A group of scientists conclude that it’s shifting weather patterns and ocean conditions. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Month: August 2019
Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that’s not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn’t imagine that they would be necessary. The … Read More “Attacking the Intel Secure Enclave” »
Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in … Read More “AI Emotion-Detection Arms Race” »
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »
Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about. Powered by WPeMatico
It’s always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. The vulnerability present in Squid 4.0.23 through 4.7 is caused … Read More “Friday Squid Blogging: Vulnerabilities in Squid Server” »
There was a DefCon talk by someone with the vanity plate “NULL.” The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn’t fix the issue and new NULL tickets are still showing up. The unanswered question is: … Read More “License Plate “NULL”” »
From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras — the same dash and rearview cameras … Read More “Modifying a Tesla to Become a Surveillance Platform” »
There’s no indication that this vulnerability was ever used in the wild, but the code it was discovered in — Microsoft’s Text Services Framework — has been around since Windows XP. Powered by WPeMatico
Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal … Read More “Surveillance as a Condition for Humanitarian Aid” »