The highest purpose of computers is to augment human intelligence.
We are hosting another exciting Defender Fridays session this week!
Our guest speaker will be Tom Cross, Infosec Consultant and Strategic Advisor, who will be discussing "Asymmetries in Defense."
Tune in tomorrow, February 28th at 10:30am PT / 1:30pm ET.
It's Defender Fridays time! Grab your coffee and join us at 10:30am PT / 1:30pm ET to hear Tom Cross break down asymmetries in defense.
Update. From @neuralreckoning: "Science must step away from nationally managed infrastructure"
https://www.thetransmitter.org/policy/science-must-step-away-from-nationally-managed-infrastructure/
"Scientific data and independence are at risk. We need to work with community-driven services and university libraries to create new multi-country organizations that are resilient to political interference."
#Censorship #DefendResearch #OpenInfrastructure #Takedowns #Trump #USPol #USPolitics
On the little server I have running here at home, I'm now helping @internetarchive back up US Government websites and data.
You can help, too:
1. Download and run the ArchiveTeam Warrior
2. Set the selected project to "usgovernment" (or select US Government from the available projects in the web interface)
I'm running Warrior as a container with podman, but there are various other ways to run it.
More details at https://wiki.archiveteam.org/
P.E.I. homeowner captures sound and video of meteorite strike on camera, and scientists believe it's a first
https://www.cbc.ca/news/canada/prince-edward-island/pei-charlottetown-meteorite-strike-first-audio-1.7430018?utm_source=flipboard&utm_medium=activitypub
đź’› Stay Gold, America
https://blog.codinghorror.com/stay-gold-america
Here's my end-of-year review of things we learned about LLMs in 2024 - we learned a LOT of things https://simonwillison.net/2024/Dec/31/llms-in-2024/
Table of contents:
If you’d like to watch my 2010 Blackhat Talk on the Cisco Interface for Lawful Intercept, the video is here: #salttyphoon
On the topic of Salt Typhoon and Lawful Intercept, in 2010 I published a security analysis of Cisco’s Lawful Intercept features at Blackhat DC, which included specific recommendations for telecommunications operators.
CISA has published a set of security recommendations for communications service providers. These recommendations are good “best practices” for anyone running Cisco routers, but they aren’t specific to Lawful Intercept.
I have no inside information on Salt Typhoon but I stand by the recommendations in my original paper and I believe they are still largely relevant to this protocol today.
CISA’s recommendations: https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure
Overbroad UK social media regulation applies to “micro businesses” globally and is leading small sites to announce that they are shutting down:
Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.
Google also added Markdown export to Google Docs a few months ago.
This is very cool: https://globalmeteornetwork.org/flux/
Lots of shooting stars right now!
The US has been unable to expel Chinese government hackers from the telecom carriers and ISPs where they were found months ago, officials said Tuesday. In a background briefing, they recommended "responsibly managed encryption" for safer communications. https://www.washingtonpost.com/technology/2024/12/03/china-hack-salt-typhoon-telecom/
This is a solid read and case study on a recent and novel APT28 attack. Volexity explains how Russia used adjacent Wi-Fi networks in close proximity to the intended target to attack their client.
Greg Conti and I were on Daniel Shimmelpfennig's Many Worlds Explored Podcast where we talked about futurism, cybersecurity, and social media. What kinds of futures are possible and likely, and what can we do to create the future that we want?
"Ross Anderson had agreed with his publisher, Wiley, that he would be able to make all chapters of the 3rd edition of his book Security Engineering available freely for download from his website. These PDFs are now available there." 🎉 💔
https://www.cl.cam.ac.uk/archive/rja14/book.html
(As noted at: https://www.lightbluetouchpaper.org/2024/11/12/sev3-download/ )
German law is making security research a risky business.
Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL connection to the vendor’s database server.
When he checked that MySQL connection, he realized that the database contained data belonging to not merely his client but all of the vendor’s customers. So he immediately informed the vendor – and while they fixed this vulnerability they also pressed charges.
There was apparently considerable discussion as to whether hardcoding database credentials in the application (visible as plain text, not even decompiling required) is sufficient protection to justify hacking charges. But the court ruling says: yes, there was a password, so there is a protection mechanism which was circumvented, and that’s hacking.
I very much hope that there will be a next instance ruling overturning this decision again. But it’s exactly as people feared: no matter how flawed the supposed “protection,” its mere existence turns security research into criminal hacking under the German law. This has a chilling effect on legitimate research, allowing companies to get away with inadequate security and in the end endangering users.
@dscovr_epic @russss I enjoy your EPIC/DSCOVR image feed. Are you planning a migration now that botsin.space is shutting down?
@SynAck Awesome, I’m glad you found the talk valuable!
Video from our @defcon talk is now available if you didn't catch it in person.
Many years ago we thought that the Internet would help up-level humanity by providing everyone with access to the world's information. In practice, what we've learned is that certain facets of human nature limit that potential. People often come to the Internet seeking personal validation rather than to understand the truth.
We can't change what people are and how we're wired. However, historically human civilizations have managed to construct systems that harness our worst instincts in constructive ways - think about how capitalism leverages self interest to produce useful products, or how our government's system of checks and balances reigns in overzealous leaders.
We must think about how to architect similar systems in the Internet. Ultimately, the highest purpose of computers is to augment human intelligence, and to do so, our computers must be designed to challenge the way we think.
This talk is intended to provoke discussion about how to do that.
