August 27, 2024

blip

                            August 27, 2024

                August 27, 2024

                        August 27, 2024
I've written about AI doing realtime alteration to video directly on the phone. We're getting closer to that being a very interesting capability. Google's new phone has integrated a very cool AI tool into the image editor which can do some crazy things. 
Check out this thread to see the examples. Some are better than others, but remember: what we see now is the absolute worst version of this technology for the rest of our lives. :) 

  @chriswelch • The "Reimagine" feature on Google's new Pixel 9 lineup is incredible. It's so impressive that tes... • Threads
The "Reimagine" feature on Google's new Pixel 9 lineup is incredible. It's so impressive that testing it has left me feeling uneasy on multiple occasions.

With a simple prompt, you can add things to photos that were never there. And the company's Gemini AI makes it look astonishingly realistic. This all happens right from the phone's default photo editor app. In about five seconds.

Are we ready to go down this path?  Now that the embargo has lifted, let me show you some examples. Buckle up.

Nice work! Worth noting that the PrimeVul dataset also has this problem (probably unsurprising as it is an amalgamation, but is supposedly "better"). For many problems in the dataset it's not possible to identify the code as vulnerable or safe with the given context. https://t.co/lJk9eJ9bmo
— Sean Heelan (@seanhn) August 26, 2024

1/2

“HoW cOuLd YoU hIrE a DpRk It WoRkEr?”

Easier to do than you think 

Razzle dazzle with some facilitators. Sprinkle in some stand ins for face time and drug tests…viola https://t.co/jL2954sTg7
— aptwhatnow (@aptwhatnow) August 25, 2024

gpu poisoning; hide the payload inside the gpu memory. https://t.co/HvK39LqLsO
— Nicolas Krassas (@Dinosn) August 26, 2024

Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU😀 pic.twitter.com/oWhc5BSS1A
— Mark Ermolov (@_markel___) August 26, 2024

Lets breakdown this Intel SGX (TEE) breach.

Disclaimer: This breach primarily affects processors that are now End of Life (EOL). However, these processors are still widely used in certain embedded systems, making this breach relevant for those environments.

Relevance of… https://t.co/Zu08uliIrw
— Pratyush Ranjan Tiwari (@PratyushRT) August 26, 2024

My grandad fought Germans on the beaches of Normandy. This was last summer and it was very embarrassing.
— Martin Pilgrim (@MartinPilgrim1) August 26, 2024

[DECLASSIFIED TODAY] Capt. Grace Hopper on Future Possibilities: Data, Hardware, Software, and People (1982) > National Security Agency/Central Security Service > Historical Releases View https://t.co/TKnnvgkFvF #gracehopperhasaposse
— cje (@caseyjohnellis) August 27, 2024

While a device’s mobile ad ID is technically an anonymous piece of information, it is easy to cross reference other data points to determine the owner, EFF’s @blip warned the @TexasObserver.https://t.co/sa3DXvCXhj
— EFF (@EFF) August 26, 2024

The high-risk vuln (CVE-2024-39717) was added to the CISA must-patch list over the weekend after Versa Networks confirmed zero-day exploitation @SecurityWeek 

Black Lotus Labs links exploitation to Volt Typhoon APT and says ISPs and MSPs are downstream targets 👇👇…
— Ryan Naraine (@ryanaraine) August 26, 2024

Some photos published by @CENTCOM showed a pelican case full of cash being flown to an 'undisclosed' location in the AOR. The shipping tag on the case shows it was sent from Ali Salem Air Base in Kuwait to Muwaffaq Salti Air Base in Jordan (KEZ->SQX). For when Amex not accepted😅 pic.twitter.com/v8LAJjNePI
— IntelWalrus (@IntelWalrus) August 26, 2024

I struggle with implications of things but this is an interesting way to phrase it. Some of the expectations are truly ahistorical. https://t.co/LrnHPM5YNa
— SwiftOnSecurity (@SwiftOnSecurity) August 26, 2024

Judge acquits man accused of UK riot-sparking fake news

https://www.theregister.com/2024/08/27/pakistan_fake_news_uk_riots/

Living off the VPN — Exploring VPN Post-Exploitation Techniques

https://www.akamai.com/blog/security-research/2024-august-vpn-post-exploitation-techniques-black-hat

                            Don't miss what's next. Subscribe to the grugq's newsletter: