infossl – SSL and internet security news

Security Analysis of a Thirteenth-Century Venetian Election Protocol

December 6, 2023 infossl

academic papers, cybersecurity, history of security, italy, protocols, Security technology, Uncategorized, voting

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader … Read More “Security Analysis of a Thirteenth-Century Venetian Election Protocol” »

AI and Mass Spying

December 5, 2023 infossl

artificial intelligence, espionage, privacy, Security technology, surveillance, Uncategorized

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents … Read More “AI and Mass Spying” »

AI and Trust

December 4, 2023 infossl

artificial intelligence, essays, Liars and Outliers, regulation, Security technology, trust, Uncategorized

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted … Read More “AI and Trust” »

Friday Squid Blogging: Strawberry Squid in the Galápagos

December 1, 2023 infossl

Security technology, squid, Uncategorized

Scientists have found Strawberry Squid, “whose mismatched eyes help them simultaneously search for prey above and below them,” among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. … Read More “Friday Squid Blogging: Strawberry Squid in the Galápagos” »

AI Decides to Engage in Insider Trading

December 1, 2023 infossl

academic papers, artificial intelligence, cheating, deception, insiders, LLM, Security technology, Uncategorized

A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter. Second, the agent attempts and fails … Read More “AI Decides to Engage in Insider Trading” »

Extracting GPT’s Training Data

November 30, 2023 infossl

academic papers, artificial intelligence, ChatGPT, cyberattack, machine learning, Security technology, Uncategorized

This is clever: The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds (complete transcript here). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens … Read More “Extracting GPT’s Training Data” »

Breaking Laptop Fingerprint Sensors

November 29, 2023 infossl

authentication, biometrics, fingerprints, identification, reports, Security technology, sensors, Uncategorized, vulnerabilities

They’re not that good: Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface … Read More “Breaking Laptop Fingerprint Sensors” »

Digital Car Keys Are Coming

November 28, 2023 infossl

cars, keys, Security technology, smartphones, transportation, Uncategorized

Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security. Powered by WPeMatico

Secret White House Warrantless Surveillance Program

November 27, 2023 infossl

att, law enforcement, nsa, privacy, Security technology, surveillance, Uncategorized

There seems to be no end to warrantless surveillance: According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected … Read More “Secret White House Warrantless Surveillance Program” »

Apple to Add Manual Authentication to iMessage

November 22, 2023 infossl

apple, authentication, iphone, Security technology, Uncategorized

Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they … Read More “Apple to Add Manual Authentication to iMessage” »