Month: October 2023

Former Uber CISO Appealing His Conviction

Posted on By infossl
breaches, data breaches, ftc, regulation, Security technology, uber, Uncategorized

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have … Read More “Former Uber CISO Appealing His Conviction” »

Analysis of Intellexa’s Predator Spyware

Posted on By infossl
cyberweapons, privacy, Security technology, spyware, surveillance, Uncategorized

Amnesty International has published a comprehensive analysis of the Predator government spyware products. These technologies used to be the exclusive purview of organizations like the NSA. Now they’re available to every country on the planet—democratic, nondemocratic, authoritarian, whatever—for a price. This is the legacy of not securing the Internet when we could have. Powered by … Read More “Analysis of Intellexa’s Predator Spyware” »

Security Vulnerability of Switzerland’s E-Voting System

Posted on By infossl
blockchain, cybersecurity, malware, Security technology, switzerland, Uncategorized, voting

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Andrew Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has … Read More “Security Vulnerability of Switzerland’s E-Voting System” »

Coin Flips Are Biased

Posted on By infossl
academic papers, gambling, random numbers, Security technology, Uncategorized

Experimental result: Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Persi Diaconis. The model asserts that when people flip an … Read More “Coin Flips Are Biased” »

Bounty to Recover NIST’s Elliptic Curve Seeds

Posted on By infossl
backdoors, contests, cryptography, nist, random numbers, Security technology, Uncategorized

This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late ’90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed … Read More “Bounty to Recover NIST’s Elliptic Curve Seeds” »

Cisco Can’t Stop Using Hard-Coded Passwords

Posted on By infossl
cisco, passwords, Security technology, Uncategorized, vulnerabilities

There’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow … Read More “Cisco Can’t Stop Using Hard-Coded Passwords” »

Model Extraction Attack on Neural Networks

Posted on By infossl
academic papers, cryptanalysis, Security technology, Uncategorized

Adi Shamir et al. have a new model extraction attack on neural networks: Polynomial Time Cryptanalytic Extraction of Neural Network Models Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Thus, it is essential to determine the difficulty of extracting all the … Read More “Model Extraction Attack on Neural Networks” »

AI Risks

Posted on By infossl
artificial intelligence, essays, national security policy, regulation, Security technology, Uncategorized

There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them. The reality, … Read More “AI Risks” »

Deepfake Election Interference in Slovakia

Posted on By infossl
artificial intelligence, deep fake, Security technology, Uncategorized, voting

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was posted during a 48-hour moratorium ahead of the … Read More “Deepfake Election Interference in Slovakia” »

Political Disinformation and AI

Posted on By infossl
artificial intelligence, ChatGPT, disinformation, essays, propaganda, Security technology, social media, Uncategorized, voting

Elections around the world are facing an evolving threat from foreign actors, one that involves artificial intelligence. Countries trying to influence each other’s elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US presidential election. Over the next seven years, a number of countries—most … Read More “Political Disinformation and AI” »