Weekend Reads 101324


A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.


This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice.


In the quest to revolutionize medicine, our bodies are becoming living laboratories. By 2030, itメs estimated that bioprinting could address up to 20% of the organ transplant waiting list globally.


Consider this: For every 1,000 human users in your organization, you likely have 10,000 non-human connections or credentials. Some estimates suggest the ratio could be as high as 45-to-1.


The U.S. Department of Justice (DOJ) is considering recommending a federal judge to force Google to sell parts of its business in a bid to eliminate its alleged monopoly on online search, according to a court filing Tuesday.


A US jury has found that employment practices at Cognizant constitute discriminatory conduct toward non-Indian workers in a case that originated in 2013 and claimed the tech giant favored H-1B visa holders from India over local workers.


Consumers are victims of online scams and have their data stolen, but they are lagging on adopting security tools to protect themselves.


At the end of its 2024 term, the Supreme Court decided two cases with a significant, if not historic, impact on the ability of federal agencies to regulate areas of the national economy within their jurisdiction, including the FCC’s ability to regulate telecommunications and Internet service providers.


He criticized the reliance on just two or three ultra-high capacity cables driven by over-the-top (OTT) providers such as major tech companies, which have different network requirements from traditional telecom providers.


The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests.


The specification for UUIDs was written in 2005 and is defined in RFC 4122. This specification has served the industry fairly well. Even so there have been many other mechanisms for generating unique identifiers to try to make up for the shortcomings of the original specification.


Because Kerberoasting enables cyberthreat actors to steal credentials and quickly navigate through devices and networks, it’s essential for administrators to take steps to reduce potential cyberattack surfaces.

Weekend Reads 100624


Thanks to the popularity and widespread success of ChatGPT, most IT users are familiar with the concept of a large language model (LLM). But how does an LLM apply to network operations?


If you don’t know what you’re operating on, or what the expected output range might be, then maybe you ought not to be operating on that data in the first place. But now these languages have gotten into the wild and we’ll never be able to hunt them down and kill them soon enough for my liking, or for the greater good.


We then analyze ten data sets spanning industry and academic sources, across four years (2019-2023), to find and explain discrepancies based on data sources, vantage points, methods, and parameters.


Phishing attacks, which trick users into sharing private data, have been a major security threat for years. According to a 2023 FBI report, it is the top digital crime type.


A test account that’s shared among many can be used by anyone who happens to have the password. This leaves a trail of poorly managed or unmanaged accounts that only increases your attack surface.


As radio host Mark Davis put it recently, “ultimately everything AI does is go in search of something that some human being said or wrote sometime.”


One of the most exciting recent developments in web performance is Zstandard (zstd) — a new compression algorithm that we have found compresses data 42% faster than Brotli while maintaining almost the same compression levels.


In this paper, we introduce a generic security model for Web services based on three dimensions of resolution, transaction, and identification.


For generative artificial intelligence (GenAI) models, the concept of the Promethean dilemma has so far been discussed, starting with whether general access to GenAI systems should be permitted for public use, given their black box nature and tendency to confabulate.


All crypto assets in 2024 amounted to only 0.5% of the world’s money supply. But they have enabled a lot of troublesome speculative behavior as well as illicit activities such as money laundering and tax evasion, financial scandals, illegal gambling, and financing of terrorism and the drug trade. Some governments would like to provide alternatives.


Threat actors can often find targeting certain organizations too much of a challenge. So they need to go through what we can consider back channels—suppliers, vendors, or service providers.


Most exploitable GPU vulnerabilities are in the implementation of the GPU kernel mode modules. These modules are pieces of code that load/unload during runtime, extending functionality without the need to reboot the device.


Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages.


Session hijacking looks quite different these days. No longer network-based, modern session hijacking is an identity-based attack performed over the public internet targeting cloud-based apps and services.

Weekend Reads 092824


Instead, Broadcom is now experimenting with co-packaging the optics directly into the GPUs themselves.


With K-12 schools back in session across the nation, millions of students are adjusting to a new learning environment — a cellphone-free classroom or, in some cases, a phone-free school day.


Being at the core of the Internet places the DNS under a lot of pressure. New forms of DNS abuse emerge each year, disputes over domain names persist, and all the while, the Internet just keeps getting bigger.


The censorship war has hit a flashpoint. Late last month, Brazil banned Elon Musk’s social media site, X, after Musk refused a government order to suppress seven dissident accounts.


This raises a question. If someone is situated in South America and wants to access youtu.be, is their performance going to be impacted (assuming he has to do the entire recursive lookup with no cache)?


ODA focuses on identifying macroscopic Internet outages, such as outages that affect a significant portion of the population within either a geographic region or an Autonomous System (AS).


For practitioners, this study provides a rich set of criteria that can be used for evaluating their projects, as well as strong evidence of the importance of considering not only project execution, but also post-project outcomes and impacts in the evaluation.


As if we didn’t have a long enough list of problems to worry about, Lumen researchers at its Black Lotus Labs recently released a blog that said that it knows of three U.S. ISPs and one in India was hacked this summer.


While the usage of internationalized domain names (IDNs) has allowed organizations the world over to enter the global market using their native-language domain names, it can also enable cyber attackers to craft look-alikes of legitimate domains they wish to spoof.


In Texas, for example, the chatbot only consumes an estimated 235 milliliters needed to generate one 100-word email. That same email drafted in Washington, on the other hand, would require 1,408 milliliters (nearly a liter and a half) per email.


Fiber splicing is joining two optical fibers to create a continuous, low-loss, and highly efficient optical path.


Efforts to curb illegal online content through domain shutdowns are proving ineffective and carry significant risks, according to a new report by eco and its topDNS initiative.


The majority of open source project maintainers are not being paid for their work, spend three times as much time on security than they did three years ago, and have become less trusting of contributors following the xz backdoor, according to open source package security firm Tidelift.