What happens when genAI vendors kill off their best sources?
• The end of non-compete agreements is a tech job earthquake
• Return-to-office initiatives or stealth layoffs? Why not both?

Many business professionals require highly secure messaging solutions, particularly when they travel. Apple’s iMessage offers a secure identity verification system that enterprise professionals might find useful. It’s called Contact Key Verification.

Apple announced the system in 2022. It went live across the Apple ecosystem in late 2023 with the release of iOS 17.2, iPadOS 17.2, watchOS 9.2, and macOS 14.2.

What is Contact Key Verification?

Contact Key Verification is an iMessage feature that helps users verify each other’s identity. It is “designed to detect sophisticated attacks against iMessage servers and allow users to verify that they’re messaging only with whom they intend,” Apple says.

Who is it for?

Apple says its system is for the same essential group of people it already protects with Lockdown Mode — that is, “users who face extraordinary digital threats, such as journalists, human rights activists, and members of government.”

What problem does Contact Key Verification solve?

While iMessage chats are end-to-end encrypted, that security relies on a third-party “Key Directory Server” to authorize devices. That makes the Key Directory Server a potential target for criminals and surveillance.

The problem comes in the event a powerful entity manages to compromise the security protection of that server; once they have done so, it becomes possible to intercept or monitor messages, or even enter the conversation. (This could be a particular concern for people in politics, human rights activists, journalists, businesspeople and others.)

Contact Key Verification helps secure the transaction.

What does this mean for iMessage?

What this means for a user is that Contact Key Verification lets you add a manual verification step inside an iMessage conversation to confirm the person you are speaking with is who their device claims they are.

• The system requires you and the other party read a short verification code to each other, either in person or during a phone call.
• Once you have both validated the conversation, your devices maintain a chain of trust.
• That chain means no private encryption data is shared, including to Apple.
• The idea here is that the system will spot if anything changes in the encryption keys, and you’ll be given a warning that something may have gone awry.
• The feature also offers users the chance to compare a contact verification code in person, on FaceTime, or through another secure call.

How does Contact Key Verification work?

As we know, iMessage’s end-to-end encryption means only the sender and recipient of a message can read it. This is achieved because each device in a user’s iMessage account has its own set of encryption keys that are never used on anything else. When a person wants to share an iMessage, the system consults the key directory service to authorize the devices so they can communicate; that’s the vulnerability that might be exploited (as shown above).

To resolve this, iMessage Contact Key Verification uses a mechanism called Key Transparency (KT). Apple explains this “uses a verifiable log-backed map data structure, which can provide cryptographic proofs of inclusion and be audited for consistency over time.”  That’s the function of the spoken code word exchanged between two trusted parties.

Apple has a tech note describing the cryptographic tools used to enable this security protection available here.

What happens if the system spots an anomaly?

If a device in the chain detects a validation error, the person owning the device that spots the problem will be notified about the error directly in the Messages conversation transcript.

How to turn on Contact Key Verification in iOS

First, make sure your phone is running iOS 17.2 or later. You enable Contact Key Verification within Settings.

1. In Settings, tap your name to access your Apple ID settings.
2. Scroll down the subsequent page and toggle Contact Key Verification to On.
3. A warning notice will appear. This tells you what the feature does and informs you, “In conversations with people who also have contact key verification turned on, you will see a message if contact key verification detects an issue or is turned off.”
4. If you have other devices signed into your Apple ID, you’ll have to update them to a compatible software version, disable iMessage on those devices, or remove the devices from your Apple ID.

Once you have set up the system, you will have your own personal verification code accessible from within Settings. This is unique to you and your device and will be required to secure any future iMessage communication with others.

How to verify a contact in iOS

Both you and the person you want to verify must have Contact Key Verification turned on. You’ll want to be in live contact with the other person via phone call, FaceTime, or in person.

1. Launch the Messages app and open a conversation with the person you want to verify.
2. Tap the person’s name at the top of the screen, scroll down on their information page, and tap Verify Contact.
3. The other person should do the same thing on their phone at the same time.
4. When you’ve both tapped Verify Contact, you should each see a contact verification code. Compare the two codes. If they match, tap Mark as Verified, then tap Update to save the code to their contact profile. If the codes don’t match, tap No Match and stop texting the person.

Once you’ve verified a contact, you’ll see a checkmark next to their name in Messages.

Does Contact Key Verification work with SMS?

No. Contact Key Verification will not work with SMS messaging — so if you see a green bubble, you cannot assume the communication is secure.

This article was originally published in November 2023 and updated in July 2024.

More on iMessage:

• Apple’s iMessage gains industry-leading quantum security
• 10 useful iMessage apps for busy people
• 9 essential Apple Message tips

S určitou mírou nadsázky se dá říci, že jedním z největších marketingových úspěchů bylo přesvědčit lidi, kteří mají doma tekoucí vodu, aby začali v obchodech kupovat balenou vodu. Americká firma Source, která se zabývá výrobou solárních panelů produkujících pitnou vodu z vlhkosti ve vzduchu, má v ...

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week. "While some of the particulars of GootLoader payloads have

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week. "While some of the particulars of GootLoader payloads have Newsroomhttp://www.blogger.com/profile/[email protected]

Privacy measures apparently helping criminals evade capture

Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations – and it's not end-to-end encryption this time. Not exactly.…

Český výrobce 3D tiskáren Prusa Research expanduje na americký trh, pro který nyní bude montovat mašiny přímo na místě. Firma už před dvěma lety vstoupila do Printed Solid z Newarku a proměnila jej ve svoji severoamerickou základnu. Průša chce být do roka největší v USA Doposud se ale všechny ...

Na všech herních platformách je každou chvíli nějaká slevová akce. Každý týden proto vybíráme ty nejatraktivnější, které by vám neměly uniknout. Pokud chcete získat hry zdarma nebo s výhodnou slevou, podívejte se na aktuální přehled akcí!

The supply chain attack targeting the widely-used Polyfill[.]io JavaScript library is broader in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024. This includes references to "https://cdn.polyfill[.]io" or "https://cdn.polyfill[.]com" in their HTTP responses, the attack