| Date | Title | Description |
| 10.02.2025 | Ад — это чересчур уверенные в себе разработчики, пишущие собственную криптографию | Чересчур уверенные в себе разработчики, пишущие собственный криптографический код, были проклятием отрасли информационной безопасности ещё до того, как она вообще стала отдельной отраслью.
Само по себе это необязательно плохо, несмотря на т... |
| 15.11.2024 | Securing the Code: A New Era in Package Authentication and Secret Management | In the digital landscape, security is paramount. Two recent developments highlight the ongoing battle against vulnerabilities in software development: the introduction of digital attestation in Python Package Index (PyPI) and the proactive ... |
| 15.11.2024 | В PyPI внедрили поддержку механизма цифровой аттестации для проверки подлинности опубликованных пакетов | 14 ноября 2024 года разработчики репозитория Python-пакетов PyPI сообщили о внедрении поддержки механизма цифровой аттестации для проверки подлинности опубликованных пакетов.
Это проверка пришла на смену верификации с использованием PGP-под... |
| 14.10.2024 | Шифрование для облака: разные подходы | Облачные сервисы по-разному подходят к шифрованию данных на своём хостинге. В некоторых случаях это шифрование не удовлетворяет требованиям безопасности, поэтому приходится брать задачу в свои руки и шифровать файлы самостоятельно.
▍ Крипто... |
| 09.10.2024 | Gradio 5 is here: Hugging Face’s newest tool simplifies building AI-powered web apps | Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
Hugging Face, the fast-growing AI startup valued at about $4.5 billion, has launched Gradio 5, a major update to ... |
| 14.09.2024 | Реверс-инжиниринг GDB для работы с Pwndbg | Функционал GDB существенно сужается, когда приходится иметь дело с файлами, из которых убраны отладочные символы (получаются так называемые «урезанные бинарники»). Функции и имена переменных превращаются в бессмысленные адреса. Для установк... |
| 17.08.2024 | The Rise of Softphones: A New Era in Communication | In the digital age, communication is the lifeblood of any business. Traditional desk phones are becoming relics of the past. Enter softphones, the sleek, modern solution that transforms any device into a powerful communication tool. Softpho... |
| 16.08.2024 | iVerify: Google Pixel продаются с заводским ПО, которое может использоваться для слежки или удалённого управления | Приложение Showcase.apk в прошивке смартфонов Google Pixel делает операционную систему уязвимой для атак «человек посередине», внедрения вредоносного кода и установки шпионского программного обеспечения, показало расследование компании в сф... |
| 08.08.2024 | Безопасность ML — фантазии, или реальность? | Привет, Хабр! Я автор канала «Борис_ь с ml», где рассказываю о том, как применяется машинное обучение в информационной безопасности, а также как защищать системы, в которых применяется машинное обучение. Эта статья - введение для тех, кто с... |
| 27.07.2024 | The Rise of Token Management: Magna's Leap into Filecoin | The world of blockchain is a bustling marketplace, where innovation is the currency. In this landscape, Magna has emerged as a titan, announcing its integration of token vesting and claims smart contracts on the Filecoin network. This move ... |
| 23.07.2024 | Magna Integrates First Token Vesting and Claims Smart Contracts on Filecoin and Adds Support for Tokens on Filecoin Virtual Machine | Magna supports Filecoin tokens
Magna, the largest multi-chain token vesting platform, announces the successful deployment and UI integration of the first smart contract for token vesting and token claims on the Filecoin network for end-to-e... |
| 12.07.2024 | iVerify: Pioneering the Future of Mobile Security with $12 Million Series A Funding | In a bold move that signals a significant shift in the landscape of mobile security, iVerify, a trailblazing company specializing in advanced mobile EDR solutions, recently announced the successful closure of a substantial $12 million Serie... |
| 10.07.2024 | iVerify: Advanced Mobile EDR Solutions Company Closes $12 Million In Series A | iVerify, a leader in advanced mobile EDR solutions, announced the closing of $12 million in Series A funding led by Shine Capital with participation from Exponential Founders Capital, Mischief Ventures, Box Group, Parameter Ventures, Talons... |
| 25.06.2024 | Как уберечься от кражи репозитория (реподжекинга) | " data-abbr="от англ. repojacking, по аналогии с “hijacking” — незаконный захват/угон самолёта">Реподжекинг или захват репозитория / перехват контроля над репозиторием — это особый вид атак на цепочки поставок. В этой стат... |
| 14.06.2024 | Macroni: рецепт поступательного улучшения языка программирования | Хотя, Clang и используется в качестве инструмента для рефакторинга и статического анализа, у него есть серьёзный недостаток: в абстрактном синтаксическом дереве не предоставляется информации о происхождении конкретных расширений-макросов на... |
| 11.06.2024 | ‘Embarrassingly simple’ probe finds AI in medical image diagnosis ‘worse than random’ | It's time to celebrate the incredible women leading the way in AI! Nominate your inspiring leaders for VentureBeat’s Women in AI Awards today before June 18. Learn More
Large language models (LLMs) and large multimodal models (LMMs) are inc... |
| 06.04.2024 | What we’ve learned from the women behind the AI revolution | The AI boom, love it or find it to be a bit more hype than substance, is here to stay. That means lots of companies raising oodles of dollars, a healthy dose of regulatory concern, academic work, and corporate jockeying. For startups, it me... |
| 02.04.2024 | Upgradeable smart contracts. 5 способов обновить код смарт-контрактов на все случаи жизни | Смарт-контракты в сети Ethereum по умолчанию неизменны. Однако для некоторых сценариев желательно иметь возможность их модифицировать.
Обновление смарт-контракта - это изменение бизнес-логики контракта при сохранении состояния контракта. По... |
| 29.03.2024 | Часть 1. GPU-Based Fuzzing. Что за зверь такой? | Klim Galkin
SSDLC исследователь (почти)
Всем привет! В процессе изучение глобальной темы фаззинга наткнулся на статью ребят из Trail Of Bits (Ссылка). Такое использование видеокарт в фаззинг‑тестировании зацепило меня, на то есть причины. С... |
| 10.03.2024 | Women in AI: Heidy Khlaaf, safety engineering director at Trail of Bits | To give AI-focused women academics and others their well-deserved — and overdue — time in the spotlight, TechCrunch is launching a series of interviews focusing on remarkable women who’ve contributed to the AI revolution. We’ll publish seve... |
| 29.02.2024 | Silence Laboratories, a cryptographic security startup, secures funding | Silence Laboratories, a startup that builds infrastructure using multiparty computation (MPC) to help enterprises keep data private and safe, said it has raised a $4.1 million funding round.
Pi Ventures and Kira Studio co-led the recent fun... |
| 28.01.2024 | Обманчиво простой и интересный RSA | Недавно, читая книгу Real-World Cryptography, я узнала об атаке Блейхенбахера, иначе называемой атакой миллионом сообщений. Этот вид атаки Даниэль Блейхенбахер продемонстрировал в 1998 году, взломав RSA через функцию шифрования PKCS #1. В к... |
| 18.01.2024 | Уязвимость CVE-2023–4969 помогает локально красть данные через ПО для GPU AMD, Apple, Qualcomm и Imagination | Специалисты из компании Trail of Bits рассказали об атаке, позволяющей через уязвимость некоторых графических процессоров украсть локально конфиденциальную информацию от ИИ и других приложений. Trail of Bits заявила, что показанная ими атак... |
| 18.01.2024 | Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs | Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerab... |
| 22.11.2023 | Инструмент статического анализа Slither | Всем привет! Я из команды по анализу уязвимостей распределенных систем Positive Technologies. Мы занимаемся исследованием безопасности в области блокчейн-технологий и хотим поделиться обзором фреймворка для статического анализа кода, написа... |
| 28.10.2022 | ТОП-3 ИБ-событий недели по версии Jet CSIRT | Обнародованы подробности неисправленных уязвимостей Windows
Varonis Systems описала две уязвимости в операционной системе Windows, которые все еще могут быть использованы, несмотря на частичное исправление одной из них. Первая, получившая н... |
| 27.10.2022 | В СУБД SQLite нашли уязвимость, которой 22 года | Специалисты Trail of Bits выявили в СУБД SQLite серьёзную уязвимость, которая оказалась в коде ещё в октябре 2000 года. Она позволяла злоумышленникам вызывать сбои в работе программ или управлять ими.
Проблеме присвоили идентификатор CVE-20... |
| 05.09.2022 | Offline root CA с использованием YubiHSM | Общепринятой лучшей практикой считается использование отключенных от сети корневых удостоверяющих центров, a.k.a., offline root CA. Кроме того, не рекомендуется хранить закрытый ключ в файле, потому, что файл легко скопировать незаметно. То... |
| 16.01.2022 | FOSS News №104 — дайджест материалов о свободном и открытом ПО за 27 декабря 2021 — 16 января 2022 года | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о железе. Всё самое главное про пингвинов и не только, в России и мире.
Главные темы нового выпуска:
Новости о распространении и борьбе с кат... |
| 15.10.2020 | DeFi Audit Firms Seeing 'Overwhelming Demand' Even Amid Token Price Slump | If you're an Ethereum project looking to get audits done before the close of 2020, it's probably too late in the game.
Audit firms CoinDesk spoke with said they are swamped with decentralized finance (DeFi) projects. The months-long backlog... |
| 08.10.2020 | Five Hackers Found 55 Bugs in Apple Products in 3 Months and Made $51,500 | UPDATE, Oct. 8, 5:36 p.m. ET: A few hours after we published this story, Curry said that Apple had just notified the researchers that they were getting more rewards, bringing the total to $288,500. At this point, according to Curry, Apple h... |
| 04.09.2020 | Voatz Calls for Restrictions on Independent Cybersecurity Research in Supreme Court Brief | Blockchain voting startup Voatz argued that bug bounty programs concerning cybersecurity should be operated under strict supervision in a "friend of the court" brief before the Supreme Court of the United States (SCOTUS).
Voatz we... |
| 15.07.2020 | Twitter Breach Reactions: Security Professionals Offer an Early Assessment | @jack's been pwned.
All of Twitter went ablaze Wednesday afternoon as major crypto accounts started tweeting they had partnered with a phony site called "Crypto For Health" on a giveaway of 5,000 BTC.
It was a scam, but one that w... |
| 18.06.2020 | 'Snake Oil and Overpriced Junk': Why Blockchain Doesn't Fix Online Voting | Coronavirus is ravaging the globe, canceling presidential primaries in the U.S. and calling into question the wisdom of having lawmakers, many of them elderly, sitting close together as votes are held in Congress. Lawmakers, especially Demo... |
| 09.04.2020 | Internet Voting Is 'Not Secure' and Blockchain Won't Help, Warns Scientific Body | As the coronavirus pandemic continues to roil elections and voting officials look for solutions, scientific experts are warning against the dangers of voting online.
The American Association for the Advancement of Science’s Center for Scien... |
| 22.03.2020 | People, Not Technology, Failed In The 2020 Iowa Caucuses | The faulty app that was used for reporting caucus results in Iowa Getty Images |
| 16.03.2020 | Cybersecurity Firm Hired By Voatz To Audit Its System Finds Voatz Is Full Of Vulnerabilities | Mobile voting app Voatz is still a mess. Two years ago, West Virginia decided to give the app a spin to allow some voters to vote from home during the midterm elections. Nobody in the security world thought this was a good idea. The only pe... |
| 13.03.2020 | A Mobile Voting App That's Already in Use Is Filled With Critical Flaws | Voatz, a mobile voting app that's already been used in several elections in the United States, has more than a dozen critical security flaws, according to a newly released audit. The audit also shows Voatz publicly refuted an MIT report tha... |
| 16.01.2020 | Critical Windows 10 vulnerability used to Rickroll the NSA and Github | Enlarge / Chrome on Windows 10 as it Rickrolls the NSA.
https://twitter.com/saleemrash1d/status/1217519809732259840/photo/1 reader comments 103 with 68 posters participating, including story author
Share this story
Share on Facebook
Share o... |
| 25.12.2018 | Cybersecurity 101: How to browse the web securely and privately | So you want to browse the web securely and privately? Here’s a hard truth: it’s almost impossible.
It’s not just your internet provider that knows which sites you visit, it’s also the government — and other governments! And when it’s not th... |
| 23.03.2018 | AMD Grapples with Its Own Processor Security Flaw | News AMD Grapples with Its Own Processor Security Flaw By Kurt MackieMarch 23, 2018
Chip maker AMD is working to develop firmware updates in the wake of recently publicized security issues affecting its processors.
Described last week by CT... |
| 23.03.2018 | AMD Grapples with Its Own Processor Security Flaw | News AMD Grapples with Its Own Processor Security Flaw By Kurt MackieMarch 23, 2018
Chip maker AMD is working to develop firmware updates in the wake of recently publicized security issues affecting its processors.
Described last week by CT... |
| 09.01.2018 | How PolySwarm is using Blockchain to Change the Cyber Security Game | Share
Tweet
Share
Share
Email
Cyber security is a serious topic of concern for all people, government agencies, industries, energy, and national infrastructure entities today and for the foreseeable future. As cyber criminals become increas... |
| 08.11.2016 | The case for Trump: Why Donald bests Hillary on key tech policies | Solely based on media coverage, you'd think that all of Silicon Valley and the tech world at large was undoubtedly behind Clinton in this critical election. But as has been reported in muted fashion by a few outlets, there is such a thing a... |
| 11.08.2016 | Pokémon and a Better Conversation on Data Privacy | Amid an onslaught of privacy and cybersecurity threats, it can be difficult to predict which potential concerns will capture the public imagination. A particularly unlikely candidate for public debate over privacy and cybersecurity is Pokém... |
| 10.08.2016 | Copperhead OS: The startup that wants to solve Android’s woeful security | Guardian Project reader comments 126 with 55 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
A startup on a shoestring budget is working to clean up the Android security mess, and has even demonstra... |
| 01.07.2016 | Android’s full-disk encryption just got much weaker—here’s why | reader comments 134 with 66 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Privacy advocates take note: Android's full-disk encryption just got dramatically easier to defeat... |
| 09.05.2016 | This App Can Tell If Your iPhone Has Ever Been Hacked | It's not paranoia if they're really after you.
If you have an iPhone there was no way to figure out if you were really being paranoid or not, until now. Thanks to a new $1 app, you can finally figure out if someone sneakily hacked and jailb... |
| 22.02.2016 | Why Apple's shameless fight with the FBI is all about ego, not just cause | After spending the last few days soaking up as much as possible on the Apple-FBI San Bernardino iPhone spat, the evidence -- in my eyes -- has become crystal clear. Apple's planted itself on the wrong side of history here for numerous reaso... |
| 19.02.2016 | Can the Government Compel Apple to Speak? | Imagine that you are in the business of making safes. One day, you devise a novel safe for storing valuables. The safe is quite hard to break into, which is of course one of its selling points. But your safe has an additional feature: its l... |
| 18.02.2016 | Yes, The Backdoor That The FBI Is Requesting Can Work On Modern iPhones Too | So… over the past couple days, plenty of folks (including us) have reported that the backdoor demanded by the FBI (and currently granted by a magistrate judge) would likely work on the older iPhone model in question, the iPhone 5C, but that... |
| 18.02.2016 | Not a Slippery Slope, but a Jump off the Cliff | When I first read the court order in the San Bernardino case, I thought it was reasonable, as it is both technically plausible and doesn't substantially impact user security for most people. Even if Apple's code escapes it only compromises ... |
| 17.02.2016 | Why Apple Is Right To Reject The FBI’s Push To Brute Force iPhone Security | Apple is under pressure from the FBI to backdoor iPhone 5c security. The company is taking a public, principled stance on this, which is in line with its recent public pro-privacy defense of encryption. Yesterday it released a customer stat... |
| 17.02.2016 | Why Apple Is Fighting Not To Unlock iPhones For The Government | Yesterday, the FBI filed an order compelling Apple to unlock an iPhone used by Syed Farook, one of the attackers in the San Bernardino shooting incident late last year which left 14 people dead.
Shortly thereafter, Apple CEO Tim Cook publis... |
| 17.02.2016 | Enterprise Security Firm Says Apple Could Easily Comply with the Court Order to Open the iPhone 5c
Categories
Search | Earlier today we posted a report titled "The Court Rules that Apple must Provide 'Reasonable Technical Assistance' to Unlock a Famous U.S. Terrorist's iPhone." Now an enterprise security firm by the name of 'Trail of Bits' has wei... |
| 17.02.2016 | Apple: We Will Fight FBI Demand to Crack iPhone Passcode | On Tuesday, a federal judge ordered Apple to assist the FBI in brute-forcing the passcode to an encrypted iPhone of one of the San Bernardino shooters.
Tim Cook, Apple's CEO, vehemently responded to the order late on Tuesday, saying that th... |
| 17.02.2016 | Tim Cook Says Apple Won’t Create Universal iPhone Backdoor For FBI | Apple CEO Tim Cook has confirmed that the company will appeal a California judge’s order to unlock an iPhone belonging to one of the terrorists involved in the San Bernardino shooting. Following the request, Cook argued, would “threaten the... |
| 17.02.2016 | White House Plays With Words, Says Department Of Justice Isn’t Asking Apple To Create A Backdoor | Following Tim Cook’s letter, the White House has reacted to Apple’s strong stance against backdoors. According to Reuters, the White House has said that the Department of Justice isn’t asking for a backdoor to unlock the iPhone 5c in the Sa... |
| 16.12.2015 | Hack Into a Linux Computer by Hitting the Backspace 28 Times | If you're trying to steal someone's files from his or her computer, getting past the login screen can be hard, if not impossible. But thanks to a bizarre bug in several distributions of Linux, all you need is to hit the backspace key 28 tim... |
| 17.04.2015 | The Rise of the Hackbots | Stopping malicious hackers and securing software is extremely hard. But what if you could make software that hacks other software, finds bugs, and fixes it quicker than human hackers could?
The challenge boils down to an oft-repeated mantra... |
| 28.09.2012 | Key takeaways from the SecurityWatch Summit 2012 | Last night a number of digital security specialists met in a bank vault below the streets of lower Manhattan. While this might sound like the start of a heist film, keep in mind that the former JP Morgan vault was in steakhouse and the secu... |
| 11.06.2012 | Flame’s crypto attack may have needed $200,000 worth of compute power | A cluster of 200 PlayStation 3 consoles used in 2008 to find a cryptographic collision in the MD5 algorithm.
Alex Sotirov reader comments 30 with 27 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit F... |
| 04.04.2012 | Can Apple give police a key to your encrypted iPhone data? Ars investigates | Photograph by Aurich Lawson reader comments 71 with 40 posters participating, including story author
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
Does Apple have a backdoor that it can use to help law enforcement bypa... |
| 09.09.2010 | WOULD YOU LIKE TO PLAY A GAME? High schoolers invited to NYU-Poly cyber-security games | When I was in high school, “hacking” mostly meant wardialing the local phone numbers looking for BBSes, and occasionally downloading “warez” from the “elite” boards. I have a funny story about the time our own John Biggs wrote a trojan disg... |
| - | Millions of iPhones and MacBooks have this security flaw, and there’s nothing you can do | Virtually every electronic device is capable of being hacked, including Apple’s. To that point, Trail of Bits recently discovered a new attack through a GPU security flaw. Even though it seems Apple has addressed this issue in some iPhone a... |
| - | Does Apple even have the ability to hack the iPhone like the FBI wants? | The FBI has specific requests for Apple regarding the iPhone retrieved from one of the San Bernardino shooters. The agency wants to access the information stored on the handset, but the phone is protected by a PIN code. A judge already orde... |
| - | (Не)приватні розмови. Як захиститися від прослуховування телефона – дослідження Molfar | (Не)приватні розмови. Як захиститися від прослуховування телефона – дослідження Molfar
17 лютого, 2024, 13:06
AIN.UA
Нещодавно OSINT-агенція Molfar опублікувала дослідження про безпеку телефонних застосунків для дзвінків, прослуховування ро... |
