Simple NomadUnifi thinks my HP Dev One is a Netgear Meural Canvas. Hello stealth mode!
"Boss, I think we're being attacked by a picture frame via Wi-Fi..."
Also if I get caught hacking, I can claim I was framed.
...pause...
Get it?
Some relaxing thoughts for Friday.
Putting Undetectable Backdoors in Machine Learning Models - Schneier on Security
This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key,” the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees...
tmsl15Late to the #PS5 party. I knew this thing was big, but damn!
(Shout out to the poor little cable connection that hasn’t seen any action since it got cut it 2011.)
Researcher rules:
1. Trust but verify. Especially the verify bit.
2. Assume if there is the smallest possibility of someone getting annoyed as a result of your research, they will become furious to the point of an irrational state of shutting down actual reasoning.
3. Someone somewhere will get annoyed.
4. Stay calm, be politically neutral, and even-toned. The irrational sound more irrational even to themselves by contrast.
5. Stick to the facts. Don't say things like "your 'opinion' doesn't change the findings at offset 0x08 in frame 12 of the pcap!" simply restate "the offset 0x08 in frame 12 holds this value".
6. If you are disclosing a bug to a vendor and they start saying weird stuff like "PGP sign your disclosure policy and email it to us, we need this before we can respond" or some other weird thing, involve your Legal department, and if you're an independent researcher ask for legal help. (yes this has happened to me)