Data Safety and Information Security

IIW XL brought together over 300 participants from 27 countries, highlighting the growing global momentum behind decentralized identity, digital wallets, and agent-based architectures.

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity. Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs. For example, a rogue AI may try to introspect upon hypervisor software or the underlying hardware substrate to enable later subversion of that control plane; thus, a Guillotine hypervisor requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, and storage devices that support the hypervisor software, to thwart side channel leakage and more generally eliminate mechanisms for AI to exploit reflection-based vulnerabilities. Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems. Physical fail-safes, e.g., involving electromechanical disconnection of network cables, or the flooding of a datacenter which holds a rogue AI, provide defense in depth if software, network, and microarchitectural isolation is compromised and a rogue AI must be temporarily shut down or permanently destroyed. ...

Used by nation-states and crime groups, fast flux bypasses many common defenses.

Here at Trail of Bits we review a lot of code. From major open source projects to exciting new proprietary software, we’ve seen it all. But one common denominator in all of these systems is that for some inexplicable reason people still seem to think RSA is a good cryptosystem to use. Let me save […]

Your printer is a snitch. It's a homing beacon for law enforcement– even offline.

It’s not a “do not track” request, it’s a set of terms you demand from sites.

Trojan npm package downloaded 73 times modifies 'ethers' locally, enabling persistent reverse shell access

Stay cyber safe out there!

You’re not ready for these attacks—what you do now.

A discussion on operational security and privacy in modern life.

Some of our devices look like they’re straight out of hacker movies. For instance, how about a small board you plant behind an RFID reader, collecting access card data and then replaying it w…

The Tick is the next evolution in covert access control system implants for simulating adversary-in-the-middle attacks. - jkramarz/TheTick

Summary: Microsoft 365 requires connectivity to the Internet. The endpoints in this article should be reachable for customers using Microsoft 365 plans, including Government Community Cloud (GCC).

The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP). As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?! So let's try to find some edge-cases and…

Some 320 billion spam emails are sent every day, and 94% of malware is delivered via this medium. What if I were to tell you a surprisingly simple one-click email trick could stop them?

Law enforcement recently took out a bot network capable of sending 1.5 billion spam emails a day. So what are the economic incentives—and costs—of spam?

New Year, New Digital You! New Years are an opportunity for committing to resolutions, starting new habits, discarding what no…

Something that you generally don’t expect as a North-America-based enthusiast, is to listen in on Russian military communications during their war in Ukraine via WebSDR, or that these communi…

Everyone's security plans and situations will always be different, which is why we often say that security and privacy are a state of mind, not a purchase. But the first step is always taking a look

There are a few vehicles on the road that are targeted often by car thieves, whether that’s because they have valuable parts, the OEM security is easily bypassed, or even because it’s a…

Is that good?

Nonprofit trust and safety support for volunteer social web content moderators