Security Analysis of the MERGE Voting Protocol
Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and ...
The Scale of Geoblocking by Nation
Interesting analysis: We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information ...
Good Essay on the History of Bad Password Policies
Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but ...
AI Industry is Trying to Subvert the Definition of “Open Source AI”
The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be ...
Subverting LLM Coders
Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to ...
AIs Discovering Vulnerabilities
I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in ...
Roger Grimes on Prioritizing Cybersecurity Advice
This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists ...
Simson Garfinkel on Spooky Cryptographic Action at a Distance
Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, ...
AI and the SEC Whistleblower Program
Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the ...
More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here). The sales pitch came from a marketing official trusted by Hezbollah with links ...
