Interesting paper by Lennart Maschmeyer: “The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations“: Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition. Underlying these expectations are broadly shared assumptions that information … Read More “The Limits of Cyber Operations in Wartime” »
Month: May 2022
Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, it’s nice to be back together in person. SHB is a small, annual, invitational workshop of people studying various … Read More “Security and Human Behavior (SHB) 2022” »
I agree; the diver deserved it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the … Read More “Malware-Infested Smart Card Reader” »
Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not random? You guessed … Read More “Manipulating Machine-Learning Systems through the Order of the Training Data” »
Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw … Read More “The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking” »
The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the … Read More “Forging Australian Driver’s Licenses” »
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
“Google Maps Adds Shortcuts through Houses of People Google Knows Aren’t Home Right Now.” Excellent satire. Powered by WPeMatico
Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which … Read More “Bluetooth Flaw Allows Remote Unlocking of Digital Locks” »