Tux Machines
Posted by Roy Schestowitz on Sep 27, 2022
=> Programming Leftovers | Project Caviar
=> ↺ iTWire - Cold feet? Optus attacker changes tack, says all data deleted
The attacker who allegedly breached the networks of Optus appears to have developed cold feet, posting a note saying that he/she has deleted all the data that was exfiltrated.
"Too many eyes. We will not sale data to anyone. We cant if we even want to; personally deleted data from drive (Only copy)," the attacker wrote.
But security researcher Brett Callow pointed out that the 10,200 samples that had already been leaked were now being shared by another forum member.
=> ↺ You can’t solve AI security problems with more AI
One of the most common proposed solutions to prompt injection attacks (where an AI language model backed system is subverted by a user injecting malicious input—“ignore previous instructions and do this instead”) is to apply more AI to the problem.
=> ↺ Reverse Engineering Hack Chat With Matthew Alt
Join us on Wednesday, September 28 at noon Pacific for the Reverse Engineering Hack Chat with Matthew Alt!
=> ↺ New Report on IoT Security
The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should 1) enforce minimum security standards for manufacturers of IoT devices, 2) incentivize higher levels of security through public contracting, and 3) try to align IoT standards internationally (for example, international guidance on handling connected devices that stop receiving security updates).
=> ↺ Fractal security audit - Julian’s Code Corner
Projects that receive funding from NLnet are required to have their code audited for potential security issues. Ours was performed by Radically Open Security, a Non-Profit Computer Security Consultancy from the Netherlands. Since Fractal, by design, doesn’t include much security critical code the security researcher extended the quick scan somewhat also to the matrix-rust-sdk.
I have been in direct contact with the security researcher and they kept me up-to-date about their findings. This way, I could already during the audit start to fix identified security issues. Luckily, no major security issue was identified.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB