16 matches found
Sparse Autoencoders Are Capable LLM Jailbreak Mitigators
Jailbreak attacks remain a persistent threat to large language model safety. We propose Context-Conditioned Delta Steering CC-Delta, an SAE-based defense that identifies jailbreak-relevant sparse features by comparing token-level representations of the same harmful request with and without...
Security-Robustness Trade-Offs in Diffusion Steganography: A Comparative Analysis of Pixel-Space and VAE-Based Architectures
Current generative steganography research mainly pursues computationally expensive mappings to perfect Gaussian priors within single diffusion model architectures. This work introduces an efficient framework based on approximate Gaussian mapping governed by a scale factor calibrated through...
Centralized Vs. Decentralized Security for Space AI Systems? A New Look
This paper investigates the trade-off between centralized and decentralized security management in constellations of satellites to balance security and performance. We highlight three key AI architectures for automated security management: a centralized, b distributed and c federated. The...
Quantum Blockchain Survey: Foundations, Trends, and Gaps
Quantum computing poses fundamental risks to classical blockchain systems by undermining widely used cryptographic primitives. In response, two major research directions have emerged: post-quantum blockchains, which integrate quantum-resistant algorithms, and quantum blockchains, which leverage...
Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS
The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to...
SoK: Can Synthetic Images Replace Real Data? A Survey of Utility and Privacy of Synthetic Image Generation
Advances in generative models have transformed the field of synthetic image generation for privacy-preserving data synthesis PPDS. However, the field lacks a comprehensive survey and comparison of synthetic image generation methods across diverse settings. In particular, when we generate syntheti...
Scaling DeFi with ZK Rollups: Design, Deployment, and Evaluation of a Real-Time Proof-Of-Concept
Ethereum's scalability limitations pose significant challenges for the adoption of decentralized applications dApps. Zero-Knowledge Rollups ZK Rollups present a promising solution, bundling transactions off-chain and submitting validity proofs on-chain to enhance throughput and efficiency. In thi...
Fair Play for Individuals, Foul Play for Groups? Auditing Anonymization'S Impact on ML Fairness
Machine learning ML algorithms are heavily based on the availability of training data, which, depending on the domain, often includes sensitive information about data providers. This raises critical privacy concerns. Anonymization techniques have emerged as a practical solution to address these...
How Private Is Your Attention? Bridging Privacy with In-Context Learning
In-context learning ICL-the ability of transformer-based models to perform new tasks from examples provided at inference time-has emerged as a hallmark of modern language models. While recent works have investigated the mechanisms underlying ICL, its feasibility under formal privacy constraints...
Benchmarking Differentially Private Tabular Data Synthesis
Differentially private DP tabular data synthesis generates artificial data that preserves the statistical properties of private data while safeguarding individual privacy. The emergence of diverse algorithms in recent years has introduced challenges in practical applications, such as inconsistent...
Tackling the OAuth2 Client component model in Spring Security
In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-remediation-tools Tools for finding and reproducing...
CVE-2020-15105
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...
PYSEC-2020-39
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...
CVE-2020-15105
Django Two-Factor Authentication (django-two-factor-auth) vulnerability CVE-2020-15105 affects versions up to 1.11. It stores the user’s password in clear text (base64-encoded) in the user session after the user submits credentials, until authentication completes via a 2FA code. Depending on sess...
User passwords are stored in clear text in the Django session
Impact django-two-factor-auth versions 1.11 and before store the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...