High standards, attention to detail, and self-control are invaluable qualities at work. Theyre also aspects of perfectionism, something to which many high achievers credit much of their success. But Ellen Hendriksen, clinical psychologist at Boston Universitys Center for Anxiety and Related Disorders, says being your own worst critic can also lead to constant dissatisfaction at work and alienation from coworkers.In a recent episode of the HBR IdeaCast, clinical psychologist Ellen Hendriksen shared insights from her book How to Be Enough: Self-Acceptance for Self-Critics and Perfectionists. The podcast explores the concept of perfectionism, its impact on our lives and work, and how to manage it in a healthier way, with Hendriksen arguing that perfectionism isnt just about striving for excellence but is rooted in the belief of never being good enough.Hendriksens advice on overcoming perfectionism offers value to architects and designers, where perfectionism can result in overworking, excessive revisions, and an inability to delegate tasks, from resolving a building design to producing drawings and reports. The tendency to conflate self-worth with professional output often leads to an all-or-nothing overvaluation mentality, Hendriksen argues, where even minor mistakes are perceived as failures. Hendriksen suggests that adopting a more balanced approach can improve productivity and well-...

Phoenix Labs, the studio behind titles like Dauntless and Fae Farm, has announced that it has laid off most of its employees. The studio made the announcement through a post on LinkedIn, where it called the layoffs unfortunate but necessary.Today is another difficult day at Phoenix Labs, says the announcement. We have made the tough decision to part ways with the majority of the studio as part of unfortunate but necessary changes to our operations.We recognize and deeply appreciate the contributions of every individual impacted. Their talent, dedication, and creativity have left an indelible mark on our company and our games.The studio hasnt revealed details on exactly how many of its employees were let go, nor has it announced future plans for Dauntless or Fae Farm. Its statement did mention that more details about the two titles will be announced in the coming weeks, however.To our industry peers, we encourage you to reach out to these exceptional individuals they are some of the best in the business, wrote the studio.The move has followed a similar round of layoffs back in May 2024, where the studio also cancelled several unannounced projects that were being developed at the time. The decision was made back then for Phoenix Labs to focus more on live service titles. At the time, reports indicated that more than 100 developers would be part of the layoffs.The move follows a massive drop in the player base for Dauntless, which essentially scrapped its entire original design philosophy of trying to be a new take on the Monster Hunter genre. Changes made to the title brought it more in line with an action RPG where monsters wouldnt be the big bosses that the title was originally well-regarded for.The changes made to Dauntless were described by Phoenix Labs as being part of an attempt to create a strong foundation on which continuous development would take place as part of a new seasonal content model. Since this update, however, player feedback has been incredibly negative. For context, at the time of writing, Dauntless sits at a review aggregate of Mostly Negative for recent reviews, and Overwhelmingly Negative for all reviews.Fae Farm, in contrast, seems to have avoided the studios live service ambitions, with its player base still enjoying the title. On Steam, this amounts to Very Positive ratings, both for recent reviews and all reviews.

Hogwarts Legacy will receive a free update on January 30th, adding mod support for the PC version. In addition, Avalanche Software outlined how the Hogwarts Legacy Creator Kit allows players to create and share mods. Check out the trailer below.The kit is free on the Epic Games Store and allows the creation of new quests, cosmetics (like beards), skins, and even dungeons. Some examples showcased include an endless dungeon with hidden pathways called the Dungeon of Doom, a new fetch quest for magical creatures, and even a dragon mount.To access mods, youll need a Warner Bros. Games account and link it to Steam or the Epic Games Store. You can browse mods in-game with CurseForge handling the hosting and moderation. Stay tuned for more details when it goes live.Hogwarts Legacy is available for PC, PS4, Xbox One, Xbox Series X/S, PS5, and Nintendo Switch. Check out our review here. A sequel is currently in development, though a release window has yet to be announced.

Taipei Game Show 2025 breaks attendance record with 370,000 visitors | News-in-briefIts B2B zone attracted over 1,800 people from 43 countries, held nearly 2,000 meeting sessionsImage credit: Taipei Game Show News by Sophie McEvoy Staff Writer Published on Jan. 28, 2025 This is a News-in-brief article, our short format linking to an official source for more information. Read more about this story by following the link below:Taipei Game Show 2025 breaks attendance record with 370,000 visitors

Phoenix Labs lays off "majority" of workforceDeveloper said decision was due to an "unfortunate but necessary" change in operationsImage credit: Phoenix Labs News by Sophie McEvoy Staff Writer Published on Jan. 28, 2025 Vancouver-based developer Phoenix Labs has laid off the "majority" of its staff.In a post shared on LinkedIn, it said the decision was made "as part of unfortunate but necessary changes to [its] operations.""We recognise and deeply appreciate the contributions of every individual impacted," the developer wrote. "Their talent, dedication, and creativity have left an indelible mark on our company and games."Phoenix Labs said the future of its games, Dauntless and Fae Farm, are uncertain and that it would share "more details in the coming weeks.""For now, our focus is on supporting those affected through this transition," it concluded.Last May, 140 employees were reportedly let go from the developer. According to former principal engineer Kris Morness, Phoenix Labs was acquired by blockchain platform Forte over a year ago which "cancelled all projects in development."This followed a round of layoffs in December 2023, which affected 34 workers across the developers' publishing, HR, IT, and shared services divisions. Phoenix Labs also cut 9% of its workforce in May 2023.

While shock at yesterdays DeepSeek news saw the stock prices of many tech giants fall, AAPL climbed 3.25% across the course of the day.Experts yesterday expressed amazement at the Chinese companys AI model being on a par with US chatbots like ChatGPT, Gemini, and Llama despite being developed for a fraction of the cost and running on far lower-spec hardware DeepSeeks achievement cannot be over-statedDeepSeek is an AI chatbot developed in China, and which posted benchmarks indicating that its performance was comparable to the worlds best existing models. Experts quickly verified the claims, expressing shock that China was able to achieve this at a fraction of the development cost of US models, and running locally on very modestly-specced PCs.Many said that the scale of this achievement cannot be over-stated.The app quickly climbed to the #1 slot in Apples App Store.Sent US tech stocks tumblingThe biggest shock was how China was able to develop such a powerful AI model while US export controls limited the number of Nvidia GPUs it was able to purchase. We noted yesterday that chatbots from OpenAI, Google, and Anthropic usemore than half a millionof these, while DeepSeek was only able to obtain around 50,000 GPUs meaning its delivering comparable results with only 10% of the processing power.It was previously thought that there was a direct correlation between the number of Nvidia processors and AI performance, so evidence to the contrary saw Nvidia shares slump.The results sent a shockwave through markets on Monday, with Nvidia on course to lose more than $300bn of market value, the biggest recorded drop for any company, as investors reassessed the likely future investment in AI hardware.The share value of other US AI players like Microsoft and Meta similarly fell.ScreenshotBut AAPL climbed 3.25%There was, however, an exception to the trend: AAPL stock climbed 3.25% in the course of the day.Daring Fireballs John Gruber suggested that a key reason might be that it validates Apples approach of aiming to run as much AI stuff as it can on-device. Its own AI servers are the next recourse, with ChatGPT as fallback.There has been skepticism about just how many Apple Intelligence features can be powered by the companys own device chips, rather than having powerful servers do the lifting, but DeepSeek runs on rather ordinary PCs suggesting that Apples approach could be far more successful than anyone has so far imagined.A vast increase in the inference capabilities of RAM-constrained hardware strongly suggests that Apples consumer devices will soon be able to perform far more AI functionality locally.Whether or not hes correct about the impact on the share price, theres no arguing that Apples case for on-device processing just got way more credible.For more on DeepSeek, check out our latest 9to5Neural piece.Photo byJohn CamerononUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Skip to main contentApple @ Work PodcastApple @ Work Podcast: Should Apples certifications be free? Bradley C|Jan 28 2025 - 3:00 am PTApple @ Work is exclusively brought to you by Mosyle,the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost.Request your EXTENDED TRIALtoday and understand why Mosyle is everything you need to work with Apple.In this episode of Apple @ Work, I talk with long-time Apple admin Alan West about a host of topics, including the cost of Apples IT certifications, his history as a Mac admin, whats next for Apple and IT, and much more.Connect with BradleyListen and subscribeListen to Past EpisodesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel Featuredfrom 9to5Mac9to5Mac Logo Manage push notificationsAllPost

Jan 28, 2025Ravie LakshmananRansomware / Threat IntelligenceCybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar."ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia researchers Zhongyuan Hau (Aaron) and Ren Jie Yow said in a report published last week."Threat actors use these platforms by adopting 'living-off-the-land' techniques and using native tools like SSH to establish a SOCKS tunnel between their C2 servers and the compromised environment."In doing so, the idea is to blend into legitimate traffic and establish long-term persistence on the compromised network with little-to-no detection by security controls.The cybersecurity company said in many of its incident response engagements, ESXi systems were compromised either by using admin credentials or leveraging a known security vulnerability to get around authentication protections. Subsequently, the threat actors have been found to set up a tunnel using SSH or other tools with equivalent functionality."Since ESXi appliances are resilient and rarely shutdown unexpectedly, this tunneling serves as a semi-persistent backdoor within the network," the researchers noted.Sygnia has also highlighted the challenges in monitoring ESXi logs, emphasizing the need for configuring log forwarding to capture all relevant events in one place for forensic investigations.To detect attacks that involve the use of SSH tunneling on ESXi appliances, organizations have been recommended to review the below four log files -/var/log/shell.log (ESXi shell activity log) /var/log/hostd.log (Host agent log) /var/log/auth.log (authentication log) /var/log/vobd.log (VMware observer daemon log) Andariel Employs RID HijackingThe development comes as the AhnLab Security Intelligence Center (ASEC) detailed an attack mounted by the North Korea-linked Andariel group that involves the use of a technique known as Relative Identifier (RID) hijacking to covertly modify the Windows Registry to assign a guest or low privileged account administrative permissions during the next login.The persistence method is sneaky in that it takes advantage of the fact that regular accounts are not subjected to the same level of surveillance as the administrator account, thereby allowing threat actors to perform malicious actions while remaining undetected.However, in order to perform RID hijacking, the adversary must have already compromised a machine and gained administrative or SYSTEM privileges, as it requires changing the RID value of the standard account to that of the Administrator account (500).In the attack chain documented by ASEC, the threat actor is said to have created a new account and assigned it administrator privileges using this approach, after obtaining SYSTEM privileges themselves using privilege escalation tools such as PsExec and JuicyPotato."The threat actor then added the created account to the Remote Desktop Users group and Administrators group using the 'net localgroup' command," the company said. "When an account is added to the Remote Desktop Users group, the account can be accessed by using RDP.""Once the RID value has been changed, the Windows OS recognizes the account created by the threat actor as having the same privileges as the target account, enabling privilege escalation."New Technique for EDR EvasionIn related news, it has also been discovered that an approach based on hardware breakpoints could be leveraged to bypass Event Tracing for Windows (ETW) detections, which provides a mechanism to log events raised by user-mode applications and kernel-mode drivers.This entails using a native Windows function called NtContinue, instead of SetThreadContext, to set debug registers and avoid triggering ETW logging and events that are parsed by EDRs to flag suspicious activity, thereby getting around telemetry that relies on SetThreadContext."By leveraging hardware breakpoints at the CPU level, attackers can hook functions and manipulate telemetry in userland without direct kernel patching challenging traditional defenses," Praetorian researcher Rad Kawar said."This matters because it highlights a technique adversaries can use to evade and maintain stealth while implementing "patchless" hooks that prevent AMSI scanning and avoid ETW logging."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 28, 2025The Hacker NewsCybersecurity / EncryptionWhile passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them from being completely exposed in the event of a data breach and never stored in plaintext.This article examines how today's cyber attackers attempt to crack hashed passwords, explores common hashing algorithms and their limitations, and discusses measures you can take to protect your hashed passwords, regardless of which algorithm you are using.Modern password cracking techniquesMalicious actors have an array of tools and methods at their disposal for cracking hashed passwords. Some of the more widely used methods include brute force attacks, password dictionary attacks, hybrid attacks, and mask attacks.Brute force attacksA brute force attack involves excessive, forceful trial and error attempts to gain account access. Malicious actors employ specialized tools to systematically test password variations until a working combination is discovered. Although unsophisticated, brute force attacks are highly effective using password cracking software and high-powered computing hardware like graphics processing units (GPUs). Password dictionary attackAs its name implies, a password dictionary attack systematically draws words from a dictionary to brute force password variations until finding a working combination. The dictionary contents may contain every common word, specific word lists, and word combinations, as well as word derivatives and permutations with alphanumeric and non-alphanumeric characters (e.g., substituting an "a" with a "@"). Password dictionary attacks may also contain previously leaked passwords or key phrases exposed in data breaches.Hybrid attacksA hybrid password attack combines brute force with dictionary-based methods to achieve better attack agility and efficacy. For example, a malicious actor may use a dictionary word list of commonly used credentials with techniques that integrate numerical and non-alphanumeric character combinations.Mask attacksIn some cases, malicious actors may know of specific password patterns or parameters/requirements. This knowledge allows them to use mask attacks to reduce the number of iterations and attempts in their cracking efforts. Mask attacks use brute force to check password attempts that match a specific pattern (e.g., eight characters, start with a capital letter, and end with a number or special character).How hashing algorithms protect against cracking methodsHashing algorithms are a mainstay across a myriad of security applications, from file integrity monitoring to digital signatures and password storage. And while it's not a foolproof security method, hashing is vastly better than storing passwords in plaintext. With hashed passwords, you can ensure that even if cyber attackers gain access to password databases, they cannot easily read or exploit them.By design, hashing significantly hampers an attacker's ability to crack passwords, acting as a critical deterrent by making password cracking so time and resource intensive that attackers are likely to shift their focus to easier targets.Can hackers crack hashing algorithms? Because hashing algorithms are one-way functions, the only method to compromise hashed passwords is through brute force techniques. Cyber attackers employ special hardware like GPUs and cracking software (e.g., Hashcat, L0phtcrack, John The Ripper) to execute brute force attacks at scaletypically millions or billions or combinations at a time.Even with these sophisticated purpose-built cracking tools, password cracking times can vary dramatically depending on the specific hashing algorithm used and password length/character combination. For example, long, complex passwords can take thousands of years to crack while short, simple passwords can be cracked immediately.The following cracking benchmarks were all found by Specops on researchers on a Nvidia RTX 4090 GPU and used Hashcat software.MD5Once considered an industrial strength hashing algorithm, MD5 is now considered cryptographically deficient due to its various security vulnerabilities; that said, it remains one of the most widely used hashing algorithms. For example, the popular CMS Wordpress still uses MD5 by default; this accounts for approximately 43.7% of CMS-powered websites.With readily available GPUs and cracking software, attackers can instantly crack numeric passwords of 13 characters or fewer secured by MD5's 128-bit hash; on the other hand, an 11-character password consisting of numbers, uppercase/lowercase characters, and symbols would take 26.5 thousand years. SHA256The SHA256 hashing algorithm belongs to the Secure Hash Algorithm 2 (SHA-2) group of hashing functions designed by the National Security Agency (NSA) and released by the National Institute of Standards and Technology (NIST). As an update to the flawed SHA-1 algorithm, SHA256 is considered a robust and highly secure algorithm suitable for today's security applications. When used with long, complex passwords, SHA256 is nearly impenetrable using brute force methods an 11 character SHA256 hashed password using numbers, upper/lowercase characters, and symbols takes 2052 years to crack using GPUs and cracking software. However, attackers can instantly crack nine character SHA256-hashed passwords consisting of only numeric or lowercase characters.BcryptSecurity experts consider both SHA256 and bcrypt as sufficiently strong hashing algorithms for modern security applications. However, unlike SHA256, bcrypt bolsters its hashing mechanism by employing saltingby adding a random piece of data to each password hash to ensure uniqueness, bcrypt makes passwords highly resilient against dictionary or brute force attempts. Additionally, bcrypt employs a cost factor that determines the number of iterations to run the algorithm. This combination of salt and cost factoring makes bcrypt extremely resistant to dictionary and brute force attacks. A cyber attacker using GPUs and cracking software would take 27,154 years to crack an eight-character password consisting of numbers, uppercase/lowercase letters, and symbols hashed by bcrypt. However, numeric or lowercase-only bcrypt passwords under eight characters are trivial to crack, taking between a matter of hours to a few seconds to compromise.How do hackers get around hashing algorithms? Regardless of the hashing algorithm, the common vulnerability is short and simple passwords. Long, complex passwords that incorporate numbers, uppercase and lowercase letters, and symbols are the ideal formula for password strength and resilience. However, password reuse remains a significant issue; just one shared password, no matter how strong, stored in plaintext on a poorly secured website or service, can give cyber attackers access to sensitive accounts. Consequently, cyber attackers are more likely to obtain breached credentials and exposed password lists from the dark web rather than attempting to crack long, complex passwords secured with modern hashing algorithms. Cracking a long password hashed with bcrypt is virtually impossible, even with purpose-built hardware and software. But using a known compromised password is instant and effective. To protect your organization against breached passwords, Specops Password Policy continuously scans your Active Directory against a growing database of over 4 billion unique compromised passwords. Get in touch for a free trial. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Shaun Dippnall , Chief Delivery Officer and Head of Enterprise AI, Sand TechnologiesJanuary 28, 20253 Min ReadDimitar Omi via Alamy StockArtificial Intelligence has become a defining force of the 21st century, sparking debates about its role in shaping the future. While sometimes portrayed as a harbinger of dystopian automation, AI, when leveraged appropriately, can be a catalyst for profound, positive change.AIs ability to deliver a positive impact is not just a concept shared at tech shows or espoused by non-governmental organizations. The technology is already actively reshaping industries and addressing some of the worlds most pressing challenges.As the global water crisis threatens nearly two billion people with absolute scarcity by 2025, AI is proving to be a key player in smart water management. By deploying advanced data-driven solutions, AI is optimizing how we manage water resources, identifying innovative approaches to desalination, reducing environmental impacts by minimizing overflows, and ensuring that water utilities achieve maximum returns on infrastructure investments by optimizing maintenance and operations for improved longevity.In the telecommunications industry, AI is boosting network efficiency and informing how operators can expand access to underserved populations. For instance, one developing country leveraged AI to bring mobile network coverage to 95% of its population while saving $200 million in CapEx compared to a non-AI network planning approach.Related:This latter example shows how AI can be a vital contributor to bridging the digital divide. The scenario above, achieved on a national scale, expanded broadband to rural areas much like the United States is looking to improve broadband penetration through the BEAD program. This altruistic yet practical example demonstrates the power of AI to fuel economic development and enhance access to vital services like education and healthcare. And its not just theoretical; the results are already being felt.This is the impact of AI at its best -- transforming technological innovation into tangible societal progress.Amid the rapid pace of AI innovation, many companies, governments, and researchers have focused on technical possibilities rather than the positive realities of deploying AI at scale.AI holds immense potential to drive social equity and inclusion. Consider the water management scenario above. In regions facing severe water scarcity, AI has optimized resource management and reduced pollution, potentially saving millions of lives and improving the quality of life for vulnerable communities.In the broadband example, AI has helped bring education, telehealth, and employment services to underserved populations, acting as a great equalizer for many communities.Related:Yet AIs ability to benefit society is dependent upon the humans using it. AI, on its own, is neither unethical nor capitalistic. The key to tapping AIs power to generate positive impact lies in practitioners focusing on societys biggest challenges, identifying how AI can play a role in solving them, and implementing a robust governance framework to carefully monitor the project and ensure it stays on an ethical and greater good track.Having worked in AI and data science for a decade, we often encounter projects that we choose not to pursue. The power inherent in AI solutions compels us to look beyond the question of Can we do this? to a discussion about whether we should. AI can be deployed in many areas, and with great effect, so we prioritize projects that have a clear opportunity to benefit society.The path forward demands a concerted effort from companies, particularly those with the resources and influence, to lead by example. It also requires AI partners who share the vision of using AI for initiatives that deliver real, positive impact.In the end, the true measure of AI for social good wont be in what AI can do, but in how it helps build a future where technology enhances and equalizes the human experience. The choices we make today -- whether in deploying AI for water conservation or expanding digital access -- will define AIs trajectory in shaping and achieving that future.Related:About the AuthorShaun Dippnall Chief Delivery Officer and Head of Enterprise AI, Sand TechnologiesShaun Dippnall is chief delivery officer and head of enterprise AI at Sand Technologies, a global AI solutions company with expertise in enterprise and industrial AI, and data science. Shaun has worked with enterprise AI for more than a decade because of his passion to change the world.See more from Shaun Dippnall Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports