Good article in the Washington Post on all the surveillance associated with credit card use. Powered by WPeMatico
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google’s Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities … Read More “Massive iPhone Hack Targets Uyghurs” »
A group of scientists conclude that it’s shifting weather patterns and ocean conditions. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that’s not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn’t imagine that they would be necessary. The … Read More “Attacking the Intel Secure Enclave” »
Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in … Read More “AI Emotion-Detection Arms Race” »
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »
Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about. Powered by WPeMatico
It’s always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. The vulnerability present in Squid 4.0.23 through 4.7 is caused … Read More “Friday Squid Blogging: Vulnerabilities in Squid Server” »
There was a DefCon talk by someone with the vanity plate “NULL.” The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn’t fix the issue and new NULL tickets are still showing up. The unanswered question is: … Read More “License Plate “NULL”” »
From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras — the same dash and rearview cameras … Read More “Modifying a Tesla to Become a Surveillance Platform” »