Discord is testing the feature: “We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our … Read More “Age Verification Using Facial Scans” »
Author: infossl
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common … Read More “CVE Program Almost Unfunded” »
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. Powered by WPeMatico
Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and … Read More “AI Vulnerability Finding” »
Neiman Lab has some good advice on how to leak a story to a journalist. Powered by WPeMatico
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that … Read More “Arguing Against CALEA” »
In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories … Read More “DIRNSA Fired” »
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading. Powered by WPeMatico