Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 2

Scientists create a novel hydrogel for unclonable security tags

Encryption technologies are vital in today’s digital landscape to protect sensitive information from hackers and prevent fraud. While cutting-edge encryption has been developed for data, sophisticated protection for physical objects such as high-value products, access cards and documents has lagged behind until now.

Scientists have now developed a new hydrogel that acts as an unclonable physical tag. The work is published in the journal Advanced Materials.

Physical items are easily copied or faked because their built-in security tags are often weak or simple to clone. To solve this security gap, a team of researchers from China first mixed two chemicals together: polypyrrole, which conducts electricity; and polystyrene sulfonate, a flexible polymer. The result was a soft, conductive, jelly-like substance.

Size doesn’t matter: Just a small number of malicious files can corrupt LLMs of any size

Large language models (LLMs), which power sophisticated AI chatbots, are more vulnerable than previously thought. According to research by Anthropic, the UK AI Security Institute and the Alan Turing Institute, it only takes 250 malicious documents to compromise even the largest models.

The vast majority of data used to train LLMs is scraped from the public internet. While this helps them to build knowledge and generate natural responses, it also puts them at risk from data poisoning attacks. It had been thought that as models grew, the risk was minimized because the percentage of poisoned data had to remain the same. In other words, it would need massive amounts of data to corrupt the largest models. But in this study, which is published on the arXiv preprint server, researchers showed that an attacker only needs a small number of poisoned documents to potentially wreak havoc.

To assess the ease of compromising large AI models, the researchers built several LLMs from scratch, ranging from small systems (600 million parameters) to very large (13 billion parameters). Each model was trained on vast amounts of clean public data, but the team inserted a fixed number of malicious files (100 to 500) into each one.

Streamlined method to directly generate photons in optical fiber could secure future quantum internet

With the rise of quantum computers, the security of our existing communication systems is at risk. Quantum computers will be able to break many of the encryption methods used in current communication systems. To counter this, scientists are developing quantum communication systems, which utilize quantum mechanics to offer stronger security. A crucial building block of these systems is a single-photon source: a device that generates only one light particle at a time.

These photons, carrying quantum information, are then sent through optical fibers. For to work, it is essential that single photons are injected into optical fibers with extremely low loss.

In conventional systems, single-photon emitters, like and rare-earth (RE) element ions, are placed outside the fiber. These photons then must be guided to enter the fiber. However, not all photons make it into the fibers, causing high transmission loss. For practical quantum communication systems, it is necessary to achieve a high-coupling and channeling efficiency between the and the emitter.

Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops

Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections.

An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs.

Powerful mm command.

New Android Pixnapping attack steals MFA codes pixel-by-pixel

A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content.

The content may include sensitive private data like chat messages from secure communication apps like Signal, emails on Gmail, or two-factor authentication codes from Google Authenticator.

The attack, devised and demonstrated by a team of seven American university researchers, works on fully patched modern Android devices and can steal 2FA codes in less than 30 seconds.

Computer advances and ‘invisibility cloak’ vie for physics Nobel

A math theory powering computer image compression, an “invisibility cloak” or the science behind the James Webb Space Telescope are some achievements that could be honored when the Nobel physics prize is awarded Tuesday.

The award, to be announced at 11:45 am (0945 GMT) in Stockholm, is the second Nobel of the season, after the Medicine Prize was awarded on Monday to a US-Japanese trio for research into the human immune system.

Mary Brunkow and Fred Ramsdell, of the United States, and Japan’s Shimon Sakaguchi were recognized by the Nobel jury for identifying immunological “security guards”

IDs of Some Discord Users Appealing Age Determination Have Been Leaked

As stated in Discord’s official statement addressing the breach, an “unauthorized party” compromised one of the platform’s third-party customer service providers, accessing information from a limited number of users who had contacted Discord’s Customer Support or Trust & Safety teams.

Due to this attack, the unnamed intruders obtained a number of government ID images, including driver’s licenses and passports, from some of the users who had appealed an age determination. In addition, the breach also resulted in the exposure of names, Discord usernames, emails, the last four digits of credit card numbers, purchase histories (if linked to the account), IP addresses, and messages with Discord’s customer service agents for some users.

The platform also clarified that more sensitive information, such as full credit card numbers or CVV codes, messages or activity on Discord outside of customer support interactions, and passwords or authentication data, was not impacted.

/* */