cybersecurity – Page 2 – SSL and internet security news

Providing Security Updates to Automobile Software

July 30, 2024 infossl

books, cars, cybersecurity, Security technology, software, Uncategorized

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them. … Read More “Providing Security Updates to Automobile Software” »

Apple Is Alerting iPhone Users of Spyware Attacks

July 11, 2024 infossl

apple, cybersecurity, iphone, Security technology, spyware, Uncategorized

Not a lot of details: Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April. Powered by WPeMatico

Using LLMs to Exploit Vulnerabilities

June 17, 2024 infossl

academic papers, artificial intelligence, cyberattack, cybersecurity, LLM, Security technology, Uncategorized, vulnerabilities, zero-day

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are … Read More “Using LLMs to Exploit Vulnerabilities” »

Security and Human Behavior (SHB) 2024

June 7, 2024 infossl

conferences, cybersecurity, security conferences, Security technology, Uncategorized

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, … Read More “Security and Human Behavior (SHB) 2024” »

IBM Sells Cybersecurity Group

May 20, 2024 infossl

cybersecurity, ibm, Resilient Systems, Security technology, Uncategorized

IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar. That was what seemed to … Read More “IBM Sells Cybersecurity Group” »

Microsoft and Security Incentives

April 23, 2024 infossl

cybersecurity, incentives, microsoft, national security policy, Security technology, Uncategorized

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue … Read More “Microsoft and Security Incentives” »

Backdoor in XZ Utils That Almost Happened

April 11, 2024 infossl

backdoors, cybersecurity, economics of security, hacking, linux, malware, open source, Security technology, social engineering, ssh, Uncategorized

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces … Read More “Backdoor in XZ Utils That Almost Happened” »

In Memoriam: Ross Anderson, 1956-2024

April 10, 2024 infossl

cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering, Security technology, Uncategorized

Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version. Powered by WPeMatico

xz Utils Backdoor

April 2, 2024 infossl

backdoors, cybersecurity, hacking, malware, open source, Security technology, social engineering, Uncategorized

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica: Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the … Read More “xz Utils Backdoor” »

Ross Anderson

April 1, 2024 infossl

cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering, Security technology, Uncategorized

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created … Read More “Ross Anderson” »