infossl – Page 48 – SSL and internet security news

Security and Human Behavior (SHB) 2023

June 16, 2023 infossl

conferences, cybersecurity, security conferences, Security technology, Uncategorized

I’m just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees … Read More “Security and Human Behavior (SHB) 2023” »

On the Need for an AI Public Option

June 14, 2023 infossl

artificial intelligence, essays, LLM, Security technology, Uncategorized

Artificial intelligence will bring great benefits to all of humanity. But do we really want to entrust this revolutionary technology solely to a small group of US tech companies? Silicon Valley has produced no small number of moral disappointments. Google retired its “don’t be evil” pledge before firing its star ethicist. Self-proclaimed “free speech absolutist” … Read More “On the Need for an AI Public Option” »

Identifying the Idaho Killer

June 13, 2023 infossl

Security technology, Uncategorized

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in … Read More “Identifying the Idaho Killer” »

AI-Generated Steganography

June 12, 2023 infossl

academic papers, artificial intelligence, cryptography, encryption, Security technology, steganography, Uncategorized

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models … Read More “AI-Generated Steganography” »

Friday Squid Blogging: Light-Emitting Squid

June 9, 2023 infossl

Security technology, squid, Uncategorized

It’s a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid, they are adorned with light organs called photophores. They have some on the underside of their mantle. There are more facing upward, near one of their eyes. But it’s the photophores at the tip of … Read More “Friday Squid Blogging: Light-Emitting Squid” »

Operation Triangulation: Zero-Click iPhone Malware

June 9, 2023 infossl

exploits, forensics, ios, iphone, malware, Security technology, Uncategorized

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted … Read More “Operation Triangulation: Zero-Click iPhone Malware” »

Paragon Solutions Spyware: Graphite

June 8, 2023 infossl

israel, national security policy, Security technology, spyware, Uncategorized

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval: American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the … Read More “Paragon Solutions Spyware: Graphite” »

How Attorneys Are Harming Cybersecurity Incident Response

June 7, 2023 infossl

academic papers, breaches, cybersecurity, incident response, insurance, Security technology, Uncategorized

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders … Read More “How Attorneys Are Harming Cybersecurity Incident Response” »

Snowden Ten Years Later

June 6, 2023 infossl

Edward Snowden, essays, history of security, nsa, privacy, Security technology, surveillance, Uncategorized

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared … Read More “Snowden Ten Years Later” »

The Software-Defined Car

June 5, 2023 infossl

cars, cybersecurity, hacking, Security technology, Uncategorized

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage … Read More “The Software-Defined Car” »