Code Written with AI Assistants Is Less Secure

Posted on By infossl
academic papers, artificial intelligence, programming, security analysis, Security technology, Uncategorized

Interesting research: “Do Users Write More Insecure Code with AI Assistants?“: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s … Read More “Code Written with AI Assistants Is Less Secure” »

On IoT Devices and Software Liability

Posted on By infossl
academic papers, cyberattack, data protection, Internet of Things, Security technology, software liability, Uncategorized

New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer … Read More “On IoT Devices and Software Liability” »

Facial Scanning by Burger King in Brazil

Posted on By infossl
biometrics, brazil, face recognition, marketing, Security technology, Uncategorized

In 2000, I wrote: “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: “At the end of the year, it’s Friday every day, and the hangover kicks … Read More “Facial Scanning by Burger King in Brazil” »

PIN-Stealing Android Malware

Posted on By infossl
android, banking, biometrics, malware, pins, Security technology, Uncategorized

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication. … Read More “PIN-Stealing Android Malware” »

Second Interdisciplinary Workshop on Reimagining Democracy

Posted on By infossl
conferences, Schneier news, Security technology, Uncategorized, voting

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023) at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. … Read More “Second Interdisciplinary Workshop on Reimagining Democracy” »

Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered

Posted on By infossl
Security technology, squid, Uncategorized

They’re Ryukyuan pygmy squid (Idiosepius kijimuna) and Hannan’s pygmy squid (Kodama jujutsu). The second one represents an entire new genus. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. And, yes, this is the eighteenth anniversary of Friday Squid Blogging. The first … Read More “Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered” »