One of Many →
Catalin Cimpanu writing at Bleepiing Computer tells the tale of the infamous single car problem within so-called smart intersections. The true nature of the flaws in the system may surprise you... Today's Must Read.
"In the US, the Department of Transportation (DOT) has started implementing a V2I system called Intelligent Traffic Signal System (I-SIG), already found on the streets of New York, Tampa (Florida), Cheyenne (Wyoming), Temple (Arizona), and Palo Alto (California). But the Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks." - via Catalin Cimpanu writing at Bleepiing Computer
Extracting Secrets →
Good news for those of you deeply entrenched (also known as enterprise-wide) in deep learning - deep machine learning, that is - when turned on it's artificial head, becomes artificial data loss in the form of secrets extracted... Today's non-secretive Must Read scholarly paper. Oops.
Kerfuffle of Ryzen →
Ian Cutress - writing at eponymous AnandTech - expertly reported AMD Ryzen security flaws yesterday, via an announcement by security research firm CTS-Labs. While this appears to be bad news, let's leave the exact fix criteria to AMD, of which, has not responded (as of the writing of this post) to the annoucement from CTS-Labs (reportedly, the time-frame was a 24-hour notice, rather than the industry standard notification of 90 Calendar Days...). Stay tuned.
"CTS-Labs’ claims revolve around AMD’s Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within." via Ian Cutress, reporting at AnandTech.
Updated 2018/03/15 0831 - Dan Goodin at Ars Technica provides additional insightful reportage, and this from Motherboard scribe Lorenzo Franceschi-Bicchierai detailing the indicators of fraud and subterfuge within (and without) the report.
Cryptocurrency Versus Rationale Thought →
Easily the most rationale piece on Cryptocurrency yet, in what may become the de riguer Ridiculous Mantra of Cryptocurrency, Paul Ford, holds forth on the reality of coinage, as it were. Today's Must Read.
"That all of this adds up to money is ridiculous, and we should probably mock it more than we do" via the inimitable Paul Ford, scrivening at the illustrious Bloomberg Businessweek
United States K9 Veteran's Day March 13th 2018
Infosecurity.US Salutes Our United States K9 Armed Forces Veteran Dogs Today, March 13th 2018 on the Occasion of K9 Veteran's Day.
Six Years The Lurker →
Dan Goodin, writing at ArsTechnica, provides us with the surreptitious history of the malice-filled code-miscreant APT monikered Slingshot; of which, is apparently an alternatative mwthod of describing the devil's offspring in code-complete form. More, here.
"The researchers still don't know precisely how Slingshot initially infected all its targets. In several cases, however, Slingshot operators got access to routers made by Latvian manufacturer MikroTik and planted a malicious code in it." - via Dan Goodin, slaving away over a sizziling keyboard at ArsTechica
MoviePass Screws-the-Pooch →
Well - dammit - I was wrong... Early last week I made the error in a post on Monday 2018/03/05, in which I managed to scribble this diatribe: To Wit, "Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!)" ...
Well, that declaration has been overshadowed in our highly-read Observed-Stupidity-In-Security-And-Privacy-News-Department by a bottom-of-the-sea-deeply-ignorant statement uttered by MoviePass CEO Mitch Lowe regarding his extraordinary pleasure at tracking users within the company's MoviePass iPhone and Android apps (see below).
'The update comes after CEO Mitch Lowe made comments at the Entertainment Finance Forum in Los Angeles last week, claiming that the company was tracking users’ locations. “We watch how you drive from home to the movies. We watch where you go afterwards,” commented Lowe, according to a report from Media Play News. - via Chaim Gartenberg, writing at The Verge
Bravado? Misplaced Confidence? Hairplugs too-tight? Too Much Campari before dinner? I think not, just simple, unmitigated and blatant stupidity...
Perhaps a leadership change is in order, eh MoviePass? At least, the company did manage to (allegedly) remove the tracking-bits from the product and resissue the apps in the apropos app stores. Of course, there is always bad news with this type of mea culpa: In a statement made to Engadget, the company claimed they are still planning to use location data marketing to enhance their revenue stream. Ah, yes, the old Give It To 'Em, Then Take It Away gambit. Oh Joy!
International Association for Cryptologic Research's CHES 2018 Call for Tutorials / Posters / Papers
The International Association for Cryptologic Research has issued a Call for Papers, Posters and Tutorials to enrich your Association's upcoming Cryptographic Hardware and Embedded Systems (CHES) 2018 event, slated for Amsterdam, The Netherlands from 2018/09/09 - 2018/09/12 inclusive. Enjoy!