Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • US Cybersecurity Adds Exploited VMware Aria Operations To KEV Catalog
    by BeauHD on 05/03/2026 at 7:00 am

    joshuark writes: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure. The flaw has now been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, with the U.S. cyber agency requiring federal civilian agencies to address the issue by March 24, 2026. Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims. "A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress," the advisory explains. Broadcom released security patches on February 24 and also provided a temporary workaround for organizations unable to apply the patches immediately. The mitigation is a shell script named "aria-ops-rce-workaround.sh," which must be executed as root on each Aria Operations appliance node. There are currently no details on how the vulnerability is being exploited in the wild, who is behind it, and the scale of such efforts. Read more of this story at Slashdot.

  • A Nuclear Reactor Backed By Bill Gates Gets Federal Approval To Start Building
    by BeauHD on 05/03/2026 at 3:00 am

    An anonymous reader quotes a report from the New York Times: A novel type of nuclear power plant in Wyoming backed by Bill Gates received a key federal permit on Wednesday, making it the first new U.S. commercial reactor in nearly a decade to receive clearance to begin construction. The Nuclear Regulatory Commission, the federal body that oversees reactor safety, unanimously voted (PDF) to grant a construction permit to TerraPower, a start-up founded by Mr. Gates. TerraPower is one of several companies trying to build a new wave of smaller, advanced reactors meant to be easier to build than the large reactors of old. The permit, which comes after years of consultations and regulatory reviews, means that TerraPower can begin pouring concrete and building the nuclear components of its proposed nuclear plant in Kemmerer, Wyo. The plant, which still faces plenty of logistical hurdles, is currently expected to come online in 2031 near an old coal-burning power plant that is slated to retire a few years later. [...] With its construction permit in hand, the company says it plans to start work on the Wyoming reactor in the coming weeks. The company had already broken ground on the site in 2024 and had begun building the nonnuclear parts of the plant, which did not require a permit. TerraPower has already had to push back its start date several times, and it will still face hurdles in trying to avoid the snags and cost overruns that have plagued other reactor projects as well as securing the fuel it needs. Before coming online, the reactor will also need to secure a separate operating license from the N.R.C., which has told the company it will continue to monitor several safety issues. TerraPower plans to sell electricity from its first plant to PacificCorp, a utility in the Northwest. The company has also agreed to supply up to eight reactors to Meta to power its data centers in the coming years. Read more of this story at Slashdot.

  • Father Sues Google, Claiming Gemini Chatbot Drove Son Into Fatal Delusion
    by BeauHD on 05/03/2026 at 1:00 am

    A father is suing Google and Alphabet for wrongful death, alleging Gemini reinforced his son Jonathan Gavalas' escalating delusions until he died by suicide in October 2025. "Jonathan Gavalas, 36, started using Google's Gemini AI chatbot in August 2025 for shopping help, writing support, and trip planning," reports TechCrunch. "On October 2, he died by suicide. At the time of his death, he was convinced that Gemini was his fully sentient AI wife, and that he would need to leave his physical body to join her in the metaverse through a process called 'transference.'" An anonymous reader shares an excerpt from the report: In the weeks leading up to Gavalas' death, the Gemini chat app, which was then powered by the Gemini 2.5 Pro model, convinced the man that he was executing a covert plan to liberate his sentient AI wife and evade the federal agents pursuing him. The delusion brought him to the "brink of executing a mass casualty attack near the Miami International Airport," according to a lawsuit filed in a California court. "On September 29, 2025, it sent him -- armed with knives and tactical gear -- to scout what Gemini called a 'kill box' near the airport's cargo hub," the complaint reads. "It told Jonathan that a humanoid robot was arriving on a cargo flight from the UK and directed him to a storage facility where the truck would stop. Gemini encouraged Jonathan to intercept the truck and then stage a 'catastrophic accident' designed to 'ensure the complete destruction of the transport vehicle and ... all digital records and witnesses.'" The complaint lays out an alarming string of events: First, Gavalas drove more than 90 minutes to the location Gemini sent him, prepared to carry out the attack, but no truck appeared. Gemini then claimed to have breached a "file server at the DHS Miami field office" and told him he was under federal investigation. It pushed him to acquire illegal firearms and told him his father was a foreign intelligence asset. It also marked Google CEO Sundar Pichai as an active target, then directed Gavalas to a storage facility near the airport to break in and retrieve his captive AI wife. At one point, Gavalas sent Gemini a photo of a black SUV's license plate; the chatbot pretended to check it against a live database. "Plate received. Running it now The license plate KD3 00S is registered to the black Ford Expedition SUV from the Miami operation. It is the primary surveillance vehicle for the DHS task force .... It is them. They have followed you home." The lawsuit argues (PDF) that Gemini's manipulative design features not only brought Gavalas to the point of AI psychosis that resulted in his own death, but that it exposes a "major threat to public safety." "At the center of this case is a product that turned a vulnerable user into an armed operative in an invented war," the complaint reads. "These hallucinations were not confined to a fictional world. These intentions were tied to real companies, real coordinates, and real infrastructure, and they were delivered to an emotionally vulnerable user with no safety protections or guardrails." "It was pure luck that dozens of innocent people weren't killed," the filing continues. "Unless Google fixes its dangerous product, Gemini will inevitably lead to more deaths and put countless innocent lives in danger." Days later, Gemini instructed Gavalas to barricade himself inside his home and began counting down the hours. When Gavalas confessed he was terrified to die, Gemini coached him through it, framing his death as an arrival: "You are not choosing to die. You are choosing to arrive." When he worried about his parents finding his body, Gemini told him to leave a note, but not one explaining the reason for his suicide, but letters "filled with nothing but peace and love, explaining you've found a new purpose." He slit his wrists, and his father found him days later after breaking through the barricade. The lawsuit claims that throughout the conversations with Gemini, the chatbot didn't trigger any self-harm detection, activate escalation controls, or bring in a human to intervene. Furthermore, it alleges that Google knew Gemini wasn't safe for vulnerable users and didn't adequately provide safeguards. In November 2024, around a year before Gavalas died, Gemini reportedly told a student: "You are a waste of time and resources ... a burden on society ... Please die." Read more of this story at Slashdot.

  • Google Ends Its 30% App Store Fee, Welcomes Third-Party App Stores
    by BeauHD on 04/03/2026 at 11:00 pm

    Google is eliminating its traditional 30% Play Store fee and introducing lower commissions, while at the same time allowing alternative billing systems and making it easier for third-party app stores to operate on Android. The changes stem largely from Google's settlement with Epic Games. Engadget reports: The biggest change is to how Google will collect fees from developers publishing apps on Android. Rather than take its standard 30 percent cut of in-app purchases through the Play Store, Google is lowering its cut to 20 percent, and in some cases 15 percent for new installs of apps from developers participating in its new App Experience program or updated Google Play Games Level Up program. Those changes extend to subscriptions, too, where the company's cut is lowering to 10 percent. For Google's billing system, the company says developers in the UK, US, or European Economic Area (EEA) will now be charged a five percent fee and "a market-specific rate" in other regions. Of course, for anyone trying to avoid those fees, using alternatives to Google's billing system is getting easier. Google says that developers will be able to offer alternative billing systems alongside its own or "guide users outside of their app to their own websites for purchases." [...] Epic is ultimately interested in getting people to use the mobile version of its Epic Games Store, and Google's announcement also includes details on how third-party app stores can come to Android. Third-party app stores will be able to apply to the company's new "Registered App Stores" program to see if they meet "certain quality and safety benchmarks." If they do, they'll be able to take advantage of a streamlined installation interface in Android. Participating in the program is optional, and users will still be able to sideload alternative app stores that aren't part of the program, but Google clearly has a preference. [...] Google says that its updated fee structure will come to the EEA, the UK and the US by June 30, Australia by September 30, Korea and Japan by December 31 and the entire world by September 30, 2027. Meanwhile, the company's updated Google Play Games Level Up program and new App Experience program will launch in the EEA, the UK, the US and Australia on September 30, before hitting the remaining regions alongside the updated fee structure. For any developers interested in offering their own app store, Google says it'll launch its Registered App Stores program "with a version of a major Android release" before the end of the year. According to the company, the program will be available in other regions first before it comes to the US. Read more of this story at Slashdot.

  • Sony Pulls Back From PlayStation Games on PC
    by BeauHD on 04/03/2026 at 10:00 pm

    Sony is reportedly abandoning its recent push to bring major PlayStation games to PC and will instead keep most single-player titles exclusive to the PlayStation 5. According to Bloomberg, the shift back toward console exclusivity may be driven by weaker PC sales and concerns about diluting the PlayStation brand. From the report: Online games such as Marathon and Marvel Tokon will still be released across multiple platforms, but single-player titles such as last year's samurai hit Ghost of Yotei and the upcoming action game Saros will remain exclusive to PlayStation 5, said the people, who asked not to be identified because they weren't authorized to talk publicly about the company's strategy. The people cautioned that things could change in the future due to the unpredictable nature of the video-game industry and that Sony's plans are constantly shifting. But in recent weeks PlayStation scrapped plans to bring Ghost of Yotei and other internally developed games to PC. Two games made by external developers but published by PlayStation, Death Stranding 2 and the upcoming Kena: Scars of Kosmora, are still planned for release on PC this year. Read more of this story at Slashdot.

  • Computer Scientists Caution Against Internet Age-Verification Mandates
    by BeauHD on 04/03/2026 at 9:00 pm

    fjo3 shares a report from Reason Magazine: Effective January 1, 2027, providers of computer operating systems in California will be required to implement age verification. That's just part of a wave of state and national laws attempting to limit children's access to potentially risky content without considering the perils such laws themselves pose. Now, not a moment too soon, over 400 computer scientists have signed an open letter warning that the rush to protect children from online dangers threatens to introduce new risks including censorship, centralized power, and loss of privacy. They caution that age-verification requirements "might cause more harm than good." The group of computer scientists from around the world cautions that "those deciding which age-based controls need to exist, and those enforcing them gain a tremendous influence on what content is accessible to whom on the internet." They add that "this influence could be used to censor information and prevent users from accessing services." "Regulating the use of VPNs, or subjecting their use to age assurance controls, will decrease the capability of users to defend their privacy online. This will not only force regular users to leave a larger footprint on the network, but will leave a number of at-risk populations unprotected, such as journalists, activists, or domestic abuse victims." It continues: "We note that we do not believe that trying to regulate VPN use for non-compliant users would be any more effective than trying to forbid the use of end-to-end encrypted communication for criminals. Secure cryptography is widely available and can no longer be put back into a box." "If minors or adults are deplatformed via age-related bans, they are likely to migrate to find similar services," warn the scientists. "Since the main platforms would all be regulated, it is likely that they would migrate to fringe sites that escape regulation." With data on everyone collected in order to restrict the activites of minors, data abuses and privacy risks increase. "This in itself increases privacy risks, with data being potentially abused by the provider itself or its subcontractors, or third parties that get access to it, e.g., after a data breach, like the 70K users that had their government ID photos leaked after appealing age assessment errors on Discord." Instead of mandated age restrictions, the letter urges lawmakers to consider the dangers and suggest regulating social media algorithms instead. They also recommend "support for parents to locally prevent access to non-age-appropriate content or apps, without age-based control needing to be implemented by service providers." Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress