Agregátor RSS

Týden na ScienceMag.cz: Neutronové molekuly – neutrony se mohou vázat na kvantové tečky

AbcLinuxu [články] - 24 Květen, 2024 - 00:01

Před 70 lety vznikl první křemíkový solární článek. Webbův dalekohled zachytil nejvzdálenější fúzi černých děr. Malé modulární jaderné reaktory se blíží do Česka. Z čeho se skládá kosmické záření. Nový výzkum spojuje kyslík s technologickou civilizací.

Kategorie: GNU/Linux & BSD

Tři chystané změny, kterými chce stát dostat rodiče malých dětí rychleji do práce

Lupa.cz - články - 24 Květen, 2024 - 00:00
Stát se snaží rodičům menších dětí usnadnit návrat do práce. Jaké chystané legislativní změny v tom mají pomoci?
Kategorie: IT News

AMD uvádí Anti-Lag 2 integrovaný na úrovni hry

CD-R server - 24 Květen, 2024 - 00:00
V létě tomu bude pět let, co AMD vydala první verzi technologie Anti-Lag, která umožnila snížit latence i s 60Hz LCD na úroveň nižší než bylo běžné se 144Hz LCD. Druhá generace jde ještě dál…
Kategorie: IT News

Průlomová metoda recyklace betonu zajistí uhlíkově neutrální cement

OSEL.cz - 24 Květen, 2024 - 00:00
Recyklace betonu je svízelnější, než by člověk myslel. Tým odborníků z Cambridge vyvinul nový postup, díky němuž lze důmyslně recyklovat starý beton v elektrické obloukové peci pro recyklaci oceli. Pokud se k tomu použije energie z obnovitelných zdrojů, je výsledkem zázrak, čili uhlíkově neutrální cement.
Kategorie: Věda a technika

Novinky pro Linux 6.10: AMD Zen 5 či konec neudržovaných ovladačů

ROOT.cz - 24 Květen, 2024 - 00:00
Novější Radeony i na platformě RISC-V, nadále bez upstream ovladače platformy Steam Deck, mizí dva zastaralé ovladače, AMD pracuje na Zen 5 v rámci Perf Tools.
Kategorie: GNU/Linux & BSD

BreadboardOS pro Raspberry Pi Pico (RP2040)

AbcLinuxu [zprávičky] - 23 Květen, 2024 - 23:22
BreadboardOS je firmware pro Raspberry Pi Pico (RP2040) umožňující s tímto MCU komunikovat pomocí řádkového rozhraní (CLI). Využívá FreeRTOS a Microshell.
Kategorie: GNU/Linux & BSD

Here's yet more ransomware using BitLocker against Microsoft's own users

The Register - Anti-Virus - 23 Květen, 2024 - 23:21
ShrinkLocker throws steel and vaccine makers into the hurt locker

Updated  Yet more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky.…

Kategorie: Viry a Červi

Casino cyberattacks put a bullseye on Scattered Spider – and the FBI is closing in

The Register - Anti-Virus - 23 Květen, 2024 - 22:16
Mandiant CTO chats to The Reg about the looming fate of this ransomware crew

Interview  The cyberattacks against Las Vegas casinos over the summer put a big target on the backs of prime suspects Scattered Spider, according to Mandiant CTO Charles Carmakal.…

Kategorie: Viry a Červi

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

The Register - Anti-Virus - 23 Květen, 2024 - 21:01
Current approaches aren't working and demonize security teams

A Google security bigwig has had enough of federally mandated phishing tests, saying they make colleagues hate IT teams for no added benefit.…

Kategorie: Viry a Červi

Umělé inteligenci došel dech. Kvůli výpadku Microsoftu nefungovaly Bing, Copilot, ani část ChatGPT

Živě.cz - 23 Květen, 2024 - 20:00
Microsoft dnes v 10:46 na X oznámil, že zaznamenal problémy ve svém cloudu a kvůli chybě uživatelům nefungují Copiloti integrovaní v různých službách včetně stejnojmenného chatbotu. Výpadek je ale podle všeho rozsáhlejší a dotýká se i vyhledávače Bing, který chvílemi běží, chvílemi nikoliv. Služby ...
Kategorie: IT News

The web is disappearing: Is it IT’s fault?

Computerworld.com [Hacking News] - 23 Květen, 2024 - 19:09

Nothing lives forever, and researchers have confirmed that web pages are no exception. They pop into existence at one moment in time and have a habit of disappearing with an abrupt “404 not found” at an unknown point in the future.

The rate at which this happens has a name: “digital decay”, or “link rot”. According to an analysis by the Pew Research Center, When Online Content Disappears, we can even put some numbers on the phenomenon.

Looking at a random sample of web pages that existed in 2013, the researchers found that by 2023, 38% had disappeared. If it doesn’t sound surprising that nearly four in ten web pages from 2013 would have disappeared a decade later, they did the same analysis for pages that appeared in 2023 itself, finding that a surprising 8% disappeared by the year end.

But what matters is not simply how many web pages have disappeared but where they disappeared from. On that score, 23% of news pages and 21% of pages on US government sites contained at least one broken link.

The most interesting barometer of all for link rot is Wikipedia, a site which depends heavily on referenced links to external information sources.

Despite the importance of references, the researchers found that at least one link was broken on 54% of a sample 50,000 English language Wikipedia entries. From the total of one million references on those pages, 11% of the links were no longer accessible.

Disappearing tweets

And it’s not just links. Looking at that other cultural reference point, “tweets” on the X (formerly Twitter) platform, a similar pattern was evident. From a representative sample of 5 million tweets posted between 8 March and 27 April 2023, the team found that by 15 June 18% had disappeared. And that figure could get a lot higher if the company ever stops redirecting URLs from its historic twitter.com domain name.

Some languages were more affected by disappearing tweets than others, with the rate for English language tweets being 20% and for those in Arabic and Turkish an extraordinary 42% and 49%, respectively.

Pew is not the first to look into the issue. In 2021, an analysis by the Harvard Law School of 2,283,445 links inside New York Times articles found that of the 72% that were deep links (i.e., pointing to a specific article rather than a homepage), 25% were inaccessible.

As a website that’s been in existence since 1996, The New York Times is a good measure of long-term link rot. Not surprisingly, the further back in time you went, the more rot was evident, with 72% of links dating to 1998 and 42% from 2008 no longer accessible.

This study also looked at content drift, that is the extent to which a page is accessible but has changed over time, sometimes dramatically, from its original form. On that score, 13% of a sample 4,500 pages published in the New York Times had drifted significantly since they’d first been published.

Where is IT going wrong?

Does any of this matter? One could argue that web pages disappearing or changing is inevitable even if not many people notice or care.

While the Pew researchers offer no judgement, the authors of the Harvard Law School study point out the problems link rot leaves in its wake:

“The fragility of the web poses an issue for any area of work or interest that is reliant on written records. […] More fundamentally, it leaves articles from decades past as shells of their former selves, cut off from their original sourcing and context.”

According to Mark Stockley, an experienced content management systems (CMS) and web admin who now works as a cybersecurity evangelist for security company Malwarebytes, while some link loss was inevitable, the scale of the issue suggested deeper administrative failures.

“People seem to be more ambivalent about losing pages than they used to be. When I first started working on the web, losing a page, or at least a URL, was anathema. If you didn’t need a page any more you at least replaced it with a redirect to a suitable alternative, to ensure there were no dead ends,” said Stockley.

“What’s baffling is when CMSs don’t pick up the slack. While some CMSs will catch mistakes and backfill URL changes with redirects automatically, there are others that, inexplicably, don’t. It’s an obvious and easy way to prevent a particular kind of link rot, and it’s baffling that it exists in 2024,” he said.

Alternatively, if the CMS doesn’t include a link checking facility, admins can also deploy link checking tools that will crawl a site to find broken links.

For CMS admins, spotting and correcting broken links should be a defined process not an afterthought.

Anyone who wants more detail on the methodology behind When Online Content Disappears can follow this link (PDF).

Kategorie: Hacking & Security

How to control employee access to iCloud services

Computerworld.com [Hacking News] - 23 Květen, 2024 - 19:03

As Apple device use spirals across the enterprise, Apple admins have grown accustomed to maintaining tolerance when it comes to iCloud. But there are some controls they can apply to manage what employees can do with the online service.

Managed or personal Apple ID?

There is a difference between what restrictions can be applied on personal iCloud accounts and Managed Apple IDs. IT has far more control over the latter, but can apply some restrictions to personal devices as well, so long as they are managed by an MDM (Mobile Device Management) system of some kind.

If they are not protected by MDM, then no restrictions can be applied at all.

The big difference is that on personal devices assigned to an enterprise MDM account, IT can use a set of MDM restrictions to reduce access to some iCloud services. Managed Apple IDs have far more power, and can be used alongside personal Apple IDs on employee-owned devices, thanks to Apple’s User Enrollment tools. 

How to control iCloud access with managed devices

Managed Apple IDs cannot access certain iCloud services.  Apple says this is due to “organizational focus and to protect user privacy.” The following services are not available, though in some cases the app might be visible:

  • Find My.
  • Health.
  • Home.
  • Journal.
  • Wallet (though employee badges in Wallet do function).
  • iCloud Mail, iCloud+ and iCloud Family Sharing.

You can also customize access to some other apps using Apple School or Business Manager, Apple Business Essentials, and/or your MDM tools. If your fleet runs the latest operating systems, you might also be able to add further refinements to help lock iCloud access down — for example, whether users can collaborate on Keynote files from within Business Manager. Most MDM services offer similar tools.

The idea is that by preventing people from using these services from within their work-related Managed Apple ID, the natural security of the devices is enhanced. It also means you can deploy your own digital employee experiences on the devices, including use of company email.

Of course, employees with devices that support both personal and managed Apple IDs also have access to all their own personal iCloud services, but not from within your deployed mobile work environment.

What about Personal Apple IDs?

Sensibly, Apple does not let IT restrict use of iCloud on personal devices; someone can access their own iCloud account from any Apple device. 

What Apple does allow is some control of iCloud access from devices enrolled in a company’s MDM system. Using Apple’s provided MDM restriction keys, companies that don’t use Managed Apple IDs can block access to specific iCloud services from a given device. This is a little like using a hammer to crack an egg, but you can block access to the following iCloud services: Address Book, Bookmarks, Calendar, Drive, Keychain, Mail, Notes, Reminders, Photo Library, and Private Relay.

The downside is that by blocking access to these services you effectively limit what your staff can do with a device that is for all intents and purposes their own device, using their own Apple ID. Many workers would likely feel this to be an unwanted intrusion into their personal devices and see such moves as displaying a lack of trust. (IT admins could, of course, argue that they feel forced to deploy such restrictions to prevent exfiltration of valuable corporate or personal data.)

Which approach is best?

For me, if you do need to restrict access to iCloud services across your teams, it feels more appropriate to impose those restrictions via a Managed Apple ID. Doing so provides the maximum benefit — you can control and restrict device use that relates to your business, its services, and data, while also permitting personal use of that device.

The beauty of this approach is that work and personal data on a device is cryptographically separated and stored on different partitions, keeping work data secure and personal data private. While there is no such thing as a guarantee when it comes to device or data security, the combination delivers the best employee experience while enabling close control of any potential data/passcode exfiltration. Apple has also tied this experience up with Focus mode, making it as simple as a tap to switch between the work experience and personal use of the device.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

The Hacker News - 23 Květen, 2024 - 19:03
Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,"
Kategorie: Hacking & Security

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

The Hacker News - 23 Květen, 2024 - 19:03
Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse," Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Garmin, to není jen řada Epix. Tyto modely toho nabídnou víc, a ani nemusíte být potápěč

Živě.cz - 23 Květen, 2024 - 18:45
Řada Garmin Epix je synonymem nejvýkonnějších hodinek • Mají hned několik dalších, speciálních alternativ • Základ je u Marq, Descent, Quatix, D2, Tactix a Approach stejný
Kategorie: IT News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

The Hacker News - 23 Květen, 2024 - 18:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
Kategorie: Hacking & Security

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

The Hacker News - 23 Květen, 2024 - 18:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Proč si předplatit Max? Třeba kvůli těmto seriálům. Vybrali jsme ty nejlepší

Živě.cz - 23 Květen, 2024 - 18:15
Vybrali jsme nejzajímavější a nejpopulárnější seriály, které najdete v současné nabídce videoslužby Max. Ty nejnovější dokonce nabízejí 4K rozlišení s Dolby Vision a Dolby Atmos.
Kategorie: IT News

Microsoft kašle na klima a svůj zelený plán, radši bude vydělávat na AI

Živě.cz - 23 Květen, 2024 - 17:45
Uhlíkové emise Microsoftu vzrostly o 29 % ve srovnání s rokem 2020 •Za nárůst může především stavba datacenter a výroba hardwaru •Jsou potřeba pro rozvoj AI, v němž firma nehodlá polevit
Kategorie: IT News
Syndikovat obsah