Podcasts about Authenticator

A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthier SHub macOS infostealer emerges. Universal Robots fixes a critical vulnerability. A Dark Web marketplace dumps millions of stolen payment cards. Echo Protocol loses $76 million in a synthetic Bitcoin breach. Our guest is Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their AI maturity model. Nathan Detroit rolls malware snake eyes.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their SANS AI Security Maturity Model™. Selected Reading CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) INTERPOL Operation Ramz: 201 Apprehended in MENA Cybercrime Disruption (TechNadu) Microsoft Patches Critical Token Theft Vulnerability in Authenticator App (Beyond Machines) Poland shifts away from Signal following cyberattacks on officials' accounts (Security Affairs) SHub macOS infostealer variant spoofs Apple security updates (Bleeping Computer) Critical Vulnerability Exposes Industrial Robot Fleets to Hacking (SecurityWeek) B1ack's Stash Releases 4.6 Million Stolen Credit Cards for Free (SOC Radar) Echo Protocol Hit by $76M eBTC Minting Exploit (SOC Radar) Chanhassen Dinner Theatres cancels more Guys and Dolls performances due to illness and cyberattack (KARE11) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615 ssh-keysign-pwn (CVE-2026-46333) Patches Released https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why traditional SMS MFA is no longer bulletproof. We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password. Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively increases your attack surface, leaving your organization just one brute-force attack away from ransomware. Finally, we explore the mechanics of ThreatLocker's Zero Trust Network Access and Cloud Access, detailing how denying by default and routing through secure proxies can lock down Microsoft 365 and make your internal network effectively invisible to hackers. // Rob Allen's SOCIAL // LinkedIn: / threatlockerrob X: https://x.com/threatlockerrob // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:57 - What is 2FA/MFA and why is it important? 02:54 - Reusing passwords 04:38 - Malicious Chrome extensions 05:39 - Average person vs cybersecurity 12:18 - SMS 2FA 13:37 - Authenticator apps 16:26 - Yubikeys 17:58 - No one is "unhackable" 21:52 - "Cookie stealing" explained 22:53 - ThrearLocker's new tool/solution 28:22 - How ThreatLocker protects Office365 29:06 - ThreatLocker protecting organizations 33:11 - Should I trust ThreatLocker? 35:54 - How safe is ThreatLocker? 38:00 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cybersecurity #hacker #hack

Gros zoom sur les skills et leurs usages dans les coding agents, sur les benchmarks de stacks techniques MCP, mais aussi du Java 26-27, du HttpClient, du NodeJS, des scenarios nucléaires pilotés par l'IA, de la méthodologie, bref on ne s'ennuie pas ! Enregistré le 15 mars 2026 Téléchargement de l'épisode LesCastCodeurs-Episode-338.mp3 ou en vidéo sur YouTube. News Langages Bruno Borges a créé un site, inspiré d'un site récent qui montrait comment CSS avait évolué, qui illustre justement comment Java a bien évolué au fil du temps, et est devenu un langage encore plus élégant https://javaevolved.github.io/ Code simplifié: main() allégé, var, blocs de texte, API String enrichie. Pattern Matching: switch sur types, instanceof amélioré, record patterns. Données: Records, collections immuables faciles à créer, méthodes de listes. Concurrence: Threads virtuels, CompletableFuture, StructuredTaskScope, ScopedValue. Erreurs & Sécurité: NPE précis, catch multiples, Optional amélioré, filtres de désérialisation. I/O & Réseau: HttpClient moderne, E/S fichiers/console simplifiées, transferTo. Dates & Heures: API modernisée, précise, immutables et thread-safe. Langage: Interfaces sealed/private, import de modules, Math.clamp Streams: Nouveaux opérateurs (takeWhile, mapMulti, Gatherers, teeing). Outils & Perf: jshell, exécution simplifiée, jwebserver, AOT, JFR, optimisation mémoire. 10+ raisons de ne pas utiliser le HttpClient du JDK, avec un article très détaillé de Brice Dutheil https://blog.arkey.fr/2026/02/08/ten-reasons-to-not-use-jdk-httpclient/ JDK HttpClient: intégré, non-upgradable. OkHttp: plus lourd (dépendance Kotlin). TLS/SSL: JDK: SSLContext limité, vérif hôte globale, épinglage manuel, SSLParameters rigides. OkHttp: contrôle fin (SSLSocketFactory/TrustManager), vérif hôte/épinglage dédiés, ConnectionSpec structuré. Connexions: JDK: pas de repli, fabrique socket custom impossible (pas UDS/Named Pipes direct), pool limité (propriétés système, contrôle pauvre avant JDK 20/21). OkHttp: repli automatique, fabrique custom, pool granulaire. Réseau: JDK: résolveur DNS par défaut, Authenticator unique. OkHttp: résolveur DNS custom, authentificateurs séparés (proxy/serveur). Cycle Requêtes: JDK: pas d'intercepteurs ni API événements intégrés. OkHttp: addInterceptor, EventListener pour événements granulaires. Ressources: JDK: pas d'arrêt propre avant JDK 21. OkHttp: arrêt granulaire (pool, exécuteur, cache). Timeout: JDK: désactivé après en-têtes; le transfert du corps peut dépasser le timeout initial. JDK 26 et JDK 27 : ce qui nous attend — https://www.infoq.com/news/2026/02/java-26-so-far/ JDK 26 est une version non-LTS prévue le 17 mars 2026, avec 10 nouvelles fonctionnalités réparties en 5 catégories Le support HTTP/3 arrive enfin dans l'API HTTP Client standard de Java (JEP 517) La Structured Concurrency (projet Loom) en est à sa 6e preview, avec l'ajout d'une méthode onTimeout() sur StructuredTaskScope.Joiner Les Lazy Constants passent en 2e preview : des constantes initialisées à la demande, utiles pour optimiser le démarrage Le G1 GC gagne en performance via une réduction des synchronisations entre threads applicatifs et threads GC (JEP 522) Le cache d'objets AOT (JEP 516) est étendu pour fonctionner avec n'importe quel GC, y compris ZGC L'API Applet est définitivement supprimée (JEP 504), fermant une page historique de Java L'encodage PEM des objets cryptographiques continue sa preview avec support de chiffrement/déchiffrement de KeyPair Pour JDK 27 (septembre 2026), l'échange de clés post-quantique hybride pour TLS 1.3 est déjà ciblé (JEP 527) Project Valhalla progresse avec une preview des Value Classes : objets sans identité, à champs final uniquement Librairies Une étude de performance montre que Java est un super choix pour développer des serveurs MCP https://www.tmdevlab.com/mcp-server-performance-benchmark.html Comparaison de performances de serveurs MCP (Model Context Protocol) en Java, Go, Node.js, Python. Méthodologie: 3,9 millions requêtes, environnement Docker (1 cœur CPU, 1 Go RAM/serveur). Fiabilité: 0% d'erreurs pour toutes les implémentations. Tiers de performance: 1 (Haute): Go & Java (latence < 1ms, ~1600 requêtes/s). ▪︎ Go: Efficacité mémoire exceptionnelle (18 Mo vs 220 Mo pour Java). ▪︎ Java: Latence marginalement meilleure, mais 12x plus de mémoire. 2 (Moyenne): Node.js (latence ~10,7 ms, ~560 requêtes/s). Surcharge par instanciation. 3 (Faible): Python (latence ~26,5 ms, ~290 requêtes/s). Limité par GIL. Recommandations production: Go: Optimal forte charge, cloud-native, optimisation coûts. Java: Latence très basse critique, infrastructure Java existante. Node.js & Python: Adaptés charges modérées/faibles, développement/test. Node.js et Python peuvent être optimisés pour améliorer leurs performances en production. Et encore, en Java, le benchmark n'a pas utilisé GraalVM pour une compilation native, ce qui aurait donné des chiffres côté mémoire qui aurait concurrencé Go Qui a la meilleure perf entre Quarkus et Spring pour faire des serveurs MCP ? https://medium.com/@egekaraosmanoglu/spring-boot-vs-quarkus-which-java-runtime-wins-the-ai-mcp-tools-performance-battle-4da9d6a248d5 Quarkus JVM: Débit et latence les plus élevés (jusqu'à 16 381 req/s, 65% plus rapide que Spring Boot), surpasse Spring Boot même avec Apache Camel. Quarkus Native: Consommation mémoire la plus faible (118 MB), démarrage instantané, performance prédictible. Spring Boot MVC: Bonnes performances, écosystème mature, nécessite un "warm-up" important (jusqu'à 44% de gain). Spring Boot WebFlux: Légèrement meilleur débit et latence que MVC (~5%), mais plus de mémoire et complexité réactive. Coût architectural: MapStruct: Impact négligeable (< ±5%). Apache Camel: Réduction de débit de 8-21%, mais valeur ajoutée significative; Quarkus JVM + Camel reste > Spring Boot baseline. Protocole MCP: Sur Quarkus JVM (avec Camel), surpasse gRPC. Recommandations: Débit max: Quarkus JVM. Coût/Serverless: Quarkus Native. Intégration d'entreprise: Quarkus JVM + Camel + MapStruct. Meilleur choix Spring: Spring Boot WebFlux + MapStruct. Benchmark des stacks qui implémentent MCP https://www.tmdevlab.com/mcp-server-performance-benchmark-v2.html MCP (Model Context Protocol) est le protocole d'Anthropic pour connecter les LLMs à des outils et sources de données externes ; ce benchmark compare 15 implémentations serveur. 39,9 millions de requêtes traitées avec zéro erreur, sur des charges I/O réalistes (Redis + HTTP API) plutôt que des tâches CPU synthétiques. Rust atteint 4 845 RPS avec seulement 10,9 Mo de RAM ; Quarkus obtient 4 739 RPS avec la meilleure latence (4,04 ms en moyenne, 8,13 ms au P95). Go (3 616 RPS) et Spring MVC (3 540 RPS) constituent un second groupe solide. Node.js plafonne à 423 RPS ; Bun est 2,2x plus rapide sur un code identique (876 RPS) ; Python atteint 259 RPS avec 4 workers et uvloop. Découverte notable : un bug dans le SDK Rust rmcp v0.16 ajoutait ~40 ms de latence à toutes les réponses HTTP, limitant le débit à 1 283 RPS ; corrigé en v0.17 via la PR #683. Les images natives GraalVM réduisent la mémoire de 27 à 81 % mais dégradent le débit de 20 à 36 % ; Quarkus-native est l'exception avec 36 Mo RAM et 3 449 RPS. Spring MVC (bloquant) surpasse WebFlux (réactif) à 50 utilisateurs simultanés, rappelant que le modèle réactif n'est pas toujours gagnant. Recommandations : Rust ou Quarkus pour la production haute charge, Go pour le cloud-native, Bun plutôt que Node.js en JavaScript. Jakarta EE 12 Milestone 2 : données, cohérence et configuration https://www.infoq.com/articles/jakartaee-12-milestone-2/ Jakarta EE est la plateforme Java entreprise open-source, socle de frameworks comme Quarkus et Spring, qui standardise les APIs pour la persistance, les transactions, la sécurité, etc. Jakarta EE 12 adopte Java 21 comme baseline (avec support Java 25) et supprime définitivement le SecurityManager déprécié. La nouvelle spec Jakarta Query unifie JPQL (SQL/relationnel) et JDQL (NoSQL) en un seul langage avec deux profils : Core Language (portable) et Persistence Language (relationnel). Jakarta Data 1.1 introduit les requêtes dynamiques via une API fluente avec Restriction et l'annotation @Is pour des conditions plus expressives. Jakarta Data supporte désormais les repositories stateful, permettant la gestion du cycle de vie des entités (persist, merge, detach, refresh) comme en JPA classique. Jakarta NoSQL 1.1 intègre Jakarta Query via une nouvelle interface Query et supporte les projections avec des Java records. Jakarta Persistence 4.0 supporte SequencedCollection (Java 21) comme type de collection dans les entités. Une nouvelle spec Jakarta Agentic AI est en cours, visant des APIs vendor-neutral pour construire des agents IA sur les runtimes Jakarta EE, avec intégration prévue de LangChain4j et Spring AI. Cette release est encore un milestone (pas pour la prod) — l'adoption large dépendra de la maturité des outils (IDE, validation de requêtes, diagnostics). Nouveaux benchmarks Quarkus vs Spring Boot : performance complète et transparente https://quarkus.io/blog/new-benchmarks/ Quarkus est un framework Java optimisé pour les conteneurs, connu pour son faible usage mémoire et son démarrage rapide, concurrent principal de Spring Boot. Les anciens graphiques de performance sur quarkus.io étaient obsolètes, sans date, sans source, et ne montraient pas le débit (throughput). L'absence de données sur le throughput faisait croire à tort que Quarkus avait de mauvaises performances à ce niveau. Un nouveau benchmark open source a été créé, transparent et reproductible, disponible sur GitHub. Résultats : Quarkus gère 2,7x plus de transactions par seconde que Spring Boot, démarre 2,3x plus vite, avec deux fois moins de mémoire. Des experts Spring Boot externes ont contribué à rendre la comparaison plus équitable, notamment sur la configuration des pools de connexions. Les threads virtuels améliorent le débit d'environ 6000 tps supplémentaires pour tous les frameworks testés. Spring Boot 4 offre un meilleur débit que Spring Boot 3, mais au prix d'un démarrage plus lent et d'une empreinte mémoire plus élevée. En mode natif (GraalVM), le démarrage est ultra-rapide mais le throughput est divisé par deux, pour Quarkus comme pour Spring Boot. Le mode natif n'est recommandé que pour les applis démarrées/arrêtées très fréquemment ou à faible charge. Quarkus 3.32 : fondations pour la prochaine LTS https://quarkus.io/blog/quarkus-3-32-released/ Quarkus est un framework Java cloud-natif optimisé pour GraalVM et HotSpot, conçu pour les microservices et les environnements conteneurisés. Cette version marque le feature freeze pour la prochaine version LTS 3.33. Intégration de Project Leyden (AOT JVM) : le démarrage d'une application REST minimale passe de 370ms à 80ms. L'entraînement Leyden peut se déclencher au build ou via les tests d'intégration. Amélioration du graceful shutdown HTTP, avec des contributions de l'équipe Keycloak. Enregistrement automatique dans Consul via l'extension Stork pour la découverte de services. Nouvelles fonctionnalités de sécurité : DPoP nonce providers personnalisés, support de rich authorization pour OIDC. Possibilité de personnaliser l'ordre des mécanismes d'authentification et ajout de OIDCAuthenticationCompletionAction. Mise à jour du framework Google Cloud Functions en version 2.0, ainsi que Camel Quarkus et Quarkus CXF. Les utilisateurs sur LTS 3.27 sont encouragés à tester la migration vers 3.33 pour faire remonter des retours. NodeJS change sa cadence de releases https://nodejs.org/en/blog/announcements/evolving-the-nodejs-release-schedule Node.js est le runtime JavaScript côté serveur le plus utilisé, géré par la OpenJS Foundation avec un cycle de releases actif depuis la fusion avec io.js il y a dix ans. À partir de Node.js 27 (octobre 2026), le projet passe d'une release majeure tous les six mois à une seule par an. Chaque release deviendra LTS, supprimant la distinction entre versions paires (LTS) et impaires (non-LTS). Un nouveau canal Alpha est introduit, permettant les changements semver-major pendant la phase de test précoce. Les phases deviennent : Alpha (6 mois, oct. à mars), Current (6 mois, avr. à oct.), LTS (30 mois), puis EOL. La durée totale de support reste de 36 mois, identique au modèle actuel. La numérotation des versions s'aligne sur l'année calendaire de la release Current (ex : 27.0.0 en 2027). La version Alpha est signée, taguée et testée via CITGM, mais n'est pas destinée à la production. La motivation principale : les versions impaires étaient peu adoptées, la distinction pair/impair perturbait les débutants, et réduire les lignes de release parallèles allège la charge des bénévoles. Les auteurs de bibliothèques sont encouragés à intégrer les releases Alpha dans leur CI dès que possible pour détecter les régressions en amont. Web jQuery v4 est sorti https://www.infoq.com/news/2026/02/jquery-4-release/?utm_source=twitter&utm_medium=link&utm_campaign=calendar jQuery est une bibliothèque JavaScript historique qui simplifie la manipulation du DOM, la gestion des événements et les requêtes AJAX, encore très présente dans de nombreuses bases de code. Cette version majeure sort pour les 20 ans de la bibliothèque, après presque une décennie sans version majeure. Suppression du support d'Internet Explorer 10 et antérieur, Edge Legacy et les anciennes versions iOS/Android. IE11 reste encore supporté dans jQuery 4, mais sa suppression est prévue pour jQuery 5. Le code source migre d'AMD vers les ES modules, pour une meilleure compatibilité avec les outils de build modernes. Le bundler passe de RequireJS à Rollup. Suppression des fonctions dépréciées comme jQuery.isArray, jQuery.parseJSON et jQuery.trim, désormais disponibles nativement en JavaScript. Le fichier gzippé gagne plus de 3 000 octets ; le build slim descend à environ 19,5 ko. Ajout du support des Trusted Types pour faciliter la compatibilité avec les Content Security Policy strictes. jQuery reste pertinent pour la maintenance de bases de code existantes et les projets nécessitant une faible dépendance aux frameworks. La réactivité en frontend : concepts et approches https://www.sfeir.dev/front/quest-ce-que-la-reactivite-en-frontend/ Un article qui resume comment la reactivite est implementee en front web La réactivité en frontend désigne le mécanisme qui permet de mettre à jour automatiquement l'UI quand les données changent, sans manipulation directe du DOM. Sans réactivité, les développeurs doivent mettre à jour manuellement chaque élément de l'interface, ce qui est fastidieux et source d'erreurs. Le data binding unidirectionnel (React) distingue le flux de données des callbacks d'interaction utilisateur. Le data binding bidirectionnel (Angular) synchronise automatiquement données et UI dans les deux sens. Le Virtual DOM (React, Vue) compare une représentation en mémoire avec le DOM réel avant d'appliquer uniquement les changements nécessaires. Les observables via RxJS (Angular) permettent de gérer des flux de données asynchrones et des événements complexes. Les signaux (SolidJS, Angular récent, Svelte) offrent des mises à jour granulaires et de meilleures performances que les approches précédentes. Les signaux proposent une API plus simple que les observables tout en restant très performants. La réactivité abstrait la manipulation du DOM et permet aux développeurs de se concentrer sur l'état de l'application. Data et Intelligence Artificielle Gunnar Morling a annoncé la sortie de Hardwood, un nouveau parseur Java pour les fichiers Apache Parquet, grâce aux leçons apprises par le 1BRC challenge https://www.morling.dev/blog/hardwood-new-parser-for-apache-parquet/ Hardwood : Nouveau parseur Apache Parquet open-source (Java 21+). But : Dépasser parquet-java (dépendances lourdes, lecteur mono-threadé). Points clés : Dépendances minimes, pipeline de décodage multi-threadé. APIs : RowReader (ligne) et ColumnReader (colonne, haute perf.). Optimisations : Parallélisme pages, préchargement adaptatif, moins d'allocations. Développement : Assisté par IA (Claude Code), révision humaine. Futur : "Predicate push-down", compatibilité parquet-java, écriture, CLI, intégration Iceberg. Apicurio Registry passe AI-Native — https://www.apicur.io/blog/2026/02/05/apicurio-registry-ai-natural-evolution Apicurio Registry est un registre open-source de schemas (OpenAPI, AsyncAPI, Avro, Protobuf…) gérant versioning, validation et gouvernance des APIs. Le projet étend ses capacités pour devenir une plateforme native AI, en appliquant les mêmes principes de gouvernance aux agents IA. Support du protocole A2A (Agent-to-Agent) : les agents s'enregistrent via des "Agent Cards" et se découvrent mutuellement via des endpoints standardisés. Un serveur MCP intégré permet aux LLMs d'interagir directement avec le registre (découverte de schémas, validation, création). L'intégration avec Claude Desktop est déjà documentée, permettant de gérer les artefacts en langage naturel. Deux nouveaux types d'artefacts : PROMPT_TEMPLATE (templates de prompts versionnés avec variables) et MODEL_SCHEMA (validation des entrées/sorties des agents). Les SDKs Java (LangChain4j, Quarkus) et Python (LangChain, LlamaIndex) sont disponibles. Une démo multi-agents illustre le "context chaining" : chaque agent reçoit les sorties des agents précédents dans la pipeline. La roadmap prévoit : gestion du cycle de vie des agents, recherche sémantique, intégration dans les pipelines de déploiement. L'Histoire du Deep Learning : quand les machines ont commencé à apprendre https://blog.ippon.fr/2026/02/20/lhistoire-du-deep-learning-quand-les-machines-ont-commence-a-apprendre/ un article qui retrace les avancées clées du machine learning Le deep learning est un sous-domaine du ML basé sur des réseaux de neurones empilés en couches, aujourd'hui omniprésent dans la vision, le langage et la recommandation. Le Perceptron (1957) est le premier modèle formel d'apprentissage supervisé, mais il échoue sur des problèmes non linéaires comme le XOR : une limite structurelle, pas algorithmique. La rétropropagation du gradient (années 80) permet d'entraîner des réseaux multi-couches, mais souffre du problème de "vanishing gradient" qui bloque l'apprentissage en profondeur. L'essor du deep learning dans les années 2000 est autant une révolution matérielle qu'algorithmique : les GPU, conçus pour le jeu vidéo, se révèlent parfaitement adaptés aux calculs matriciels. AlexNet (2012) marque une rupture industrielle en démontrant qu'un CNN profond entraîné sur GPU surpasse largement les méthodes classiques en reconnaissance d'images. Les LSTM (1997) résolvent les problèmes de mémoire à long terme des RNN, mais leur nature séquentielle limite fortement la parallélisation. Les Transformers ("Attention Is All You Need", 2017) révolutionnent le domaine en remplaçant la récursion par un mécanisme d'attention parallélisable, adaptable aux GPU et TPU. L'IA générative introduit une rupture conceptuelle : les modèles apprennent la distribution des données pour en produire de nouveaux exemples, et non plus simplement classifier. Les LLM offrent un socle généraliste réutilisable pour de nombreuses tâches, là où l'IA prédictive nécessitait un modèle spécifique par problème. La question de l'AGI reste ouverte et très incertaine, mais l'IA devient déjà un "acteur logiciel" capable de raisonner et d'agir de manière autonome via les agents. Ca y est, Agent to Agent Protocol (A2A) est sorti en version 1.0 https://a2a-protocol.org/latest/announcing-1.0/ Prêt pour la prod Support multi-version ( multi-protocoles (gRPC, HTTP+JSON…) Multi-tenancy : un même endpoint peut supporter et exposer plusieurs agents distincts Agent Cards signées et vérifiables cryptographiquement pour vérifier l'identité des agents Flexibilité : les clients peuvent choisir de consommer les résultats par polling, streaming, ou également webhooks Outillage Le guide complet pour créer des skills pour vos agents, par Anthropic https://resources.anthropic.com/hubfs/The-Complete-Guide-to-Building-Skill-for-Claude.pdf Définition et structure : Les skills sont des dossiers contenant des instructions (fichier SKILL.md obligatoire) et des scripts qui enseignent aux agents comment exécuter des tâches spécifiques ou utiliser des outils MCP de manière fiable. Fonctionnement technique : Le système repose sur la "divulgation progressive" via un en-tête YAML critique, permettant à Claude de charger le contexte de la compétence uniquement lorsque la demande de l'utilisateur le nécessite. Cycle de vie : Le guide couvre toutes les étapes de développement, de la définition des cas d'usage (automatisation, création de documents) aux protocoles de test et de distribution. il couvre aussi comment tester (brievement) et des patterns communs Apprendre a utiliser les skills pour structurer son code ia https://philippart-s.github.io/blog/2026-02-18-anthropic-skills/ Les Skills Claude sont des packages d'instructions dans un dossier enseignant à Claude comment gérer des tâches spécifiques de façon cohérente. Un skill se compose au minimum d'un fichier SKILL.md avec un frontmatter YAML et des instructions en Markdown. Le frontmatter YAML impose deux champs obligatoires : name (en kebab-case) et description (max 1024 caractères expliquant quoi faire et quand le déclencher). Les skills fonctionnent de façon identique sur Claude.ai, Claude Code et l'API sans modification. Trois catégories principales : création de documents/assets, automatisation de workflows multi-étapes, et amélioration d'intégrations MCP. Les skills s'appuient sur le principe de divulgation progressive : frontmatter toujours chargé, corps du SKILL.md si pertinent, fichiers liés à la demande. Cinq patterns courants : orchestration séquentielle, coordination multi-MCP, raffinement itératif, sélection d'outils contextuelle, intelligence métier embarquée. Les tests doivent couvrir le déclenchement (90% des requêtes pertinentes), le fonctionnel et la comparaison avec la baseline sans skill. Pour la distribution, héberger sur GitHub avec un README séparé du dossier du skill (pas de README.md dans le dossier lui-même). Un skill-creator officiel permet de générer un premier SKILL.md en 15-30 minutes à partir d'une description en langage naturel. Les skills pour les agents, c'est une façon d'automatiser des tâches répétitives https://glaforge.dev/posts/2026/02/21/easily-build-a-local-mcp-server-in-java-with-a-skill-in-gemini-cli/ Construction facile de serveurs MCP Java locaux pour Gemini CLI et autres agents. Solution au code Java répétitif : JBang + LangChain4j + un "skill" utilisé par Gemini CLI. Idée clée : Une "skill" pour Gemini CLI automatise génération et installation des serveurs. La "skill" génère un fichier Java, le compile et l'enregistre dans les paramètres de Gemini CLI. Avantages : Élimine le boilerplate, enregistrement automatique, développement rapide. Conclusion : Les "skills" d'agent automatisent les tâches répétitives et systématisent l'expérimentation. Un SKILL.md par Julien Dubois pour permettre aux agents IA de créer des projets Spring en suivant les bonnes pratiques à la JHipster https://github.com/jdubois/dr-jskill/blob/main/SKILL.md Dr JSkill est une "Agent Skill" conçue pour aider les IA (GitHub Copilot CLI, Claude Code) à générer des applications Spring Boot 4.x selon les meilleures pratiques de Julien Dubois. Permet de créer des projets full-stack modernes utilisant Java 25, PostgreSQL et Docker, avec un choix de frameworks front-end (Vue.js par défaut, React, Angular ou Vanilla JS). Intègre des scripts Node.js multiplateformes pour automatiser la génération de projets via start.spring.io sans dépendances npm externes. Préconise des choix technologiques stricts : Maven uniquement, pas de Lombok, et utilisation de Hibernate ddl-auto pour la gestion du schéma (pas de Flyway/Liquibase). Supporte nativement la compilation GraalVM (images natives) pour des démarrages ultra-rapides (

Parce que… c'est l'épisode 0x724! Shameless plug 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 20 au 22 avril 2026 - ITSec Code rabais de 15%: Seqcure15 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Notes IA ou dans le prisme de la machine Amazon WTF - Amazon Forced Engineers to Use AI Coding Tools. Then It Lost 6.3 Million Orders. After Outages, Amazon To Make Senior Engineers Sign Off On AI-Assisted Changes Amazon insists AI coding isn't source of outages Pour la nation AI CEOs Worry the Government Will Nationalize AI Canada Needs Nationalized, Public AI How AI Assistants are Moving the Security Goalposts AI Didn't Break the Senior Engineer Pipeline. It Showed That One Never Existed. AI agent hacked McKinsey chatbot for read-write access USDA needs Palantir to tell workers where to sit AI nonsense finds new home as Meta acquires Moltbook Critical Microsoft Excel bug weaponizes Copilot Agent VS Code goes weekly, gets AI autopilot - what could go wrong Microsoft Copilot Email and Teams Summarization Vulnerability Enables Phishing Attacks Perplexity's ‘Personal Computer' Lets AI Agents Access Your Local Files OpenAI Blurs Its Mass Surveillance Red Line With New Pentagon Contract Document Poisoning in RAG Systems: How Attackers Corrupt Your AI's Sources NanoClaw latches onto Docker Sandboxes for safer AI agents Top Google Result for Claude Code is Malicious La guerre, la guerre, c'est pas une raison pour se faire mal! What Is Cyber Warfare? Definition, Doctrine, and Real-World Examples Iran is the first out-loud cyberwar the US has fought Cybercrime isn't just a cover for Iran's government goons Stryker: Pro-Iran hackers claim cyberattack on major US medical device maker A superpower goes offline Souveraineté ou tout ce que je peux faire sur mon terrain Meta to charge advertisers a fee to offset Europe's digital taxes Privacy ou tout ce qui devrait rester à la maison Patrick Breyer: “

Mit dem Smartphone haben wir den Universalschlüssel, um uns überall anzumelden. Aktivieren Sie bei Ihren wichtigen Diensten die Zweifaktor-Authentifizierung. Sie erhalten dann eine SMS, die Sie zusätzlich zum Benutzernamen und Passwort eingeben müssen bei der Anmeldung. Oder Sie generieren einen Zugangscode mit der «Authenticator»-App. Achten Sie darauf, dass diese App Ihre Codes auf einer Cloud synchronisiert (z.B. «Authenticator» von Google oder Microsoft), sonst haben Sie im Falle eines Verlustes des Handys keinen Zugang mehr zu den Diensten.

Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary] https://isc.sans.edu/diary/Differentiating%20Between%20a%20Targeted%20Intrusion%20and%20an%20Automated%20Opportunistic%20Scanning%20%5BGuest%20Diary%5D/32768 CVE-2026-29000: Critical Authentication Bypass in pac4j-jwt - Using Only a Public Key (CVSS 10) https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key FreeScout Help Desk Vulnerability https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc Microsoft Authenticator Not Supported on Graphene OS https://www.heise.de/en/news/GrapheneOS-Microsoft-Authenticator-does-not-support-secure-Android-OS-11200495.html

Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn t supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC1179154 SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026 https://success.trendmicro.com/en-US/solution/KA-0022458 Special Webcast: AirSnitch How Worried Should You Be? https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be

Random authenticator requests can be unsettling. Are you being hacked, or is something else going on? I'll discuss why these alerts might happen, what they really mean, and what to do.

Proton Authenticator - Samsung Galaxy S23 Ultra

2FA Authenticator (2FAS) - Samsung Galaxy S23 Ultra

On Hands-On Tech, Mikah Sargent lists some of his favorite two-factor authenticator apps for listener Stuart and some of the pros and cons using 2FA applications. Send in your questions for Hands-On Tech to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, Mikah Sargent lists some of his favorite two-factor authenticator apps for listener Stuart and some of the pros and cons using 2FA applications. Send in your questions for Hands-On Tech to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, Mikah Sargent lists some of his favorite two-factor authenticator apps for listener Stuart and some of the pros and cons using 2FA applications. Send in your questions for Hands-On Tech to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, Mikah Sargent lists some of his favorite two-factor authenticator apps for listener Stuart and some of the pros and cons using 2FA applications. Send in your questions for Hands-On Tech to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, Mikah Sargent lists some of his favorite two-factor authenticator apps for listener Stuart and some of the pros and cons using 2FA applications. Send in your questions for Hands-On Tech to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Joe has been struggling to get into his email this morning and has been having a tough time this morning trying to get into it because of an 'authenticator' app.

Authenticator-Dienste: Warum sie in der digitalen Transformation unverzichtbar sind 49 % nutzen Authenticator-Dienste, aber nur 18 & sichern mehr als ein Gerät Microsoft will seinen Authenticator abschaffen Die Sicherheit persönlicher und geschäftlicher Daten ist längst kein optionales Feature mehr, sondern eine Voraussetzung für Vertrauen und Compliance. Authenticator-Dienste, etwa in Form …

Authenticator-Dienste: Warum sie in der digitalen Transformation unverzichtbar sind 49 % nutzen Authenticator-Dienste, aber nur 18 & sichern mehr als ein Gerät Microsoft will seinen Authenticator abschaffen Die Sicherheit persönlicher und geschäftlicher Daten ist längst kein optionales Feature mehr, sondern eine Voraussetzung für Vertrauen und Compliance. Authenticator-Dienste, etwa in Form …

Your social media platforms = your storefront! If you're a creator or influencer, your Instagram isn't just for posting pretty pictures. It's your business, your livelihood, your INCOME STREAM. Which means… you need to protect it like you would a physical shop, right? In this episode, I'm walking you through simple, easy-to-implement strategies to keep your Instagram safe from hackers, scams, and sneaky security breaches — so your content (and income) stays in your hands. I'm talking about: ➜ How to create strong, unique passwords (and test their strength)➜ The non-negotiable security setting every creator should turn on ASAP➜ Tools to manage your passwords without losing your mind➜ How to spot and remove shady third-party apps linked to your account➜ Extra tips for travel creators & public Wi-Fi usersLet's keep your platform safe (and "horror" stories free) so you can focus on creating what you love!

En cybersécurité, certaines évidences méritent d'être répétées. En voici une : votre navigateur web n'est pas un coffre-fort. Pourtant, des millions d'utilisateurs continuent d'y stocker leurs identifiants sans se poser de questions. Chrome, Edge, Firefox ou Brave : tous proposent une gestion intégrée des mots de passe, pratique, synchronisée, et rassurante en apparence. Mais derrière ce confort se cache un véritable champ de mines numériques.Le dernier danger en date s'appelle Katz Stealer. Un malware vendu pour quelques dizaines de dollars par mois sur le dark web, accessible même aux cybercriminels amateurs. Son mode opératoire ? D'une simplicité redoutable : il siphonne les identifiants, les cookies, les données bancaires et les tokens d'accès stockés dans les navigateurs, pour les envoyer vers un tableau de bord en ligne. Même les protections récentes de Google, comme le chiffrement lié à l'utilisateur, ne tiennent plus face à cette attaque “masquée”.Ce n'est pas une révolution, mais la banalisation d'un risque majeur. Car tant que vos mots de passe sont gérés par le navigateur lui-même, ils restent exposés aux mêmes failles : extensions malveillantes, sites piégés, infostealers invisibles… et l'absence de chiffrement “zero-knowledge”. Autrement dit, Google ou Microsoft peuvent techniquement accéder à vos données. À l'inverse, les gestionnaires dédiés comme Bitwarden, Keepass ou Proton Pass garantissent un chiffrement local et une vraie séparation des usages.Et le paradoxe, c'est que les géants du web encouragent ce stockage à risque. Microsoft abandonne son gestionnaire sécurisé dans Authenticator au profit d'Edge. Google pousse ses utilisateurs vers les passkeys, mais continue de proposer son gestionnaire intégré comme solution par défaut. Le problème ? Les passkeys ne sont pas encore généralisées, et les navigateurs restent des cibles faciles. Alors si vos identifiants dorment encore dans Chrome ou Edge, c'est peut-être le moment de les migrer. Et de se rappeler qu'en cybersécurité, le confort ne vaut pas la sécurité. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

Columbia University has recently suffered a significant data breach, compromising the personal information of 1.8 million individuals, including social security numbers and financial aid details. The hacker, motivated by political opposition to affirmative action policies, claims to have stolen 460 gigabytes of sensitive data. This incident is part of a troubling trend of politically motivated cyber attacks targeting higher education institutions, particularly following the Supreme Court's decision to bar affirmative action practices in 2023. The limited media coverage of this breach raises concerns about data security and the integrity of academic institutions.In a related development, malware detection has surged by 171% in the first quarter of 2025, according to a report from WatchGuard Technologies. This increase highlights the growing sophistication of cyber threats that are outpacing traditional defenses. The report indicates a staggering 712% rise in new malware threats on endpoints, with the LSASS dumper identified as a leading threat. This trend underscores the need for organizations, especially universities and small businesses, to recognize the escalating risks and adapt their security strategies accordingly.Huntress has announced a collaboration with Microsoft to enhance cybersecurity for businesses, integrating its enterprise-grade solutions with Microsoft environments. This partnership aims to provide essential protections for endpoints and identities, allowing organizations to respond more effectively to cyber threats. Meanwhile, Microsoft is discontinuing the use of its Authenticator app for password storage, prompting users to transition to alternative solutions. This shift emphasizes the need for users to rethink their credential management strategies in light of evolving security practices.The podcast also touches on the implications of recent incidents involving major IT service providers, such as Ingram Micro's ransomware attack, which has raised concerns about vendor trust and supply chain fragility. As vendors face scrutiny following security breaches, the erosion of trust in their products becomes a significant issue for managed service providers (MSPs). Additionally, the discussion includes emerging concepts in artificial intelligence, such as context engineering, and the growing prevalence of AI note-takers in meetings, which raises questions about the balance between technological efficiency and human interaction in the workplace. Four things to know today 00:00 Columbia Breach and Malware Surge Show Why Compliance Alone Fails in Today's Threat Landscape04:19 Huntress and Microsoft Join Forces to Bring Enterprise-Grade Security to SMBs and MSPs07:18 Palo Alto Networks Denies Involvement in Ingram Micro Ransomware Attack08:53 MCP's Universal Plugin Model Could Transform MSP Integration and Governance This is the Business of Tech.    Supported by: https://mspradio.com/engage/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Explore the future of AI integration, Microsoft Cloud updates, and security innovations tailored for the SMB market. In this episode, we dive into the transformative role of AI MCP servers, the latest Microsoft 365 and Teams updates, and practical security and compliance strategies. Whether you're an IT pro, business leader, or tech enthusiast, this episode delivers actionable insights and resources to stay ahead in the Microsoft ecosystem.   Resources CIAOPS Need to Know podcast - CIAOPS - Need to Know podcasts | CIAOPS X - https://www.twitter.com/directorcia Join my Teams shared channel - Join my Teams Shared Channel – CIAOPS CIAOPS Merch store - CIAOPS Become a CIAOPS Patron - CIAOPS Patron CIAOPS Blog - CIAOPS – Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency CIAOPS Brief - CIA Brief – CIAOPS CIAOPS Labs - CIAOPS Labs – The Special Activities Division of the CIAOPS Support CIAOPS - https://ko-fi.com/ciaops Get your M365 questions answered via email What's new in Microsoft Entra – June 2025: Highlights include upcoming support for backing up account names in the Authenticator app using iCloud Keychain Enhancing Defense Security with Entra ID Governance: Discusses how Entra ID Governance strengthens defense sector security What's New in Microsoft Teams | June 2025: Covers new Teams features and enhancements 3.  What's new in Microsoft Intune: June 2025: Summarizes Intune updates including device management improvements Microsoft Intune data-driven management | Device Query & Copilot: Introduces new Copilot-powered device query features Data Breach Reporting with Microsoft Data Security Investigations: Guidance on regulatory breach reporting Modern, unified data security in the AI era: New Microsoft Purview capabilities for AI-driven data protection Safeguarding data with Microsoft 365 Copilot: Focuses on compliance and security in Copilot deployments Protection Against Email Bombs: Microsoft Defender for Office 365 introduces new protections Introducing the Microsoft 365 Copilot App Learning Series: Learning resources for Copilot adoption Making the Most of Attack Simulation Training: Best practices for security training Processing status pane for SharePoint Autofill: New UI enhancements for SharePoint  Introducing the New SharePoint Template Gallery: Streamlined template discovery and usage Planning your move to Microsoft Defender portal: Transition guidance for Sentinel customers Jasper Sleet: North Korean IT infiltration tactics: Threat intelligence update Managing warehouse devices with Microsoft Intune: Real-world Intune use case Integrating Microsoft Learn Docs with Copilot Studio using MCP

Falha grave no site da Centauro expõe dados de usuários, Microsoft Authenticator vai apagar todas suas senhas em 1 mês, polícia prende hacker do pix suspeito de golpe milionário no sistema financeiro, golpistas pagam ao Google pelo disparo de e-mails patrocinados com armadilhas fake dos Correios para fraudes e WhatsApp para iPhone finalmente terá suporte para múltiplas contas no mesmo app.

This MacVoices Live! discussion opens with public service announcements about expanded Anker power bank recalls and Microsoft Authenticator password support—critical updates for user safety and data integrity. The penel honors the late Tim Robertson, a pioneering voice in the Apple community and early podcaster. Then, Chuck Joiner, David Ginsburg, Brian Flanigan-Arthurs, Eric Bolden, Marty Jencius, Jeff Gamet, Web Bixby, and Jim Rea debate Apple's new App Store structure in the EU, examining the implications of tiered developer models, regulatory pressure, and whether Apple's tight control over its platform is justified or overdue for reform. The group also weighs contrasting views on Epic's Tim Sweeney, the role of government oversight, and what Apple's strategic shifts might mean for users and developers alike.  Show Notes: Today's MacVoices is supported by Bzigo. Don't want until the next bit - protect your home with Bzigo. Go to bzigo.com/discount/BUZZ10 to save 10% off. Chapters: 00:07 Introduction and Announcements 06:28 Public Service Announcements 12:02 Remembering Tim Robertson 14:46 Reflections on Community Loss 17:16 Changes to the App Store in the EU 30:08 Discussion on Regulatory Impact Links: Anker extends recall to five more Power Banks worldwidehttps://appleinsider.com/articles/25/07/01/anker-extends-recall-to-five-more-power-banks-worldwide If you're using Microsoft Authenticator to store your passwords, don'thttps://www.engadget.com/cybersecurity/if-youre-using-microsoft-authenticator-to-store-your-passwords-dont-225842265.html Apple announces sweeping App Store changes in the EUhttps://9to5mac.com/2025/06/26/apple-announces-sweeping-app-store-changes-in-the-eu/ Tim Sweeney slams Apple's ‘unlawful' EU App Store changeshttps://9to5mac.com/2025/06/26/tim-sweeney-slams-apples-unlawful-eu-app-store-changes/ Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn. Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him on Twitter, by email at embolden@mac.com, on Mastodon at @eabolden@techhub.social, on his blog, Trending At Work, and as co-host on The Vision ProFiles podcast. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. This is also co-host of The Vision ProFiles podcast. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Chrome Zero-Day CVE-2025-6554 under active attack — Google issues security update International Criminal Court targeted by new ‘sophisticated' attack Kelly Benefits says 2024 data breach impacts 550,000 customers, Esse Health says recent data breach affects over 263,000 patients Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud security teams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attacks with real-time cloud security that includes AI-powered protection, detection and automated response capabilities. Threats are stopped in minutes instead of days, and teams can finally protect cloud environments at the speed and scale of modern attacks. To learn more about how Cortex Cloud stops cloud attacks before they become breaches, visit: paloaltonetworks.com/cortex/cloud-detection-and-response

This week we've got loads of news and loadsa money!North Korean IT workers secretly landed remote jobs at over 100 U.S. tech companies, funneling millions to fund Kim Jong Un's weapons program.  The operation ran for years undetected—until the FBI knocked on the wrong contractor's door.Android 16 is getting a stealthy new feature that alerts users when their phone connects to suspicious cell towers.Think your phone isn't being watched?  Your operating system might soon say otherwise.A massive printer vulnerability affects nearly 700 Brother models and devices from other major brands.Hackers can bypass admin passwords with nothing but a serial number—guess what's sitting unsecured in your office?Microsoft is phasing out passwords in its Authenticator app, starting a full pivot to biometrics and passkeys.  You've got until August 2025 before your autofill feature goes dark.The NIH now requires that all taxpayer-funded research be freely available the moment it's published.  In a surprise move, the Trump administration just fast-tracked open science—seriously.  What?Dozens of pro-Scottish independence X accounts suddenly went dark after Israeli strikes crippled Iranian cyber infrastructure.  Turns out, your favorite “local activist” might have been powered by Tehran.Facebook wants permission to scan your unposted camera roll photos using Meta AI for creative suggestions.  Say "yes", and you're handing over your private moments—whether you shared them or not.Meta just launched a new AI superlab and is throwing around $10M pay packages to build it.  Zuckerberg's not just building chatbots—he's recruiting an AI dream team.Loadsa everything.  Let's go get rich!Find the full transcript to this podcast here.

North Korean IT Worker Fraud Scheme:The U.S. Department of Justice uncovered a covert North Korean operation involving IT workers fraudulently securing remote jobs at over 100 American tech companies using stolen or fake identities. These workers operated within U.S.-based "laptop farms" and created shell companies to obscure over $5 million in illicit earnings. Funds were funneled to the North Korean government, supporting weapons development. The scheme also involved data theft, including sensitive source code from a U.S. defense contractor.Android 16 Anti-Surveillance Feature:Android 16 introduces a “network notification” security upgrade that alerts users when their device connects to suspicious or unencrypted cell networks. It specifically guards against fake cell towers, such as stingray devices, by warning users about network requests for identifiers or lack of encryption, enhancing protection from mobile surveillance and forced downgrades to insecure protocols.Critical Printer Vulnerabilities:Rapid7 researchers identified eight major vulnerabilities affecting printers from Brother, Ricoh, Toshiba, Konica Minolta, and Fujifilm. The most critical flaw (CVE-2024-51978) lets remote attackers bypass admin authentication by exploiting a companion vulnerability (CVE-2024-51977) that reveals the printer's serial number—used to generate default admin credentials. This enables unauthorized reconfiguration and access to stored sensitive documents.Microsoft Authenticator Password Phase-Out:Microsoft will remove password autofill and access features from its Authenticator app starting July 2025. The move supports a transition to passwordless sign-ins using biometrics (e.g., facial recognition, fingerprints) and passkeys, aligning with industry shifts toward stronger, phishing-resistant authentication methods.NIH Open-Access Research Mandate:A new U.S. NIH policy mandates that all taxpayer-funded research be freely accessible upon publication. This accelerates an open-access directive initiated under Biden and implemented during the Trump administration. The policy enhances public access to scientific discoveries and may enable AI tools to help interpret complex studies for broader audiences.Pro-Scottish Independence Account Shutdowns:On June 12, multiple X (formerly Twitter) accounts advocating for Scottish independence vanished in sync with an Israeli cyber strike on Iran. The timing and scope of internet outages in Iran imply that the accounts were likely Iranian-run disinformation tools designed to destabilize the UK under the guise of grassroots political advocacy.Facebook Camera Roll Upload Concerns:Facebook is asking users to opt in to uploading unshared photos from their camera roll to Meta's servers to enable AI-generated content (e.g., collages). While Meta states that content remains private and isn't used for advertising, users must accept AI Terms that permit facial recognition, retention of loosely defined personal data, and potential human review—raising serious privacy concerns over intimate, unshared images.Meta's AI Superlab Push:Meta has launched “Meta Superintelligence Labs” and is heavily investing in top AI talent, reportedly offering compensation packages in the $10 million range. This underscores Meta's ambition to lead in high-end AI development, marking its entry into the elite tier of the global “AI arms race” beyond consumer-facing chatbots.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have a realistic, high impact action for you to take today to boost your practice security: set up two-factor authentication (2FA).  We discuss: What 2FA is and why it's so useful Where we recommend having 2FA set up How Google Authenticator works for 2FA and why we love it How to set up and use Google Authenticator Action steps to take today to boost practice security with 2FA Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources

In this episode, Anna Rose and Tarun Chitra catch up with Kostas Kryptos from Mysten Labs to explore the latest ZK innovations being built on Sui. Kostas shares updates on zkLogin and introduces zkAt (ZK Authenticator), a new research project enabling programmable and updatable access control for accounts where Groth16's trusted setup and the generated toxic waste is used in a very novel way.  This discussion also covers Sui's ambitious plans to become quantum-ready, including their innovative approach to transitioning existing EdDSA accounts to post-quantum security using STARKs without requiring users to change their addresses. They touch on ZK Tunnels, working with the Greek stock market, and how ZK is breaking out of the  web2/web3 paradigm. Related links: Episode 257: Proof of Solvency with Kostas Chalkias Episode 302: ZK for web2 interop with zkLogin & ZK Email Episode 363: Bringing ZK to Google Wallet with Abhi and Matteo Zero-knowledge Authenticator for Blockchain: Policy-private and Obliviously Updateable zkLogin All About Account Abstraction Zengo Crypto Wallet Trusted Setup Ceremony Check out the latest jobs in ZK at the ZK Podcast Jobs Board.  **If you like what we do:** * Find all our links here! @ZeroKnowledge | Linktree * Subscribe to our podcast newsletter * Follow us on Twitter @zeroknowledgefm * Join us on Telegram * Catch us on

Microsoft are removing passwords from Microsoft Authenticator in 6 weeks time

Send us a textLosing your OTP or access to Amazon Seller Central can cost sellers serious time. This video breaks down how to recover your account and prevent future login problems. Includes steps for better 2FA setup, security tips, and tools like  Authenticator.Need help securing your Amazon account or getting back in? https://bit.ly/44uHuaR#AmazonSeller #SellerCentral #AmazonAccountHelp #TwoStepVerification #FBAHelpWatch these videos on YouTube:Simple Trick to Cut PPC Costs https://www.youtube.com/watch?v=k5CM6XtYo1c&list=PLDkvNlz8yl_YEKE1B5o1uhbBm1QQcPzmY&index=39How to Increase IPI https://www.youtube.com/watch?v=TMysF_XACdQ&list=PLDkvNlz8yl_b5s-jb7KgPe-aPWP47jZIL-------------------------------------------------Struggling with ads? Download our free PPC guide made for Amazon sellers: https://bit.ly/4kjWmgQWant better rankings? Grab the free Amazon SEO toolkit and start fixing your listings: https://bit.ly/3GW5zxMTimestamps00:00 – What To Do If You Lose Your OTP Code00:30 – Common Mistakes When Setting Up OTP01:20 – Account Recovery Using Amazon.com Login02:00 – Required Documents for OTP Reset03:00 – Manual Review Process by Amazon Security04:00 – Better Ways to Set Up Account Security05:10 – How to Use an Authenticator App06:00 – Using 1Password or LastPass for OTP07:00 – Why All Amazon Sellers Should Update OTP Settings-------------------------------------------------Follow us:LinkedIn: https://www.linkedin.com/company/28605816/Instagram: https://www.instagram.com/stevenpopemag/Pinterest: https://www.pinterest.com/myamazonguys/Twitter: https://twitter.com/myamazonguySubscribe to the My Amazon Guy podcast: https://podcast.myamazonguy.comApple Podcast: https://podcasts.apple.com/us/podcast/my-amazon-guy/id1501974229Spotify: https://open.spotify.com/show/4A5ASHGGfr6s4wWNQIqyVwSupport the show

In this episode of The Tech Jawn, we discuss…If Mobile Payments Are Yet A Thing, Microsoft phasing out Auhthenticator's password manager, Apple no longer being able to collect 3rd party app store fees, and no more Temu items from China.Hosts:Robb Dunewood – @RobbDunewoodStephanie Humphrey – @TechLifeStephTerrance Gaines – @BrothaTechStories Mentioned:Robb shows his Father-In-Law how to make mobile payments -- Read MoreMicrosoft phases out Authenticator's password manager — Read MoreApple can no longer collect 3rd party app store fees — Read MoreTemu stopped shipping items from China to the US -- Read MoreSupport The Tech Jawn by becoming a Patron – https://thetechjawn.com/patreon Hosted on Acast. See acast.com/privacy for more information.

Steganography Challenge Didier published a fun steganography challenge. A solution will be offered on Saturday. https://isc.sans.edu/diary/Steganography+Challenge/31910 Microsoft Makes Passkeys Default Authentication Method Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/ Microsoft Authenticator Autofill Changes Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6 Backdoor found in popular e-commerce components SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point. https://sansec.io/research/license-backdoor

Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Microsoft Authenticator is not necessarily two-factor authentication, but the two do share one important characteristic: the need to prepare for loss.

Protect your credit, protect your identity, and keep your money safe online. You can easily freeze your credit with each of the 3 credit bureaus to ensure no one can open accounts in your name. You don't need to pay for credit monitoring service in most cases or pay to know your credit score. It's very simple and easy to quickly unfreeze your credit before applying for a new credit card or mortgage. Also use unique passwords, stored securely and two-factor authentication (preferably on an Authenticator app over receiving a text code) for all your accounts. Active duty alerts on your credit report is NOT as helpful as actually freezing your credit. Links:  Annual Credit Report (free report, no cost, no catch) Freeze your credit w/ Experian Freeze your credit w/ TransUnion Freeze your credit w/ Equifax For a limited time, Spencer is offering one-on-one Military Money Mentor sessions! Get your personal military money and investing questions answered in a confidential coaching call. Our new TSP course is live! Check out the Confident TSP Investing course at militarymoneymanual.com/tsp to learn all about the Thrift Savings Plan and strategies for growing your wealth while in the military. Use promo code "podcast24" for $50 off. Plus, for every course sold, we'll donate one course to an E-4 or below- for FREE! If you have a question you would like us to answer on the podcast, please reach out on instagram.com/militarymoneymanual or email podcast@militarymoneymanual.com. If you want to maximize your military paycheck, check out Spencer's 5 star rated book The Military Money Manual: A Practical Guide to Financial Freedom on Amazon or at shop.militarymoneymanual.com. I also offer a 100% free course on military travel hacking and getting annual fee waived credit cards, like The Platinum Card® from American Express, the American Express® Gold Card, and the Chase Sapphire Reserve® Card in my Ultimate Military Credit Cards Course at militarymoneymanual.com/umc3. Learn how to get your annual fees waived on premium credit cards from American Express in the Ultimate Military Credit Cards Course at militarymoneymanual.com/umc3. The Platinum Card® from American Express and the American Express® Gold Card waive the annual fee for active duty military servicemembers, including Guard and Reserve on active orders over 30 days. The annual fees on all personal Amex cards are also waived for military spouses married to active duty troops.  

In the latest episode Jae & Nell are back to discuss a gang of topics this week with a special guest. To skip past the opening music set got to (7:07)IThe crew opens the podcast talking about their Thanksgiving plans. They also hit the following topics: -How soon is too soon to go public? -The Pentagon has failed its seventh consecutive financial audit, unable to fully account for its $824 billion annual budget and $3.8 trillion in assets.-Piss poor: Inside the ‘sloppy' practices of a military urinalysis lab -Homelessness among veterans drops to record low levels -President-elect Donald Trump confirmed plans to declare a national emergency to carry out mass deportations of undocumented migrants, pledging to launch the largest deportation program in U.S. history on his first day in office. -Malcom X daughters sue CIA -UMD medical school is giving a small number of full-tuition scholarships to students who commit to working on the Eastern Shore for four years after becoming doctors -Stock X admits Authenticator's can't determine fakes from authentics -Instagram lets you reset explorers page -Inside the NBA coming to ESPN -Mike Tyson vs. Jake Paul results(65 million world wide concurrent viewers) -Beyoncé doing Ravens vs Texans halftime show  -25 modern-era players named as semifinalists for Pro Football Hall of Fame Class of 2025   and a myriad of other topics and more!!……. Click the link in our Instagram bio @TheJaeAndFriendsPodcast Songs: Quiet Storm- Mobb Deep Feat. Lil Kim (Intro) LEFT EYE - Honey Bxby (Intro) make it hot - Capella Grey (Intro) Come On Over - Mai Lee (Outro) Credits: Created by: J. Williams Executive Producers: J. Williams, A. Williams Associate Producers: J. Williams. D. Hudgins Creative Director: J. Williams Subscribe on YouTube - https://bit.ly/JFPYTSub Follow on the official podcast IG page - https://bit.ly/TheJFPIGpage Jae's Instagram - https://bit.ly/JaeIGpage

Kerry Lutz and Joseph Kelly engaged in an in-depth discussion regarding the security and custody of Bitcoin, particularly focusing on self-directed IRAs and the evolving role of custodians like Fortis. They addressed vulnerabilities such as SIM swapping and the inadequacies of traditional SMS authentication, advocating for more secure alternatives like Authenticator apps. The conversation emphasized the significance of secure custody models, highlighting Unchained's proactive measures, including multi-sig and collaborative custody, to protect client assets. They also warned against phishing threats and stressed the importance of vigilance in security practices. Additionally, Joseph detailed the onboarding process for self-directed IRAs, including account setup steps, pricing, and the company's commitment to client education. Kerry expressed appreciation for Joseph's insights and encouraged further engagement for those seeking more information, while also acknowledging the challenges of adapting to evolving security measures and the necessity of delivering value to clients. Find Joe here: unchained.com Find Kerry here: FSN  and here: Inflation.Cafe

This week we put our security expert* hats back on to talk about the latest hotness in login technology, passkeys. Find out how passkeys work, how they enable you to login without a password, which major platforms are supporting them, and where and how you should manage them. We also do a quick update on more traditional time-based authenticator apps, including the recent Authy data breach, and then -- whaddaya know, it's our 250th episode! -- we also reflect a little on a momentous five years of doing this podcast.*not actual security experts Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

Apple releases updates to its beta software, including two versions of macOS Sequoia. Upcoming changes to Gatekeeper security will make it more difficult to run third-party software that hasn't been approved by Apple. A bug in Microsoft Authenticator, the two factor authenticating tool, locks users out of accounts. And Apple sells out of a popular piece of hardware. Show Notes: Apple removes Control-click option for skipping Gatekeeper (in macOS Sequoia beta) macOS Sequoia adds weekly permission prompt for screenshot and screen recording apps Hands-On With Safari's New Distraction Control in the iOS 18 Beta Apple's Old-School SuperDrive Is Out of Stock and Unlikely to Return Don't buy? — Amazon Introduces Record Low Prices on Every iPad Mini, Starting at $379.99 Report finds macOS fares worse than Windows and Linux at preventing cyber attacks Google Ads used to distribute Mac malware disguised as ‘Loom' app Google Loses DOJ Antitrust Suit Over Search Apple Thinks Bing is Pretty Bad Google Chrome will let you send money to your favourite website Twilio kills off Authy for desktop, forcibly logs out all users Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.

How did we go from secret handshakes to digital codes? Explain “something you know, something you have, and something you are”. Where was the first computer password invented? Why are SMS codes considered not that secure? Which former CIA director had their phone compromised via a teenage phone hack? ... we explain like I'm five Thank you to the r/explainlikeimfive community and in particular the following users whose questions and comments formed the basis of this discussion: aschentei, nottherealslash, elskerelks, mazaru , dissentologist and trueeyes To the ELI5 community that has supported us so far, thanks for all your feedback and comments. Join us on Twitter: https://www.twitter.com/eli5ThePodcast/ or send us an e-mail: ELI5ThePodcast@gmail.com

Adobe tip, ClipChamp, MS Authenticator, Learn DMARC, Eenpass, Mailjet

Pre-Loved Podcast is a weekly vintage fashion interview show, with guests you'll want to go thrifting with! For more Pre-Loved Podcast, subscribe to our Patreon! On today's show, we're chatting with Dominik Halas, the Master Authenticator of Vintage for the RealReal. Dominik has been collecting, renting and reselling designer archive collections— primarily Helmut Lang, Yohji Yamamoto and the early work of Hedi Slimane— for over a decade. He now lends his vintage and archival expertise to The RealReal's New York office, and his work at The RealReal and vintage expertise was featured in The New York Times at the end of 2022. Now, I mentioned Manhattan Vintage, which if you're not familiar is a vintage wonderland convening 90+ dealers featuring collections from every era, style, and it's a true New York City spectacle.  This February Show kicks of a partnership between the RealReal and Manhattan Vintage, and you heard it here first on Pre-Loved Podcast.  I'll link an episode in the shownotes that I did with the Manhattan Vintage co-owner, Amy Abrams, who – as you're listening to this today (January 29) actually has a ‘Tastemaker Edit' launching on therealreal.com of her favorite rare vintage items. Additionally, The RealReal will present a curated selection from its newly launched Rare Finds category at the Winter Show, offering shoppers an array of its most storied and often one-of-a-kind vintage pieces. Tune in to get a sneak preview of some of the incredibly rare pieces that will be at the show this weekend.  It's a really fun episode today, so let's dive right in!  DISCUSSED IN THE EPISODE: [3:26] Growing up in then Czechoslovakia, Dominik discovered an early love for fashion.  [8:41] Dominik started collecting via Japanese reseller forums. [10:11] His journey to the RealReal. [16:03] Working on the 20,000+ piece vintage collection of Keni Valenti. [18:21] The RealReal is partnering with the Manhattan Vintage winter show, brining some of their most storied and one-of-a-kind pieces from their Rare Finds collection. [23:02] Vintage has grown to the point where there are now trends in vintage.  [25:27] Dominik's personal fashion archive, featuring a lot of Helmut Lang, Yohji Yamamoto and the early work of Hedi Slimane. [29:46] The wildest length's Dominik has gone to for a piece for his collection. [31:20] An exclusive preview at the Rare Finds that will be at Manhattan Vintage. EPISODE MENTIONS:  The RealReal @dominikhalas “He Helps the RealReal Keep It Real” from the NYTimes Manhattan Vintage @thevintageshow Pre-Loved Podcast with Amy Abrams Walk Your Values: a NYFW Vintage Runway Show 2007 Hedi Slimane Keni Valenti Johnny Petrizino (@johnnypet and @parlourhairstudio) Alessandra Canario on Pre-Loved Podcast @allybirdvintage Bill Cunningham New York Yohji Yamamoto SS97 Yves Saint Laurent Rive Gauche by Hedi Slimane (1997-2000) The Alexander McQueen hair label LET'S CONNECT: 

In the latest installment of Guest Submissions, we're diving in on one of the hobby's most fascinating niches – graded tickets. For this in-depth conversation, we bring in Principal Ticket Authenticator Matt Fuller, whose years as a learning and growing collector in the space led him to his current role at PSA. Matt discusses his own ticket collecting journey, what he's added to his expertise about tickets since joining PSA and much more.

What if you could have a secure password generated fresh each time you need it? Authenticator apps do just that. Tom explains how.Featuring Tom Merritt.Full episode transcript here. Hosted on Acast. See acast.com/privacy for more information.

Steve and Katie speak with Dr. Carina Popovici, CEO and Founder of Art Recognition, an art and technology startup that uses AI systems to evaluation the authenticity of artworks. They discuss the problems with authentication in the traditional art market and the promise and limitations of AI in solving these problems along with some real-world examples.   Notes for this episode: http://artlawpodcast.com/2023/09/06/ what-can-artificial-intelligence-offer-art-authentication/   Follow the Art Law Podcast Instagram: https://www.instagram.com/artlawpodcast/ TikTok: https://www.tiktok.com/@artlawpodcast

iPhone 15 Pro's design, colors, and feature rumor roundup, potential tweaks for Wallet and Find My in iOS 17, possible limitations on sideloading. Apple's plans to expand their health services with mood tracking and a new journaling app.Contact our hosts@stephenrobles on TwitterStephen on Mastodon@Hillitech on TwitterWes on MastodonSponsored by:Headspace: Get a FREE one-month trial with access to the entire Headspace library! Visit headspace.com/appleinsider30 to learn more.Notion: Try out the incredible power of Notion AI today! For a limited time, try Notion AI for free when you visit: notion.com/appleinsiderLinks from the showApple might limit iOS sideloading when it releases in iOS 17iOS 17 might have tweaks for Wallet and Find MyApple's iOS 17 changes will affect the lock screen againRumor: iPadOS 17 will have a special version for larger iPadsJudge upholds Apple's victory in App Store antitrust ruling iPhone 15 Pro: Rumors, design, colorsApple to expand Health services to include mood and eye trackingMysk Tweet on Google AuthenticatorGoogle adds syncing to its Authenticator security appReview: Apple Watch is beautiful, but rough around the edgesFitness Stats on the App StoreSupport the showSupport the show on Patreon or Apple Podcasts to get ad-free episodes every week, access to our private Discord channel, and early release of the show! We would also appreciate a 5-star rating and review in Apple PodcastsMore AppleInsider podcastsTune in to our HomeKit Insider podcast covering the latest news, products, apps and everything HomeKit related. Subscribe in Apple Podcasts, Overcast, or just search for HomeKit Insider wherever you get your podcasts.Subscribe and listen to our AppleInsider Daily podcast for the latest Apple news Monday through Friday. You can find it on Apple Podcasts, Overcast, or anywhere you listen to podcasts.Podcast artwork from Basic Apple Guy. Download the free wallpaper pack here.Those interested in sponsoring the show can reach out to us at: steve@appleinsider.com (00:00) - Intro (01:50) - iOS 17 Rumors (10:21) - iOS 17 Sideloading (17:48) - iCloud Drive Wish (22:12) - Sponsor: Headspace (24:27) - iPadOS 17 Leak (29:00) - iPhone 15 Rumors (36:10) - Sponsor: Notion (38:15) - Health + Journaling (52:08) - Google Authenticator (53:30) - Apple Watch Anniversary (57:24) - CarPlay ★ Support this podcast on Patreon ★

Meta reported earnings that surprised investors in the good way. But that doesn't mean they're backing off the Metaverse. Global smartphone shipments continue to plummet. Might congress ban children from social media? Amazon gets out of the health tracker business. And the interesting way that rejection of the Microsoft Activision deal is using a somewhat novel argument.Sponsors:Miro.com/podcastShopify.com/rideLinks:Facebook Parent Meta Platforms Sees First Sales Increase in Nearly a Year (WSJ)Meta beats revenue expectations, remains committed to metaverse (TechCrunch)Smartphone Market woes continue with 14.6% Drop in first quarter this year, According to IDC Tracker (IDC)Senators unveil bipartisan legislation to ban kids under 13 from joining social media platforms (CNN Business)Amazon shuts down Halo division and discontinues all devices (The Verge)Google on why Authenticator sync isn't E2E encrypted, but option coming later (9to5Google)Microsoft's $69 Billion Deal Tripped Up by Niche Gaming Market (Bloomberg)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.