@dangoodin@infosec.exchange
@dangoodin@infosec.exchange avatar

dangoodin

@[email protected]

Reporter covering security at Ars Technica. DM me on Signal: +1650-440-4479.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

dangoodin, to random
@dangoodin@infosec.exchange avatar

Three days after Amazon announced its AI chatbot Q, some employees are sounding alarms about accuracy and privacy issues. Q is “experiencing severe hallucinations and leaking confidential data,” including the location of AWS data centers, internal discount programs, and unreleased features, according to leaked documents obtained by Platformer.

An employee marked the incident as “sev 2,” meaning an incident bad enough to warrant paging engineers at night and make them work through the weekend to fix it.

https://www.platformer.news/p/amazons-q-has-severe-hallucinations

filippo, to random
@filippo@abyssdomain.expert avatar

Here's the UK Government stating—like NIST did—that 128 bit keys are enough against quantum computers. No need to migrate to 256 "because quantum".

https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography#section_4

dangoodin,
@dangoodin@infosec.exchange avatar

@filippo

For those of us following along at home, can you provide a little more context? I am also curious to know if you agree that 128 bits is enough. I always thought 256 was the greed upon number of bits.

dangoodin,
@dangoodin@infosec.exchange avatar

@ryanc @sophieschmieg @filippo

My very foggy and distant recollection is that quantum computing effectively cuts the number of bits in symmetric encryption by half. Am I just dreaming that, or is that right? If so, seems like cutting 128 in half wouldn't be enough entropy. Sorry if I'm completely wrong on all accounts here.

dangoodin, to random
@dangoodin@infosec.exchange avatar

People following me for cybersecurity content: Chris Bing, one of the most distinguished reporters on this beat, recently joined the Fediverse. Chris has broken way too many stories to count and also has valuable insight into all things related to hacking. Please follow him.

@Bing_Chris

And please boost for reach.

dangoodin, to random
@dangoodin@infosec.exchange avatar

Driver hits woman in S.F., then Cruise driverless car runs her over; photo shows victim trapped

A pedestrian crossing a San Francisco street on Monday night was hospitalized in critical condition after she was hit by two cars — first a regular vehicle which hurled her into the path of a driverless taxi that then ran her over, stopping on top of her as she screamed in pain, according to witnesses, investigators and the autonomous taxi company.

The horrific crash occurred at 9:35 p.m. at Market and Fifth streets after the traffic light turned green, giving the Cruise car and other car — which had been waiting side-by-side for the light — the right to enter the intersection where a woman was walking, according to video of the crash shown to The Chronicle by Cruise hours after the incident. According to Cruise, the pedestrian was in the crosswalk.

The other car struck the woman and she rolled off its side and into the path of the driverless taxi, which was carrying no passengers, and ran her over, stopping and pinning her to the ground with its rear axle and tire over a leg, according to video and a photo of the woman under the car taken by a witness that was provided to The Chronicle. Police said the driver who first struck the pedestrian fled the scene and that authorities were looking for the car and driver.

...

It appears that once the Cruise car sensed something underneath its rear axle, it came to a halt and turned on its hazard lights, Schorr said. Firefighters obstructed the sensors of the driverless car to alert the Cruise control center. He said representatives from Cruise responded to firefighters and “immediately disabled the car remotely.”

...

A witness at the scene told investigators that he saw the other car, which he described as green, cause the woman to fall over in the street and the robotaxi to strike her, according to video taken at the scene.

https://www.sfchronicle.com/bayarea/article/woman-run-autonomous-vehicle-san-francisco-18403044.php#photo-24300416

dangoodin,
@dangoodin@infosec.exchange avatar

It's too early to know if a human driver would have been able to swerve and avoid hitting the pedestrian, after the pedestrian had first been hit by the hit-and-run (human) driver.

What we know for sure was that there was no one in the Cruise vehicle to respond once it hit the pedestrian. Normally, when a driver has a pedestrian pinned under their car, the driver can back up or move forward to free the trapped person. That wasn't possible in this case because . . . Cruise.

Instead, according to the SFStandard, the pedestrian had to wait for rescuers to arrive. Then, the rescuers spent 5 minutes manually freeing the pedestrian.

https://sfstandard.com/2023/10/02/cruise-robotaxi-crash-woman-injured-san-francisco/

dangoodin,
@dangoodin@infosec.exchange avatar

@jstevenyork

There is no way you can spin this to say that the trapped pedestrian was better off being pinned under a driverless car.

jerry, to random
@jerry@infosec.exchange avatar

Thor and Lacie are settling in for the night 🥰

image/jpeg

dangoodin,
@dangoodin@infosec.exchange avatar

@jerry

I'm curious: Are Thor and Lacey friends? The only thing better than seem them now would be seeing them cuddling together.

dangoodin,
@dangoodin@infosec.exchange avatar

@jerry

Yes, sadly, Thor isn't the only loaner cat i've heard of.

dangoodin, to random
@dangoodin@infosec.exchange avatar

Interesting debate taking place on the oss-sec mail list.

One side: How long until people stop using C and C++ to write media codecs? They should use Rust.

Other side: How long will it take for rust to quit changing the language,
standardize itself, and enforce some notion of API/ABI stability?

https://seclists.org/oss-sec/2023/q3/251

I hadn't heard these criticisms of Rust before. Do programmers and security folk want to weigh in on the strengths/weaknesses of each argument?

jerry, to random
@jerry@infosec.exchange avatar

Is anyone having issues with notifications not showing up in their mastodon notifications until refreshing the web browser?

dangoodin,
@dangoodin@infosec.exchange avatar

@jerry Not me

dangoodin, to random
@dangoodin@infosec.exchange avatar

Here someone is challenging my use of pro-fascist to describe the dead bird site. "Pro-fascist? Really?"

Yes, really.

-- Elon personally intervened to get the pro-Nazi, pro-Hitler, anti-semetic Kanye West reinstated.

-- Twitter is a haven for groups like White Lives Matter California, an organization the Southern Poverty Law Center has designated a hate group.

-- Musk has threatened to sue researchers tracking hate speech on the platform

-- The dead bird paid Andrew Tate $20k and End Wokeness $10k.

-- It paid $16k to Ian Miles Cheong, a far-right user has used Twitter to falsely identify an innocent Black man as the “number one suspect” in the shooting of two police officers

-- It has paid QAnon influencer Jacob Creech.

-- Elmo has called for the the QAnon shaman who particpated in the Jan. 6 riot to be freed.

-- He has defended the Jan 6 rioters, saying they were peaceful.

-- He reinstated Michael Flynn.

I could go on an on, but I would burn up way too much time because there are so many more examples.

My point is: Twitter most definitely welcomes, encourages and even pays for far-right extremist views that include anti-semitism, support for Hitler and nazis, and support for an illegal riot that saw multiple members of the Capitol Police brutally killed.

I stand by my description of Twitter as "pro-fascist."

dangoodin, to random
@dangoodin@infosec.exchange avatar

This is awesome! Full text search has come to Mastodon, and it's being rolled out in a responsible way.

I know full text search is a hot-button issue. For journalists, researchers and many others, FTS is essential. Plenty of others have good reason to keep their content unsearchable.

If you're in the latter category, you don't need to take any action. Your toots will remain unsearchable just as they were before.

For the rest, please manually change the default so your toots will be searchable. This will address a major shortcoming that has kept a huge number of fedi holdouts from joining.

To do that, go to Preferences > Public Profile and select the Privacy and Reach tab. Then check the Include public posts in search results.

*** Edit: sorry, my initial post told y'all to click the wrong box. Fixed.

dangoodin, to random
@dangoodin@infosec.exchange avatar

This is huge. Four Motherboard journalists are striking out on their own after watching their employer collapse under the weight of its own mismanagement. The four individuals -- Joseph Cox, Jason Koebler, Emanuel Maiberg and Samantha Cole -- have been doing some of the most impactful and intrepid reporting at the intersections of tech, culture and policy. If you can afford it, please consider subscribing to support this promising new enterprise. Godspeed!

https://www.404media.co/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • Ask_kbincafe
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines
    •