Agregátor RSS

Nové plány NASA: lunární základna, komerční stanice i jaderný tahač k Marsu. Kapaliny se mohou lámat jako pevné látky. Lov neutrin. Chování supratekutin v nanoprostoru.

O víkendu na konci března proběhla v Praze na Karlově náměstí tradiční konference InstallFest. Mluvilo se o protokolu QUIC, uložení klíčů v hardwaru, programování s pomocí AI a současných bezpečnostních hrozbách.

Australští biologové vyrazili do Gathaagudu, známého též jako Žraločí zátoka, odebrali vzorky stromatolitů a nechali si narůst mikroby. Mezi nimi objevili nové archeum nerearchaeum z Ásgardu, které se ve stromatolitech druží s bakterií stromatodesulfovibriem. Jako by ožil model vzniku eukaryotní buňky.

Reklamovanost vyšších modelů procesorů Intel Raptor Lake a Raptor Lake-refresh se přes zimu významně posunula. U většiny Core i9 se již pohybuje kolem 18 %…

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]

Amid customer dissatisfaction around Broadcom's VMware takeover, rivals have been trying to lure customers from the leading virtualization firm. One of VMware's biggest competitors, Nutanix, claims to have swiped tens of thousands of VMware customers.

Speaking at a press briefing at Nutanix’s .NEXT conference in Chicago this week, CEO Rajiv Ramaswami said that Nutanix has “about 30,000 customers,” with many of them coming from VMwarey, SDxCentral, a London-based IT publication, reported today. A Nutanix spokesperson confirmed to Ars Technica that "thousands" of customers have migrated from VMware to the rival platform but didn't specify an exact number.

At the event, Ramaswami pointed to customer disapproval over Broadcom’s VMware strategy.

Read full article

Comments

Až příliš silný start Nový model Anthropicu Claude Mythos Preview po svém spuštění našel 27 let neopravenou chybu v OpenBSD, což je jeden z nejbezpečnějších operačních systémů. Využitím chyby lze na dálku shodit libovolný počítač. Mythos našel 16 let starou neopravenou díru v FFMPEG kodeku ...

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]

Cops bust latest scam, return $12m to bilked victims

US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries.…

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Ministerstvo financí ve spolupráci s finanční správou dnes představilo beta verzi aplikace využívající umělou inteligenci pro předvyplnění daňového přiznání. Není třeba přepisovat údaje z různých potvrzení, ani hledat správné řádky, kam údaje napsat. Stačí nahrát dokumenty a využít AI.

Possible link to Mr. Raccoon's claimed Adobe break-in

A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.…

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team

Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape.

Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer malware families, such as LummaC2, have become increasingly sophisticated at harvesting these credentials. Because cookies often have extended lifetimes, attackers can use them to gain unauthorized access to a user’s accounts without ever needing their passwords; this access is then often bundled, traded, or sold among threat actors.

Crucially, once sophisticated malware has gained access to a machine, it can read the local files and memory where browsers store authentication cookies. As a result, there is no reliable way to prevent cookie exfiltration using software alone on any operating system. Historically, mitigating session theft relied on detecting the stolen credentials after the fact using a complex set of abuse heuristics – a reactive approach that persistent attackers could often circumvent. DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated cookies cannot be used to access users’ accounts.

How DBSC Works

DBSC protects against session theft by cryptographically binding authentication sessions to a specific device. It does this using hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS, to generate a unique public/private key pair that cannot be exported from the machine. The issuance of new short-lived session cookies is contingent upon Chrome proving possession of the corresponding private key to the server. Because attackers cannot steal this key, any exfiltrated cookies quickly expire and become useless to those attackers. This design allows large and small websites to upgrade to secure, hardware-bound sessions by adding dedicated registration and refresh endpoints to their backends, while maintaining complete compatibility with their existing front-end. The browser handles the complex cryptography and cookie rotation in the background, allowing the web app to continue using standard cookies for access just as it always has.

Google rolled out an early version of this protocol over the last year. For sessions protected by DBSC, we have observed a significant reduction in session theft since its launch.

An overview of the DBSC protocol showing the interaction between the browser and server.

Private by design

A core tenet of the DBSC architecture is the preservation of user privacy. Each session is backed by a distinct key, preventing websites from using these credentials to correlate a user's activity across different sessions or sites on the same device. Furthermore, the protocol is designed to be lean: it does not leak device identifiers or attestation data to the server beyond the per-session public key required to certify proof of possession. This minimal information exchange ensures DBSC helps secure sessions without enabling cross-site tracking or acting as a device fingerprinting mechanism.

Engagement with the ecosystem

DBSC was designed from the beginning to be an open web standard through the W3C process and adoption by the Web Application Security Working Group. Through this process we partnered with Microsoft to design the standard to ensure it works for the web and got input from many in the industry that are responsible for web security.

Additionally, over the past year, we have also conducted two Origin Trials to ensure DBSC effectively serves the requirements of the broader web community. Many web platforms, including Okta, actively participated in these trials and their own testing and provided essential feedback to ensure the protocol effectively addresses their diverse needs.

If you are a web developer and are looking for a way to secure your users against session theft, refer to our developer guide for implementation details. Additionally, all the details about DBSC can be found on the spec and the corresponding github. Feel free to use the issues page to report bugs or provide feature requests.

Future improvements

As we continue to evolve the DBSC standard, future iterations will focus on increasing support across diverse ecosystems and introducing advanced capabilities tailored for complex enterprise environments. Key areas of ongoing development include:

• Securing Federated Identity: In modern enterprise environments, Single Sign-On (SSO) is ubiquitous. We are expanding the DBSC protocol to support cross-origin bindings, ensuring that a relying party (RP) session remains continuously bound to the same original device key used by the Identity Provider (IdP). This guarantees that the high-assurance security of the initial device binding is maintained throughout the entire federated login process, creating an unbroken chain of trust.
• Advanced Registration Capabilities: While DBSC provides robust protection for established cookies, some environments require an even stronger foundation when the session is first created. We are developing mechanisms to bind DBSC sessions to pre-existing, trusted key material rather than generating a new key at sign-in. This advanced capability enables websites to integrate complementary technologies, such as mTLS certificates or hardware security keys, creating a highly secure registration environment.
• Broader Device Support: We are also actively exploring the potential addition of software-based keys to extend protections to devices without dedicated secure hardware.

Ahem: My fellow Android-appreciating organisms — I’ve got a confession.

After the better part of two decades of personally using Google’s Chrome browser on both Android and every desktop computer I own, I’ve made the leap into the arms of a shiny new web-weaving seductress. Her name is Vivaldi.

Yes, it feels like a mildly geeky version of virtual adultery (especially with an exotic-sounding name like that). But I’ve long been a proponent of embracing whatever apps and services best serve your individual needs at any given moment and avoiding being beholden to any one company — no matter who that company may be. And now, after all these years, it’s become clear that Chrome is no longer the best web-wading companion for me.

Now, don’t get me wrong: Chrome is completely fine. It’s got plenty of positives, and I’ve certainly got no major beefs with it. I think that’s why it’s been so easy to stick with all this time, for so many of us — ’cause it gets the job done, and it’s familiar. There’s something to be said for that.

But as a person who’s always curious about new technology, constantly striving to optimize my digital environments, and endlessly working to make ’em all as efficient as humanly possible, I came to realize that “fine” wasn’t as good as it’d get anymore. And, lemme tell ya: Particularly if you’re a productivity-minded browser power-goober like me, stickin’ with Chrome largely just because it’s what you use and know is causing you to miss out on some incredibly interesting and advantageous upgrades.

And you know what? You aren’t alone. In fact, the vast majority of monitor-staring mammals work exclusively within the confines of Chrome. (The browser commands somewhere around three-quarters of the worldwide desktop computer browser market as of early 2026, according to some recent estimates.)

Again: It’s easy to understand why. Heck, I was one of those numbers myself — up until just a matter of months ago. I’d tried pretty much every other browser out there at some point, and I just hadn’t found anything meaningfully different and better enough for my needs to make it worth the hassle of switching over and dealing with all that adjustment.

Until now. 

And my goodness, it wasn’t an easy change to make.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Three new things to try every Friday — and my Android Notification Power-Pack as a special welcome bonus.]

My Chrome to Vivaldi adapting adventure

I’ve got an entire separate article about what ultimately won me over with Vivaldi and which exact features I’m finding to be invaluable within it. I’d highly recommend giving it a read.

Here, I want to focus specifically on how I managed to overcome the hurdle of such a challenging change — and it isn’t about anything technical with the transition, either. In fact, Vivaldi makes it almost shockingly easy to move your data over from Chrome and import all your basic settings and history.

What I found, though, was two-fold:

1. On the Android front, moving into the Vivaldi app was actually quite painless. I started out by using it here and there, as a supplement to the standard Android Chrome browser, and quickly realized how much I enjoyed and appreciated its experience and the added niceties it gave me — including seemingly endless customization over every last element of the browser interface and a whole slew of on-demand privacy and web-clutter-cutting options. It wasn’t long before I changed my Android browser default and was using it full-time.

Vivaldi’s Android browser is powerful, pleasant to use, and incredibly customizable.

JR Raphael, Foundry

2. On the desktop front, the change presented far more friction. In fact, I’ve been using the Vivaldi Android app for months now — since sometime in the fall of 2025 — and it wasn’t until early this year that I made the leap over to Vivaldi on my workday Windows computer, too.

What changed was that I finally put my finger on the problem.

If there’s one real hurdle with Vivaldi — and one thing that kept me, personally, from fully moving into its desktop version for so long — it’s that it really can be overwhelming to adapt and get accustomed to all the new interfaces and elements it gives you, especially within the feature-rich desktop domain and with an environment so central to everything we do these days.

As I noted in my in-depth Vivaldi exploration, with as much time as most of us spend in our browsers on computers at this point, the browser essentially is our desktop — and our virtual office, too. And leaving the comfort of familiarity behind for something so unknown and unfamiliar is a daunting prospect.

Vivaldi, in particular, is quite different from Chrome on a computer at first exposure. And it has a lot of new options, features, and possibilities to ponder.

The options and features within the Vivaldi desktop browser are both amazing and — especially at first — overwhelming.

JR Raphael, Foundry

With that in mind, let me tell you what worked for me:

• First, I took advantage of Vivaldi’s immense customization potential and scaled back some of the more jarring differences. For me, that meant eliminating the on-by-default left-of-screen vertical tab bar — which was just too different of an interface for me at first, especially amidst everything else I was adjusting to — and also changing the “Tab Cycling” setting to “Cycle in Tab Order” and the “New Tab Position” setting to “After Related Tabs,” which were two subtle-seeming returns to the standard Chrome behavior that really kept throwing me off in their different-by-default implementations.
• Second, I forced myself to ignore most of the new Vivaldi features — all that good stuff I go over in that other article! — and focus on just one new feature or element at a time, for at least a few days each. There is a lot to take in with this program, and if you try to ingest all of it at once, it’s bound to overwhelm you and lead to a retreat. But if you explore one new piece of the puzzle at a time, really see how you feel about it and get in the habit of using it (or, alternatively, disabling it — if it just isn’t for you), it’s a much more manageable and enjoyable transition.
• Third, after that initial targeted series of adjustments, I mostly ignored the mountain of Vivaldi settings for a while. There’s just too much there to reasonably process at the get-go. I’m still peeking in periodically and finding something new and realizing I can customize it in a way that suits my working style better (and then sometimes realizing that a similar option also exists that I hadn’t yet tapped into on Android). Doing it all at once before you even have a feel for the browser just isn’t reasonable.

Last but not least, remember — particularly for desktop purposes — that Vivaldi is based on the same Chromium foundation as Google’s Chrome browser. That means you can use the standard Chrome Web Store to find and install extensions as needed and bring over the same tools you’ve always had in your browser setup. That, too, helps a lot with making yourself comfortable and creating an optimal environment that works for your needs (though I always recommend eliminating any extensions you aren’t actively using, and a browser change is a perfect time to perform an audit and get rid of any dead weight).

If you follow this approach and take the time to wrap your head around everything Vivaldi offers, the transition doesn’t have to be difficult. And — who knows? — you might find yourself feeling the same sense of excitement I have over a guilt-free virtual dalliance where the only lasting impact is your own happiness and efficiency.

Check out my free Android Intelligence newsletter for even more thoughtful knowledge — including three new things to try each Friday and a trio of useful Android notification tools to get you going.

Nabíjecí stanice jsou totéž co bateriové stanice nebo powerpacky. • Jde o přerostlé powerbanky s kapacitou ve stovkách či tisících watthodin. • Určitě chcete ty s LiFePO4 a co největším počtem konektorů.

Výrobce počítačových periferií Keychron zveřejnil repozitář se schématy šasi klávesnic a myší. Licence je restriktivní, zakazuje většinu komerčních užití a v podstatě jsou tak data vhodná pouze pro výukové účely, hlášení a opravy chyb, případně výrobu vlastního příslušenství.

Správce balíčků APT, používaný v Debianu a odvozených distribucích, byl vydán ve verzi 3.2 (seznam změn). Mezi novinkami figurují nové příkazy pro práci s historií, včetně vracení transakcí.

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]