SwiftOnSecurityOne of the biggest security expertise redpills is this is unironically a good idea and the time spent making fun of it was ill-advised for most users whose physical security threat is not a factor in comparison.
Tony Ropson
- 262 Followers
- 457 Following
- 411 Posts
Software dev, cryptography, in a love/hate relationship with x509 cets
Instead of prompt injection attacks, we need to start calling them “clever gerbil attacks” 😂
https://infosec.exchange/@kaoudis/112570440277362476
https://infosec.exchange/@kaoudis/112570440277362476
kaoudis (@[email protected])
This made my day because it is a beautifully concise demonstration of not only the problems with indiscriminate text-slurping regardless of copyright or licensure, but also the issues with LLMs more broadly: they can only output based on what input they’ve seen. Humans are wrong sometimes or have nuance such as humor in the things they say, and LLMs as far as I understand cannot filter on contextual emotions. https://thepit.social/@peter/112570402128384522
I appreciate the “thinking out loud” part of this piece and think Kerberos is a nifty protocol
Kerberos as a post quantum solution was not on my 2024 bingo card 😂
https://infosec.exchange/@agl/112236561805677538
Kerberos as a post quantum solution was not on my 2024 bingo card 😂
https://infosec.exchange/@agl/112236561805677538
Adam Langley (@[email protected])
Let's Kerberos: https://www.imperialviolet.org/2024/04/07/letskerberos.html Nothing new, just recapping that the overhead of public-key signatures can be amortised with symmetric cryptography if you're willing to have a mutually-trusted 3rd-party. Perhaps newly pertinent with post-quantum making signatures much larger. (This is morally just Kerberos + pkinit.) Then, since symmetric crypto is so much smaller, it's possible for sites to return many "certificate chains", which can help address some of the problems from the first part.
Matthew GarrettTwitter just doing a "redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com" is not absolutely the funniest thing I could imagine but it's high up there
Sophie SchmiegAnd now it's a paper as well, expanded on the original email:
Unbindable Kemmy Schmidt: ML-KEM is neither MAL-BIND-K-CT nor MAL-BIND-K-PK
In "Keeping up with the KEMs" Cremers et al. introduced various binding models for KEMs. The authors show that ML-KEM is LEAK-BIND-K-CT and LEAK-BIND-K-PK, i.e. binding the ciphertext and the public key in the case of an adversary having access, but not being able to manipulate the key material. They further conjecture that ML-KEM also has MAL-BIND-K-PK, but not MAL-BIND-K-CT, the binding of public key or ciphertext to the shared secret in the case of an attacker with the ability to manipulate the key material. This short paper demonstrates that ML-KEM does neither have MALBIND-K-CT nor MAL-BIND-K-PK, due to the attacker being able to produce mal-formed private keys, giving concrete examples for both. We also suggest mitigations, and sketch a proof for binding both ciphertext and public key when the attacker is not able to manipulate the private key as liberally.
The meh:
The new skill system was ok, it gave plenty of options but i stuck with my main infiltrator set and did bother with the rest
The jumping got annoying. Not a fan of jumping games anyway and it felt out of place.
Dislikes: all the driving. Everyone seemed to have a shuttle but me. This really killed the replay factor for me
There were bugs. Had to make sure i had plenty of saves incase of crash
Finished my first play through of mass effect andromeda
Likes: Characters and plot were pretty well done. Story line unfolded well. Character’s development was good and far less formulaic than earlier Mass Effect games
Likes: Characters and plot were pretty well done. Story line unfolded well. Character’s development was good and far less formulaic than earlier Mass Effect games
mccPeople who design APIs. I am begging you. It doesn't matter how "simple" or "intuitive" or "elegant" your API is. You need to include sample code.
I see a lot more interesting content on LinkedIn (ie software dev/security/data etc)
Now I am just avoiding it because it’s depressing seeing so many talented people “open to new opportunities” 😞
Now I am just avoiding it because it’s depressing seeing so many talented people “open to new opportunities” 😞