Experimental News Clipping Site

Tag: mitigation

  • Hacker News: 0click deanonymization attack targeting Signal, Discord and other platforms

    by

    Kurt Seifried
    in

    Source URL: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 Source: Hacker News Title: 0click deanonymization attack targeting Signal, Discord and other platforms Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text outlines a novel deanonymization attack targeting popular applications, particularly highlighting vulnerabilities in Cloudflare’s caching system. It emphasizes the dangers posed to users, especially those in sensitive roles, such…

  • Schneier on Security: AI Mistakes Are Very Different from Human Mistakes

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/01/ai-mistakes-are-very-different-from-human-mistakes.html Source: Schneier on Security Title: AI Mistakes Are Very Different from Human Mistakes Feedly Summary: Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the…

  • The Register: Datacus extractus: Harry Potter publisher breached without resorting to magic

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/20/harry_potter_publisher_breach/ Source: The Register Title: Datacus extractus: Harry Potter publisher breached without resorting to magic Feedly Summary: PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Infosec in brief Hogwarts doesn’t teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power…

  • Hacker News: Windows BitLocker – Screwed Without a Screwdriver

    by

    Kurt Seifried
    in

    Source URL: https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver Source: Hacker News Title: Windows BitLocker – Screwed Without a Screwdriver Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a security vulnerability dubbed “bitpixie” that affects BitLocker encryption on Windows devices, allowing unauthorized access to the encryption key without the need for physical disassembly of the machine. It…

  • Hacker News: Fun with Timing Attacks

    by

    Kurt Seifried
    in

    Source URL: https://ostro.ws/post-timing-attacks Source: Hacker News Title: Fun with Timing Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth examination of a potential vulnerability within a simple JavaScript function used to compare user input against a secret value. It emphasizes how timing attacks can exploit non-constant-time comparison functions like…

  • The Register: FCC to telcos: Did you know you must by law secure your networks from foreign spies?

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/17/fcc_telcos_calea/ Source: The Register Title: FCC to telcos: Did you know you must by law secure your networks from foreign spies? Feedly Summary: Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting…

  • METR updates – METR: Comment on NIST RMF GenAI Companion

    by

    Kurt Seifried
    in

    Source URL: https://downloads.regulations.gov/NIST-2024-0001-0075/attachment_2.pdf Source: METR updates – METR Title: Comment on NIST RMF GenAI Companion Feedly Summary: AI Summary and Description: Yes **Summary**: The provided text discusses the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework concerning Generative AI. It outlines significant risks posed by autonomous AI systems and suggests enhancements to…

  • Hacker News: A New type of web hacking technique: DoubleClickjacking

    by

    Kurt Seifried
    in

    Source URL: https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html Source: Hacker News Title: A New type of web hacking technique: DoubleClickjacking Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text introduces the concept of “DoubleClickjacking,” a sophisticated web vulnerability that builds upon traditional clickjacking techniques by exploiting event timing between double clicks. This novel approach allows attackers to bypass…

  • CSA: AI and Compliance for the Mid-Market

    by

    Kurt Seifried
    in

    Source URL: https://www.scrut.io/post/ai-and-compliance-for-the-mid-market Source: CSA Title: AI and Compliance for the Mid-Market Feedly Summary: AI Summary and Description: Yes **Summary:** The text emphasizes the urgent need for small and medium-sized businesses (SMBs) to adopt AI responsibly, given the potential cybersecurity vulnerabilities and evolving regulatory landscape associated with AI technologies. It outlines practical guidance and standards…

  • Hacker News: Bypassing disk encryption on systems with automatic TPM2 unlock

    by

    Kurt Seifried
    in

    Source URL: https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/ Source: Hacker News Title: Bypassing disk encryption on systems with automatic TPM2 unlock Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text delves into the security implications of using Trusted Platform Module (TPM2) for automatic disk unlocking in Linux systems. It uncovers vulnerabilities present in popular implementations (specifically with clevis…