LLMs Generate Predictable Passwords

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2, $ and...

EUVD-2008-2228

Malware in sbrugna...

EUVD-2008-2548

Malware in sbrugna...

Robot Dog Internet Jammer

Supposedly the DHS has these: The robot, called "NEO," is a modified version of the "Quadruped Unmanned Ground Vehicle" Q-UGV sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHSs Federal Law Enforcement Training Centers FLETC, told police at the 2024...

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. Its $2M less than in 2022, but its still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the programs launch in 2010 has reached $59 million. For Android, the worlds most popular and widely used mobile...

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 6/4: Slashdot thread...

Mudge Files Whistleblower Complaint against Twitter

Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitters chief security officer until he was fired in January. The Washington Post has the...

Hyundai Uses Example Keys for Encryption System

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicles manufacturer had secured its system using keys that were not only publicly known but had been lifted from...

Inrupt’s Solid Announcement

Earlier this year, I announced that I had joined Inrupt, the company commercializing Tim Berners-Lees Solid specification: The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your...

Wanted: Cybersecurity Imagery

Eli Sugarman of the Hewlettt Foundation laments about the sorry state of cybersecurity imagery: The state of cybersecurity imagery is, in a word, abysmal. A simple Google Image search for the term proves the point: It's all white men in hoodies hovering menacingly over keyboards, green...

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

Algeria Shut Down the Internet to Prevent Students from Cheating on Exams

Algeria shut the Internet down nationwide to prevent high-school students from cheating on their exams. The solution in New South Wales, Australia was to ban smartphones. EDITED TO ADD 6/22: Slashdot thread...

Security Flaws in Children's Smart Watches

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children. Press release. News article. This is the same group that found all those security and privacy vulnerabilities in smart dolls. EDITED TO ADD 10/21: Slashdot...

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

Edward Snowden, a former contractor at America's National Security Agency NSA, has rocked the intelligence world by leaking secret documents which reveal the previously unknown extent of global spying. But looks like the NSA isn't the only one using dirty digital tricks to hack its targets. Back ...

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

None...

CVE-2008-2553

Cross-site scripting XSS vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter...

CVE-2008-2231

SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter...

CVE-2008-2231

The CVE in question affects Slash, the Slashdot-Like Automated Storytelling Homepage (Slashcode) R_2_5_0_94 and earlier. The issue is an SQL injection vulnerability via the id parameter, caused by insufficient input sanitization that enables remote attackers to execute SQL commands and read table...

Linux news 14.05.00

Linux 2.3.99-pre8 Вышло новое ядро из нестабильной серии - 2.3.99-pre8 Подробнее: http://www.kernel.org Wonderful World of Linux 2.4 Final Candidate 4 5/12/00 Появилась очередная версия статьи - Wonderful World of Linux 2.4, в которой рассказывается о новых возможностях следующего ядра Linux -...