‘computer security’ tag

Gwern Branwen

See Also
Gwern
- “Research Ideas”, Gwern 2017
- “On Seeing Through and Unseeing: The Hacker Mindset”, Gwern 2012
Links
Miscellaneous
Bibliography

[Warning: JavaScript Disabled!]

[For support of key website features (link annotation popups/popovers & transclusions, collapsible sections, backlinks, tablesorting, image zooming, sidenotes etc), you must enable JavaScript.]

Gwern

“On Seeing Through and Unseeing: The Hacker Mindset”, Gwern 2012

On Seeing Through and Unseeing: The Hacker Mindset

Links

“When Machine Learning Tells the Wrong Story”

When Machine Learning Tells the Wrong Story

“Hacking Back the AI-Hacker: Prompt Injection As a Defense Against LLM-Driven Cyberattacks”, Pasquini et al 2024

Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks

“The Global Surveillance Free-For-All in Mobile Ad Data”, Krebs 2024

The Global Surveillance Free-for-All in Mobile Ad Data⁠:

View External Link:

https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

“Internet Archive Breached Again through Stolen Access Tokens”, Abrams 2024

Internet Archive breached again through stolen access tokens

“Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code”

Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

“Turning Everyday Gadgets into Bombs Is a Bad Idea”

Turning Everyday Gadgets into Bombs is a Bad Idea

“Meet the Hustlers Who Make $6,000 a Month Riding Citi Bikes”

Meet the Hustlers Who Make $6,000 a Month Riding Citi Bikes

“Magika: AI-Powered Content-Type Detection”, Fratantonio et al 2024

Magika: AI-Powered Content-Type Detection

“PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’”, Guri 2024

PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’

“From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers”

From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers⁠:

View HTML:

/doc/www/warontherocks.com/a07a4ce82f4a5cf3b49fba4a68a3c0a9dec12b57.html

“How Elon Musk Got Tangled Up in Blue § Homoglyph Attack”, Mac & Conger 2024

How Elon Musk Got Tangled Up in Blue § homoglyph attack

“Prompt Injection in ‘Resolve Vulnerabilty’ Results in Arbitrary Command Execution in Victim’s Pipeline”, GitLab 2024

Prompt injection in ‘Resolve Vulnerabilty’ results in arbitrary command execution in victim’s pipeline

“A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A Security Breach at the Maker of ChatGPT Last Year Revealed Internal Discussions among Researchers and Other Employees, but Not the Code behind OpenAI’s Systems”, Metz 2024

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A security breach at the maker of ChatGPT last year revealed internal discussions among researchers and other employees, but not the code behind OpenAI’s systems

“The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For Decades, Yoko Ono Thought That the Birthday Gift Was in Her Dakota Apartment. But It Had Been Removed and Sold—And Now Awaits a Court Ruling in Geneva”, Fielden 2024

The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For decades, Yoko Ono thought that the birthday gift was in her Dakota apartment. But it had been removed and sold—and now awaits a court ruling in Geneva

“Designing a Dashboard for Transparency and Control of Conversational AI”, Chen et al 2024

Designing a Dashboard for Transparency and Control of Conversational AI

“He West Coast’s Fanciest Stolen Bikes Are Getting Trafficked by One Mastermind in Jalisco, Mexico: ‘We Have People Stealing All over the World.’ A Digital Sleuth Named Bryan Hance Has Spent the past Four Years Obsessively Uncovering a Bicycle-Theft Pipeline of Astonishing Scale”, Solomon 2024

he West Coast’s Fanciest Stolen Bikes Are Getting Trafficked by One Mastermind in Jalisco, Mexico: ‘We have people stealing all over the world.’ A digital sleuth named Bryan Hance has spent the past four years obsessively uncovering a bicycle-theft pipeline of astonishing scale

“AI Sandbagging: Language Models Can Strategically Underperform on Evaluations”, Weij et al 2024

AI Sandbagging: Language Models can Strategically Underperform on Evaluations

“The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions”, Wallace et al 2024

The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions

“Foundational Challenges in Assuring Alignment and Safety of Large Language Models”, Anwar et al 2024

Foundational Challenges in Assuring Alignment and Safety of Large Language Models

“Vulnerability Detection With Code Language Models: How Far Are We?”, Ding et al 2024

Vulnerability Detection with Code Language Models: How Far Are We?

“The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, Who Leads Research at the National Security Agency, Says Large Language Models Are Incredibly Useful—And a Bit of a Headache—For America’s Intelligence Machine”, Knight 2024

The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, who leads research at the National Security Agency, says large language models are incredibly useful—and a bit of a headache—for America’s intelligence machine

“Exploiting Novel GPT-4 APIs”, Pelrine et al 2023

Exploiting Novel GPT-4 APIs

“Did I Get Sam Altman Fired from OpenAI?: Nathan’s Red-Teaming Experience, Noticing How the Board Was Not Aware of GPT-4 Jailbreaks & Had Not Even Tried GPT-4 prior to Its Early Release”, Labenz 2023

Did I get Sam Altman fired from OpenAI?: Nathan’s red-teaming experience, noticing how the board was not aware of GPT-4 jailbreaks & had not even tried GPT-4 prior to its early release

“Did I Get Sam Altman Fired from OpenAI? § GPT-4-Base”, Labenz 2023

Did I get Sam Altman fired from OpenAI? § GPT-4-base

“Summon a Demon and Bind It: A Grounded Theory of LLM Red Teaming in the Wild”, Inie et al 2023

Summon a Demon and Bind it: A Grounded Theory of LLM Red Teaming in the Wild

“Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game”, Toyer et al 2023

Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game

“InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews”, Wang et al 2023

InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews

“Beyond Memorization: Violating Privacy Via Inference With Large Language Models”, Staab et al 2023

Beyond Memorization: Violating Privacy Via Inference with Large Language Models

“Security Weaknesses of Copilot Generated Code in GitHub”, Fu et al 2023

Security Weaknesses of Copilot Generated Code in GitHub

“Demystifying RCE Vulnerabilities in LLM-Integrated Apps”, Liu et al 2023

Demystifying RCE Vulnerabilities in LLM-Integrated Apps

“Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models”, Heiding et al 2023

Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models

“How Correlated Are You?”, Downey 2023

How Correlated Are You?

“The Ghost Trilemma”, Mukherjee et al 2023

The Ghost Trilemma

“An Empirical Study & Evaluation of Modern CAPTCHAs”, Searles et al 2023

An Empirical Study & Evaluation of Modern CAPTCHAs

“PIGEON: Predicting Image Geolocations”, Haas et al 2023

PIGEON: Predicting Image Geolocations

“Artificial Artificial Artificial Intelligence: Crowd Workers Widely Use Large Language Models for Text Production Tasks”, Veselovsky et al 2023

Artificial Artificial Artificial Intelligence: Crowd Workers Widely Use Large Language Models for Text Production Tasks

“Putting out the Hardware Dumpster Fire”, Fiedler et al 2023

Putting out the hardware dumpster fire

“Generalizable Synthetic Image Detection via Language-Guided Contrastive Learning”, Wu et al 2023

Generalizable Synthetic Image Detection via Language-guided Contrastive Learning

“Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns”, Hazell 2023

Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns

“Dark Web Pedophile Site Users’ Cybersecurity Concerns: A Lifespan and Survival Analysis”, Chopin & Décary-Hétu 2023

Dark web pedophile site users’ cybersecurity concerns: A lifespan and survival analysis⁠:

View PDF:

/doc/cs/security/2023-chopin.pdf

“How Secure Is Code Generated by ChatGPT?”, Khoury et al 2023

How Secure is Code Generated by ChatGPT?

“Generative AI: Impact on Email Cyber-Attacks”, DarkTrace 2023

Generative AI: Impact on Email Cyber-Attacks⁠:

View PDF:

/doc/cs/security/2023-darktrace.pdf

“Protecting Society from AI Misuse: When Are Restrictions on Capabilities Warranted?”, Anderljung & Hazell 2023

Protecting Society from AI Misuse: When are Restrictions on Capabilities Warranted?

“ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards”, Alotaibi et al 2023

ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards

“Not What You’ve Signed up For: Compromising Real-World LLM-Integrated Applications With Indirect Prompt Injection”, Greshake et al 2023

Not what you’ve signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection

“Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons”, Zehavi & Shamir 2023

Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons

“EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers”, Mahdad et al 2022

EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers

“Fill in the Blank: Context-Aware Automated Text Input Generation for Mobile GUI Testing”, Liu et al 2022

Fill in the Blank: Context-aware Automated Text Input Generation for Mobile GUI Testing

“Familial Concentration of Crime in a Digital Era: Criminal Behavior among Family Members of Cyber Offenders”, Weijer & Moneva 2022

Familial concentration of crime in a digital era: Criminal behavior among family members of cyber offenders

“Do Users Write More Insecure Code With AI Assistants?”, Perry et al 2022

Do Users Write More Insecure Code with AI Assistants?

“Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models”, Struppek et al 2022

Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models

“BTD: Decompiling X86 Deep Neural Network Executables”, Liu et al 2022

BTD: Decompiling x86 Deep Neural Network Executables

“Uber Apparently Hacked by Teen, Employees Thought It Was a Joke: ‘I Think IT Would Appreciate Less Memes While They Handle the Breach’”, Porter 2022

Uber apparently hacked by teen, employees thought it was a joke: ‘I think IT would appreciate less memes while they handle the breach’

“Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects”, Hillmann 2022

Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects

“Adversarial Attacks on Image Generation With Made-Up Words”, Millière 2022

Adversarial Attacks on Image Generation With Made-Up Words

“SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables”, Guri 2022

SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

“Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing”, Long et al 2022

Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing

“Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests: Hackers Compromised the Emails of Law Enforcement Agencies; Data Was Used to Enable Harassment, May Aid Financial Fraud”, Turton 2022

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests: Hackers compromised the emails of law enforcement agencies; Data was used to enable harassment, may aid financial fraud

“Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’”, Krebs 2022

Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’

“Pop Quiz! Can a Large Language Model Help With Reverse Engineering?”, Pearce et al 2022

Pop Quiz! Can a Large Language Model Help With Reverse Engineering?

“Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on X86”, Wang et al 2022d

Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86

“Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences”, Svirsky 2022

Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences

“High Tech Crime, High Intellectual Crime? Comparing the Intellectual Capabilities of Cybercriminals, Traditional Criminals and Non-Criminals”, Schiks et al 2022

High tech crime, high intellectual crime? Comparing the intellectual capabilities of cybercriminals, traditional criminals and non-criminals

“A Deep Dive into an NSO Zero-Click IMessage Exploit: Remote Code Execution”, Beer & Groß 2021

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

“Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED”, Nassi et al 2021

Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED

“EvilModel: Hiding Malware Inside of Neural Network Models”, Wang et al 2021

EvilModel: Hiding Malware Inside of Neural Network Models

“Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes”

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes⁠:

View External Link:

https://www.wired.com/story/infrared-laser-microphone-keystroke-surveillance/

“The Mongolian Meta”, kommu & dylandank 2021

The Mongolian Meta

“Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine”, Johnson 2021

Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine

“AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers”, Guri 2020

AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers

“I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem”, Fleder & Shah 2020

I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem

“A C/C++ Code Vulnerability Dataset With Code Changes and CVE Summaries”, Fan et al 2020

A C/C++ Code Vulnerability Dataset with Code Changes and CVE Summaries

“The Relevance of Classic Fuzz Testing: Have We Solved This One?”, Miller et al 2020

The Relevance of Classic Fuzz Testing: Have We Solved This One?

“Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations”, Nassi et al 2020

Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations

“Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques”, Kim et al 2020

Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques

“IJON: Exploring Deep State Spaces via Fuzzing”, Aschermann et al 2020

IJON: Exploring Deep State Spaces via Fuzzing

“What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking”, Kröger et al 2020

What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking

“Listen to Your Key: Towards Acoustics-Based Physical Key Inference”, Ramesh et al 2020

Listen to Your Key: Towards Acoustics-based Physical Key Inference

“Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun”, Foddy 2020

Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun

“The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance”, Sommers & Bohns 2019

The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance

“Hearing Your Touch: A New Acoustic Side Channel on Smartphones”, Shumailov et al 2019

Hearing your touch: A new acoustic side channel on smartphones

“Spectre Is Here to Stay: An Analysis of Side-Channels and Speculative Execution”, Mcilroy et al 2019

Spectre is here to stay: An analysis of side-channels and speculative execution

“V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing”, Li et al 2019

V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing

“Privacy Implications of Accelerometer Data: a Review of Possible Inferences”, Kröger et al 2019

Privacy implications of accelerometer data: a review of possible inferences

“ExSpectre: Hiding Malware in Speculative Execution”, Wampler 2019

ExSpectre: Hiding Malware in Speculative Execution⁠:

View PDF:

/doc/www/www.ndss-symposium.org/e4053d55fa6f7d4f1391ac85f4795cb2132fd60a.pdf

“Best Practices: Formal Proofs, the Fine Print and Side Effects”, Murray & Oorschot 2018

Best Practices: Formal Proofs, the Fine Print and Side Effects

“SonarSnoop: Active Acoustic Side-Channel Attacks”, Cheng et al 2018

SonarSnoop: Active Acoustic Side-Channel Attacks

“Chaff Bugs: Deterring Attackers by Making Software Buggier”, Hu et al 2018

Chaff Bugs: Deterring Attackers by Making Software Buggier

“Bad Romance: To Cash in on Kindle Unlimited, a Cabal of Authors Gamed Amazon’s Algorithm”, Jeong 2018

Bad romance: To cash in on Kindle Unlimited, a cabal of authors gamed Amazon’s algorithm

“Kindle Unlimited Book Stuffing Scam Earns Millions and Amazon Isn’t Stopping It: Book Stuffer Chance Carter Is Gone. But Readers Are Still Paying for Books That Are 90% Filler.”, Zetlin 2018

Kindle Unlimited Book Stuffing Scam Earns Millions and Amazon Isn’t Stopping It: Book stuffer Chance Carter is gone. But readers are still paying for books that are 90% filler.

“Security, Moore’s Law, and the Anomaly of Cheap Complexity”, Flake 2018

Security, Moore’s law, and the anomaly of cheap complexity

“Understanding the Behavior of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge”, Ceccato et al 2018

Understanding the behavior of hackers while performing attack tasks in a professional setting and in a public challenge

“Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning”, Anderson et al 2018

Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning

“Deep Reinforcement Fuzzing”, Böttinger et al 2018

Deep Reinforcement Fuzzing

“Weird Machines, Exploitability, and Provable Unexploitability”, Dullien 2017

Weird machines, exploitability, and provable unexploitability

“The Future of Ad Blocking: An Analytical Framework and New Techniques”, Storey et al 2017

The Future of Ad Blocking: An Analytical Framework and New Techniques

“Hyper-Realistic Face Masks: a New Challenge in Person Identification”, Sanders et al 2017

Hyper-realistic face masks: a new challenge in person identification

“Join Me on a Market for Anonymity”, Moser & Böhme 2016

Join Me on a Market for Anonymity

“The Search for the Perfect Door”, Ollam 2016

The Search for the Perfect Door⁠:

https://www.youtube.com/watch?v=4YYvBLAF4T8?t=330

“When Coding Style Survives Compilation: De-Anonymizing Programmers from Executable Binaries”, Caliskan et al 2015

When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

“Microsoft Sheds Reputation As an Easy Mark for Hackers”, Wingfield 2015

Microsoft Sheds Reputation as an Easy Mark for Hackers

“Defenders Think in Lists. Attackers Think in Graphs. As Long As This Is True, Attackers Win.”, Lambert 2015

Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.⁠:

View Markdown:

https://github.com/JohnLaTwC/Shared/blob/master/Defenders%20think%20in%20lists.%20Attackers%20think%20in%20graphs.%20As%20long%20as%20this%20is%20true%2C%20attackers%20win.md

“Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture”, Zonenberg 2015

Antikernel: A decentralized secure hardware-software operating system architecture

“What Are Weird Machines?”, Bratus 2015

What are Weird Machines?

“Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords”, Blocki et al 2014

Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords

“Bloom Filter Applications in Network Security: A State-Of-The-Art Survey”, Geravand & Ahmadi 2013

Bloom filter applications in network security: A state-of-the-art survey

“The Page-Fault Weird Machine: Lessons in Instruction-Less Computation”, Bangert 2013

The Page-Fault Weird Machine: Lessons in Instruction-less Computation⁠:

View PDF:

/doc/www/0b4af6cdc2f0c5998459-c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/4ca32444a76c176f81cc2e9ad978b540691d9ced.pdf

“The Configuration Complexity Clock”, Hadlow 2012

The Configuration Complexity Clock

“Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-Iks”, White et al 2011

Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks

“Exploration of FPGA Interconnect for the Design of Unconventional Antennas”, Tavaragiri et al 2011

Exploration of FPGA interconnect for the design of unconventional antennas

“Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited”, Flake 2011

Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited⁠:

View PDF:

/doc/cs/security/2011-dullien.pdf

“Digital Image Forensics: a Booklet for Beginners”, Redi et al 2010

Digital image forensics: a booklet for beginners

“Feasibility and Real-World Implications of Web Browser History Detection”, Janc & Olejnik 2010

Feasibility and Real-World Implications of Web Browser History Detection⁠:

View PDF:

/doc/www/pdfs.semanticscholar.org/a261eed251c9964fa56e5034fc5b84ba49e8327f.pdf

“Mining Writeprints from Anonymous E-Mails for Forensic Investigation”, Iqbal 2010

Mining writeprints from anonymous e-mails for forensic investigation⁠:

View PDF:

/doc/www/spectrum.library.concordia.ca/ab5d9b1ce772bb9b4d2645cbe88cb779b72449db.pdf

“De-Anonymizing Social Networks”, Narayanan & Shmatikov 2009

De-anonymizing Social Networks

“The Tactical Amulet Extraction Bot: Predicting and Controlling NetHack's Randomness”

The Tactical Amulet Extraction Bot: Predicting and controlling NetHack's randomness

“Why I’m Not an Entropist”, Syverson 2009

Why I’m Not an Entropist

“Orangutans, Resistance and the Zoo”, Hribal 2008

Orangutans, Resistance and the Zoo

“A Case Study of Preferential Bestiality”, Earls & Lalumière 2007

A Case Study of Preferential Bestiality

“Exposing Private Information by Timing Web Applications”, Bortz 2007

Exposing private information by timing web applications⁠:

View PDF:

/doc/www/crypto.stanford.edu/749ecaa26fbc2c58bdd92a290472a464f398c8a8.pdf

“How To Break Anonymity of the Netflix Prize Dataset”, Narayanan & Shmatikov 2006

How To Break Anonymity of the Netflix Prize Dataset

“Oral History of Butler Lampson § WWW”, Lampson & Kay 2006 (page 36)

Oral History of Butler Lampson § WWW

“Remote Physical Device Fingerprinting”, Kohno 2005

Remote physical device fingerprinting⁠:

View HTML:

/doc/www/catalog.caida.org/2aa2175eef830cbc1e2cdd0ccc92cebb6cc0e025.html

“Toward a Broader View of Security Protocols”, Blaze 2004

Toward a Broader View of Security Protocols

“Privacy, Economics, and Price Discrimination on the Internet”, Odlyzko 2003

Privacy, Economics, and Price Discrimination on the Internet⁠:

View PDF:

/doc/www/www-users.cse.umn.edu/a8d04cf2a6147f480e2af6a345b26776e53c8e12.pdf

“30 Years Later: Lessons from the Multics Security Evaluation”, Karger & Schell 2002

30 years later: lessons from the Multics security evaluation

“Timing Attacks on Web Privacy”, Felten & Schneider 2000

Timing attacks on web privacy

“An Evolved Circuit, Intrinsic in Silicon, Entwined With Physics”, Thompson 1997

An evolved circuit, intrinsic in silicon, entwined with physics

“An Empirical Study of the Reliability of UNIX Utilities”, Miller et al 1990

An empirical study of the reliability of UNIX utilities

“FRACTRAN: A Simple Universal Programming Language for Arithmetic”, Conway 1987

FRACTRAN: A Simple Universal Programming Language for Arithmetic

“Secrets of the Little Blue Box: A Story so Incredible It May Even Make You Feel Sorry for the Phone Company”, Rosenbaum 1971

Secrets of the Little Blue Box: A story so incredible it may even make you feel sorry for the phone company

“A Small Lathe Built in a Japanese Prison Camp”, Bradley 1949

A Small Lathe Built in a Japanese Prison Camp

“StarCraft: Remastered—Emulating a Buffer Overflow for Fun and Profit”

StarCraft: Remastered—Emulating a buffer overflow for fun and profit⁠:

View PDF:

/doc/www/0xeb.net/acb75e333007340a83ca1f2b429ae9317d59b2e0.pdf

“How a North Korean Fake IT Worker Tried to Infiltrate Us”

How a North Korean Fake IT Worker Tried to Infiltrate Us⁠:

View HTML:

/doc/www/blog.knowbe4.com/aaca8fd348b56600440aec1e803f049f0deb03fe.html

“Gyrophone: Recognizing Speech From Gyroscope Signals”, Michalevsky 2024

Gyrophone: Recognizing Speech From Gyroscope Signals⁠:

View PDF:

/doc/www/crypto.stanford.edu/1a9962db01fcbd87145779eb445b731335584961.pdf

“Random Mosaic: Detecting Unauthorized Physical Access With Beans, Lentils and Colored Rice”

Random Mosaic: Detecting unauthorized physical access with beans, lentils and colored rice⁠:

View HTML:

/doc/www/dys2p.com/cf7c3ab86f54b96432e9114dbdebee382505a794.html#kurzzeitige-lagerung

“Things the Guys Who Stole My Phone Have Texted Me to Try to Get Me to Unlock It”

Things the guys who stole my phone have texted me to try to get me to unlock it

“An Informal Review of CTF Abuse”

An informal review of CTF abuse⁠:

View HTML:

/doc/www/gynvael.coldwind.pl/00afd1cb2d9269c0e9f296e4da4f4085bc380a0c.html

“Bypassing Airport Security via SQL Injection”

Bypassing airport security via SQL injection⁠:

View HTML:

/doc/www/ian.sh/f360ed459d81345172bdd14fb3c0756617906a93.html

“Pulling JPEGs out of Thin Air”

Pulling JPEGs out of thin air⁠:

View HTML:

/doc/www/lcamtuf.blogspot.com/d7117e8daef1d2b88752309178476d7d627b8908.html

“Trusted Third Parties Are Security Holes”, Szabo 2024

Trusted Third Parties are Security Holes

“Control-Flow Bending: On the Effectiveness of Control-Flow Integrity”

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity⁠:

View PDF:

/doc/www/nebelwelt.net/256f30daf07ae39c12fd942fc923775a9907a246.pdf

“Data Exfiltration from Slack AI via Indirect Prompt Injection”, PromptArmor 2024

Data Exfiltration from Slack AI via indirect prompt injection

“Furiosa’s Cat Feeder: The Trick Is to Be Smarter Than the Animal With a Brain the Size of a Walnut”

Furiosa’s Cat Feeder: The trick is to be smarter than the animal with a brain the size of a walnut⁠:

View External Link:

https://quinndunki.com/blondihacks/?p=3023

“Lessons from the Debian/OpenSSL Fiasco”

Lessons from the Debian/OpenSSL Fiasco

“PySkyWiFi: Completely Free, Unbelievably Stupid WiFi on Long-Haul Flights”

PySkyWiFi: completely free, unbelievably stupid WiFi on long-haul flights⁠:

View HTML:

/doc/www/robertheaton.com/7d1390655751a825554663b42ef730700a694916.html

“Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators”

Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators

“An Open Letter to Netflix from the Authors of the De-Anonymization Paper”

An open letter to Netflix from the authors of the de-anonymization paper⁠:

View HTML:

/doc/www/web.archive.org/64de6636be4be3691c76fc05b6a444986b084742.html

“Internet Archive Hacked, Data Breach Impacts 31 Million Users”

Internet Archive hacked, data breach impacts 31 million users

“Inside North Korea’s Hacker Army”

Inside North Korea’s Hacker Army

“Security Mindset: Lessons from 20+ Years of Software Security Failures Relevant to AGI Alignment”

Security Mindset: Lessons from 20+ years of Software Security Failures Relevant to AGI Alignment⁠:

View External Link:

https://www.lesswrong.com/posts/Ke2ogqSEhL2KCJCNx/

“Appendix F: Personal Observations on the Reliability of the Shuttle”

Appendix F: Personal Observations on the Reliability of the Shuttle

“Microsoft Refused to Fix Flaw Years Before SolarWinds Hack”

Microsoft Refused to Fix Flaw Years Before SolarWinds Hack

“AI Will Increase the Quantity—And Quality—Of Phishing Scams”

AI Will Increase the Quantity—and Quality—of Phishing Scams

“Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets”

Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets

“The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme”

The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme⁠:

View HTML:

/doc/www/www.wired.com/fa08ff41b9b4e0e088f911d00f3885eafa15b745.html

“How Mario 64 Was Solved Using Parallel Universes—Super Mario 64 Tool-Assisted Speedrun Explained”

How Mario 64 was solved using parallel universes—Super Mario 64 Tool-Assisted Speedrun Explained⁠:

https://www.youtube.com/watch?v=wjge1bVobN0

“Cryptoleaks: How BND and CIA Deceived Everyone: Research by ZDF, Washington Post and SRF Shows How the BND and CIA Secretly Spy on States—And Concealed Gross Human Rights Violations.”

Cryptoleaks: How BND and CIA Deceived Everyone: Research by ZDF, Washington Post and SRF shows how the BND and CIA secretly spy on states—and concealed gross human rights violations.

“XBOW Now Matches the Capabilities of a Top Human Pentester”, XBOW 2024

XBOW now matches the capabilities of a top human pentester⁠:

View HTML:

/doc/www/xbow.com/6488c9703734a04ed02d9d7e6094a6df83b55484.html

“Bag Check”, Munroe 2024

Bag Check⁠:

View External Link:

https://xkcd.com/651/

“Sufficiently Advanced Testing”

Sufficiently Advanced Testing⁠:

View HTML:

/doc/www/zhd.dev/90922926e8564113aa8d49fceb4d4199b85834d7.html

Annotations sorted by machine learning into inferred 'tags'. This provides an alternative way to browse: instead of by date order, one can browse in topic order. The 'sorted' list has been automatically clustered into multiple sections & auto-labeled for easier browsing.

Beginning with the newest annotation, it uses the embedding of each annotation to attempt to create a list of nearest-neighbor annotations, creating a progression of topics. For more details, see the link.