- 6 Posts
- 10 Comments
Joined 1Y ago
Cake day: Jul 12, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
- •
- freedom.press
- •
- 1Y
- •
**Summary**
* The Marion County Record newsroom in Kansas was raided by police, who seized two cellphones, four computers, a backup hard drive, and reporting materials.
* A computer seized was most likely unencrypted. Law enforcement officials hope that devices seized during a raid are unencrypted, as this makes them easier to examine.
* Modern iPhones and Android phones are encrypted by default, but older devices may not be.
* Desktop computers typically do not have encryption enabled by default, so it is important to turn this on manually.
* Use strong random passwords and keep them in a password manager.
* During the raid, police seized a single backup hard drive. It is important to have multiple backups of your data in case one is lost or stolen.
* You can encrypt USB storage devices using BitLocker To Go on Windows, or Disk Utility on macOS.
* All major desktop operating systems support Veracrypt, which can be used to encrypt entire drives.
**Main Take-aways**
* Encrypt your devices, drives, and USBs.
* Use strong random passwords and password manager.
* Have multiple backups.
**Paper & Examples**
"Universal and Transferable Adversarial Attacks on Aligned Language Models." (https://llm-attacks.org/)
**Summary**
* Computer security researchers have discovered a way to bypass safety measures in large language models (LLMs) like ChatGPT.
* Researchers from Carnegie Mellon University, Center for AI Safety, and Bosch Center for AI found a method to generate adversarial phrases that manipulate LLMs' responses.
* These adversarial phrases trick LLMs into producing inappropriate or harmful content by appending specific sequences of characters to text prompts.
* Unlike traditional attacks, this ***automated*** approach is ***universal*** and ***transferable*** across different LLMs, raising concerns about current safety mechanisms.
* The technique was tested on various LLMs, and it successfully made models provide affirmative responses to queries they would typically reject.
* Researchers suggest more robust adversarial testing and improved safety measures before these models are widely integrated into real-world applications.
News article: https://techcrunch.com/2023/08/10/belarus-hackers-target-foreign-diplomats/
**News Summary**
* A hacking group with apparent links to the Belarusian government has been targeting foreign diplomats in the country for nearly 10 years.
* The group, which ESET has dubbed MoustachedBouncer, has likely been hacking or at least targeting diplomats by intercepting their connections at the internet service provider (ISP) level, suggesting close collaboration with Belarus' government.
* Since 2014, MoustachedBouncer has targeted at least four foreign embassies in Belarus: two European nations, one from South Asia, and another from Africa.
* ESET first detected MoustachedBouncer in February 2022, days after Russia invaded Ukraine, with a cyberattack against specific diplomats in the embassy of a European country "somehow involved in the war."
* The hacking group is able to trick the target's Windows operating system into believing it's connected to a network with a captive portal. The target is then redirected to a fake and malicious site masquerading as Windows Update, which warns the target that there are "critical system security updates that must be installed."
* It's not clear how MoustachedBouncer can intercept and modify traffic, but ESET researchers believe it's because Belarusian ISPs are collaborating with the attacks, allowing the hackers to use a lawful intercept system similar to the one Russia deploys, known as SORM.
* Once ESET researchers found the attack last February and analyzed the malware used, they were able to discover other attacks - the oldest dating back to 2014 - although there is no trace of them between 2014 and 2018.
* MoustachedBouncer’s activity spans from 2014 to 2022 and the TTPs of the group have evolved over time.
**Summary**
* Detroit woman wrongly arrested for carjacking and robbery due to facial recognition technology error.
* Porsche Woodruff, 8 months pregnant, mistakenly identified as culprit based on outdated 2015 mug shot.
* Surveillance footage did not match the identification, victim wrongly identified Woodruff from lineup based on the 2015 outdated photo.
* Woodruff arrested, detained for 11 hours, charges later dismissed; she files lawsuit against Detroit.
* Facial recognition technology's flaws in identifying women and people with dark skin highlighted.
* Several US cities banned facial recognition; debate continues due to lobbying and crime concerns.
* Law enforcement prioritized technology's output over visual evidence, raising questions about its integration.
* ACLU Michigan involved; outcome of lawsuit uncertain, impact on law enforcement's tech use in question.
creator
toOK. Info added.
addy.io is a privacy-focused email service that allows you to create and manage email aliases…
- •
- addy.io
- •
- 1Y
- •
**Summary**
* AnonAddy has rebranded as addy.io.
* addy.io is a privacy-focused email service that allows you to create and manage email aliases. Aliases are temporary email addresses that forward to your real email address. This can be useful for protecting your privacy when signing up for websites or services that you don't trust.
* The name change was motivated by a desire for a shorter, easier to understand and more recognizable name.
* The service will remain exactly the same, but with more features.
* There is a also a new logo.
* The web application is now a SPA (single page application).
* The API has also been updated.
* There are a number of new features.
* For most users, there is nothing they need to do.
* All existing alias domains are staying the same. The new addy.io domain will be available to those on paid plans shortly.
* If you use a hardware key for 2FA on your account, you will receive an email notification shortly with further information.
Edited based on comment from: @iso@lemy.lol
- •
- gridinsoft.com
- •
- 1Y
- •
**Summary**
* Scammers exploit Twitter's rebranding (transition to name "X") confusion for phishing.
* Twitter Blue users targeted, offered migration to "X," but scammers gain account access.
* Phishing emails seem genuine, appearing to come from x.com and passing the Security Policy Framework (SPF), and include deceptive authorization link, opening a *legitimate API authorization screen*.
* Clicking link grants attackers control over victim's Twitter account settings and content.
* Victims can block access by revoking app authorization in Twitter settings.
* Twitter is aware and "working on a solution."
::: spoiler Article's Safety Recommendations (probably a bit generic and self-promotional)
1) Being cautious with unfamiliar emails, especially attachments or links.
2) Verifying URLs by hovering over them.
3) Not sharing personal info on suspicious/unknown sites.
4) Be careful with attachments and links.
5) Using two-factor authentication (2FA) for account security.
6) Keeping antivirus software updated to prevent malware.
:::
Edited based on comment from: @incogtino@lemmy.zip
Summary
- Scientists at the Department of Energy’s Pacific Northwest National Laboratory have developed a new way to detect denial-of-service attacks.
- The new technique is more accurate than current methods, correctly identifying 99% of attacks in testing.
- The technique works by tracking the evolution of entropy, a measure of disorder in a system.
- During a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places—high entropy. The mismatch could signify an attack.
- The new technique is automated and doesn’t require close oversight by a human to distinguish between legitimate traffic and an attack.
- The researchers say that their program is “lightweight”—it doesn’t need much computing power or network resources to do its job.
- The PNNL team is now looking at how the buildout of 5G networking and the booming internet of things landscape will have an impact on denial-of-service attacks.