Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code

Every engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how software gets built...

AI-Generated Text and the Detection Arms Race

In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they...

[Extended] Ethics in Computer Security Research: a Data-Driven Assessment of the Past, the Present, and the Possible Future

Ethical questions are discussed regularly in computer security. Still, researchers in computer security lack clear guidance on how to make, document, and assess ethical decisions in research when what is morally right or acceptable is not clear-cut. In this work, we give an overview of the...

Civil Servants As Builders: Enabling Non-IT Staff to Develop Secure Python and R Tools

Current digital government literature focuses on professional in-house IT teams, specialized digital service teams, vendor-developed systems, or proprietary low-code/no-code tools. Almost no scholarship addresses a growing middle ground: technically skilled civil servants outside formal IT roles...

The Feasibility of Topic-Based Watermarking on Academic Peer Reviews

Large language models LLMs are increasingly integrated into academic workflows, with many conferences and journals permitting their use for tasks such as language refinement and literature summarization. However, their use in peer review remains prohibited due to concerns around confidentiality...

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence AI-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts...

No, RSA Is Not Broken

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: "Fast Factoring Integers by SVP Algorithms." It describes a new factoring method, and its abstract ends with the provocative sentence: "This destroys the RSA cryptosystem." It does not. At best, its an improvement in...

IDOR On ProConf Peer-Review And Conference Management 6.0 File Disclosure

Exploit Title: IDOR on ProConf Peer-Review and Conference Management System Date: 19/07/2018 Exploit Author: S. M. Zia Ur Rashid Author Contact: https://www.linkedin.com/in/ziaurrashid/ Vendor Homepage: http://proconf.org & http://myproconf.org Affected Version:...

De-Journal Academic Journal And Peer Review System 1.0 SQL Injection

Exploit Title: De-Journal - Academic Journal and Peer Review System 1.0 - SQL Injection Dork: N/A Date: 11.08.2017 Vendor Homepage : https://sarutech.com/ Software Link: https://codecanyon.net/item/dejournal-academic-journal-and-peer-review-system/19533981 Demo: https://demo.sarutech.com/dejourna...

De-Journal 1.0 - SQL Injection

De-Journal 1.0 - SQL Injection Exploit Title: De-Journal - Academic Journal and Peer Review System 1.0 - SQL Injection Dork: N/A Date: 11.08.2017 Vendor Homepage : https://sarutech.com/ Software Link: https://codecanyon.net/item/dejournal-academic-journal-and-peer-review-system/19533981 Demo:...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

HylaFAX+ 5.2.4 5.5.3 - Buffer Overflow

HylaFAX+ 5.2.4 5.5.3 - Buffer Overflow Details =========================================================== Application: "HylaFAX+" Version: 5.2.4 April, 2008 through 5.5.3 August 6, 2013 Type: Daemon that manages a fax server via an FTP-like protocol. Vendor / Maintainer: Lee Howard faxguy at...

CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.

Details =========================================================== Application: "HylaFAX+" Version: 5.2.4 April, 2008 through 5.5.3 August 6, 2013 Type: Daemon that manages a fax server via an FTP-like protocol. Vendor / Maintainer: Lee Howard faxguy at howardsilvan.com Project Homepage:...

FailureToLaunch-2.pl.txt

!/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the hell are you fool. This is just a...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

Exploit for macOS platform in category local exploits ============================================================== Mac OS X = 10.4.6 launchd Local Format String Exploit ppc ============================================================== !/usr/bin/perl...