March 2024 – SSL and internet security news

Friday Squid Blogging: The Geopolitics of Eating Squid

March 29, 2024 infossl

Security technology, squid, Uncategorized

New York Times op-ed on the Chinese dominance of the squid industry: China’s domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the world at a competitive disadvantage, eroding international law governing … Read More “Friday Squid Blogging: The Geopolitics of Eating Squid” »

Lessons from a Ransomware Attack against the British Library

March 29, 2024 infossl

cyberattack, ransomware, reports, Security technology, Uncategorized

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. Powered by WPeMatico

Hardware Vulnerability in Apple’s M-Series Chips

March 28, 2024 infossl

apple, encryption, hardware, Security technology, side-channel attacks, Uncategorized

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, … Read More “Hardware Vulnerability in Apple’s M-Series Chips” »

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

March 27, 2024 infossl

cybersecurity, hacking, hotels, Internet of Things, locks, Security technology, Uncategorized, vulnerabilities

It’s pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker … Read More “Security Vulnerability in Saflok’s RFID-Based Keycard Locks” »

On Secure Voting Systems

March 26, 2024 infossl

cybersecurity, reports, Security technology, Uncategorized, voting

Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs. Hand-marked and hand-counted ballots remove the … Read More “On Secure Voting Systems” »

Licensing AI Engineers

March 25, 2024 infossl

academic papers, artificial intelligence, ethics, Security technology, trust, Uncategorized

The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers. This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to … Read More “Licensing AI Engineers” »

Friday Squid Blogging: New Species of Squid Discovered

March 22, 2024 infossl

Security technology, squid, Uncategorized

A new species of squid was discovered, along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Google Pays $10M in Bug Bounties in 2023

March 22, 2024 infossl

economics of security, google, Security technology, Uncategorized, vulnerabilities

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded … Read More “Google Pays $10M in Bug Bounties in 2023” »

Public AI as an Alternative to Corporate AI

March 21, 2024 infossl

artificial intelligence, LLM, Security technology, Uncategorized

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. It’s nothing I haven’t said here before, but for anyone who hasn’t read my longer essays on the topic, it’s a shorter introduction. The increasingly centralized control of AI is an ominous sign. When tech billionaires … Read More “Public AI as an Alternative to Corporate AI” »

Cheating Automatic Toll Booths by Obscuring License Plates

March 20, 2024 infossl

cars, cheating, Security technology, Uncategorized

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port … Read More “Cheating Automatic Toll Booths by Obscuring License Plates” »