Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers. How are they doing a…
Category: Schneier on Security
AI Industry is Trying to Subvert the Definition of “Open Source AI”
The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network,…
Prompt Injection Defenses Against LLM Cyberattacks
Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“: Large language models (LLMs) are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defense strategy…
Subverting LLM Coders
Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code com- pletion tasks, providing context-based suggestions to boost developer productivity in software engineering. As…
IoT Devices in Password-Spraying Botnet
Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor…
AIs Discovering Vulnerabilities
I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs…
Sophos Versus the Chinese Hackers
Really interesting story of Sophos’s five-year war against Chinese hackers. This article has been indexed from Schneier on Security Read the original article: Sophos Versus the Chinese Hackers
Friday Squid Blogging: Squid Sculpture in Massachusetts Building
Great blow-up sculpture. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Squid Sculpture in Massachusetts Building
Roger Grimes on Prioritizing Cybersecurity Advice
This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not…
Tracking World Leaders Using Strava
Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public…