Agregátor RSS

** F-15E Strike Eagle je stále relevantní bojový letoun z osmdesátých let ** S raketnicemi plnými APKWS II to je ideální ničitel dronů ** Armádní blogeři píšou o variantách s čtyřicítkou střel

Strix Halo s osmi jádry Zen 5, ale většinou grafického výkonu (32 CU) konečně míří na pulty. Ryzen AI Max 385 cílí na zákazníky, kteří upřednostňují grafický výkon před procesorovým…

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out-of-bounds read and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised. [...]

Facing huge fines, Apple on Monday began a legal challenge to the European Commission’s “unreasonable” demand that it open up its platforms to rivals, arguing any such move threatens the foundations of its platforms with a costly process that also undercuts its ability to serve customers.

The company is, in a word, furious. It argued that it has cooperated with the Commission’s demands under the Digital Markets Act (DMA) and points to the investments it has already made in complying with that act.

What Apple said

“At Apple, we design our technology to work seamlessly together, so it can deliver the unique experience our users love and expect from our products,” the company said in a statement. “The EU’s interoperability requirements threaten that foundation, while creating a process that is unreasonable, costly, and stifles innovation. These requirements will also hand data-hungry companies’ sensitive information, which poses massive privacy and security risks to our EU users.”

The company also noted that there is a real risk that people’s most sensitive information could be accessed, partially because it becomes so much harder to defend. These attempts are already taking place, Apple said.

“Companies have already requested our users’ most sensitive data — from the content of their notifications to a full history of every stored Wi-Fi network on their device — giving them the ability to access personal information that even Apple doesn’t see. In the end, these deeply flawed rules that only target Apple — and no other company will severely limit our ability to deliver innovative products and features to Europe, leading to an inferior user experience for our European customers. We are appealing these decisions on their behalf, and in order to preserve the high-quality experience our European customers expect.”

A one-sided approach

What seems to really upset Apple is that some aspects of the demands mean the company will effectively be forced to hand its innovations out to businesses with which it is in direct competition — at no charge. That means Apple does not get to draw the full benefits of its work and makes it far more difficult to introduce products in Europe.

What makes matters worse is that while Apple is being forced to open up in ways that advantage competitors, quite literally at its expense, it is not being given the opportunity to do the same back. Apple is the only company that these demands have been made of, meaning it is being forced to give its intellectual property away to others who do not need to play by the same rules.

Some data hungry companies are already attempting to exploit the DMA to gain unfettered access to sensitive customer data. All the while, Apple is left alone and isolated in its quest to ensure user privacy consistent with GDPR regulation. It’s attempts to protect privacy are about protecting customers.

Compliance? We are compliant

While critics will continue to sneer and jeer at the company in their quest to rid the world of the “Apple Tax” only the world’s largest developers actually pay, Apple would argue that it has been making serious efforts to comply with the DMA. The company has opened up a portal developers can use to request additional interoperability with hardware and software features inside iPhones and iPads. Apple consistently opens up API access to iPhone, including opening up SMS messaging to RCS, HomeKit features and messaging services support.

It has also put in place numerous other enhancements in response to the DMA, and while the warning messages it places when using third-party stores may be stark, this makes them no less true. Europe seems to want customers to use third-party stores with no warning at all that this is what is going on, which seems weird.

Malicious regulatory compliance

There is a degree to which much of the situation seems to reflect political, rather than economic or moral pressures. The fact that Europe is using Apple as a high profile example, while also refusing to be totally transparent about what it wants before levying any fines, suggests that the Commission is not so much deciding on facts as implementing a political decision using a set of laws that seem designed almost solely to punish one company.

That’s the kind of malicious regulatory compliance Apple is furious about — a compliance regime that will now be tested in the courts.

Will it make a difference? 

Who knows? But the existential battle will decide the future of technology in Europe, and if the market is worth doing business in when compared to the cost of doing so. It will also determine the future of Apple, which will use its considerable resources to find some way to change the nature of the game.

One group it seems unlikely to help will be those of Apple’s European customers who are happy and accustomed to the Apple ecosystem, and don’t particularly want to use third-party services, as Apple’s right to offer that “pure Apple” experience seems a likely sacrifice to Europe’s politically-driven zeal. That is, unless cooler heads do curtail the Commission’s attacks.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Windows administrators stung by a faulty Microsoft update in the May Patch Tuesday releases now have fixes for the problem.

Over the weekend, Microsoft released out-of-band updates to correct the failure of Windows 11 computers running versions 22H2/23H2 of the operating system, mainly in virtual environments, to start.

The problem: While installing the May Windows security update (KB5058405) on some of these computers, the OS thinks a crucial file – ACPI.sys – is missing. The Advanced Configuration and Power Interface is a critical Windows system driver that enables Windows to manage hardware resources and power states. Lacking the file, Windows won’t load, and an error message with the code 0xc0000098 pops up listing the missing file.

Microsoft notes there are also reports of this same error occurring with a different file name.

“This issue has been observed on a small number of physical devices,” Microsoft says, “but primarily on devices running in virtual environments, including Azure Virtual Machines, Azure Virtual Desktop and on-premises virtual machines hosted on Citrix or Hyper-V.”

The fixes  –  KB5027397 for PCs running version 23H2, and KB5062170 for PCs running version 22H2  – are only available through the Microsoft Update Catalog.

If for some reason you are among the few who haven’t yet installed the May 2025 Patch Tuesday security fixes and run a virtual desktop infrastructure, apply the out-of-band update instead.

The out-of-band update contains all of the improvements and fixes included in the May 2025 Windows non-security preview update, in addition to this issue’s resolution, says Microsoft. Since this is a cumulative update, admins don’t need to apply any previous update before installing KB5062170. That’s because it supersedes all previous updates for affected versions. Installation of this update will require a device restart.

Users of Windows Home or Pro editions are unlikely to face this issue, says Microsoft, because they aren’t likely to be running virtual machines.

Human error or edge case?

Microsoft, like other major software vendors, does a lot of testing of patches before they are released. Still, says Tyler Reguly, associate director of security R&D at Fortra, they can’t catch everything. “It’s impossible to test every edge case and scenario,” he said in an email. “On top of that, at some point testing at a large scale requires humans – and humans make mistakes.

“The question I always want to have answered [when a vendor has to fix a fix] is whether it was human error or an edge case that was deemed unlikely. Unfortunately, very few vendors are willing to publish the results of their Root Cause Analysis (RCA). Instead, the best we can hope for is a quick fix and a mutual understanding that it won’t happen again.

In the case of human error, ensuring it won’t happen again may mean process or policy changes, he wrote, while edge cases could be the result of any number of variables. “When we talk about hardware and virtualization on top of hardware, we’re talking about a lot of things that can go wrong,” he pointed out. “In that case, while we hope vendors catch everything, we need to recognize that as an unrealistic expectation.”

Someone will tout AI as the solution to ensure this doesn’t happen, he added, but as long as our technology exists outside a walled garden, and as long as users have choice in their technologies, problems like this will continue to arise. IT leaders just need to figure out how to respond quickly and calmly.

“If I were a CSO, this is where I would look at my organization and, if we were impacted, I would look at how we responded and how quickly we recovered,” Reguly said. “This is why business continuity planning exists and, if errors like this are hugely impactful, you need to wonder if your BCP is as robust as it needs to be.”

A complexity problem

Even extensively tested code can fail on first contact with production systems, observed Gene Moody, field CTO at patch management provider Action1.

“This isn’t a QA failure, it’s a complexity problem. Test environments, no matter how thorough, can’t replicate the quirks of real-world systems, undocumented changes, legacy software, obscure drivers, or corrupted system states. A patch may behave differently depending on what’s running, what’s been previously installed, or how the system was maintained and managed. Timing issues, environmental drift, and configuration edge cases are almost impossible to predict in labs. And in production, security tools, compliance agents, or even partially failed updates from the past can all sabotage patch behavior,” he said.

“This is why progressive ringed rollout, strong telemetry, and fast rollback are more critical than any lab test. Real-world variability is the wildcard no simulation can fully cover; admins need to be familiar with their own environments to be able to test and recover from unforeseen circumstances caused by unstable patches.”

Na čem pracují vývojáři webového prohlížeče Ladybird (GitHub)? Byl publikován přehled vývoje za květen (YouTube).

KYBERCENTRUM vydalo knihu ceského kryptologa a popularizátora Pavla Vondrušky, která dokazuje, jak muže veda o kódech a šifrách být fascinující a dobrodružná.
Kniha byla v drívejším vydání v edici OKO zcela vyprodána a nebylo ji možné získat.
Nyní je tedy možnost ji zakoupit v e-shopu KYBERCENTRA. Ale pozor k prodeji touto cestou bylo uvolnen pouze omezený pocet 200 kusu .

Kniha p?edního ?eského popularizátora kryptologie dokazuje, jak fascinující a dobrodružná m?že v?da o kódech a šifrách být.
Kniha vyšla v 2006 v nákladu 8000 ks a byla brzy zcela vyprodána.
Kniha nyní vyjde pomocí Crowdfundingu v rámci projektu Centra kybernetické bezpe?nosti, z. ú. (KyberCentrum).
Podpo?te tento projekt a stanete se vlastníci této knihy.

Kniha P.Vondrušky - Kryptologie, šifrování a tajná písma op?t vyjde.
Knihu lze získat v rámci projektu Kybercentra (Crowdfunding).

NIST has posted an update on their post-quantum cryptography program:

• Update


• NISTIR 8309 Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process

Po kolikáté ?

Policisté v Praze zadrželi dva cizince t?sn? po tom, co do bankomatu nainstalovali skimmovací za?ízení s cílem dostat se k pen?z?m klient?. U zadržených muž? pak policisté zajistili i celou ?adu nástroj? k páchání této trestné ?innosti a vysíla?ky, informoval ve st?edu policejní mluv?í Jan Dan?k.

Užite?ný p?ísp?vek "14 Ways to Create a Secure Password in 2019" na stále pot?ebné téma jak vytvá?et a pamatovat si hesla od Jacka Forstera.

25+ Free Security Tools That You Need to Start

P?ehled bezplatných silných antivirových a dalších bezpe?nostních program?, které vám mohou pomoci udržet vaše citlivé informace v bezpe?í.

Email was one of the earliest forms of communication on the internet, and if you’re reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now it’s still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isn’t very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, let’s start by saying that setting up email encryption yourself is not the most convenient process. You don’t need a degree in cryptography or anything, but it will take a dash of tech savvy. We’ll walk you through the process later on in this article.

Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure it’s safe. All encryption takes place in the background. While we can vouch for Tutanota, it’s worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.

If you’d prefer to configure your own email encryption, keep reading.

See Affiliated Events too.

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses.
The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam´s agencies in enforcing the law and protecting the public from hackers. It also lays out what the government needs to do to thwart looming threats to its computer networks.

Let´s (not) Encrypt

If you´ve been following the news for the last few years it will come as no surprise that the Justice Department is not a fan of the common man having access to encryption.
The report bemoans the current state of encryption and its ability to keep the government from gathering and analyzing traffic for criminal investigations. The word ´encryption´ comes up 17 times in the report, not once in a favorable light.
In the past several years, the Department has seen the proliferation of default encryption where the only person who can access the unencrypted information is the end user, the report reads.
The advent of such widespread and increasingly sophisticated encryption technologies that prevent lawful access poses a significant impediment to the investigation of most types of criminal activity.

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.