By our reckoning, September 2021 saw 97 security incidents comprising 91,127,815 million breached records. What is unusual about this month is that a single incident accounted for most of those records: 61 million of them,…
Using “Master Faces” to Bypass Face-Recognition Authenticating Systems
Fascinating research: “Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces…
List of mandatory documents required by ISO 45001
ISO 45001 is the international standard that contains best practices for OH&S (occupational health and safety). Its goal is to reduce injuries and diseases in the workplace, including the promotion and protection of physical and…
The European Space Agency Launches Hackable Satellite
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […] Because the satellite can be reprogrammed in orbit, it can respond to changing demands during…
De-anonymization Story
This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained…
The benefits of NIS Regulations and the GDPR…
The way Cloud service providers in the UK operate has changed dramatically in the past few years, thanks to a pair of regulations that took effect. The first – the EU GDPR (General Data Protection…
Hiding Malware in ML Models
Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”. Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly…
Disrupting Ransomware by Disrupting Bitcoin
Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one…
Commercial Location Data Used to Out Priest
A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power…
Friday Squid Blogging: The Evolution of Squid
Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines…