secrecy – SSL and internet security news

New Bluetooth Attack

December 8, 2023 infossl

authentication, bluetooth, cyberattack, man-in-the-middle attacks, secrecy, Security technology, Uncategorized, vulnerabilities

New attack breaks forward secrecy in Bluetooth. Three news articles: BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploiting four flaws in the session key derivation process, two of which are new, … Read More “New Bluetooth Attack” »

On the Poisoning of LLMs

May 25, 2023 infossl

academic papers, artificial intelligence, ChatGPT, hacking, secrecy, Security technology, snake oil, Uncategorized

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they … Read More “On the Poisoning of LLMs” »

Leaking Military Secrets on Gaming Discussion Boards

June 8, 2022 infossl

games, leaks, military, operational security, secrecy, Security technology, Uncategorized

People are leaking classified military information on discussion boards for the video game War Thunder to win arguments—repeatedly. Powered by WPeMatico

ICE Is a Domestic Surveillance Agency

May 11, 2022 infossl

national security policy, privacy, reports, secrecy, Security technology, surveillance, Uncategorized

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But … Read More “ICE Is a Domestic Surveillance Agency” »

Internet Voting in Puerto Rico

March 24, 2020 infossl

aclu, authentication, cybersecurity, internet, secrecy, Security technology, voting

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on … Read More “Internet Voting in Puerto Rico” »

Buying Used Voting Machines on eBay

November 1, 2018 infossl

ebay, secrecy, Security technology, securityengineering, voting

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines — those that were used in the 2016 election — are running Windows CE and have USB ports, along with other components, that make them even easier to … Read More “Buying Used Voting Machines on eBay” »

SpiderOak’s Warrant Canary Died

August 8, 2018 infossl

cloudcomputing, courts, nationalsecuritypolicy, secrecy, Security technology, transparency

BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. (Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear is what we would expect if SpiderOak … Read More “SpiderOak’s Warrant Canary Died” »

WPA3

July 12, 2018 infossl

passwords, secrecy, Security technology, securitystandards, wifi

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back … Read More “WPA3” »

Extracting Secrets from Machine Learning Systems

March 5, 2018 infossl

academicpapers, datamining, secrecy, Security technology

This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research … Read More “Extracting Secrets from Machine Learning Systems” »

Cabinet of Secret Documents from Australia

February 7, 2018 infossl

australia, control, laws, leaks, nationalsecuritypolicy, physicalsecurity, secrecy, Security technology

This story of leaked Australian government secrets is unlike any other I’ve heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys. They were purchased for … Read More “Cabinet of Secret Documents from Australia” »