www.deepmind.com
cybersecurity
Training Tuesday - Discussions for certs, training and learning-at-home
Captain
1 year ago
•
100%
Well done, congratz!
cybersecurity
Training Tuesday - Discussions for certs, training and learning-at-home
Captain
1 year ago
•
100%
Awesome, congratulations!
I've heard good things about the AWS Security Specialty certificate too. I've done a course for it which was great, though I never bothered to take the certificate (I don't feel the need for it). Have you considered it?
defensescoop.com
socket.dev
A very interesting approach. Apparently it generates lots of results: https://twitter.com/feross/status/1672401333893365761?s=20
www.csoonline.com
They used OpenSSF Scorecard to check the most starred AI projects on GitHub and found that many of them didn't fare well. The article is based on the report from Rezilion. You can find the report here: https://info.rezilion.com/explaining-the-risk-exploring-the-large-language-models-open-source-security-landscape (any email name works, you'll get access to the report without email verification)
gist.github.com
All of these might not work as well anymore, but they're still interesting to take a look at.
speakerdeck.com
This gives a great overview of when to build, buy, or adopt an open source solution for a few different common cloud security challenges. The talk can be seen here: https://youtu.be/JCphc30kFSw?t=2140
As they mention in the thread, this isn't exactly groundbreaking but it's still interesting.
> Strong preference will be given to practical applications of AI in defensive cybersecurity (tools, methods, processes). We will grant in increments of $10,000 USD from a fund of $1M USD, in the form of API credits, direct funding and/or equivalents. I think this is a great initiative and I hope we'll see some cool projects to benefit defenders.
www.theguardian.com
cross-posted from: https://feddit.it/post/352229 > After being scammed into thinking her daughter was kidnapped, an Arizona woman testified in the US Senate about the dangers side of artificial intelligence technology when in the hands of criminals. > > Jennifer DeStefano told the Senate judiciary committee about the fear she felt when she received an ominous phone call on a Friday last April. > > Thinking the unknown number was a doctor’s office, she answered the phone just before 5pm on the final ring. On the other end of the line was her 15-year-old daughter – or at least what sounded exactly like her daughter’s voice. > > “On the other end was our daughter Briana sobbing and crying saying ‘Mom’.” > > Briana was on a ski trip when the incident took place so DeStefano assumed she injured herself and was calling let her know. > > DeStefano heard the voice of her daughter and recreated the interaction for her audience: “‘Mom, I messed up’ with more crying and sobbing. Not thinking twice, I asked her again, ‘OK, what happened?’” > > She continued: “Suddenly a man’s voice barked at her to ‘lay down and put your head back’.” > > Panic immediately set in and DeStefano said she then demanded to know what was happening. > > “Nothing could have prepared me for her response,” Defano said. > > Defano said she heard her daughter say: “‘Mom these bad men have me. Help me! Help me!’ She begged and pleaded as the phone was taken from her.” > > “Listen here, I have your daughter. You tell anyone, you call the cops, I am going to pump her stomach so full of drugs,” a man on the line then said to DeStefano. > > The man then told DeStefano he “would have his way” with her daughter and drop her off in Mexico, and that she’d never see her again. > > At the time of the phone call, DeStefano was at her other daughter Aubrey’s dance rehearsal. She put the phone on mute and screamed for help, which captured the attention of nearby parents who called 911 for her. > > DeStefano negotiated with the fake kidnappers until police arrived. At first, they set the ransom at $1m and then lowered it to $50,000 when DeStefano told them such a high price was impossible. > > She asked for a routing number and wiring instructions but the man refused that method because it could be “traced” and demanded cash instead. > > DeStefano said she was told that she would be picked up in a white van with bag over her head so that she wouldn’t know where she was going. > > She said he told her: “If I didn’t have all the money, then we were both going to be dead.” > > But another parent with her informed her police were aware of AI scams like these. DeStefano then made contact with her actual daughter and husband, who confirmed repeatedly that they were fine. > > “At that point, I hung up and collapsed to the floor in tears of relief,” DeStefano said. > > When DeStefano tried to file a police report after the ordeal, she was dismissed and told this was a “prank call”. > > A survey by McAfee, a computer security software company, found that 70% of people said they weren’t confident they could tell the difference between a cloned voice and the real thing. McAfee also said it takes only three seconds of audio to replicate a person’s voice. > > DeStefano urged lawmakers to act in order prevent scams like these from hurting other people. > > She said: “If left uncontrolled, unregulated, and we are left unprotected without consequence, it will rewrite our understanding and perception what is and what is not truth. It will erode our sense of ‘familiar’ as it corrodes our confidence in what is real and what is not.”
www.wiz.io
Normally I wouldn't recommend a vendor based podcast, but Wiz is doing really cool stuff in the cloud security space so I'm inclined to give them a chance!
developer.nvidia.com
This was better than I expected. A broad overview of how they approach red teaming AIs, rather than specific "look at this one prompt injection" which makes it more valuable long term.
Currently infosec.pub doesn't seem to have any favicon. This makes it harder to identify which tabs and similar. It would be nice if it could be added!
securityblog.omegapoint.se
"This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system" Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/
AI Infosec
In Escalating Order of Stupidity
Captain
1 year ago
•
100%
My take so far is that there isn't really any great options to protect against prompt injections. Simon Wilson presents an idea here on his blog which could is a bit interesting. NVIDIA has open sourced a framework for this as well, but it's not without problems. Otherwise I've mostly seen prompt injection firewall products but I wouldn't trust them too much yet.
Let's deploy LLMs everywhere! What could possibly go wrong?
I'm not sure how much I believe in prompt firewall similar things but I applaud and welcome all efforts!
AI Infosec
Accessing lemmy.ml community
Captain
1 year ago
•
100%
I think this post ended up in the wrong place, I suspect you meant to post it to https://infosec.pub/c/infosecpub
www.youtube.com
fwd:cloudsec is by far ny favorite cloud security conference. Day one has already passed (sessions are recorded) and day 2 is about to start. See schedule at: https://fwdcloudsec.org/schedule.html
AI Infosec
OWASP starts work on Top 10 vulnerabilities of LLMs
Captain
1 year ago
•
100%
Good points, and I agree!
The list is currently largely made to spark interest and discussion so it'll likely change a lot. What you mentioned is also brought up on the Brainstorming page. It seems likely that "Inadequate Alignment" will be removed from the list.
80000hours.org
vulcan.io
arstechnica.com
Hi! I'm trying to get a better understanding of the longer term reliability of this instance. Is there any kind of about page or similar where I can read up on how it's setup, financed, managed etc?