November 2023 – Page 2 – SSL and internet security news

Leaving Authentication Credentials in Public Code

November 16, 2023 infossl

credentials, Security technology, Uncategorized, vulnerabilities

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained … Read More “Leaving Authentication Credentials in Public Code” »

New SSH Vulnerability

November 15, 2023 infossl

academic papers, cryptography, Security technology, signatures, ssh, Uncategorized, vulnerabilities

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that … Read More “New SSH Vulnerability” »

Ten Ways AI Will Change Democracy

November 13, 2023 infossl

artificial intelligence, laws, LLM, Security technology, Uncategorized

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how … Read More “Ten Ways AI Will Change Democracy” »

Friday Squid Blogging: The History and Morality of US Squid Consumption

November 10, 2023 infossl

Security technology, squid, Uncategorized

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

The Privacy Disaster of Modern Smart Cars

November 10, 2023 infossl

cars, EULA, privacy, Security technology, Uncategorized

Article based on a Mozilla report. Powered by WPeMatico

Online Retail Hack

November 9, 2023 infossl

A Hacker's Mind, fraud, hacking, noncomputer hacks, retail, Security technology, Uncategorized

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.” Many of the minuscule objects aren’t clearly advertised. […] But there is no doubt some online … Read More “Online Retail Hack” »

Decoupling for Security

November 8, 2023 infossl

cloud computing, computer security, privacy, Security technology, Uncategorized

This is an excerpt from a longer paper. You can read the whole thing (complete with sidebars and illustrations) here. Our message is simple: it is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline … Read More “Decoupling for Security” »

Spaf on the Morris Worm

November 7, 2023 infossl

computer security, history of computing, history of security, malware, Security technology, Uncategorized

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988—35 years ago. His lessons from then are still applicable today. Powered by WPeMatico

Crashing iPhones with a Flipper Zero

November 6, 2023 infossl

apple, bluetooth, denial of service, hacking, iphone, Security technology, Uncategorized

The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilities generally required expensive SDRs—short for software-defined … Read More “Crashing iPhones with a Flipper Zero” »

Friday Squid Blogging: Eating Dancing Squid

November 3, 2023 infossl

Security technology, squid, Uncategorized

It’s not actually alive, but it twitches in response to soy sauce. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico