Infosec Reading List - June 2024
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- Encryption At Rest: Whose Threat Model Is It Anyway? - If you’re only interested in compliance requirements, you can probably just enable Full Disk Encryption and call it a day. Then, if your server’s hard drive grows legs and walks out of the data center, your users’ most sensitive data will remain confidential. - but as you can imagine, this is not the end of the story - [link]
- How Tech Giants Cut Corners to Harvest Data for A.I. - The most prized data, A.I. researchers said, is high-quality information, such as published books and articles, which have been carefully written and edited by professionals. - totally makes sense, since it guarantees quality which cannot be said about sources like reddit etc. - Some Google employees were aware that OpenAI had harvested YouTube videos for data, two people with knowledge of the companies said. But they didn’t stop OpenAI because Google had also used transcripts of YouTube videos to train its A.I. models, the people said. - well … what can be said about this behaviour. And regarding synthetic data: Companies like his, he said at the May conference, would eventually train their A.I. on text generated by A.I. — otherwise known as synthetic data. - It should be all right,” Mr. Altman said - famous last words, “it should be all right” - [link]
- What Apple’s AI Tells Us: Experimental Models - This demonstrates a pattern: the most advanced generalist AI models often outperform specialized models, even in the specific domains those specialized models were designed for. - While Apple is building narrow AI systems that can accurately answer questions about your personal data (“tell me when my mother is landing”), OpenAI wants to build autonomous agents that would complete complex tasks for you (“You know those emails about the new business I want to start, could you figure out what I should do to register it so that it is best for my taxes and do that.”) - [link]
- WhatsApp Vulnerability Lets Governments See Who You Message - The vulnerability is based on “traffic analysis,” a decades-old network-monitoring technique, and relies on surveying internet traffic at a massive national scale. - The report indicated WhatsApp usage is among the multitude of personal characteristics and digital behaviors the Israeli military uses to mark Palestinians for death, citing a book on AI targeting written by the current commander of Unit 8200, Israel’s equivalent of the NSA. - [link]
- The 7 Reasons You Stop Improving (and How to Keep Getting Better) - three factors determine how quickly we can learn: seeing examples from others, doing practice ourselves, and getting feedback on our work. These ingredients may seem simple, but getting them right is often tricky. - [link]
- State of ransomware in 2024 - Another important trend observed in 2023: attacks via contractors and service providers, including IT services, became one of the top three attack vectors for the first time. This approach facilitates large-scale attacks with less effort, often going undetected until data leaks or encrypted data are discovered. If speaking about ransomware, trusted relationship attacks were among four of the main initial infection vectors. - [link]
- Inside the Zero Day Market - mdowds bluehat 2023 keynote - [link]
- Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake - [link]
- Polyfill supply chain attack hits 100K+ sites - [link]
- Google: Stop Burning Counterterrorism Operations - controversial topic & article - [link]
- Goldman Sachs says the return on investment for AI might be disappointing - “AI technology is exceptionally expensive, and to justify those costs, the technology must be able to solve complex problems, which it isn’t designed to do,” - [link]
- The State of Data Breaches - [link]
- Are rainy days ahead for cloud computing? - [link]
Outdoor
N/A
This post is licensed under CC BY 4.0 by the author.