Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Feed Security (b)log [copy] http://securityblogru.livejournal.com/data/rss has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Feed [bodyawm] Богдан [copy] https://habr.com/ru/rss/users/bodyawm/articles/?fl=ru has loading error: cURL error 22: The requested URL returned error: 404
BugTraq.Ru: Атака на пользователей больших моделей
Популярный python-пакет LiteLLM (более 3.4 млн загрузок в день), предназначенный для подключения к множеству поставщиков больших языковых моделей через единый API, стал жертвой атаки на цепочку поставок. Злоумышленники скомпрометировали репозиторий PyPI и опубликовали вредоносные версии библиотеки 1.82.7 и 1.82.8, которые при установке через pip автоматически внедряют в систему код, перехватывающий токены аутентификации, API-ключи, пароли и SSH-учетные записи из памяти процессов и конфигурационных файлов пользователей.
Ответственность взяла на себя группа TeamTCP, реализовавшая недавно несколько аналогичных атак — внедрение в docker-образы Aqua Security, распространение скрипта, очищающего кластеры Kubernetes, настроенные для Ирана, и т.п.
обсуждение | Telegram
Team Mirai and Democracy
Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics.
In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations.
Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They’re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions,...
Wired Confirmed iPhone’s Worst-Kept Secret: Closed Systems Fail at Scale
For years, Apple has sold the myth of the “unhackable iPhone.” A walled garden. A fortress. A device so locked down that only nation-states could dream of breaking in. Wired’s latest reporting just blew that narrative apart.
The post Wired Confirmed iPhone’s Worst-Kept Secret: Closed Systems Fail at Scale appeared first on Purism.
Microsoft Xbox One Hacked
It’s an impressive feat, over a decade after the box was released:
Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools.
Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted...
Friday Squid Blogging: Jumbo Flying Squid in the South Pacific
The population needs better conservation.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy.
Плохое яблоко на русской Ардуине
Некоторое время назад я поделился первыми впечатлениями от знакомства с Ардуино-совместимой платой ELBEAR ACE-UNO на базе отечественного микроконтроллера MIK32 «Амур». Материал нашёл хороший отклик среди читателей, и это подогрело моё желание развить тему. Правда, подогрев слегка перешёл в фазу медленного бурления, и достиг точки закипания только сейчас. Но лучше поздно, чем никогда.
В прошлый раз я входил в эту воду совершенно без подготовки, и почти все мои тесты работали ужасно медленно. Но я верю, что «Амур» может лучше, и сегодня сделаю второй подход к снаряду: всё-таки попытаюсь продемонстрировать художественный фильм «Плохое яблоко», рассказывающий о негативном влиянии продукции компании Apple на моральный...
Proton Mail Shared User Information with the Police
404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI.
It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail.
Hacking a Robot Vacuum
Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world.
The IoT is horribly insecure, but we already knew that.
GNUnet 0.27.0
GNUnet 0.27.0 released
We are pleased to announce the release of GNUnet 0.27.0.
GNUnet is an alternative network stack for building secure, decentralized and
privacy-preserving distributed applications.
Our goal is to replace the old insecure Internet protocol stack.
Starting from an application for secure publication of files, it has grown to
include all kinds of basic protocol components and applications towards the
creation of a GNU internet.
This is a new major release. Major...
Meta’s AI Glasses and Privacy
Surprising no one, Meta’s new AI glasses are a privacy disaster.
I’m not sure what can be done here. This is a technology that will exist, whether we like it or not.
Meanwhile, there is a new Android app that detects when there are smart glasses nearby.