Category: academic papers

Auto Added by WPeMatico

Exploiting Mistyped URLs

Posted on By infossl
academic papers, browsers, Security technology, Uncategorized

Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and … Read More “Exploiting Mistyped URLs” »

Privacy Implications of Tracking Wireless Access Points

Posted on By infossl
academic papers, geolocation, privacy, Security technology, Uncategorized, Wi-Fi

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location … Read More “Privacy Implications of Tracking Wireless Access Points” »

On the Zero-Day Market

Posted on By infossl
academic papers, cyberespionage, Security technology, spyware, Uncategorized, zero-day

New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work … Read More “On the Zero-Day Market” »

New Attack Against Self-Driving Car AI

Posted on By infossl
academic papers, artificial intelligence, cars, cyberattack, Security technology, side-channel attacks, Uncategorized

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the … Read More “New Attack Against Self-Driving Car AI” »

Dan Solove on Privacy Regulation

Posted on By infossl
academic papers, gdpr, privacy, Security technology, Uncategorized

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious. … Read More “Dan Solove on Privacy Regulation” »

Licensing AI Engineers

Posted on By infossl
academic papers, artificial intelligence, ethics, Security technology, trust, Uncategorized

The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers. This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to … Read More “Licensing AI Engineers” »

A Taxonomy of Prompt Injection Attacks

Posted on By infossl
academic papers, artificial intelligence, hacking, LLM, Security technology, Uncategorized

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ … Read More “A Taxonomy of Prompt Injection Attacks” »

On Software Liabilities

Posted on By infossl
academic papers, cybersecurity, Security technology, software liability, Uncategorized, vulnerabilities

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” Section 1 of this paper sets the stage by briefly describing the problem to be solved. Section 2 canvasses the different fields of law (warranty, … Read More “On Software Liabilities” »

Teaching LLMs to Be Deceptive

Posted on By infossl
academic papers, deception, LLM, Security technology, Uncategorized

Interesting research: “Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training“: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove … Read More “Teaching LLMs to Be Deceptive” »