- Webteam - bizit.rs

Svemirski bilijar
by Dejan Ristanovic 27 Jun '20

27 Jun '20

Planiraju da udare raketom jedan (doduše dosta mali) asteroid i da vide mogu li mu promeniti putanju. Zanimljivo :) Najzad počinjemo da delujemo i na svemir :) Pozdrav, Dejan https://futurism.com/the-byte/nasa-renames-small-moon-smash NASA Renames Small Moon It Plans to Smash With SpaceX Nice Gesture In 2022, NASA plans to <https://futurism.com/nasa-is-moving-forward-with-its-plan-to-deflect-an-ast…> crash a spacecraft directly into a tiny moon, in a mission known as the Double Asteroid Redirection Test (DART) — to try out a potential strategy to divert a killer asteroid heading toward Earth. The moon, which is only 160 meters across, is orbiting the asteroid Didymos, which flew near Earth back in 2003, <https://www.extremetech.com/extreme/312067-astronomers-give-asteroid-moon-a…> ExtremeTech <https://www.extremetech.com/extreme/312067-astronomers-give-asteroid-moon-a…> reports. Its small size and close proximity to Earth make it the perfect target for an asteroid-diverting mission, but NASA ran into a serious problem: Its name, Didymos B, isn’t nearly sexy enough for its role in a cool mission. Thus, the moon Didymos B became Dimorphos. DART Board NASA is collaborating <https://futurism.com/the-byte/nasas-dart-spacex-incoming-asteroids> with both SpaceX and the European Space Agency (ESA) on this DART mission. In 2021, a SpaceX Falcon 9 rocket will launch on a crash course with Dimorphos — the plan is to ram the tiny moon so hard that it gets knocked out of its regular orbit around Didymos. Recently, some other ideas for how to divert a killer asteroid, like <https://futurism.com/the-byte/deflect-killer-asteroids-tie-shoelaces-togeth…> tethering it to another one to send it spiraling off course, have surfaced. But for now, NASA wants to test some good old-fashioned percussive maintenance. Follow-Up After the deed is done, the ESA will launch a <https://futurism.com/the-byte/esa-mission-deflect-killer-asteroids> follow-up mission dubbed Hera to track Dimorphos’ new orbit around Didymos, according to ExtremeTech. But that won’t happen until 2024, meaning we’ll have to wait for years — thinking about the cosmic horrors we’ve wrought — and wondering whether crashing rockets into asteroids can actually divert them. READ MORE: <https://www.extremetech.com/extreme/312067-astronomers-give-asteroid-moon-a…> Astronomers Give Asteroid Moon a New Name Before NASA Hits It With a Spacecraft [ExtremeTech] More on asteroid collisions: <https://futurism.com/the-byte/deflect-killer-asteroids-tie-shoelaces-togeth…> New Plan To Deflect Killer Asteroids: Tie Their Shoelaces Together Sent from my iPad 2018

1 0

ESET o hakerima i lopovima u Srbiji
by Dejan Ristanovic 19 Jun '20

19 Jun '20

https://twitter.com/ESETresearch/status/1272408821072384000

1 0

Što jedan pijan smisli....
by Dejan Ristanovic 15 Jun '20

15 Jun '20

...to deset treznih posle ne može da raščivija. Za one koje mrzi da čitaju: analiziraju neku igru za prastari Atari, i tamo prosto nema RAM-a da se zapamti čitav lavirint. Ustanove da se on generiše on-line, a da ipak ima izlaz. I onda probali da shvate kako, disasemblirali, i nisu uspeli. Pa najzad pitali autora, on kaže *ebiga, to sam jedno veče napisao kad sam bio pijan i "urađen", sutradan nisam ni ja shvatao kako radi... ali radi... https://www.techspot.com/news/85622-nobody-sure-what-makes-atari-2600-game-… Researchers still don't know why this Atari 2600 game works Studying old video games to unearth long-lost coding techniques <https://www.techspot.com/community/staff/shawn-knight.268030/> Shawn Knighton June 14, 2020, 10:52 AM <https://static.techspot.com/images2/news/bigimage/2020/06/2020-06-14-image-…> In a nutshell: Video game historians and digital “archaeologists” are increasingly digging up (no pun intended) old Atari games and delving into their code for clues on how titles were made given the hardware limitations of the day. One game, Entombed, is particularly noteworthy as it has stumped researchers thus far. Launched on the Atari 2600 in 1982, it tasks players with traversing down a continuous vertically-scrolling maze while trying to dodge enemies. Since early game cartridges didn’t have a wealth of memory to store static maze designs, the developer relied on a technique that would procedurally generate the maze – that is, build it on the fly. Intrigued, John Aycock from the University of Calgary, in Alberta, Canada, and Tara Copplestone from the University of York in the UK, took a closer look and what they found… well, they simply couldn’t explain. “It was a very deep rabbit hole,” Aycock told the <https://www.bbc.com/future/article/20190919-the-maze-puzzle-hidden-within-a…> BBC. As the publication notes, the game’s maze is generated in a sequence. The game needs to decide, as it draws each new square of the maze, whether it should draw a wall or a space for the game characters to move around in. Each square should therefore be “wall” or “no wall” – “1” or “0” in computer bits. The game’s algorithm decides this automatically by analyzing a section of the maze. It uses a five-square tile that looks a little like a Tetris piece. This tile determines the nature of the next square in each row. The logic that determines what the next square should be is confined within a table of possible values in the game’s code. “Depending on the values of the five-square tile, the table tells the game to deposit either wall, no wall or a random choice between the two,” the BBC added. The tricky bit is that nobody can seem to figure out how the table was made. Having exhausted other possibilities including retro-engineering the table, the researchers reached out to one of the people involved in the game’s development, Steve Sidley, yet even he remembered being confused by the table at the time. Sidley <https://arxiv.org/ftp/arxiv/papers/1811/1811.02035.pdf> told the researchers: The basic maze generating routine had been partially written by a stoner who had left. I contacted him to try and understand what the maze generating algorithm did. He told me it came upon him when he was drunk and whacked out of his brain, he coded it up in assembly overnight before he passed out, but now could not for the life of him remember how the algorithm worked. Studying old video game code could be immensely useful for modern-day developers, especially those working on VR and other <https://www.techspot.com/news/85479-watch-doom-running-playdate-handheld-cr…> resource-limited platforms. Who knows how many other genius techniques and <https://www.techspot.com/news/73500-ai-trained-play-old-atari-games-uncover…> weird quirks have yet to be discovered in long-forgotten games. Masthead credit: <https://www.shutterstock.com/image-vector/maze-pattern-abstract-background-…> Swill Klitch Sent from my iPad 2018

1 0

Apple
by Dejan Ristanovic 09 Jun '20

09 Jun '20

Ovo je zanimljiva tema - da li će Apple preći sa Intel-a na ARM? Jednom su već preživeli prelazak sa Motorole na Intel... https://9to5mac.com/2020/06/09/apple-arm-mac-starts-wwdc/

1 0

FW: Usvojen Program razvoja elektronske uprave za period 2020-2022. godine
by Dejan Ristanovic 05 Jun '20

05 Jun '20

From: ITE Press <press(a)ite.gov.rs> Sent: Friday, June 5, 2020 11:32 AM To: ITE Press <press(a)ite.gov.rs> Subject: Usvojen Program razvoja elektronske uprave za period 2020-2022. godine Importance: High Poštovani, Vlada Republike Srbije usvojila je na jučerašnjoj sednici Program razvoja elektronske uprave za period 2020-2022. kojim je predviđeno da u naredne dve i po godine najveći broj usluga javne uprave bude dostupan građanima i privredi putem interneta ili mobilnog telefona. Naime, očekuje se uspostavljanje novih 300 usluga eUprave ili mUprave, koje će redovno koristiti najmanje milion i po građana i privrednika, čime će se izbeći odlasci na šaltere i podnošenje papirne dokumentacije. Saopštenje za medije se nalazi u prilogu. Srdačan pozdrav. PR служба / PR office Канцеларија за информационе технологије и електронску управу / Office for Information Technologies and eGovernment <http://www.srbija.gov.rs/> <https://www.euprava.gov.rs/> Немањина 11, 11000 Београд, Србија / 11 Nemanjina St., 11000 Belgrade, Serbia tel/fax: + 381 (11) 7358 400; e-mail: press(a)ite.gov.rs <mailto:press@ite.gov.rs> ; url: www.ite.gov.rs <http://www.ite.gov.rs/> ; Trees have feelings too.

2 2

Bug za $100k
by Dejan Ristanovic 01 Jun '20

01 Jun '20

https://www.forbes.com/sites/daveywinder/2020/05/31/apple-pays-hacker-10000… Apple Pays Hacker $100,000 For ‘Sign In With Apple’ Security Shocker <https://www.forbes.com/sites/daveywinder/> Davey WinderMay 31, 2020, <https://specials-images.forbesimg.com/imageserve/5ed38fb4b8ac0f00060078f1/9…> Sign in with Apple vulnerability could have enabled account takeovers ASSOCIATED PRESS When Apple announced Sign in with Apple at the June 2019 worldwide developers conference, it called it a " <https://www.apple.com/newsroom/2019/06/apple-previews-ios-13/> more private way to simply and quickly sign into apps and websites." The idea was, and still is, a good one: replace social logins that can be used to collect personal data with a secure authentication system backed by Apple's promise not to profile users or their app activity. One of the plus points that got a lot of attention at the time was the ability for a user to sign up with third-party apps and services without needing to disclose their Apple ID email address. Unsurprisingly, it has been pushed as being a more privacy-oriented option than using your Facebook or Google account. Fast forward to April 2020, and a security researcher from Delhi uncovered a critical Sign in with Apple vulnerability that could allow an attacker to potentially take over an account with just an email ID. A critical vulnerability that was deemed important enough that Apple paid him $100,000 (£81,000) through its <https://www.forbes.com/sites/daveywinder/2019/12/20/apple-confirms-iphone-h…> bug bounty program by way of a reward. <https://www.forbes.com/sites/daveywinder/2020/05/29/these-incredible-100-mi…> MORE FROM FORBESThese Hackers Have Made $100 Million And Could Earn $1 Billion By 2025By Davey Winder With the vulnerability already now patched by Apple on the server-side, <https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/> Bhavuk Jain published his disclosure of the security shocker on May 30. Although the vulnerability related only to third-party apps which used Sign in with Apple without taking any further security measures, it's shocking for two reasons. Firstly as it could have allowed a full takeover of the user accounts of those applications regardless of the victim using a valid Apple ID email or not. Secondly, and potentially even more of a shocker, because Apple didn't catch this critical security flaw itself during development. <https://www.forbes.com/sites/daveywinder/2020/05/30/24k-gold-plated-iphone-…> MORE FROM FORBES24K Gold Plated iPhone Seller Sues Apple For $2.6 BillionBy Davey Winder I'm not going to go into the technical detail of how this vulnerability could have been exploited here as, frankly, it will go over the heads of all but the geekiest of readers. Take a look at the full disclosure if you want a deep dive into it all. The long and short of it being that Jain found he could request authentication tokens for any email ID from Apple, which would then be verified using Apple's public key and, as such, determined as being valid. An attacker could, therefore, forge a token linked to any email ID and gain access to the victim's account using it. Hiding your email ID from the third-party app wouldn't have prevented this exploit. That said, it's important to note that Jain said Apple carried out an internal investigation and determined that no account compromises or misuse had occurred before the vulnerability was fixed. <https://www.forbes.com/sites/daveywinder/2020/05/24/apple-ios-135-hacked-ze…> MORE FROM FORBESApple iOS 13.5 Hacked: Zero-Day Flaw Exploited By iPhone JailbreakersBy Davey Winder I spoke to Sean Wright, SME application security lead at ImmersiveLabs, regarding the vulnerability which he describes as being "a significant flaw." Wright also says that he "would have expected better testing around this from a company such as Apple, especially when it is trying to set itself a reputation as privacy-focused." I have asked Apple for a statement regarding this issue and will update the article if one is forthcoming. Sent from my iPad 2018

1 0

FW: Povratak NEO2 | Saopštenje za medije
by Ksenija Kostić [PC Press] 01 Jun '20

01 Jun '20

Za objavu _________ Ksenija Kostić Marketing <http://www.pcpress.rs/> www.pcpress.rs PC Press | Osmana Đikića 4 | 11000 Beograd | Srbija Tel: +381 11 2080-220 | Mob: +381 63 125 00 26 From: Vip mobile - Komunikacije [mailto:Komunikacije@vipmobile.rs] Sent: 01 June 2020 13:36 Subject: Povratak NEO2 | Saopštenje za medije Drage kolege, Vraćaju se dobre stvari. Nezaboravni trenuci sa prijateljima. Odlazak u kancelariju. Kafa u omiljenom kafiću. Boravak u prirodi. Dugi zagrljaji. U želji da ovog leta omogući svima da da svoje planove sprovedu u delo, Vip vraća Vip NEO2 tarifu <https://www.vipmobile.rs/privatni/ponuda/postpaid> Više informacija o ovoj temi i nekoliko fotografija, možete pronaći u prilogu. Za sve dodatno ostajemo na raspolaganju. Veliki pozdrav, Korporativne komunikacije Vip | član A1 Telekom Austrija Grupe telefon: +381 11 225 3010 fax: +381 11 225 3002 e-mail: <mailto:komunikacije@vipmobile.rs> komunikacije(a)vipmobile.rs web: <http://www.vipmobile.rs/> www.vipmobile.rs Vip mobile d.o.o. | Milutina Milankovića 1ž | 11070 Novi Beograd | Srbija

1 0

COVID: The Outbreak on Steam
by Dejan Ristanovic 31 May '20

31 May '20

Ladno su izbacili COVID-19 igru :) https://store.steampowered.com/app/1287000/COVID_The_Outbreak/ Evo prilike da pokažete da bi vaša strategija borbe protiv epidemije pobedila ;)

1 0

FW: Critical Android flaw
by Dejan Ristanovic 31 May '20

31 May '20

From: Dejan Ristanovic <dejan(a)ristanovic.com> Sent: Sunday, May 31, 2020 1:58 PM To: klub(a)lists.matematicka.com Subject: Critical Android flaw https://www.welivesecurity.com/2020/05/27/critical-android-flaw-lets-attack… Critical Android flaw lets attackers hijack almost any app, steal data <https://www.welivesecurity.com/author/aowaida/> Amer Owaida27 May 2020 - 05:16PM Researchers have found a critical flaw that affects nearly all devices running Android 9.0 or older, which implies that <https://9to5google.com/2020/04/10/google-kills-android-distribution-numbers…> over 90% of Android users could be vulnerable. If exploited, the security hole allows hackers to hijack almost any app and steal victims’ sensitive data, according to researchers at Promon, who uncovered the vulnerability and dubbed it <https://promon.co/strandhogg-2-0/> StrandHogg 2.0. The good news is that malware exploiting the vulnerability has not been observed in the wild. Importantly, Google provided a patch to Android device makers in April 2020, with the fix – for Android versions 8.0, 8.1 and 9.0 – being rolled out to the public as part of the <https://source.android.com/security/bulletin/2020-05-01> latest assortment of monthly security updates throughout this month. Promon notified Google about the vulnerability in early December 2019. Indexed as <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0096> CVE-2020-0096, the elevation of privilege flaw resides in the Android system component and can be abused through a method called reflection that allows malicious apps to impersonate legitimate applications while the victim is none the wiser. As a result, once a malicious app is downloaded and installed on a vulnerable device, an attacker could steal the victim’s access credentials, record conversations, track their movements via GPS, or access stored data such as photos or messages. Let’s say a malicious app sneaks into your device and you click on a legit app that requires your access credentials. Instead of that app, however, the data-stealing overlay is displayed. You go on to enter your credentials and those are immediately transferred to the criminal, who now has control of this app. It isn’t just the credentials that are at risk – the app can hijack permissions that are being granted to apps, notably access to the GPS, microphone, or camera. Most apps are vulnerable to the attack by default. The research team pointed out that compared to StrandHogg, its “less evil twin”, the newly-disclosed flaw is much more difficult to detect because of its code-based execution. Also, it can also “dynamically attack nearly any app on a given device simultaneously at the touch of a button”, whereas StrandHogg could only attack apps one at a time. Promon theorizes that cybercriminals would probably exploit both vulnerabilities in unison since they can attack devices in different ways, while at the same time many measures used to mitigate one vulnerability cannot be applied to the other. To protect yourself against StrandHogg 2.0, you should update your Android device to the latest available OS version. Generally speaking, it’s also important to have a reputable mobile security solution in place and to be very cautious about installing apps from outside Google Play. Sent from my iPad 2018

1 0

FW: ITS objava na sajtu PC PRESS
by Ksenija Kostić [PC Press] 21 May '20

21 May '20

Zamoliću za objavu odmah :) Javite mi ko će…. _________ Ksenija Kostić Marketing <http://www.pcpress.rs/> www.pcpress.rs PC Press | Osmana Đikića 4 | 11000 Beograd | Srbija Tel: +381 11 2080-220 | Mob: +381 63 125 00 26 From: Anđela Veljković [mailto:andjela.veljkovic@link.co.rs] Sent: 21 May 2020 12:23 To: Ksenija Kostić | PC Press <ksenija(a)pcpress.rs> Subject: ITS objava na sajtu PC PRESS Draga Ksenija, Zamolila bih, ukoliko ima mogućnosti, da nam objavite ITS text besplatno na vašem sajtu. U pitanju je objava za besplatne prijemne ispite. Unapred se zahvaljujem. Srdačan pozdrav, Anđela <http://www.link.co.rs/sites/default/files/link_group_logo.png> Anđela Veljković Marketing Assistant +381.11.4011.240 <http://www.link-group.eu/> www.link-group.eu The information transmitted is intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient - without the sender's explicit permission - is prohibited. The sender is neither liable for the proper transmission of this communication nor for any delay in its receipt.

2 2

2026

2025

2024

2023

2022

2021

2020

2019

2018

Webteam