Uncategorized – Page 39 – SSL and internet security news

The Inability to Simultaneously Verify Sentience, Location, and Identity

August 11, 2023 infossl

academic papers, identification, Security technology, trust, Uncategorized

Really interesting “systematization of knowledge” paper: “SoK: The Ghost Trilemma” Abstract: Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been … Read More “The Inability to Simultaneously Verify Sentience, Location, and Identity” »

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

August 10, 2023 infossl

cryptocurrency, keys, random numbers, Security technology, Uncategorized

Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild. Powered by WPeMatico

Using Machine Learning to Detect Keystrokes

August 9, 2023 infossl

machine learning, Security technology, side-channel attacks, smartphones, Uncategorized

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than … Read More “Using Machine Learning to Detect Keystrokes” »

You Can’t Rush Post-Quantum-Computing Cryptography Standards

August 8, 2023 infossl

cryptography, encryption, national security policy, nist, quantum computing, security standards, Security technology, Uncategorized

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have … Read More “You Can’t Rush Post-Quantum-Computing Cryptography Standards” »

Microsoft Signing Key Stolen by Chinese

August 7, 2023 infossl

authentication, backdoors, china, cybersecurity, hacking, keys, microsoft, Security technology, Uncategorized

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to … Read More “Microsoft Signing Key Stolen by Chinese” »

Friday Squid Blogging: 2023 Squid Oil Global Market Report

August 4, 2023 infossl

Security technology, squid, Uncategorized

I had no idea that squid contain sufficient oil to be worth extracting. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Political Milestones for AI

August 4, 2023 infossl

artificial intelligence, ChatGPT, essays, policy, Security technology, Uncategorized

ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance. But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of campaigns that attack opponents … Read More “Political Milestones for AI” »

The Need for Trustworthy AI

August 3, 2023 infossl

artificial intelligence, essays, Security technology, trust, Uncategorized

If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants, but it’s silent about its own corporate parent’s misdeeds. When Alexa responds in this way, it’s obvious that it is putting its … Read More “The Need for Trustworthy AI” »

New SEC Rules around Cybersecurity Incident Disclosures

August 2, 2023 infossl

cyberattack, cybersecurity, disclosure, national security policy, risk assessment, risks, Security technology, Uncategorized

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe their processes, if any, for assessing, … Read More “New SEC Rules around Cybersecurity Incident Disclosures” »

Hacking AI Resume Screening with Text in a White Font

August 1, 2023 infossl

artificial intelligence, hacking, Security technology, steganography, trust, Uncategorized

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords—or the published job description—into the resume in a white font. The computer … Read More “Hacking AI Resume Screening with Text in a White Font” »