Computer password management utility
POPULARITY
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
RAT Dropped By Two Layers of AutoIT Code Xavier explains how AutoIT was used to install a remote admin tool (RAT) and how to analyse such a tool https://isc.sans.edu/diary/RAT%20Dropped%20By%20Two%20Layers%20of%20AutoIT%20Code/31960 RVTools compromise confirmed Robware.net, the site behind the popular tool RVTools now confirmed that it was compromised. The site is currently offline. https://www.robware.net/readMore Trojaned Version of Keepass used to install info stealer and Cobalt Strike beacon A backdoored version of KeePass was used to trick victims into installing Cobalt Strike and other malware. In this case, Keepass itself was not compromised and the malicious version was advertised via search engine optimization tricks https://labs.withsecure.com/publications/keepass-trojanised-in-advanced-malware-campaign Procolored UV Printer Software Compromised The official software offered by the makers of the Procolored UV printer has been compromised, and versions with malware were distributed for about half a year. https://www.hackster.io/news/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3 https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads
Dans cet épisode du Déclic Numérique DSI et des Hommes, nous plongeons dans l'univers des mots de passe : pourquoi ils sont essentiels, comment ils se font souvent pirater et surtout comment les rendre plus sûrs. À travers des anecdotes, des statistiques récentes et des recommandations de sécurité, nous partageons des conseils concrets pour protéger vos comptes. Des outils pratiques comme KeePass et Bitwarden, aux passphrases longues et mémorables, vous aurez toutes les clés pour renforcer votre sécurité en ligne. À la fin, un petit bonus : une réflexion sur l'avenir des mots de passe et des solutions comme l'authentification multifactorielle.Sources citées :ANSSI - Recommandations de sécurité relatives aux mots de passe : https://www.ssi.gouv.fr/guide/recommandations-de-securite-relatives-aux-mots-de-passe/CNIL - Générer un mot de passe solide : https://www.cnil.fr/fr/generer-un-mot-de-passe-solideMalwarebytes - Qu'est-ce qu'une passphrase ? : https://www.malwarebytes.com/fr/cybersecurity/basics/what-is-passphraseBitwarden - Meilleures pratiques de sécurité des mots de passe : https://bitwarden.com/help/secure-passwords/Vumetric - Meilleures pratiques pour sécuriser vos mots de passe : https://www.vumetric.com/fr/blogue/top-password-security-meilleures-pratiques/----------------------------------DSI et des Hommes est un podcast animé par Nicolas BARD, qui explore comment le numérique peut être mis au service des humains, et pas l'inverse. Avec pour mission de rendre le numérique accessible à tous, chaque épisode plonge dans les expériences de leaders, d'entrepreneurs, et d'experts pour comprendre comment la transformation digitale impacte nos façons de diriger, collaborer, et évoluer. Abonnez-vous pour découvrir des discussions inspirantes et des conseils pratiques pour naviguer dans un monde toujours plus digital.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
Season 23 of the Building Better Developers podcast kicks off with a focus on building better habits. The first episode covers a critical topic for developers and tech enthusiasts: security awareness. Hosted by Rob Broadhead and Michael Meloche, the episode stresses the need for vigilance. In today's rapidly evolving digital world, staying aware is more important than ever. A Shift Toward Actionable Advice The hosts emphasize that this season will be more actionable than ever. Unlike the last season that focused on the developer journey, Season 23 targets building better habits. These habits promote more effective and responsible development practices. Each episode will cover specific skills, tools, or behaviors. Developers will learn how to integrate these into their daily routines. Security awareness, the focus of this episode, is a vital habit. It directly impacts both personal and professional data security. Action Item: schedule at least 30 minutes to explore security awareness. Use a search engine to find security awareness tools or vendors, many of which offer free content or trial periods. This will help you stay updated on the latest scams and security threats. Why Security Awareness is Crucial Security threats are more common than ever. Phishing scams and social engineering are just a few hacker tactics. Hackers have many methods to exploit vulnerabilities. Rob explains that developers may feel confident spotting threats. However, even tech-savvy individuals can fall for well-executed scams. Security awareness isn't just for IT professionals; it's for everyone. Those in technical fields may assume they're immune, but they're not. Rob shares a story to illustrate the importance of security awareness. He received a suspicious email from what appeared to be a legitimate state tax office. At first, it seemed like a scam. After thorough research and contacting the organization, it turned out to be a valid notice. This example shows that, even when cautious, it's crucial to verify suspicious communications before taking action. Taking Security Awareness Seriously Instead of a daily habit challenge, Rob suggests scheduling regular security check-ins. He recommends doing this throughout the year. Set aside time every few months to review your security posture. This includes both personal and organizational security. These check-ins could involve: Updating passwords Reviewing email security alerts Exploring the latest security awareness tools or vendors Rob notes that many security awareness vendors offer free resources or trial periods. These vendors frequently update their content with the latest scam and threat information, making it easier to stay informed. He mentions well-known providers like KnowBe4, Mimecast, and INFOSEC. All of these offer accessible programs to help individuals and organizations stay current on emerging threats. Key Steps for Developers Michael offers valuable insights by suggesting developers use secure password managers like KeePass or LastPass. These tools help store credentials safely. He stresses the importance of regularly reviewing and updating passwords, especially for financial accounts. Michael warns against reusing passwords across different platforms. This common mistake can lead to widespread vulnerability if one account is compromised. Another key security tip is to use multi-factor authentication (MFA) whenever possible. Rob and Michael both agree that MFA provides an essential layer of protection. It helps prevent unauthorized access, even if login credentials are compromised. For businesses, Michael advises checking industry-specific security requirements to ensure compliance with regulations. This is especially important in sectors like healthcare and finance, where security breaches can have legal and financial consequences. The Role of Technology in Building Better Security Awareness Habits Developers are uniquely positioned to integrate security into their daily work. Whether implementing MFA in an app or securing dependencies with tools like OWASP, security should be a habit—not an afterthought. Rob emphasizes that even if security isn't your main focus, regular check-ins are essential. Ongoing education can help prevent security vulnerabilities from becoming serious issues. Rob shares additional resources for developers looking to improve their security practices. Tools like OWASP help developers identify and fix vulnerabilities in third-party dependencies, integrating security into the development process. For more structured programs, vendors like INFOSEC and NinjaO offer comprehensive security awareness training tailored for both businesses and developers. Final Thoughts The episode encourages developers to adopt security habits as part of their routine. Rob and Michael suggest starting with simple steps. Subscribe to security awareness vendors and set regular reminders for security reviews. Security awareness is an ongoing responsibility. Staying informed and vigilant protects both personal data and organizational systems. As Season 23 progresses, more practical advice will be shared. This guidance will help you build essential habits to enhance your career and safeguard your future. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Cybersecurity Best Practices Improve Security Awareness – Interview With Tyler Ward Organization Security Tips and Tricks Security Assessments – Find Your Vulnerabilities The Developer Journey Videos – With Bonus Content
Les références : L'association Exodus Privacy La BD Datamania - Le grand pillage de nos données personnelles par Audric Gueidan, éditions Dunot, 2023 La plateforme d'audit de la vie privée des applications Android Exodus L'application libre pour Android Exodus Le kit smartphones et vie privée pour animer un atelier réalisé par Exodus Privacy Le site de l'Agenda du Libre pour chercher un événement de sensibilisation aux enjeux de la vie privée sur Internet et/ou au logiciel libre près de chez vous. Une carte est également disponible La page Wikipédia du gestionnaire libre de mots de passe KeePass Pour aller plus loin (il n'a pas été cité dans l'émission, mais nous estimons utile de le mentionner ici) : Guide d'autodéfense numérique, éditions Tahin Party, édition actualisée en 2023 ; disponible également en ligne et en téléchargement. Autres émissions Réécoutez la présentation de l'association Exodus Privacy dans l'émission Libre à vous ! du 8 mars 2022 Écoutez l'interview d'Audric Gueidan dans le podcast Projets Libres du 25 juin 2024Vous pouvez mettre un commentaire pour l'épisode. Et même mettre une note sur 5 étoiles si vous le souhaitez. Et même mettre une note sur 5 étoiles si vous le souhaitez. Il est important pour nous d'avoir vos retours car, contrairement par exemple à une conférence, nous n'avons pas un public en face de nous qui peut réagir. Pour mettre un commentaire ou une note, rendez-vous sur la page dédiée à l'épisode.Aidez-nous à mieux vous connaître et améliorer l'émission en répondant à notre questionnaire (en cinq minutes). Vos réponses à ce questionnaire sont très précieuses pour nous. De votre côté, ce questionnaire est une occasion de nous faire des retours. Pour connaître les nouvelles concernant l'émission (annonce des podcasts, des émissions à venir, ainsi que des bonus et des annonces en avant-première) inscrivez-vous à la lettre d'actus.
In this episode of Exploit Brokers, we dive into a significant new threat spreading across the web—Trojan malware hidden in malicious browser extensions. These sneaky extensions are distributed through fake download sites mimicking popular software like Roblox FPS Unlocker, YouTube, VLC, or KeePass. We'll discuss how these Trojans operate, how they've compromised over 300,000 users, and what steps you can take to protect yourself. Stay informed about the rising tide of digital crime and malware as we explore the dark side of the internet. Don't forget to like, subscribe, and hit the bell icon to stay updated on the latest in cybersecurity. If you're listening on a podcast platform, please leave us a review! Hashtags: #CyberSecurity #MalwareAlert #BrowserExtensions #TrojanMalware #DigitalSafety #ExplorerBrokers #TechNews #DataBreach #InternetSafety #Hacking #OnlineSecurity #MalwarePrevention #TechTalks ## Follow us: https://follow.exploitbrokers.com ## Sources Reason labs: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Broadcom makes an offer to give us vmware for free, with an asterisk. Ubuntu is already looking at how to polish the 24.10 release, The Raspberry Pi Foundation releases the official NVMe hat, and Winamp has an announcement. A Debian maintainer made a questionable call regarding KerPassXC, and CIQ makes the case that all vendor kernels are insecure. Then, for tips we have uxplay for airplay on Linux, cd - for quick directory flipping, more spring cleaning, and pkg-config for a scriptable way to check for dependencies. The show notes are at https://bit.ly/3V9CCmI and enjoy the show! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Jeff Massie, and Ken McDonald Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
In this week's show, I discuss CLEAR's intrusive privacy policy and highlight alternatives to Authy using KeePass, with a privacy friendly solution for scanning QR codes. I also address the common mistakes people make when backing up their MFA codes. Additionally, I share some of the highlights from attending the SANS OSINT Summit in Washington, D.C., and explore various uses for custom domain names. Finally, I touch on the Starbucks app and the benefits of using Tello for pre-paid SIM cards.Follow on Twitter (X): @privacypodSupport the show: https://www.patreon.com/TheLockdownThis episode was recorded on March 14, 2024In this week's episode:CLEAR Privacy and Selling SoulsAuthy discontinues the desktop app from March 19th, 2024Alternative MFA solutions using KeepassXC and KeepassDXStoring backup MFA codes in a Veracrypt containerMake sure you keep scanned copies of your credit cards and ID!Update on the SANS OSINT SummitAlternative to Mint Mobile with TelloUsing the Starbucks app privatelyCustom domain namesShow Links:CLEAR Security Breach: https://www.youtube.com/watch?v=i0I0BTtnMC4OSINT Combine Free Tools: osintcombine.com/freetoolsWhatsmyname: https://whatsmyname.app/Tello: https://tello.com/QR Scanner (PFA) by Secuso Research Group: https://secuso.aifb.kit.edu/english/QR_Scanner.phpSkull Games: https://skullgames.io/Trace Labs: https://www.tracelabs.org/Expired Domains: https://www.expireddomains.net/deleted-domains/"The right to be left alone is indeed the beginning of all freedom."- Supreme Court Justice William O. Douglas
In this week's episode, it's time to wrap up 2023 with another look at Privacy.com, and my strategies for avoiding bank account lockout. I delve into the CIA Triad, breaking down its relevance to everyday privacy concerns. The episode also takes a practical turn with a guide on using FindMyDevice on GrapheneOS, and the FindMyDevice feature on the Garmin Instinct 2 watch for tracking lost phones.I also tackle the debate between biometric authentication and passcodes, taking our threat model into consideration. For those interested in storage synchronization solutions, I discuss using Nextcloud for a variety of purposes, including photo backups, syncing Keepass, and markdown notes, highlighting its versatility for privacy.Join me for an episode packed with valuable insights and tips for enhancing your digital privacy and security as we welcome in 2024!This episode was recorded on January 3, 2024Follow Ray on Twitter @privacypodIn this week's episode:1. Closing 2023 with Privacy.com2. How the CIA Triad Relates to privacy3. Tracking Lost Phones with FindMyDevice on GrapheneOS and a Garmin watch4. Biometric authentication vs Passcodes5. Using Nextcloud for photo backups, Keepass Sync, and taking notes in Markdown6. Backups with Backblaze B2 and ResticShow Links:https://www.privacy.comhttps://strongboxsafe.comhttps://www.keepassdx.comhttps://grapheneos.orghttps://gitlab.com/Nulide/findmydevicehttps://obsidian.mdhttps://www.backblaze.com/cloud-storagehttps://restic.nethttps://www.garmin.com/en-US/p/775697Ray Ban Meta News: https://san.com/cc/investigation-into-new-meta-smart-glasses-brings-privacy-concernsMusic: The Lockdown"We suffer more often in imagination than in reality." - Seneca
James Dyer and Jack Chapman of Egress join to discuss "Cybercriminals don't take holidays: How bad actors use this two-step phishing campaign to weaponize out-of-office replies." Dave and Joe share some listener follow up from Ron, who has a suggestion about registration specific email accounts. Joe has two stories this week, one where he shares some good news on a scammer who received some justice after taking part in a $66K romance scam. His second story is on social media and how it is a breeding ground for scammers. Dave's story this week follows how Google-hosted malvertising leads to a fake keepass site that looks genuine. Our catch of the day comes from our very own editorial staff who share an interesting email they received from the infamous National Security Department. Links to the stories: N.J. man sentenced to prison for taking part in $66K romance scam Social media: a golden goose for scammers Google-hosted malvertising leads to fake Keepass site that looks genuine Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
This week Dr. Doug talks: Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, expert commentary from suspected Chicken Man accomplice Aaran Leyland, and More on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-335
Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-335
This week Dr. Doug talks: Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, expert commentary from suspected Chicken Man accomplice Aaran Leyland, and More on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-335
Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-335
Article: KeePassXC - Cross-platform Password Manager. Article: KeePassXC Application Security Review Supporting Article: KeePassXC Release 2.7.4 Supporting Article: KeePassXC Release 2.7.5 Article: KeePassXC: User Guide. Article: Magic (cryptography). Article: Federal Information Processing Standards. The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors. FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO). Supporting Article: FIPS General Information. FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards. Article: G502 HERO High Performance Gaming Mouse. Dual-Mode Hyper-Fast Scroll Wheel Unlock the scroll wheel for hyper-fast continuous scrolling to spin quickly through long pages, or lock it down for single click precision scrolling. The weighty, metal wheel delivers confident, smooth and satisfying control for either mode. General KeePassXC Information. Why KeePassXC instead of KeePassX? KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes. Why KeePassXC instead of KeePass? KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to. KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration. Why is there no cloud synchronization feature built into KeePassXC? Cloud synchronization with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud etc. can be easily accomplished by simply storing your KeePassXC database inside your shared cloud folder and letting your desktop synchronization client do the rest. We prefer this approach, because it is simple, not tied to a specific cloud provider and keeps the complexity of our code low. KeePassXC allows me to store my TOTP secrets. Doesn't this alleviate any advantage of two-factor authentication? Yes. But only if you store them in the same database as your password. We believe that storing both together can still be more secure than not using 2FA at all, but to maximize the security gain from using 2FA, you should always store TOTP secrets in a separate database, secured with a different password, possibly even on a different computer. How do I use the KeePassXC CLI tool with the AppImage? Starting with version 2.2.2, you can run the KeePassXC CLI tool from the AppImage by executing it with the cli argument: ./KeePassXC-*.AppImage cli Additional Information. What Is Infinite Scrolling? Infinite scrolling is a technique that loads more content as you scroll. It allows you to continue scrolling indefinitely and is sometimes known as endless scrolling. Article: blackeRnel Tries to help yoU undeRstand Enough about math and programming.
KeePass v2.54 fixes bug that leaked cleartext master passwordThis show is part of the Spreaker Prime Network, if you are interested in advertising on this podcast, contact us at https://www.spreaker.com/show/5634794/advertisement
Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained. Twitter @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)
Hey, it's 5:05 on Wednesday. June 7th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwon in Sydney, Australia, Katy Craig in San Diego, California, Shannon Lietz in San Diego, California, Marcel Brown in St. Louis, Missouri. Let's get to it.KeePass Releases Fix for Master Password Compromise Vulnerability
Neste episódio: IA cria decisões judiciais falsas em processo, ChatGPT tomando empregos, vulnerabilidades no Keepass, Falha crítica em uma implementação do OAuth pode comprometer milhões de contas Online e Netflix cobrando pelo compartilhamento de contas.Continue reading
How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening. Email tips@sophos.com Twitter @NakedSecurity Intro and outro music by Edith Mudge (www.edithmudge.com)
Picture of the Week. Tracker Follow-Up. Automatic IoT device updating. HP 9020e - error code 83C0000B. Section 230 Stands. The KeePass Vulnerability. Apple joins Samsung, Amazon and Verizon in banning ChatGPT. Google's Privacy Sandbox moves forward. The FBI heavily misused FISA powers. Supply Chain Nightmare. SpinRite. VCaaS – Voice Cloning as a Service. Show Notes: https://www.grc.com/sn/SN-924-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com
Picture of the Week. Tracker Follow-Up. Automatic IoT device updating. HP 9020e - error code 83C0000B. Section 230 Stands. The KeePass Vulnerability. Apple joins Samsung, Amazon and Verizon in banning ChatGPT. Google's Privacy Sandbox moves forward. The FBI heavily misused FISA powers. Supply Chain Nightmare. SpinRite. VCaaS – Voice Cloning as a Service. Show Notes: https://www.grc.com/sn/SN-924-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com
Picture of the Week. Tracker Follow-Up. Automatic IoT device updating. HP 9020e - error code 83C0000B. Section 230 Stands. The KeePass Vulnerability. Apple joins Samsung, Amazon and Verizon in banning ChatGPT. Google's Privacy Sandbox moves forward. The FBI heavily misused FISA powers. Supply Chain Nightmare. SpinRite. VCaaS – Voice Cloning as a Service. Show Notes: https://www.grc.com/sn/SN-924-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com
Picture of the Week. Tracker Follow-Up. Automatic IoT device updating. HP 9020e - error code 83C0000B. Section 230 Stands. The KeePass Vulnerability. Apple joins Samsung, Amazon and Verizon in banning ChatGPT. Google's Privacy Sandbox moves forward. The FBI heavily misused FISA powers. Supply Chain Nightmare. SpinRite. VCaaS – Voice Cloning as a Service. Show Notes: https://www.grc.com/sn/SN-924-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com
On Security Now, Steve Gibson shares the details surrounding the KeePass master password disclosure vulnerability that's making the rounds. For the full episode go to: twit.tv/sn/924 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
On Security Now, Steve Gibson shares the details surrounding the KeePass master password disclosure vulnerability that's making the rounds. For the full episode go to: twit.tv/sn/924 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Human DNA can be found literally everywhere, a free smart TV that's too good to be true, a serious KeePass vulnerability, and more!Support us on PatreonSupport us on LiberapayMonero: 46iGe5D49rpgH4dde32rmyWifMjw5sHy7V2mD9sXGDJgSWmAwQvuAuoD9KcLFKYFsLGLpzXQs1eABRShm1RZRnSy6HgbhQDTimestampsSources00:00 Introduction00:46 Support us!01:33 Highlight Story (eDNA)04:22 Data Breaches09:42 Companies23:20 Research34:50 Politics39:10 FOSS40:55 Misfits45:43 Q&A49:54 Support us!Main SitesSurveillance ReportOdyseePeerTubeTechlore WebsiteThe New Oil Website This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit surveillancepod.substack.com
הנושאים השבוע: דוח על קבוצת תקיפה מאשים ישראלים, האם זה נכון?דוח מבקר המדינה בנושא סייבר ונגישות.סאם אלטמן, מנכ"ל OpenAI מבקש שהוא יהיה תחת רגולציה בגלל ההשלכות המשמעותיות של המודל.דפדפן ברייב מוסיף פיצ'ר חשוב שמאפשר לדפדפן לשכוח אתרים, כדי למנוע טירגוט כמבקרים חוזרים.גוגל ואפל עוברים לשלב הבא עם מערכות איתור ומעקב.תוכנת הסיסמאות Keepass הוציאה עדכון בעקבות חולשה שנמצאה בתוכנה.חולשה שנמצאה בפאנל הניהול של ממשק הוויפי של רוקוס בשימוש של רשת בוטים.סיסקו הוציאה עדכונים קריטיים לכמות גדולה של מתגים.פאנליסט: אדי הררימגיש: רותם בר
KeePass Vulnerability Imperils Master Passwords 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns Montana becomes 1st state to ban TikTok Rapid prototyping for the years to come Sit and Surf: High-tech benches bridge digital divide 5 ways security testing can aid incident response Heather Dahl, CEO of Indicio talks about taking control of your identity data. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Heather Dahl Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast Melissa.com/twit CDW.com/Cisco
KeePass Vulnerability Imperils Master Passwords 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns Montana becomes 1st state to ban TikTok Rapid prototyping for the years to come Sit and Surf: High-tech benches bridge digital divide 5 ways security testing can aid incident response Heather Dahl, CEO of Indicio talks about taking control of your identity data. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Heather Dahl Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast Melissa.com/twit CDW.com/Cisco
KeePass Vulnerability Imperils Master Passwords 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns Montana becomes 1st state to ban TikTok Rapid prototyping for the years to come Sit and Surf: High-tech benches bridge digital divide 5 ways security testing can aid incident response Heather Dahl, CEO of Indicio talks about taking control of your identity data. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Heather Dahl Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast Melissa.com/twit CDW.com/Cisco
KeePass Vulnerability Imperils Master Passwords 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns Montana becomes 1st state to ban TikTok Rapid prototyping for the years to come Sit and Surf: High-tech benches bridge digital divide 5 ways security testing can aid incident response Heather Dahl, CEO of Indicio talks about taking control of your identity data. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Heather Dahl Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast Melissa.com/twit CDW.com/Cisco
We quickly talk about the SchoolDude breach and Keepass's newly announced CVE. The majority of the episode is an interview with Lucas from PIRG. Lucas is the author of the study we referenced a few weeks ago in the episode "Chromebooks are Evil?." The study looks at "Chromebook Churn" and e-waste created by device usage. After that episode a few weeks ago, Lucas reached out to us to clarify a few points of the study. So, we invited him on to make those clarifications to our listeners. We had an interesting discussion with Lucas, and came away agreeing on more points than we disagree. Article that Mark refers to - Why do we replace our laptops every few years? Listen here (and on all major podcast platforms). Join the K12TechPro.com Community. Buy our merch!!! Managed Methods - free Google Workspace and/or Microsoft 365 security audit Fortinet - Email fortinetpodcast@fortinet.com Extreme Networks - Email dmayer@extremenetworks.com NTP SomethingCool.com Oh, and... Email us at k12techtalk@gmail.com Tweet us @k12techtalkpod Visit our LinkedIn page HERE
On this week's episode of the podcast I have an update about the recently disclosed Secure Boot vulnerability, a major milestone reached for quantum computing, new org charts templates in Visio and much more! Reference Links: https://www.rorymon.com/blog/secure-boot-vulnerability-may-takes-months-to-patch-keepass-password-leak/
En ce printemps 2023, nous vous proposons ce 11ème numéro de notre Bistroxytude, discussion de bistro pour vous présenter nos applications coup de coeur du moment. Les applications GéoRadio pour iOS. MemPad pour Windows. Le localisateur. WhatSapp pour Windows, dispo dans le Microsoft Store.. Moovit pour iOS. Accessible 2048 pour iOS. Microsoft Authenticator pour iOS. PSWD pour macOS. KeePassium pour iOS et macOS. Notre présentation de Keepass, un coffre-fort numérique / gestionnaire de mots de passe opensource et accessible. Editeur audio hokusai pour iOS. SNCF Connect, toutes plateformes. Scanneur, disponible dans le Microsoft Store. Bolt pour iOS. Lire RSS Reader pour iOS. Courrier pour Windows (inclus dans les versions 10 et 11).. Parcel pour iOS, macOS et sur le web. Les participants Alain, Cédric, Fabrice, Greg, Jacques, Philippe, Sof et Yannick
Cet épisode nouvelles discute d'améliorations dans le JDK, d'Hibernate 6, de Service Weaver, de la fin d'options dans DockerHub pour certains projets open source, de Gradle, de cURL et pleins d'autres choses encore. Enregistré le 17 mars 2023 Téléchargement de l'épisode LesCastCodeurs-Episode–292.mp3 News Langages Quelle version de JDK utiliser en fonction des fonctionnalités que l'on souhaite utiliser mais aussi du long time support https://whichjdk.com/ JetBrains propose une formation Rust intégrée aux IDEs https://blog.jetbrains.com/rust/2023/02/21/learn-rust-with-jetbrains-ides/ Un apprentissage directement intégré à l'IDE Avec un plugin “Academy” dédié, qui rajoute un troisième panneau avec les instructions, les explications, et on fait des exercices dans la partie IDE Une chouette manière d'apprendre intégrée directement à son IDE Chacun doit pouvoir créer ses propres ressources d'apprentissage, et on pourrait appliquer ça à des frameworks, des outils, ou pourquoi pas son propre projet informatique ! Retravail de classes du JDK Bits / ByteArray vers un usage via VarHandle pour le swapping de bits dans Java 21 https://minborgsjavapot.blogspot.com/2023/01/java–21-performance-improvements.html petit changement mais utilisé par beaucoup de classes comme ObjectInputStream RandomAccessFile etc améliore la serialization en java Rajout de la notion de “sequenced collection” dans la hiérarchie des collections, planifié pour JDK 21 https://www.infoq.com/news/2023/03/collections-framework-makeover/ va permettre de codifier les collections qui ont un ordre donné (pas forcément trié) rajouter aussi des méthodes pour traverser des collections séquentielles à l'envers, ou pour récupérer ou ajouter un élément au début ou à la fin d'une collection ordonnée aujourd'hui ces methodes sont eparpillées dans les implémentaions et n'avaient aps de contrat commun Le guide ultime des virtual threads https://blog.rockthejvm.com/ultimate-guide-to-java-virtual-threads/ un très long article qui couvre le sujet des nouveaux virtual threads comment en créer comment ils fonctionnent le scheduler et le scheduling coopératif les “pinned” virtual threads (lorsqu'un thread virtuel est bloqué dans un vrai thread, par exemple dans un bloc synchronized ou lors d'appel de méthondes natives) les thread local et thread pools Librairies Quarkus 3 alpha 5 avec Hibernate ORM 6 et une nouvelle DevUI https://quarkus.io/blog/quarkus–3–0–0-alpha5-released/ passage d'Hibernate 5 a 6 (donc testez! switch de compatibilité supérieur pour aider la transition https://github.com/quarkusio/quarkus/wiki/Migration-Guide–3.0:-Hibernate-ORM–5-to–6-migration#database-orm-compatibility (DB interaction esp schema StatelessSession injectable Gradle 8 nouvelle DEvUI (nouveau look and feel, plus extensible pour els extensions et pplus facile a utiliser, va au dela des integrations d'extension (config etc) quarkus deploy dans la CLI, gradle et maven: deploie dans Kube, knative, OpenShift La route vers Quarkus 3, article sure infoq https://www.infoq.com/news/2023/03/road-quarkus–3/ Jakarta EE, ORM 6, Microprofile 6, virtual threads, io_uring, ReactiveStreams=> Flow io_uring reduit les copie de buffer entre userspace et kernel space pas de support JPMS en vue mais Red Hat contribue a project Leyden Camel extensions, attendez Camel 4 (passage Jakarta EE) Interview de Geert Bevin, l'auteur du framework Java RIFE2 https://devm.io/java/rife2-java-framework Google annouce Service Weaver https://opensource.googleblog.com/2023/03/introducing-service-weaver-framework-for-writing-distributed-applications.html EJB is back (Enterprise Go Beans :D) ecrire en tant que modular monolith permet au deploiement décider ce qui est distribué basé sur leur experience du surtout de maintance des microservices (contrats plus difficiles a casser - dbesoin de coordination de rollout etc) dans la communauté des entousiastes et des gens concernés par les 10 falaccies of distributed computing et le fait de cacher les appels distants EJB et corba avant cela ont été des échecs de ce point de vue la ils n'expliquement pas comment le binding de nouveax contrats et de deploiement se fait de maniere transparente des deployeurs implementables (go et GKE initialement) Etude d'opinion de certains utilisateurs de Jakarta EE (OmniFaces community) https://omnifish.ee/2023/03/10/jakarta-ee-survey–2022–2023-results/ biaisée donc attention Java EE 8 suivi par Jakarta EE 8 et derriere Jakarta EE 10 etc WildFly puis Payara puis glassfish ensuite tomee et JBoss EAP gens contents de leurs serverus d'app sand Weblogic et Websphere les api utilisées le plus JPA, CDI, REST, Faces, Servlet, Bean Validation, JTA, EJB, EL etc Produit microprofile: Quarkus puis WildFlky puis Open Liberty puis Payara et Helidon Dans microprofile: Config, rest client, open api, health et metric sont les plus utilisés Comment utiliser des records et Hibernate https://thorben-janssen.com/java-records-embeddables-hibernate/ pas en tant qu'entité encore (final, pas de constructeur vide) mais en tant qu'@Embeddable records sont immuable dans hibernate 6.2, c'est supporté par default (annoter le record @Embeddable Ca utilise le contrat EmbeddableIntentiator Cinq librairies Java super confortables https://tomaszs2.medium.com/5-amazingly-comfortable-java-libraries–887802e240de mapstruct mapper des entités en DTO jOOQ requête de bases de données typées WireMock mocker des API ou être entre le client et l'API pour ne mocker que certaines requêtes Eclipse Collections : pour rendre le code plus simple et facile à comprendre. Attention à la,surface d'attaque HikariCP connection pool rapide - agroal est dans la meme veine mais supporte JTA. C'est ce qui est dans Quarkus. Retour d'expérience sur Hibernate 6 https://www.jpa-buddy.com/blog/hibernate6-whats-new-and-why-its-important/ côté APIs et côté moteur jakarta persistence 3 ; java 11 annotations de types hibernate sont typesafe support des types JSON OOTB meilleur support des dates avec @TimeZoneStorage soit natif de la base soit avec une colonne séparée changement dans la génération des ID (changement cassant) mais stratégies de noms historique peut être activé Options autour de UUID (Time base et IP based) composite id n'ont plus besoin d'être serialisable type texte long supportés via @JdbcTypeCode multitenancy (shared schema, resolver de tenant a plugger) read by position (SQL plus court car sans alias, deserialisarion plus rapide, moins de joins dans certains cas) modele sous jacent commun entre HQL et l'api criteria et donc même moteur meilleure génération du SQL et plus de fonction SQL modernes réduisant le gap entre HQL et SQL ronctions analytiques et fenêtre quand la base les supportent graphe traverse en largeur plutôt qu'en profondeur (potentiellement plus de join donc bien mettre lazy sur vos associations) Cloud Docker supprime les organisations open source sur DockerHub https://blog.alexellis.io/docker-is-deleting-open-source-images/ Les projets open source risquent de devoir passer de 0 $ à 420 $ par an pour héberger leurs images Rétropédalage de Docker https://www.docker.com/blog/we-apologize-we-did-a-terrible-job-announcing-the-end-of-docker-free-teams/ Web Une base de connaissance sur le fonctionnement et les bonnes pratiques autour des WebHooks https://nordicapis.com/exploring-webooks-fyi-the-webhooks-knowledge-center/ Guillaume a refondu son blog https://glaforge.dev/ Cette fois ci, c'est un site web statique, généré avec Hugo, avec des articles en Markdown, hébergé sur Github Pages, buildé / publié automatiquement par Github Actions Outillage Gradle 8.0 est sorti https://docs.gradle.org/8.0/release-notes.html Une CLI connectée à OpenAI's Davinci model pour générer vos lignes de commandes https://github.com/TheR1D/shell_gpt sgpt -se "start nginx using docker, forward 443 and 80 port, mount current folder with index.html" -> docker run -d -p 443:443 -p 80:80 -v $(pwd):/usr/share/nginx/html nginx -> Execute shell command? [y/N]: y Un petit outil en ligne basé sur le modèle GPT–3 qui permet d'expliquer un bout de code https://whatdoesthiscodedo.com/g/db97d13 Copiez-collez un bout de code de moins de 1000 caractères, et le modèle de code de GPT–3, et l'outil vous explique ce que fait ces quelques lignes de code Assez impressionnant quand on pense que c'est un modèle de prédiction probabiliste des prochains caractères logiques Certaines réponses donnent vraiment l'impression parfois que l'outil comprends réellement l'intention du développeur derrière ce bout de code Git: Comment rebaser des branches en cascade https://adamj.eu/tech/2022/10/15/how-to-rebase-stacked-git-branches/ native-image va être inclu dans la prochaine version de GraalVM JDK. Plus besoin de gu install native-image https://github.com/oracle/graal/pull/5995 Si vous utilisez l'outil Mermaid pour faire des graphes d'architecture, d'interactions, etc, il y a un petit cheatsheet sympa qui montre comment faire certains diagrammes https://jojozhuang.github.io/tutorial/mermaid-cheat-sheet/ Un site avec plein de trucs et astuces sur psql, le langage SQL de PostgreSQL https://psql-tips.org/ CURL a 25 ans ! https://daniel.haxx.se/blog/2023/03/10/curl–25-years-online-celebration/ Son créateur, Daniel Stenberg, est toujours à la tête du projet cURL est utilisé dans d'innombrables projets par défaut dans plein de systèmes d'exploitation Cédric Champeau explique le concept de version catalog de Gradle et comment il améliore la productivité https://melix.github.io/blog//2023/03–12-micronaut-catalogs.html permet de réduire le temps et l'effort nécessaire à gérer la version de ses dépendances apport aussi plus de sécurité, de flexibilité, pour s'assurer qu'on a les bonnes versions les plus récentes des dépendances et qu'elles fonctionnent bien entre elles Architecture La pyramide des besoins du code de qualité https://www.fabianzeindl.com/posts/the-codequality-pyramid le bas de la pyramide supporte le haut performance de build performance de test testabilité qualité des codes de composants fonctionalités performance du code pour chaque bloc, il explique les raisons, ses definitions et des astuces pour l'ameliorer par exemples les fonctionalites changent et donc build, testabilité et qualite de code permet des changements légers en cas de changement dans les fonctionalités perf viennent ensuite ("premature opt, root of all evil), regader des besoins globaux Méthodologies Le DevSusOps est né https://www.infoq.com/news/2023/02/sustainability-develop-operation/?utm_campaign=i[…]nt&utm_source=twitter&utm_medium=feed&utm_term=culture-methods bon serieusement, comment on couvre avec un nom pareil sans déraper :man-facepalming: ah dommage Micreosoft rejoints la FinOps foundation https://www.infoq.com/news/2023/02/microsoft-joins-finops-org/?utm_campaign=infoq_content&utm_source=twitter&utm_medium=feed&utm_term=Cloud Imagine si ils avaient rejoint la DevSusOps fondation Sécurité Plein de choses qu'on peut faire avec des Yubikeys https://debugging.works/blog/yubikey-cheatsheet/ Pour générer des time-based one-time passwords, pour l'accès SSH,, pour sécuriser un base Keepass, comme 2FA pour le chiffrement de disque, pour la vérification d'identifiant personnel, pour gérer les clés privées… Loi, société et organisation Le fabricant de graveurs de CPU hollandais ASML se voit interdire d'exporter ses technologies vers la chine https://www-lemagit-fr.cdn.ampproject.org/c/s/www.lemagit.fr/actualites/365532284/Processeurs[…]le-escalade-dans-les-sanctions-contre-la-Chine?amp=1 en tous cas les technologies de gravure des deux dernières generations de la pression commerciale on passe au registre d'exclusion par decision militaire ASML s'était fait espionner récemment CAnon et Sony aussi dans la restriction Meta supprime de nouveau 10000 emplois soit 25% au total depuis la fin de l'année dernière https://www.lesechos.fr/tech-medias/hightech/meta-va-supprimer–10000-postes-de-plus–1915528 Rubrique débutant Bouger les éléments d'une liste https://www.baeldung.com/java-arraylist-move-items discute le concept d'array list en dessous et donc le coût d'insérer au milieu decouverte de Collections.swap (pour intervertir deux elements) decouverte de Collections.rotate pour “deplacer” l'index zero de la liste Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 15–18 mars 2023 : JChateau - Cheverny in the Châteaux of the Loire Valley (France) 23–24 mars 2023 : SymfonyLive Paris - Paris (France) 23–24 mars 2023 : Agile Niort - Niort (France) 30 mars 2023 : Archilocus - Online (France) 31 mars 2023–1 avril 2023 : Agile Games France - Grenoble (France) 1–2 avril 2023 : JdLL - Lyon 3e (France) 4 avril 2023 : AWS Summit Paris - Paris (France) 4 avril 2023 : Lyon Craft - Lyon (France) 5–7 avril 2023 : FIC - Lille Grand Palais (France) 12–14 avril 2023 : Devoxx France - Paris (France) 20 avril 2023 : WordPress Contributor Day - Paris (France) 20–21 avril 2023 : Toulouse Hacking Convention 2023 - Toulouse (France) 21 avril 2023 : WordCamp Paris - Paris (France) 27–28 avril 2023 : AndroidMakers by droidcon - Montrouge (France) 4–6 mai 2023 : Devoxx Greece - Athens (Greece) 10–12 mai 2023 : Devoxx UK - London (UK) 11 mai 2023 : A11yParis - Paris (France) 12 mai 2023 : AFUP Day - lle & Lyon (France) 12 mai 2023 : SoCraTes Rennes - Rennes (France) 25–26 mai 2023 : Newcrafts Paris - Paris (France) 26 mai 2023 : Devfest Lille - Lille (France) 27 mai 2023 : Polycloud - Montpellier (France) 31 mai 2023–2 juin 2023 : Devoxx Poland - Krakow (Poland) 31 mai 2023–2 juin 2023 : Web2Day - Nantes (France) 1 juin 2023 : Javaday - Paris (France) 1 juin 2023 : WAX - Aix-en-Provence (France) 2–3 juin 2023 : Sud Web - Toulouse (France) 7 juin 2023 : Serverless Days Paris - Paris (France) 15–16 juin 2023 : Le Camping des Speakers - Baden (France) 20 juin 2023 : Mobilis in Mobile - Nantes (France) 20 juin 2023 : Cloud Est - Villeurbanne (France) 21–23 juin 2023 : Rencontres R - Avignon (France) 28–30 juin 2023 : Breizh Camp - Rennes (France) 29–30 juin 2023 : Sunny Tech - Montpellier (France) 29–30 juin 2023 : Agi'Lille - Lille (France) 8 septembre 2023 : JUG Summer Camp - La Rochelle (France) 19 septembre 2023 : Salon de la Data Nantes - Nantes (France) & Online 21–22 septembre 2023 : API Platform Conference - Lille (France) & Online 25–26 septembre 2023 : BIG DATA & AI PARIS 2023 - Paris (France) 28–30 septembre 2023 : Paris Web - Paris (France) 2–6 octobre 2023 : Devoxx Belgium - Antwerp (Belgium) 10–12 octobre 2023 : Devoxx Morroco - Agadir (Morroco) 12 octobre 2023 : Cloud Nord - Lille (France) 12–13 octobre 2023 : Volcamp 2023 - Clermont-Ferrand (France) 12–13 octobre 2023 : Forum PHP 2023 - Marne-la-Vallée (France) 19–20 octobre 2023 : DevFest Nantes - Nantes (France) 10 novembre 2023 : BDX I/O - Bordeaux (France) 6–7 décembre 2023 : Open Source Experience - Paris (France) 31 janvier 2024–3 février 2024 : SnowCamp - Grenoble (France) 1–3 février 2024 : SnowCamp - Grenoble (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/
The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors. Not only that, a new vulnerability in the popular open-source password management software KeePass has also been reported. Three […] The post Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass appeared first on The Shared Security Show.
This episode features a discussion about a ransomware attack on a US school board, new data-wiping malware, a controversy the over KeePass password manager and the take-down of the Hive ransomware gang's IT infrastructure
This week's threats involve credential stuffing and pig butchering, and we examine whether you should use security keys to protect your Apple ID account, and why the new Mac mini is a maxi computer. Show Notes: Apple Maps privacy bug may have allowed apps to collect location data without permission PayPal Data Breach in December Affected 35,000 Customers Norton's LifeLock Password Manager Faces Breach KeePass vulnerability allows local attacker (or malware) to export passwords Crypto scam apps infiltrate Apple App Store and Google Play OpenCore Legacy Patcher now supports Macs all the way back to 2008 (and mid-2007 iMacs like Josh's) Netflix Unveils First Details of New Anti-Password Sharing Measures How to protect your Apple ID account with Security Keys on iPhone, iPad, or Mac Apple's 2023 Mac mini is a Mini Mac Studio Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
This week Dr. Doug talks: Chat-GPT, Graphing calculators, Swiftslicer, VRealize, Google play, KeePass, Huawei, Github, flying cars, Jason Wood, and More on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn270
This week Dr. Doug talks: Chat-GPT, Graphing calculators, Swiftslicer, VRealize, Google play, KeePass, Huawei, Github, flying cars, Jason Wood, and More on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn270
This week Dr. Doug talks: Chat-GPT, Graphing calculators, Swiftslicer, VRealize, Google play, KeePass, Huawei, Github, flying cars, Jason Wood, and More on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn270
Coming up in this episode 1. Internet woes, part deux. 2. Knocking them over, one at a time... 3. Angry Birdsite? 4. Knock knock. What's the password? 5. We get the explanation. The Video https://youtu.be/4MStcMU9py4 0:00 Cold Open 1:30 ISP Woes 7:37 The Linux User Space Curse 17:32 The Fediverse is Booming 34:32 Managing Your Passwords 52:07 A Little More Feedback 1:02:37 Veronica Explains 1:07:03 Pass 1:18:54 Stinger Banter Leo has Internet woes. Dan's Curse! The Ransomware Files closes up shop (https://twitter.com/ransomwarefiles/status/1589446921709813760?t=SVhE-gWYIfpWmtMggF5OJg&s=19) Announcements Give us a sub on YouTube (https://linuxuserspace.show/youtube) You can watch us live on Twitch (https://linuxuserspace.show/twitch) the day after an episode drops. Fediverse is booming and Twitter is imploding. Micro services are bloat (https://twitter.com/kenklippenstein/status/1592259938109521922) One of those microservices just happened to be 2FA (https://www.wired.com/story/twitter-two-factor-sms-problems/)... Fired in a Tweet? (https://twitter.com/unusual_whales/status/1592256946001813504?s=20&t=TIeQZPr16sRirhtmGU6oxQ) Forbes coverage (https://www.forbes.com/sites/cyrusfarivar/2022/11/14/musk-fires-twitter-engineer-on-twitter-cowards/) Mastodon reaches 1M active monthly users. (https://www.bleepingcomputer.com/news/technology/mastodon-now-has-over-1-million-users-amid-twitter-tensions/) But really... (https://mastodon.help/instances) It is more like 4.6M and 5700 instances total and climbing. Raspberry Pi creates its own Mastodon instance (https://www.raspberrypi.com/news/an-escape-pod-was-jettisoned-during-the-fighting/). Vivaldi follows their lead (https://vivaldi.com/blog/news/vivaldi-social-a-new-mastodon-instance/). Housekeeping Catch these and other great topics as they unfold on our Subreddit or our News channel on Discord. * Linux User Space subreddit (https://linuxuserspace.show/reddit) * Linux User Space Discord Server (https://linuxuserspace.show/discord) * Linux User Space Mastodon (https://linuxuserspace.show/mastodon) * Linux User Space Telegram (https://linuxuserspace.show/telegram) * Linux User Space Matrix (https://linuxuserspace.show/matrix) * Linux User Space Twitch (https://linuxuserspace.show/twitch) * Linux User Space Twitter (https://linuxuserspace.show/twitter) Feedback Password managers u/curtistucker wrote us on Reddit (https://www.reddit.com/r/LinuxUserSpace/comments/yq7thk/id_love_hear_leo_and_dan_talk_about_password/) pass (https://www.passwordstore.org) KeePass (https://keepass.info/) Bitwarden (https://bitwarden.com/) Vaultwarden (https://github.com/dani-garcia/vaultwarden) QtPass (https://qtpass.org/) Curtis thanks for the feedback! You have a great setup going there. On Linux User Space Paul wrote us on Mastodon (https://mastodon.online/@jpholbrook/109339739028995640) It was a great thread. Bottom line is, use what you like, no shame in doing so. Even if it isn't Linux we hope you enjoy and find some value in what we are doing here. On "Where does the non-distro history go next?" Johnny, one of our fantastic patrons (https://patreon.com/linuxuserspace), gave a thumbs up to our mention of desktop environments and how often these histories would come out. He said "Hi, I vote for quality over quantity. I also vote for Leo's favorite, the history of XFCE! :D" On the Community that hasn't been Toxic? Youtube/Sigma: Nice content LUS: Why thank you! Youtube/Sigma: because I actually think it's super underrated LUS: Now you're making us blush
This week, Matt Mosley and Kash Izadseta cover Hacker News! Hackers copycat popular software tools like KeePass and Solarwinds to distribute malware. Clipboard hijacked to replace crypto wallet addresses! Links mentioned in this episode: https://thehackernews.com/2022/11/hackers-using-rogue-versions-of-keepass.html https://www.bleepingcomputer.com/news/security/new-clipboard-hijacker-replaces-crypto-wallet-addresses-with-lookalikes/ http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks
What does a career in security look like? Why is security crucial for everyone to understand? Meet Sara Diaz, the Information Security Lead for ThoughtWorks North America. After starting her career as a quality analyst, she moved into information security and has been at ThoughtWorks for 5 years. Sara is passionate about making security accessible and easy to understand; you shouldn't need to be an expert to protect your digital life. In our conversation, we talk all things security: what it means, different career paths, what a day-to-day looks like, resources, skills, and more. Mentioned in This Episode: CIA Security Triad: bit.ly/3c5zF0i (f5.com) GDPR: bit.ly/3qKwgIh (wiki) SANS: www.sans.org Axios: www.axios.com Password Managers: 1Password, DashLane, KeePass, LastPass Follow Blossoming Technologist: Instagram: @blossoming_tech Twitter: @blossoming_tech LinkedIn: /blossoming-technologist Connect with Marisa: Twitter @marisahoenig LinkedIn /marisahoenig Credits: Podcast Production by Marisa Hoenig Social Media Marketing & Episode Cover Art by Lucy Zheng Podcast Logo by Kendal Goodell @goodelldesigns