You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.
Read moreHardware Vulnerability in Apple’s M-Series Chips
March 28 2024It’s yet another hardware side-channel attack:
The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is...
Read more
It’s pretty devastating:
Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is...
Read more
On Secure Voting Systems
March 26 2024Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania...
Read moreLicensing AI Engineers
March 25 2024The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s...
Read moreFriday Squid Blogging: New Species of Squid Discovered
March 23 2024A new species of squid was discovered, along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in...
Read moreGoogle Pays $10M in Bug Bounties in 2023
March 22 2024BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot.
The highest reward for a vulnerability report in 2023 was $113,337, while the total...
Read more
Public AI as an Alternative to Corporate AI
March 21 2024This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. It’s nothing I haven’t said here before, but for anyone...
Read more
Recent Comments