Model stealing, rewarding hacking and poisoning attacks: a taxonomy of machine learning's failure modes

A team of researchers from Microsoft and Harvard's Berkman Center have published a taxonomy of "Failure Modes in Machine Learning," broken down into "Intentionally-Motivated Failures" and "Unintended Failures." Read the rest

95% of America's largest voting districts' mailservers lack basic anti-phishing protection

DMARC is an anti-email-spoofing tool that mail-server administrators can enable; it's designed to reject emails with forged return addresses. Read the rest

Feds charge Evil Corp, Russia-based creators of Dridex malware, in $100 million bank hacking spree

The most on-brand name since “Fraud Guarantee.” Read the rest

Browser plugins from Avast and AVG yanked for stealing user data

The Firefox extensions store removed four plugins from Avast/AVG, including two that are supposed to keep users safe from malicious activity because they appeared to be stealing browser histories and other user data. Read the rest

Judge says Facebook users entitled to better security but not $ damages

In a decision released late Tuesday night, a federal judge ruled that up to 29 million Facebook users whose personal info was stolen in a September 2018 data breach are not entitled to sue Facebook as a group for damages -- but the users may be entitled to demand better personal data security at Facebook. Read the rest

TikTok's Chinese owner ByteDance wants you to know everything is just fine, really

China-based technology company ByteDance is on a charm offensive, reports Reuters, ramping up efforts to distance its popular social app TikTok from the rest of its Chinese operations. Read the rest

Tiny alterations in training data can introduce "backdoors" into machine learning models

In TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents, a group of Boston University researchers demonstrate an attack on machine learning systems trained with "reinforcement learning" in which ML systems derive solutions to complex problems by iteratively trying multiple solutions. Read the rest

Border agents seize 154 pounds of 'prohibited bologna' at Texas crossing

154 pounds of 'prohibited bologna' from Mexico was seized by U.S. Customs and Border Protection agents at a Texas border crossing point, according to a zesty CBP news release that's making the news rounds today. Read the rest

The Challenge Vault: a locksport training tool and mechanical puzzle that teaches you to be a safecracker

Every year around this time, our friends at Sparrow Lockpicks (previously) come out with a incredibly clever, giftable addition to your locksport arsenal; I always buy a few of these for Christmas gifts (often for younger people on my list) and they're universally well received. Read the rest

T-Mobile says recent 'criminal hack' got personal data of some prepaid wireless customers

T-Mobile today admitted that a recent "criminal hack" accessed personal data of some prepaid wireless customers' accounts. Read the rest

Consumer Reports Labs is hiring 8 staffers: technologists, journalists and wonks

Consumer Reports' Digital Lab does groundbreaking privacy research: they're hiring for eight positions including technologists ("resident hacker," "digital standard manager," "information security researcher," "program manager, security and testing," and "privacy testing project leader"); journalists ("digital content manager"); policy and comms ("senior researcher, digital competition" and "associate director, strategic communications — technology and privacy"). Most of the positions are NYC or SF or DC based, several allow for remote workers. (Thanks, Ben)!) Read the rest

Sand thieves believed to be behind epidemic of Chinese GPS jamming

Ship's captains and outside monitoring firms have reported waves of GPS jamming around Shanghai's ports, on a scale and of a severity never seen before: the jamming causes ships' locations to be incorrectly displayed and to jump around; the observations were confirmed via an anonymized (sic) data-set from a short-hire bike firm, whose bikes are also mysteriously appearing and disappearing at locations all through the region. The spoofing has created a massive local shipping hazard and has led to spectacular shipwrecks. Read the rest

There's a new iOS update out but maybe wait before installing it

I love what iOS 13 has brought to my iPhone's party. I'm not attached, however, to how frigging buggy it's been. Read the rest

An interview with Andy Greenberg about his book Sandworm, on the Russian state hackers who attack power grids

Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world. Read the rest

Tpmfail: a timing attack that can extract keys from secure computing chips in 4-20 minutes

Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software updates to establishing secure connections. Read the rest

Brave 1.0 launches, privacy-focused web browser finally out of beta

The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta. Read the rest

Popular UK health websites share sensitive user data with Google, Facebook, dozens more

A number of popular health-related websites in the UK are reported to be actively sharing sensitive user data with dozens of third parties, including Google and Facebook, but also various adtech firms and data brokers. Read the rest

More posts