September 2023 – Page 2 – SSL and internet security news

Zero-Click Exploit in iPhones

September 13, 2023 infossl

apple, exploits, ios, iphone, Security technology, spyware, Uncategorized, vulnerabilities

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect … Read More “Zero-Click Exploit in iPhones” »

Cars Have Terrible Data Privacy

September 12, 2023 infossl

cars, data protection, privacy, Security technology, Uncategorized

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post. … Read More “Cars Have Terrible Data Privacy” »

On Robots Killing People

September 11, 2023 infossl

artificial intelligence, cars, regulation, robotics, Security technology, Uncategorized

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move things along. The one-ton robot … Read More “On Robots Killing People” »

Friday Squid Blogging: Glass Squid Video

September 9, 2023 infossl

Security technology, squid, Uncategorized

Here’s a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

LLMs and Tool Use

September 9, 2023 infossl

artificial intelligence, essays, LLM, Security technology, Uncategorized

Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of APIs—tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room—into a compendium that would be made accessible to large language models (LLMs). This was … Read More “LLMs and Tool Use” »

The Hacker Tool to Get Personal Data from Credit Bureaus

September 7, 2023 infossl

cybercrime, data collection, doxing, finance, law enforcement, Security technology, Uncategorized

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header. This is personal information that the … Read More “The Hacker Tool to Get Personal Data from Credit Bureaus” »

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

September 6, 2023 infossl

cryptocurrency, encryption, keys, Security technology, Uncategorized

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea. Powered by WPeMatico

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

September 5, 2023 infossl

academic papers, Security technology, Uncategorized, vulnerabilities

Interesting research: Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) … Read More “Inconsistencies in the Common Vulnerability Scoring System (CVSS)” »

Friday Squid Blogging: We’re Genetically Engineering Squid Now

September 1, 2023 infossl

Security technology, squid, Uncategorized

Is this a good idea? The transparent squid is a genetically altered version of the hummingbird bobtail squid, a species usually found in the tropical waters from Indonesia to China and Japan. It’s typically smaller than a thumb and shaped like a dumpling. And like other cephalopods, it has a relatively large and sophisticated brain. … Read More “Friday Squid Blogging: We’re Genetically Engineering Squid Now” »

Spyware Vendor Hacked

September 1, 2023 infossl

activism, brazil, hacking, Security technology, spyware, Uncategorized, vulnerabilities

A Brazilian spyware app vendor was hacked by activists: In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws in the spyware maker’s web dashboard—used by abusers to access the … Read More “Spyware Vendor Hacked” »