RT @matthew_d_green
So I wrote this previous thread in a hurry and didn’t take time to spell out what it means, and what the background is. So let me try again. twitter.com/matthew_d_green/st

RT @matthew_d_green
These images are from an investigation using much simpler hash function than the new one Apple’s developing. They show how machine learning can be used to find such collisions. towardsdatascience.com/black-b

RT @matthew_d_green
But even if you believe Apple won’t allow these tools to be misused 🤞there’s still a lot to be concerned about. These systems rely on a database of “problematic media hashes” that you, as a consumer, can’t review.

RT @matthew_d_green
I’ve had independent confirmation from multiple people that Apple is releasing a client-side tool for CSAM scanning tomorrow. This is a really bad idea.

RT @jeffvanderstoep
This is a great write-up of yet-another security vulnerability in the kernel’s eBPF verifier. I’d like to describe why this (NIST rated) high-severity kernel vulnerability receives Android’s lowest severity rating of “Negligible Security Impact”.

1/9 twitter.com/chompie1337/status

RT @MishaalRahman
The Car Connectivity Consortium's website for digital key pairing is now live (it was a parked domain until now): digitalkeypairing.org/

Google Play Services connects here to pair your phone with your car for unlocking. This feature requires Android 12: xda-developers.com/android-12-

RT @DaveKSecure
Pixel 6 w/ Tensor - awesome security HW innovation w/ Titan and biometrics, and there's SO much more...coming soon twitter.com/sundarpichai/statu

Usage of onion service descriptors show pretty interesting patterns: 77.5% of all download requests received were asking for only the most popular 1% of blinded public keys (with a long tail). While we don't know for certain yet, we speculate (some of) these are C&C servers.

Show thread

Happy to have our paper "On the state of V3 onion services" for FOCI'21 now online: digidow.eu/publications/2021-h

Measuring Tor onion services without compromising the privacy of individual Tor users is a difficult compromise. We estimate between 600k and 700k services Mar-Apr 2021.

RT @GretaThunberg
Wildfires, floods, droughts, heatwaves and other (un)natural disasters rage all over the world.
Many now ask "What will it take for people in power to act?".

Well, it will many things, but above all it will take: massive pressure from media and massive pressure from the public.

RT @sundarpichai
So excited to share our new custom Google Tensor chip, which has been 4 yrs in the making (📎 for scale)! Tensor builds off of our 2 decades of computing experience and it’s our biggest innovation in Pixel to date. Will be on Pixel 6 + Pixel 6 Pro in fall. blog.google/products/pixel/goo

RT @random_walker
Can machine learning outperform baseline logistic regression for predicting complex social phenomena? Many prominent papers have claimed highly accurate civil war prediction. In a systematic review, @sayashk and I find these claims invalid due to errors. reproducible.cs.princeton.edu/

RT @joshspero
“some AIs were found to be picking up on the text font that certain hospitals used to label the scans. As a result, fonts from hospitals with more serious caseloads became predictors of covid risk” 😬 technologyreview.com/2021/07/3

mDL, through its selective disclosure of attributes, _can_ provide better privacy than plastic cards.

However, @eff is right that every system can be perverted towards more surveillance - we should not let policies slip on that front.
RT @eff
The @DHSgov proposal for mobile driver’s licenses could lead to more demands for ID, and more centralized tracking. eff.org/deeplinks/2021/07/dhss

RT @RadioFreeTom
“Remote work empowers those who produce and disempowers those who have succeeded by being excellent diplomats and poor workers.” - @edzitron
I have been banging this gong at my office for years, much to the annoyance of my “I was at my desk“ colleagues.


RT @theintercept
The Intercept's security team looks at the different ways Pegasus can potentially infect phones — its various “agent installation vectors,” in the brochure’s own vernacular — and how to defend against each one. interc.pt/2WwvTav

RT @claucece
For anyone that missed it, the anonymous credentials meeting 2 colocated with @PET_Symposium is recorded here: youtube.com/watch?v=KQG0Ky9wPs with the presentations of @TjerandSilde @alxdavids, Nirvan Tyagi. Slides will be posted over: sofiaceli.com/Anonymous-Creden

Insightful summary, but weak reject - no novel weaknesses were found in any of the review processes 😉

💯 on pointing out the often toxic bragging culture in most of the top-tier security conferences.
(@USENIXSecurity is still often the most constructive, please stay that way.)
RT @AndreasZeller
How do different fields review papers? In 2021, I served on the PCs of @PLDI (programming languages), @ICSEconf (software engineering), a…

RT @epicenter_works
Österreich soll „Europas Hub der Pharma & Medizintechnikforschung & -Kommerzialisierung“ werden 🙄. Unsere sensibelsten Gesundheitsdaten aus ELGA möchte Ministerin Schramböck nicht nur der Wissenschaft, sondern auch der Wirtschaft zugänglich machen. derstandard.at/story/200012852 /1

Show older
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!