Ninjazzon

The state of software security is dire. If we only look at the past year, if you ran industry-standard software like Ivanti, MOVEit, Outlook, Confluence, Barracuda Email Security Gateway, Citrix NetScaler ADC, and NetScaler Gateway, chances are you got hacked. Even companies with near-infinite resources (like Apple and Google) made trivial “worst practice” security mistakes that put their customers in danger. Yet we continue to rely on all these products.

Software is now (rightfully) considered so dangerous that we tell everyone not to run it themselves. Instead, you are supposed to leave that to an “X as a service” provider, or perhaps just to “the cloud.” Compare this to a hypothetical situation where cars are so likely to catch fire that the advice is not to drive a car yourself, but to leave that to professionals who are always accompanied by professional firefighters.

The assumption is then that the cloud is somehow able to make insecure software trustworthy. Yet in the past year, we’ve learned that Microsoft’s email platform was thoroughly hacked, including classified government email. (Twice!) There are also well-founded worries about the security of the Azure cloud. Meanwhile, industry darling Okta, which provides cloud-based software that enables user log-in to various applications, got comprehensively owned. This was their second breach within two years. Also, there was a suspicious spate of Okta users subsequently getting hacked.

Clearly, we need better software.

The positively charged particle at the heart of the atom is an object of unspeakable complexity, one that changes its appearance depending on how it is probed. We’ve attempted to connect the proton’s many faces to form the most complete picture yet.

The project announced today the introduction of a new feature called “Sync & Backup,” which allows users to import bookmarks, passwords, and personal settings from other browsers to DuckDuckGo. Moreover, it enables users to move that data from one device to another or restore it on a new device in case they lose their original device.

DuckDuckGo’s announcement declares that the new feature can do the following:

Privately sync and access the bookmarks and passwords saved in your DuckDuckGo browsers – including any you’ve imported from other browsers – across multiple devices.

Back up passwords, bookmarks, and favorites in case your device is lost or damaged.

Migrate your bookmarks and passwords to a new device.

Sync your Email Protection account between devices.

In Chile, more than 130 people have died in this year’s wildfires — the deadliest in the nation’s history. In Colombia last month, wildfire smoke billowed just outside Bogotá, defying the city’s reputation for cold, wet weather. And in Argentina, a wildfire ravaged a forest that is listed as a World Heritage Site by the United Nations cultural organization UNESCO.

These wildfires add to the destruction from record-setting fires in the Amazon in October 2023. This is not a normal pattern: in many parts of the region, wildfires are not part of the landscape’s natural history, except for blazes caused by “occasional lightning strikes”, says Francisco de la Barrera, an environmental scientist at University of Concepción in Chile.

But scientists say that the flames have been fanned by a combination of a strong El Niño climate pattern, a profusion of non-native trees and climate change. Researchers warn that the same factors could put other cities on the continent at risk.

Apple announced there are now over 1,000 apps, designed specifically for Vision Pro. The announcement came from Greg Joswiak, Senior VP of Marketing at Apple, who also added there are over 1.5 million compatible apps for the headset.

The apps are available in a dedicated visionOS App Store, and there have been over 600 available since day one, which was 12 days ago. Some key platforms like Netflix, YouTube, and Spotify said they will not develop a dedicated app, though, and users have to use the services through the Safari browser.

The Google-owned video service later changed its stance and revealed a Vision Pro app is “on the roadmap”. Some say YouTube did a full 180 after seeing the success of the headset, but there is also a chance of missed royalties after a third-party app is already gaining track, and users are paying $5 for it.

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing... that lives on my phone? What if I lose my phone? What if you steal my phone?

When an amateur restorer discovered slides showing street scenes from early 20th century Middleton – located near Manchester in the UK- he was keen to find out where exactly they were taken.

With the help of local historians, he was able to track down the location of some of the photos. But is there another way to identify where these historical photos were taken?

Using historical Ordnance Survey (OS) maps we were able to independently locate a number of the images. Here’s a quick guide to how we did it.

The new certifications for HDMI cables are now slowly coming onto the market. Known as Gen 2, these certifications will provide verification for the authenticity of a given cable and gradually replace the first generation certifications.

This formally began in May 2023, but the HDMI Licensing Administrator (HDMI LA) has allowed the old labels to continue to be used until stocks of the corresponding cables have all been sold. In its February newsletter, cable manufacturer Club3D drew attention to this change and stated that it is currently changing its label fulfillment provider, so packs with both the old and the new certifications will soon appear in stores.

The new certification has the advantage that it can be checked more easily. According to the HDMI LA, a simple scan of the QR code on the pack is enough to verify its authenticity. The old verification, on the other hand, required the proprietary HDMI app.

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.

Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. Affected data on customers and their families includes dates of birth, marital status, social security numbers and insurance information. No banking info, medical data or contact information was compromised, the CNIL added.

"This is the first time that there has been a violation of this magnitude [in France]," Yann Padova, digital data protection lawyer and former secretary general of the CNIL told French radio network Franceinfo. Padova believes the breach is the largest in France's history.

India, the world’s largest democracy, prepares to kick off its election season in just a matter of weeks. But activists and experts worry that the government is cracking down on platforms and internet service providers to silence critical voices, and tighten its grip on the information ecosystem.

On January 16, Raqib Hameed Naik, an Indian journalist and founder of the website Hindutva Watch, received a notice from X, formerly Twitter, that the website’s account had been blocked, by order of the Indian Ministry of Electronics and Information Technology (MeitY). “I received frantic messages from people in India saying they cannot access the Hindutva Watch Twitter,” says Naik

Hindutva Watch, along with its sister site, the India Hate Lab, tracks incidents of religiously motivated violence perpetrated by supporters of the country’s right-wing government, helmed by Prime Minister Narendra Modi’s Hindu-nationalist Bharatiya Janata Party (BJP). Press freedom declined under Modi, leaving fewer spaces for those reporting critically of the government and the impact of its policies on the country’s minorities. In the lead up to elections, where Naik predicts a “surge in hate crimes,” Hindutva Watch’s information may be more critical than ever.

Martin Hellman achieved legendary status as co-inventor of the Diffie-Hellman public key exchange algorithm, a breakthrough in software and computer cryptography. That invention and his ongoing work in cryptography and digital signatures earned him a Turing award in 2015. He has since followed that up with a second act devoted to promoting world peace and personal development.

I was recently able to meet with Mr. Hellman for a far-ranging conversation about the technological and personal synergies that have shaped his thinking and defined his career. It was both a pleasure and an honor to interview one of the true luminaries of technology innovation.

When governments find themselves fighting the threat of coastal erosion, their default response tends to be pretty simple: If sand is disappearing from a beach, they pump in more sand to replace it. This strategy, known as “beach nourishment,” has become a cornerstone of coastal defenses around the world, complementing hard structures like sea walls. North Carolina, for instance, has dumped more than 100 million tons of sand onto its beaches over the past 30 years, at a cost of more than $1 billion.

The problem with beach nourishment is obvious. If you dump sand on an eroding beach, it’s only a matter of time before that new sand erodes. Then you have to do it all over again.