Experimental News Clipping Site

Tag: attack

  • The Register: OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/ Source: The Register Title: OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries Feedly Summary: The S in LLM stands for Security OpenAI’s ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to…

  • Slashdot: Google Upgrades Open Source Vulnerability Scanning Tool with SCA Scanning Library

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/01/19/0547233/google-upgrades-open-source-vulnerability-scanning-tool-with-sca-scanning-library Source: Slashdot Title: Google Upgrades Open Source Vulnerability Scanning Tool with SCA Scanning Library Feedly Summary: AI Summary and Description: Yes Summary: Google has enhanced its vulnerability scanning capabilities through the introduction of OSV-Scanner and OSV-SCALIBR. These tools not only facilitate comprehensive scanning across various programming languages and environments but also integrate…

  • Hacker News: Laser Fault Injection on a Budget: RP2350 Edition

    by

    Kurt Seifried
    in

    Source URL: https://courk.cc/rp2350-challenge-laser Source: Hacker News Title: Laser Fault Injection on a Budget: RP2350 Edition Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the development of a custom “Laser Fault Injection Platform” aimed at exploiting the security features of the RP2350 microcontroller, particularly its Secure Boot mechanism. This exploration reveals potential…

  • Simon Willison’s Weblog: Lessons From Red Teaming 100 Generative AI Products

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jan/18/lessons-from-red-teaming/ Source: Simon Willison’s Weblog Title: Lessons From Red Teaming 100 Generative AI Products Feedly Summary: Lessons From Red Teaming 100 Generative AI Products New paper from Microsoft describing their top eight lessons learned red teaming (deliberately seeking security vulnerabilities in) 100 different generative AI models and products over the past few years.…

  • Hacker News: Windows BitLocker – Screwed Without a Screwdriver

    by

    Kurt Seifried
    in

    Source URL: https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver Source: Hacker News Title: Windows BitLocker – Screwed Without a Screwdriver Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a security vulnerability dubbed “bitpixie” that affects BitLocker encryption on Windows devices, allowing unauthorized access to the encryption key without the need for physical disassembly of the machine. It…

  • Wired: US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/ Source: Wired Title: US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches Feedly Summary: Plus: New details emerge about China’s cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole. AI Summary and Description:…

  • Hacker News: Thoughts on having SSH allow password authentication from the Internet

    by

    Kurt Seifried
    in

    Source URL: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/SSHOnExposingPasswordAuth Source: Hacker News Title: Thoughts on having SSH allow password authentication from the Internet Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the security implications of using SSH (Secure Shell) for remote server access, particularly the advantages and disadvantages of disabling password-based authentication in favor of public key…

  • Hacker News: Fun with Timing Attacks

    by

    Kurt Seifried
    in

    Source URL: https://ostro.ws/post-timing-attacks Source: Hacker News Title: Fun with Timing Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth examination of a potential vulnerability within a simple JavaScript function used to compare user input against a secret value. It emphasizes how timing attacks can exploit non-constant-time comparison functions like…

  • The Register: CISA: Wow, that election had a lot of foreign trolling. Trump’s Homeland Sec pick: And that’s none of your concern

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/18/cisa_election_security_isnt_political/ Source: The Register Title: CISA: Wow, that election had a lot of foreign trolling. Trump’s Homeland Sec pick: And that’s none of your concern Feedly Summary: Cyber agency too ‘far off mission,’ says incoming boss Kristi Noem America’s lead cybersecurity agency on Friday made one final scream into the impending truth void…

  • METR updates – METR: Comment on NIST RMF GenAI Companion

    by

    Kurt Seifried
    in

    Source URL: https://downloads.regulations.gov/NIST-2024-0001-0075/attachment_2.pdf Source: METR updates – METR Title: Comment on NIST RMF GenAI Companion Feedly Summary: AI Summary and Description: Yes **Summary**: The provided text discusses the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework concerning Generative AI. It outlines significant risks posed by autonomous AI systems and suggests enhancements to…