May 26, 2023
May 26, 2023
it's shocking to see an increasingly amount of companies that have nothing but a bug bounty program + cyber insurance as their entire cybersecurity program.
— Julio (@juliocesarfort) May 24, 2023
don't get me wrong, both are much needed but having them as the only element in a cybersecurity strategy is shortsighted.
1/ Our new preprint with @F_Cafiero on the link between #corruption and #conspiracy_beliefs. We show across 26 Western and non-Western countries that higher corruption levels are associated with greater belief in conspiracy theories. A thread ⬇️ pic.twitter.com/qj4pLvX4uw
— Laurent Cordonier (@L_Cordonier) May 24, 2023
got sent this yesterday and it’s my new favourite https://t.co/NvGPm5rEB3 pic.twitter.com/Zc3My9jKAg
— ▴ Nate (@NateDawg__) May 25, 2023
Follow up to this tweet from May 24, 2023
This is Huge. A UCLA student may have just found the first feasible Indistinguishability Obfuscation (iO) scheme, based on well-understood cryptographic theories.
— LaurieWired (@lauriewired) May 25, 2023
In other words, imagine an obfuscator/packer that is nearly as difficult to crack as AES.
The research validates… pic.twitter.com/K7HvI56uOJ
The hacker news comments are actually useful. I know, I’m shocked too!
https://news.ycombinator.com/item?id=36064515The precise mathematical definition of obfuscation and what is considered obfuscation for an average software engineer are two very different things.
In fact, the article is only about indistinguishability obfuscation. What is mostly discussed in this thread is the notion of virtual black box obfuscation (VBB). VBB has been proven to be impossible in the general case (see https://www.wisdom.weizmann.ac.il/~oded/PS/obf4.pdf ). There are a few special programs where VBB is feasible, such as point functions, but in general in cannot be achieved.
Indistinguishability obfuscation (iO) means that if you obfuscate two programs that compute the same function, then you cannot distinguish them. Or put in different words, if you get two obfuscated programs, then there is no better way than random guessing (except for a factor that is negligible in some security parameter) to find out if they stem from the same original program.
In short, it’s not that useful.
We built a new playground called Memory Spy where you can spy on a program's memory! It's at https://t.co/01UdRQZPDW.
— 🔎Julia Evans🔍 (@b0rk) May 25, 2023
I made this with @omarieclaire, and there's a blog post about how and why we built it here https://t.co/M44K6odiii. Here's a gif: pic.twitter.com/n7BKML9LKG
What's scarce that allowed OpenAI to succeed? Not talent or even compute. It was patient capital and leadership that didn't care about making money in the near term.
— Jordan Schneider (@jordanschnyc) May 25, 2023
"Nadella demanded to know how OpenAI had managed to surpass the capabilities of the AI project Microsoft’s… https://t.co/wzX55sSnxo
lololol
Oath Keepers founder Stewart Rhodes sentenced to 18 years for seditious conspiracy in Jan. 6 attack | AP News
Oath Keepers founder Stewart Rhodes has been sentenced to 18 years in prison for seditious conspiracy in the Jan. 6, 2021, attack on the U.S. Capitol. He was sentenced Thursday after a landmark verdict convicted him of spearheading a weekslong plot to keep former President Donald Trump in power. He’s the first of the Jan. 6 defendants convicted of seditious conspiracy to receive his punishment. Rhodes’ sentencing comes just weeks after former Proud Boys national chairman Enrique Tarrio was convicted of seditious conspiracy. In remarks before the judge handed down his sentence, Rhodes called himself a “political prisoner.”
Phew, it looks like my job writing YARA rules is still safe for a while… 🙈
— InstaCyber @instacyber@infosec.exchange (@instacyber) May 25, 2023
A fun thought experiment for a blog, but the LLM is only following the description superficially. You might argue there will be improvements, but YARA is concise and it probably takes longer to prompt.. https://t.co/LooSEIb9T9
In other spyware news, @TalosSecurity took a closer look at Intellexa's Predator. This is the tool that was used to target a number of individuals in Greece in 2021, including @ArtemisSeaford. https://t.co/BVD7XCVMBi
— Runa Sandvik (@runasand) May 25, 2023
🛰️ New @Bellingcat interactive map shows changes in buildings after #Kyrgyzstan-#Tajikistan border clash in 2022. Apparent damage to civilian infrastructure & property increases concern over impact on civilians. Explore the map: https://t.co/bRXNH8siCh
— Eliot Higgins (@EliotHiggins) May 25, 2023
Tesla Autopilot Data Received By German News Site
The files contain over 1,000 accident reports involving phantom braking or unintended acceleration--mostly in the U.S. and Germany.
-fbounds-safety 👀 https://t.co/vkTzO14Qh6
— JF Bastien 🔗 @jfbastien@mastodon.social (@jfbastien) May 25, 2023
2023: HBO Launches Max
— Karandeep Singh (@kdpsinghlab) May 25, 2023
2024: HBO Launches Min
2025: HBO Launches Mean
2026: HBO Launches Median
2027: HBO Launches Standard Deviation
2028: HBO Launches Interquartile Range
2029: HBO Launches Regression to the Mean
A "no logs" free VPN exposes a humongous amount of logs:https://t.co/qSl0dK96e3
— Vess (@VessOnSecurity) May 25, 2023
https://twitter.com/browtweaten/status/1661887646212276226
CVE-2023-33248, Amazon Alexa allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). A substantial fraction of the commands are successful.https://t.co/OM1QOSEjmm
— remy🐀 (@_mattata) May 25, 2023
Ooh, nah nah. pic.twitter.com/HUXDWGlyzW
showed this to my mom she said "its nice that he's inquisitive" https://t.co/5c2YSHoHVZ
— maK soup mode 🔻 (@TheyThemItalian) May 26, 2023
What a nightmare. I will quit Google search if this ever becomes the norm.
— Ron Amadeo (@RonAmadeo) May 25, 2023
Tons of unsourced statements and opinions credited to no one. How can anyone know if this info is trustworthy?
They turned what used to be a fact-based search engine into a high-pressure salesman. Awful pic.twitter.com/KA2TrIfU9L
