Lawsuit About WhatsApp Security

Posted on By infossl
facebook, Security technology, Uncategorized, vulnerabilities, whatsapp, whistleblowers

Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in 2002, said that in … Read More “Lawsuit About WhatsApp Security” »

Assessing the Quality of Dried Squid

Posted on By infossl
academic papers, Security technology, squid, Uncategorized

Research: Nondestructive detection of multiple dried squid qualities by hyperspectral imaging combined with 1D-KAN-CNN Abstract: Given that dried squid is a highly regarded marine product in Oriental countries, the global food industry requires a swift and noninvasive quality assessment of this product. The current study therefore uses visible­near-infrared (VIS-NIR) hyperspectral imaging and deep learning (DL) … Read More “Assessing the Quality of Dried Squid” »

A Cyberattack Victim Notification Framework

Posted on By infossl
cyberattack, disclosure, Security technology, Uncategorized

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true identity of victims and may only have a single email address … Read More “A Cyberattack Victim Notification Framework” »

New Cryptanalysis of the Fiat-Shamir Protocol

Posted on By infossl
academic papers, cryptanalysis, hashes, protocols, Security technology, Uncategorized

A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don’t see it leading to any practical real-world cryptanalysis. The fact that there are some weird circumstances that … Read More “New Cryptanalysis of the Fiat-Shamir Protocol” »

Friday Squid Blogging: The Origin and Propagation of Squid

Posted on By infossl
academic papers, Security technology, squid, Uncategorized

New research (paywalled): Editor’s summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an approach to reveal squid fossils, focusing on their beaks, the sole hard component of … Read More “Friday Squid Blogging: The Origin and Propagation of Squid” »

My Latest Book: Rewiring Democracy

Posted on By infossl
books, deep, Rewiring Democracy, Schneier news, Security technology, Uncategorized

I am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21. Rewriting Democracy looks beyond common tropes like deepfakes to examine how AI technologies will affect democracy in five broad areas: … Read More “My Latest Book: Rewiring Democracy” »

GPT-4o-mini Falls for Psychological Manipulation

Posted on By infossl
academic papers, AI, psychology of security, Security technology, social engineering, Uncategorized

Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024’s GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts for both requests using each of seven different persuasion techniques (examples of which are … Read More “GPT-4o-mini Falls for Psychological Manipulation” »

Generative AI as a Cybercrime Assistant

Posted on By infossl
AI, cybercrime, extortion, Security technology, theft, Uncategorized

Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions. Rather than encrypt the stolen information with traditional ransomware, the actor … Read More “Generative AI as a Cybercrime Assistant” »