Weekend Reads 072823

Incredible as it may seem, US tax preparation companies using Google and Meta tracking technology have been sending sensitive information back to the megacorps, not to mention other tech firms, it is claimed.

The Federal Trade Commission (F.T.C.) sent a letter to OpenAI, the San Fransisco company responsible for creating ChatGPT, the Large Language Model that captured the world’s imagination in November of 2022.

Steganography is the art of hiding secret data in plain sight. It sounds kind of counter-intuitive, but you’d be surprised how effective it is.

On Wednesday, Microsoft announced that Chinese hackers had managed to secretly access email accounts belonging to 25 different organizations across the country, including government agencies.

But for a human to interact with this hardware, they must really know and understand how it works. The person must also know the order in which to give the computer various tasks to produce a meaningful result.

The UK’s Competition Market Authority (CMA) has provisionally cleared Broadcom’s proposed acquisition of VMWare, paving the way for the $61 billion deal to go ahead.

In 2021, we discussed a potential future shift from established public-key algorithms to so-called “post-quantum” algorithms, which may help protect sensitive information after the advent of quantum computers.

Recently, the QUIC Working Group was reviewing an errata for RFC 9002, the description of loss recovery and congestion control for QUIC. There was an error in the description of the algorithm used to compute the variable rttvar, which describes the expected variation of the round-trip time (RTT).

The downside of RDP’s widespread use is that a Remote Code Execution (RCE) vulnerability in an RDP gateway can have severe consequences, potentially leading to significant damage and compromising the security and integrity of the affected system.

With the adoption of the EU-U.S. Data Privacy Framework, European and U.S. organizations and privacy professionals are facing a new framework for data transfers across the Atlantic. Focus is quickly turning to implementation and what’s next.

As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple’s operating system.

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks.

Users of applications that use ChatGPT-like large language models (LLMs) beware: An attacker that creates untrusted content for the AI system could compromise any information or recommendations from the system, warn researchers.

In May, Mastodon server Kolektiva.social was compromised when one of the server’s admins had their home raided by the FBI for unrelated charges. All of their electronics, including a backup of the instance database, were seized.

In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants.

HTTP Strict Transport Security (HSTS) is a way to signal to a web client that valid HTTPS certificates must be used when connecting to a domain. There are two main benefits to HSTS.