Uncategorized – Page 53 – SSL and internet security news

Mary Queen of Scots Letters Decrypted

February 9, 2023 infossl

cryptography, encryption, history of cryptography, Security technology, Uncategorized

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo—all keen cryptographers—initially thought the batch of encoded documents related to Italy, because that was how they were filed at the Bibliothèque Nationale de France. However, they quickly realised the letters were in French. … Read More “Mary Queen of Scots Letters Decrypted” »

SolarWinds and Market Incentives

February 8, 2023 infossl

breaches, data breaches, economics of security, essays, Security technology, Uncategorized

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to … Read More “SolarWinds and Market Incentives” »

Malware Delivered through Google Search

February 7, 2023 infossl

cybercrime, google, malware, Security technology, Uncategorized

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached … Read More “Malware Delivered through Google Search” »

Attacking Machine Learning Systems

February 6, 2023 infossl

cryptography, cyberattack, cybersecurity, essays, machine learning, Security technology, Uncategorized, vulnerabilities

The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field. In … Read More “Attacking Machine Learning Systems” »

Friday Squid Blogging: Studying the Colossal Squid

February 3, 2023 infossl

Security technology, squid, Uncategorized

A survey of giant squid science. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

A Hacker’s Mind News

February 3, 2023 infossl

A Hacker's Mind, books, interviews, Schneier news, Security technology, Uncategorized

A Hacker’s Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. It’s been chosen as a “February 2023 Must-Read Book” by the Next Big Idea Club. And an “Editor’s Pick”—whatever that means—on Amazon. There have been three reviews so far. I am hoping for more. … Read More “A Hacker’s Mind News” »

Manipulating Weights in Face-Recognition AI Systems

February 3, 2023 infossl

academic papers, backdoors, face recognition, Security technology, Uncategorized

Interesting research: “Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons“: Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without … Read More “Manipulating Weights in Face-Recognition AI Systems” »

AIs as Computer Hackers

February 2, 2023 infossl

artificial intelligence, china, darpa, essays, hacking, robotics, Security technology, Uncategorized

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems … Read More “AIs as Computer Hackers” »

Passwords Are Terrible (Surprising No One)

February 1, 2023 infossl

cracking, national security policy, passwords, Security technology, Uncategorized

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging. In all, the auditors … Read More “Passwords Are Terrible (Surprising No One)” »

Ransomware Payments Are Down

January 31, 2023 infossl

crime, cryptocurrency, cybercrime, extortion, ransomware, Security technology, Uncategorized

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that … Read More “Ransomware Payments Are Down” »