Data Safety and Information Security

One advantage to working on freely-licensed projects for over a decade is that I was forced to grapple with this decision far before mass scraping for AI training. In my personal view, option 1 is almost strictly better. Option 2 is never as simple as "only allow actual human beings access" because determining who's a human is hard. In practice, it means putting a barrier in front of the website that makes it harder for everyone to access it: gathering personal data, CAPTCHAs, paywalls, etc. This is not to say a website owner shouldn't implement, say, DDoS protection (I do). It's simply to remind you that "only allow humans to access" is just not an achievable goal. Any attempt at limiting bot access will inevitably allow some bots through and prevent some humans from accessing the site, and it's about deciding where you want to set the cutoff. I fear that media outlets and other websites, in attempting to "protect" their material from AI scrapers, will go too far in the anti-human direction.

No need for a web browser or any third-party apps.

Scalpers have reverse-engineered how Ticketmaster creates tickets, and are now generating and selling them on their own parallel infrastructure.

Developers are now expected to take an active role in security. Here's what we've learned on how to make it easier for them.

At DEF CON 31 last year, Tracy Mosley, Vulnerability Researcher at Trenchant presented a talk titled "Nothin’ but a G Thang - The Evolution...

Wi-Fi security usually means keeping virtual intruders off your network, but a new system claims to be able to use Wi-Fi networks to detect physical intruders. Gamgee’s Wi-Fi Home Alarm System can learn to recognize people and pets who belong there and alert you to strangers – or perhaps even when…

Artificial intelligence systems need to be trained on text – which has led their creators to gather up words from right across the web

Seventh and eighth graders in Malvern, Pa., impersonating their teachers posted disparaging, lewd, racist and homophobic videos in the first known mass attack of its kind in the U.S.

/PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet...

NPI (National Provider Identifier) numbers. How they are used and how their checksum works.

Although the ability to manage torrents of data has become crucial to companies’ success, most organizations remain badly behind the curve. More than 70% of employees have access to data they should not. Data breaches are common, rogue data sets propagate in silos, and companies’ data technology often isn’t up to the demands put on it. In this article, the authors describe a framework for building a robust data strategy that can be applied across industries and levels of data maturity. The framework will help managers clarify the primary purpose of their data, whether “defensive” or “offensive.” Data defense is about minimizing downside risk: ensuring compliance with regulations, using analytics to detect and limit fraud, and building systems to prevent theft. Data offense focuses on supporting business objectives such as increasing revenue, profitability, and customer satisfaction. Using this approach, managers can design their data-management activities to support their company’s overall strategy.

What is decentralized identity and why is it important? My attempt at a simple explanation.

An unknown threat actor with equally unknown motives forces ISP to replace routers.

Neatnik Notes

ALSO: online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln

Corporate scraping of personal websites has exceeded the Ripley Threshold.

Here’s how I’m blocking “artificial intelligence” bots, crawlers, and scrapers.

What's going on Internet? This is my homepage. I write about the web and stuff.

Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.

Learn how to automatically upgrade existing, password-based accounts to use passkeys. We'll share why and how to improve account security...

Semantics, semantic security, security.

Fraud detection involves finding patterns in data. In this blog post we will build an AI/ML model for fraud detection

Here we go through some of the essential protocols required for robust API security.

Head’s up: This is a blog post about applied cryptography, with a focus on web and cloud applications that encrypt data at rest in a database or filesystem. While the lessons can be broadly a…

In session after session, attendees at EIC are hearing the message that decentralized identity is the answer to their identity problems.

David A. Wheeler's Page on Countering 'Trusting Trust' through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers

When I started this blog over a decade ago, my understanding of postmodernism arose from my college studies of art history and aesthetics. Like Camille Paglia, I was not a fan of the movement or th…

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers…