To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may … Read More “Defending Democracies Against Information Attacks” »
Month: April 2019
Someone is stealing millions of dollars worth of Ethereum by guessing users’ private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here. Powered by WPeMatico
Pioneer DJ has a new sequencer: the Toraiz SQUID: Sequencer Inspirational Device. The 16-track sequencer is designed around jamming and performance with a host of features to create “happy accidents” and trigger random sequences, modulations and chords. There are 16 RGB pads for playing in your melodies and beats, and up to 64 patterns per … Read More “Friday Squid Blogging: Toraiz SQUID Digital Sequencer” »
Business Weekly in Taiwan interviewed me. (Here’s a translation courtesy of Google.) It was a surprisingly intimate interview. I hope the Chinese reads better than the translation. Powered by WPeMatico
Cyberattacks don’t magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the “cybersecurity kill chain“: a way of thinking about cyber defense in terms of disrupting the attacker’s process. On a similar note, it’s … Read More “Towards an Information Operations Kill Chain” »
Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here’s the research paper. Powered by WPeMatico
A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing. Powered by WPeMatico
From a G7 meeting of interior ministers in Paris this month, an “outcome document“: Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, … Read More “G7 Comes Out in Favor of Encryption Backdoors” »
This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security — and the security of complex socio-technical systems in … Read More “Excellent Analysis of the Boeing 737 MAX Software Problems” »
There’s a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico