infossl – Page 6 – SSL and internet security news

Regulating AI Behavior with a Hypervisor

April 23, 2025 infossl

academic papers, AI, physical security, Security technology, threat models, Uncategorized

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats … Read More “Regulating AI Behavior with a Hypervisor” »

Android Improves Its Security

April 22, 2025 infossl

android, cybersecurity, iphone, Security technology, smartphones, Uncategorized

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones. Powered by WPeMatico

Friday Squid Blogging: Live Colossal Squid Filmed

April 18, 2025 infossl

Security technology, squid, Uncategorized

A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico

CVE Program Almost Unfunded

April 16, 2025 infossl

cybersecurity, dhs, national security policy, Security technology, Uncategorized, vulnerabilities

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common … Read More “CVE Program Almost Unfunded” »

Slopsquatting

April 15, 2025 infossl

AI, LLM, malware, Security technology, Uncategorized

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. Powered by WPeMatico

Friday Squid Blogging: Squid and Efficient Solar Tech

April 11, 2025 infossl

Security technology, squid, Uncategorized

Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico

AI Vulnerability Finding

April 11, 2025 infossl

AI, microsoft, Security technology, Uncategorized, vulnerabilities

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and … Read More “AI Vulnerability Finding” »

How to Leak to a Journalist

April 9, 2025 infossl

leaks, Security technology, Uncategorized, whistleblowers

Neiman Lab has some good advice on how to leak a story to a journalist. Powered by WPeMatico

Arguing Against CALEA

April 8, 2025 infossl

CALEA, cybersecurity, eavesdropping, national security policy, Security technology, telecom, Uncategorized

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that … Read More “Arguing Against CALEA” »