Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)

A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!

Piracy Shield, Stefano Zanero: “Ecco perché bloccare gli IP è una pessima idea”

@raistlin professore ordinario di Computer Security e Digital Forensics and Cybercrime del Politecnico di Milano risponde all’intervento del Commissario Agcom Massimiliano Capitanio in merito al “Piracy Shield”, la piattaforma Agcom contro la diffusione online di contenuti illegali

@pirati

https://www.agendadigitale.eu/sicurezza/piracy-shield-perche-le-critiche-allanti-pirateria-di-stato-non-sono-fake-news/

Quoto @raistlin da Twitter:

"i use linux as my operating system," i state proudly to the unkempt, bearded man. he swivels around in his desk chair with a devilish gleam in his eyes, ready to mansplain with extreme precision.
"actually," he says with a grin, "linux is just the kernel. you use GNU+linux."
i don't miss a beat and reply with a smirk, "i use alpine, a distro that doesn't include the GNU coreutils, or any other GNU code. it's linux, but it's not GNU+linux."

the smile quickly drops from the man's face. his body begins convulsing and he foams at the mouth as he drop to the floor with a sickly thud. as he writhes around he screams "I-IT WAS COMPILED WITH GCC! THAT MEANS IT'S STILL GNU!"
coolly, i reply "if windows was compiled with gcc, would that make it GNU?" i interrupt his response with "and work is being made on the kernel to make it more compiler-agnostic. even if you were correct, you won't be for long."

with a sickly wheeze, the last of the man's life is ejected from his body. he lies on the floor, cold and limp. i've womansplained him to death.

Today, two open letters from academics on the scientific arguments against the current #CSS (client side scanning) initiatives have been released:

* The first (in English, internationally coordinated) one is online at https://tinyurl.com/CSAScientistsLetter and still open for additional signatures.

* The second (in German, by #Austrian academics) one is online at https://www.ins.jku.at/chatcontrol/ and explicitly includes law experts in addition to the arguments from a security, privacy, and AI perspective.

This debate is expected to gain new steam with #Spain taking over the EU council presidency, given recently leaked statements like "Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption" (https://www.wired.co.uk/article/europe-break-encryption-leaked-document-csa-law).

Please boost on any channels you deem adequate. The discussion is still open, and we have little time to bring it to a more rational level.

#csam #law #eu #privacy #dataprotection #privacy #humanrights #messenger #chat #chatcontrol #signal #whatsapp #telegram #threema #e2ee

There are a few dozen neurons in the bellies of crabs. They control the grinding motions of the stomach.

I would like to see a machine replacement for these neurons that functions just as well as the natural ones before anyone hooks anyone else up to an uploading anything.

Just ... someone please show we can understand how neurons even do things.

It's like building an autonomous drone before you know how to make a paper airplane. (in fact it's much worse than that)