‘computer security’ directory
See Also
- Gwern
- Links
- “[Autonomous AI Harassment] ”, CapResearcher 2025
- “Analyzing Open-Source Bootloaders: Finding Vulnerabilities Faster With AI ”
- “Coding Malware in Fancy Programming Languages for Fun and Profit ”, Apostolopoulos et al 2025
- “Two Americas, One Bank Branch, and $50,000 Cash ”, McKenzie 2025
- “VLMs As GeoGuessr Masters: Exceptional Performance, Hidden Biases, and Privacy Risks ”, Huang et al 2025
- “Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History ”, Research 2025
- “Blockchain Address Poisoning ”, Tsuchiya et al 2025
- “A Day in the Life of a Prolific Voice Phishing Crew ”, Krebs 2025
- “Saving Nanocap Speculators From Themselves [Backdooring Ethereum Contracts] ”, nyuu 2024
- “Clio: Privacy-Preserving Insights into Real-World AI Use ”, Anthropic 2024
- “Evaluating Large Language Models’ Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects ”, Heiding et al 2024
- “Emacs Arbitrary Code Execution and How to Avoid It ”
- “When Machine Learning Tells the Wrong Story ”
- “Stega-Encoding [Embedding Metadata in Apps With Unicode Steganography] ”, Sanity 2024
- “Hacking Back the AI-Hacker: Prompt Injection As a Defense Against LLM-Driven Cyberattacks ”, Pasquini et al 2024
- “The Global Surveillance Free-For-All in Mobile Ad Data ”, Krebs 2024
- “Internet Archive Breached Again through Stolen Access Tokens ”, Abrams 2024
- “AgentHarm: A Benchmark for Measuring Harmfulness of LLM Agents ”, Andriushchenko et al 2024
- “Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code ”
- “Turning Everyday Gadgets into Bombs Is a Bad Idea ”
- “Meet the Hustlers Who Make $6,000 a Month Riding Citi Bikes ”
- “Magika: AI-Powered Content-Type Detection ”, Fratantonio et al 2024
- “PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’ ”, Guri 2024
- “From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers ”
- “How Elon Musk Got Tangled Up in Blue § Homoglyph Attack ”, Mac & Conger 2024
- “Prompt Injection in ‘Resolve Vulnerabilty’ Results in Arbitrary Command Execution in Victim’s Pipeline ”, GitLab 2024
- “Economic Research on Privacy Regulation: Lessons from the GDPR and Beyond ”, Johnson 2024
- “A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A Security Breach at the Maker of ChatGPT Last Year Revealed Internal Discussions among Researchers and Other Employees, but Not the Code behind OpenAI’s Systems ”, Metz 2024
- “The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For Decades, Yoko Ono Thought That the Birthday Gift Was in Her Dakota Apartment. But It Had Been Removed and Sold—And Now Awaits a Court Ruling in Geneva ”, Fielden 2024
- “Designing a Dashboard for Transparency and Control of Conversational AI ”, Chen et al 2024
- “He West Coast’s Fanciest Stolen Bikes Are Getting Trafficked by One Mastermind in Jalisco, Mexico: ‘We Have People Stealing All over the World.’ A Digital Sleuth Named Bryan Hance Has Spent the past Four Years Obsessively Uncovering a Bicycle-Theft Pipeline of Astonishing Scale ”, Solomon 2024
- “AI Sandbagging: Language Models Can Strategically Underperform on Evaluations ”, Weij et al 2024
- “If OpenSSL Were a GUI ”, Tashian 2024
- “The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions ”, Wallace et al 2024
- “Foundational Challenges in Assuring Alignment and Safety of Large Language Models ”, Anwar et al 2024
- “Vulnerability Detection With Code Language Models: How Far Are We? ”, Ding et al 2024
- “The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, Who Leads Research at the National Security Agency, Says Large Language Models Are Incredibly Useful—And a Bit of a Headache—For America’s Intelligence Machine ”, Knight 2024
- “Exploiting Novel GPT-4 APIs ”, Pelrine et al 2023
- “Did I Get Sam Altman Fired from OpenAI?: Nathan’s Red-Teaming Experience, Noticing How the Board Was Not Aware of GPT-4 Jailbreaks & Had Not Even Tried GPT-4 prior to Its Early Release ”, Labenz 2023
- “Did I Get Sam Altman Fired from OpenAI? § GPT-4-Base ”, Labenz 2023
- “Summon a Demon and Bind It: A Grounded Theory of LLM Red Teaming in the Wild ”, Inie et al 2023
- “Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game ”, Toyer et al 2023
- “InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews ”, Wang et al 2023
- “Beyond Memorization: Violating Privacy Via Inference With Large Language Models ”, Staab et al 2023
- “Security Weaknesses of Copilot Generated Code in GitHub ”, Fu et al 2023
- “Demystifying RCE Vulnerabilities in LLM-Integrated Apps ”, Liu et al 2023
- “Devising and Detecting Phishing: Large Language Models versus Smaller Human Models ”, Heiding et al 2023
- “How Correlated Are You? ”, Downey 2023
- “The Ghost Trilemma ”, Mukherjee et al 2023
- “An Empirical Study & Evaluation of Modern CAPTCHAs ”, Searles et al 2023
- “PIGEON: Predicting Image Geolocations ”, Haas et al 2023
- “Artificial Artificial Artificial Intelligence: Crowd Workers Widely Use Large Language Models for Text Production Tasks ”, Veselovsky et al 2023
- “Putting out the Hardware Dumpster Fire ”, Fiedler et al 2023
- “Generalizable Synthetic Image Detection via Language-Guided Contrastive Learning ”, Wu et al 2023
- “Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns ”, Hazell 2023
- “Dark Web Pedophile Site Users’ Cybersecurity Concerns: A Lifespan and Survival Analysis ”, Chopin & Décary-Hétu 2023
- “Dark Web Pedophile Site Users’ Cybersecurity Concerns: A Lifespan and Survival Analysis ”, Chopin & Décary-Hétu 2023
- “How Secure Is Code Generated by ChatGPT? ”, Khoury et al 2023
- “Generative AI: Impact on Email Cyber-Attacks ”, DarkTrace 2023
- “Protecting Society from AI Misuse: When Are Restrictions on Capabilities Warranted? ”, Anderljung & Hazell 2023
- “ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards ”, Alotaibi et al 2023
- “Not What You’ve Signed up For: Compromising Real-World LLM-Integrated Applications With Indirect Prompt Injection ”, Greshake et al 2023
- “Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons ”, Zehavi & Shamir 2023
- “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers ”, Mahdad et al 2022
- “Fill in the Blank: Context-Aware Automated Text Input Generation for Mobile GUI Testing ”, Liu et al 2022
- “Familial Concentration of Crime in a Digital Era: Criminal Behavior among Family Members of Cyber Offenders ”, Weijer & Moneva 2022
- “Do Users Write More Insecure Code With AI Assistants? ”, Perry et al 2022
- “Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models ”, Struppek et al 2022
- “BTD: Decompiling X86 Deep Neural Network Executables ”, Liu et al 2022
- “Uber Apparently Hacked by Teen, Employees Thought It Was a Joke: ‘I Think IT Would Appreciate Less Memes While They Handle the Breach’ ”, Porter 2022
- “Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects ”, Hillmann 2022
- “Adversarial Attacks on Image Generation With Made-Up Words ”, Millière 2022
- “Adversarial Attacks on Image Generation With Made-Up Words ”, Millière 2022
- “SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables ”, Guri 2022
- “Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing ”, Long et al 2022
- “Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests: Hackers Compromised the Emails of Law Enforcement Agencies; Data Was Used to Enable Harassment, May Aid Financial Fraud ”, Turton 2022
- “Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’ ”, Krebs 2022
- “Pop Quiz! Can a Large Language Model Help With Reverse Engineering? ”, Pearce et al 2022
- “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on X86 ”, Wang et al 2022d
- “Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences ”, Svirsky 2022
- “High Tech Crime, High Intellectual Crime? Comparing the Intellectual Capabilities of Cybercriminals, Traditional Criminals and Non-Criminals ”, Schiks et al 2022
- “A Deep Dive into an NSO Zero-Click IMessage Exploit: Remote Code Execution ”, Beer & Groß 2021
- “A Deep Dive into an NSO Zero-Click IMessage Exploit: Remote Code Execution ”, Beer & Groß 2021
- “Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED ”, Nassi et al 2021
- “EvilModel: Hiding Malware Inside of Neural Network Models ”, Wang et al 2021
- “Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes ”
- “The Mongolian Meta ”, kommu & dylandank 2021
- “Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine ”, Johnson 2021
- “AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers ”, Guri 2020
- “I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem ”, Fleder & Shah 2020
- “Unraveling The Mystery Of The Metal Sculpture Found In Utah ”
- “A C/
C++ Code Vulnerability Dataset With Code Changes and CVE Summaries ”, Fan et al 2020 - “Password Similarity Using Probabilistic Data Structures ”, Berardi et al 2020
- “The Relevance of Classic Fuzz Testing: Have We Solved This One? ”, Miller et al 2020
- “Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations ”, Nassi et al 2020
- “Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques ”, Kim et al 2020
- “IJON: Exploring Deep State Spaces via Fuzzing ”, Aschermann et al 2020
- “Psychic Paper ”, Siguza 2020
- “What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking ”, Kröger et al 2020
- “What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking ”, Kröger et al 2020
- “Listen to Your Key: Towards Acoustics-Based Physical Key Inference ”, Ramesh et al 2020
- “Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun ”, Foddy 2020
- “The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance ”, Sommers & Bohns 2019
- “Hearing Your Touch: A New Acoustic Side Channel on Smartphones ”, Shumailov et al 2019
- “Spectre Is Here to Stay: An Analysis of Side-Channels and Speculative Execution ”, Mcilroy et al 2019
- “V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing ”, Li et al 2019
- “Privacy Implications of Accelerometer Data: a Review of Possible Inferences ”, Kröger et al 2019
- “Privacy Implications of Accelerometer Data: a Review of Possible Inferences ”, Kröger et al 2019
- “ExSpectre: Hiding Malware in Speculative Execution ”, Wampler 2019
- “Best Practices: Formal Proofs, the Fine Print and Side Effects ”, Murray & Oorschot 2018
- “SonarSnoop: Active Acoustic Side-Channel Attacks ”, Cheng et al 2018
- “Chaff Bugs: Deterring Attackers by Making Software Buggier ”, Hu et al 2018
- “Bad Romance: To Cash in on Kindle Unlimited, a Cabal of Authors Gamed Amazon’s Algorithm ”, Jeong 2018
- “Kindle Unlimited Book Stuffing Scam Earns Millions and Amazon Isn’t Stopping It: Book Stuffer Chance Carter Is Gone. But Readers Are Still Paying for Books That Are 90% Filler. ”, Zetlin 2018
- “Security, Moore’s Law, and the Anomaly of Cheap Complexity ”, Flake 2018
- “Understanding the Behavior of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge ”, Ceccato et al 2018
- “Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning ”, Anderson et al 2018
- “Deep Reinforcement Fuzzing ”, Böttinger et al 2018
- “Deep Reinforcement Fuzzing ”, Böttinger et al 2018
- “Weird Machines, Exploitability, and Provable Unexploitability ”, Dullien 2017
- “The Future of Ad Blocking: An Analytical Framework and New Techniques ”, Storey et al 2017
- “Hyper-Realistic Face Masks: a New Challenge in Person Identification ”, Sanders et al 2017
- “Join Me on a Market for Anonymity ”, Moser & Böhme 2016
- “Join Me on a Market for Anonymity ”, Moser & Böhme 2016
- “The Search for the Perfect Door ”, Ollam 2016
- “When Coding Style Survives Compilation: De-Anonymizing Programmers from Executable Binaries ”, Caliskan et al 2015
- “Microsoft Sheds Reputation As an Easy Mark for Hackers ”, Wingfield 2015
- “When Failure Sneaks into Stealth Games ”, Yang 2015
- “Defenders Think in Lists. Attackers Think in Graphs. As Long As This Is True, Attackers Win. ”, Lambert 2015
- “Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture ”, Zonenberg 2015
- “What Are Weird Machines? ”, Bratus 2015
- “Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords ”, Blocki et al 2014
- “Teaching Mario to Play Pong and Snake Through Innumerable Exploits ”
- “Bloom Filter Applications in Network Security: A State-Of-The-Art Survey ”, Geravand & Ahmadi 2013
- “Converting Untrusted PDFs into Trusted Ones: The Qubes Way ”
- “The Page-Fault Weird Machine: Lessons in Instruction-Less Computation ”, Bangert 2013
- “The Configuration Complexity Clock ”, Hadlow 2012
- “Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-Iks ”, White et al 2011
- “Exploration of FPGA Interconnect for the Design of Unconventional Antennas ”, Tavaragiri et al 2011
- “Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited ”, Flake 2011
- “Digital Image Forensics: a Booklet for Beginners ”, Redi et al 2010
- “Unicode Security Mechanisms: Recommended Confusable Mapping for IDN ”, Consortium 2010
- “Feasibility and Real-World Implications of Web Browser History Detection ”, Janc & Olejnik 2010
- “Mining Writeprints from Anonymous E-Mails for Forensic Investigation ”, Iqbal 2010
- “Thought Experiments Lain: a Serial Experiments Lain Information Site ”, Eng 2009
- “So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users ”, Herley 2009
- “De-Anonymizing Social Networks ”, Narayanan & Shmatikov 2009
- “The Tactical Amulet Extraction Bot: Predicting and Controlling NetHack’s Randomness ”
- “Why I’m Not an Entropist ”, Syverson 2009
- “Orangutans, Resistance and the Zoo ”, Hribal 2008
- “A Case Study of Preferential Bestiality ”, Earls & Lalumière 2007
- “A Case Study of Preferential Bestiality ”, Earls & Lalumière 2007
- “Exposing Private Information by Timing Web Applications ”, Bortz 2007
- “How To Break Anonymity of the Netflix Prize Dataset ”, Narayanan & Shmatikov 2006
- “Oral History of Butler Lampson § WWW ”, Lampson & Kay 2006 (page 36)
- “Remote Physical Device Fingerprinting ”, Kohno 2005
- Confessions of a Master Jewel Thief, Mason 2005
- “Toward a Broader View of Security Protocols ”, Blaze 2004
- “Privacy, Economics, and Price Discrimination on the Internet ”, Odlyzko 2003
- “30 Years Later: Lessons from the Multics Security Evaluation ”, Karger & Schell 2002
- “Timing Attacks on Web Privacy ”, Felten & Schneider 2000
- “An Evolved Circuit, Intrinsic in Silicon, Entwined With Physics ”, Thompson 1997
- “An Empirical Study of the Reliability of UNIX Utilities ”, Miller et al 1990
- “FRACTRAN: A Simple Universal Programming Language for Arithmetic ”, Conway 1987
- Computer Viruses, Cohen 1985
- “Secrets of the Little Blue Box: A Story so Incredible It May Even Make You Feel Sorry for the Phone Company ”, Rosenbaum 1971
- “A Small Lathe Built in a Japanese Prison Camp ”, Bradley 1949
- “Scunthorpe ”, Sandberg 2025
- “StarCraft: Remastered—Emulating a Buffer Overflow for Fun and Profit ”
- “Stargate Physics 101 ”
- “How a North Korean Fake IT Worker Tried to Infiltrate Us ”
- “Computing With Time: Microarchitectural Weird Machines ”
- “How Exploits Impact Computer Science Theory ”
- “Adversarial Misuse of Generative AI ”
- “Gyrophone: Recognizing Speech From Gyroscope Signals ”, Michalevsky 2025
- “A Friendly, Non-Technical Introduction to Differential Privacy ”
- “Random Mosaic: Detecting Unauthorized Physical Access With Beans, Lentils and Colored Rice ”
- “HexHive/
printbf: Brainfuck Interpreter inside Printf ” - “Things the Guys Who Stole My Phone Have Texted Me to Try to Get Me to Unlock It ”
- “An Informal Review of CTF Abuse ”
- “Bypassing Airport Security via SQL Injection ”
- “Pulling JPEGs out of Thin Air ”
- “Hacking Yourself a Satellite—Recovering BEESAT-1 ”
- “Trusted Third Parties Are Security Holes ”, Szabo 2025
- “Control-Flow Bending: On the Effectiveness of Control-Flow Integrity ”
- “Why I Attack ”, Carlini 2025
- “Data Exfiltration from Slack AI via Indirect Prompt Injection ”, PromptArmor 2025
- “Furiosa’s Cat Feeder: The Trick Is to Be Smarter Than the Animal With a Brain the Size of a Walnut ”
- “Lessons from the Debian/
OpenSSL Fiasco ” - “PySkyWiFi: Completely Free, Unbelievably Stupid WiFi on Long-Haul Flights ”
- “Sarah Meiklejohn ”
- “Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators ”
- “An Open Letter to Netflix from the Authors of the De-Anonymization Paper ”
- “The Scarred Man Returns ”, Benford 2025
- “Weird Machines HQ ”
- “The Ken Thompson Hack ”, WikiWikiWeb 2025
- “Nicolas Christin ”
- “Internet Archive Hacked, Data Breach Impacts 31 Million Users ”
- “Inside North Korea’s Hacker Army ”
- “Role Embeddings: Making Authorship More Salient to LLMs ”
- “Security Mindset: Lessons from 20+ Years of Software Security Failures Relevant to AGI Alignment ”
- “Language Models Model Us ”
- “Appendix F: Personal Observations on the Reliability of the Shuttle ”
- “Microsoft Refused to Fix Flaw Years Before SolarWinds Hack ”
- “AI Will Increase the Quantity—And Quality—Of Phishing Scams ”
- “Coding Machines ”
- “Found on the Web, With DNA: a Boy’s Father ”
- “While Investigating a Hosting Company Known for Sheltering Child Porn Last Year the FBI Incidentally Seized the Entire E-Mail Database of a Popular Anonymous Webmail Service Called TorMail. Now the FBI Is Tapping That Vast Trove of E-Mail in Unrelated Investigations. ”
- “Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets ”
- “The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme ”
- “How Mario 64 Was Solved Using Parallel Universes—Super Mario 64 Tool-Assisted Speedrun Explained ”
- “Cryptoleaks: How BND and CIA Deceived Everyone: Research by ZDF, Washington Post and SRF Shows How the BND and CIA Secretly Spy on States—And Concealed Gross Human Rights Violations. ”
- danielvf
- “XBOW Now Matches the Capabilities of a Top Human Pentester ”, XBOW 2025
- “Bag Check ”, Munroe 2025
- “Sufficiently Advanced Testing ”
- Sort By Magic
- Wikipedia (15)
- Miscellaneous
- Bibliography
Gwern
“PDF Forgeries Are Surprisingly Rare ”, Gwern 2022
“Research Ideas ”, Gwern 2017
“On Seeing Through and Unseeing: The Hacker Mindset ”, Gwern 2012
Links
“[Autonomous AI Harassment] ”, CapResearcher 2025
[Autonomous AI harassment]
“Analyzing Open-Source Bootloaders: Finding Vulnerabilities Faster With AI ”
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
“Coding Malware in Fancy Programming Languages for Fun and Profit ”, Apostolopoulos et al 2025
Coding Malware in Fancy Programming Languages for Fun and Profit
“Two Americas, One Bank Branch, and $50,000 Cash ”, McKenzie 2025
“VLMs As GeoGuessr Masters: Exceptional Performance, Hidden Biases, and Privacy Risks ”, Huang et al 2025
VLMs as GeoGuessr Masters: Exceptional Performance, Hidden Biases, and Privacy Risks
“Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History ”, Research 2025
“Blockchain Address Poisoning ”, Tsuchiya et al 2025
“A Day in the Life of a Prolific Voice Phishing Crew ”, Krebs 2025
A Day in the Life of a Prolific Voice Phishing Crew
“Saving Nanocap Speculators From Themselves [Backdooring Ethereum Contracts] ”, nyuu 2024
Saving Nanocap Speculators From Themselves [backdooring Ethereum contracts]
“Clio: Privacy-Preserving Insights into Real-World AI Use ”, Anthropic 2024
“Evaluating Large Language Models’ Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects ”, Heiding et al 2024
“Emacs Arbitrary Code Execution and How to Avoid It ”
Emacs Arbitrary Code Execution and How to Avoid It
“When Machine Learning Tells the Wrong Story ”
When Machine Learning Tells the Wrong Story
“Stega-Encoding [Embedding Metadata in Apps With Unicode Steganography] ”, Sanity 2024
Stega-encoding [embedding metadata in apps with Unicode steganography]
“Hacking Back the AI-Hacker: Prompt Injection As a Defense Against LLM-Driven Cyberattacks ”, Pasquini et al 2024
Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks
“The Global Surveillance Free-For-All in Mobile Ad Data ”, Krebs 2024
The Global Surveillance Free-for-All in Mobile Ad Data
“Internet Archive Breached Again through Stolen Access Tokens ”, Abrams 2024
Internet Archive breached again through stolen access tokens
“AgentHarm: A Benchmark for Measuring Harmfulness of LLM Agents ”, Andriushchenko et al 2024
AgentHarm: A Benchmark for Measuring Harmfulness of LLM Agents
“Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code ”
“Turning Everyday Gadgets into Bombs Is a Bad Idea ”
Turning Everyday Gadgets into Bombs is a Bad Idea
“Meet the Hustlers Who Make $6,000 a Month Riding Citi Bikes ”
“Magika: AI-Powered Content-Type Detection ”, Fratantonio et al 2024
“PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’ ”, Guri 2024
PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’
“From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers ”
From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers
“How Elon Musk Got Tangled Up in Blue § Homoglyph Attack ”, Mac & Conger 2024
“Prompt Injection in ‘Resolve Vulnerabilty’ Results in Arbitrary Command Execution in Victim’s Pipeline ”, GitLab 2024
“Economic Research on Privacy Regulation: Lessons from the GDPR and Beyond ”, Johnson 2024
Economic Research on Privacy Regulation: Lessons from the GDPR and Beyond
“A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A Security Breach at the Maker of ChatGPT Last Year Revealed Internal Discussions among Researchers and Other Employees, but Not the Code behind OpenAI’s Systems ”, Metz 2024
“The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For Decades, Yoko Ono Thought That the Birthday Gift Was in Her Dakota Apartment. But It Had Been Removed and Sold—And Now Awaits a Court Ruling in Geneva ”, Fielden 2024
“Designing a Dashboard for Transparency and Control of Conversational AI ”, Chen et al 2024
Designing a Dashboard for Transparency and Control of Conversational AI
“He West Coast’s Fanciest Stolen Bikes Are Getting Trafficked by One Mastermind in Jalisco, Mexico: ‘We Have People Stealing All over the World.’ A Digital Sleuth Named Bryan Hance Has Spent the past Four Years Obsessively Uncovering a Bicycle-Theft Pipeline of Astonishing Scale ”, Solomon 2024
“AI Sandbagging: Language Models Can Strategically Underperform on Evaluations ”, Weij et al 2024
AI Sandbagging: Language Models can Strategically Underperform on Evaluations
“If OpenSSL Were a GUI ”, Tashian 2024
“The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions ”, Wallace et al 2024
The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions
“Foundational Challenges in Assuring Alignment and Safety of Large Language Models ”, Anwar et al 2024
Foundational Challenges in Assuring Alignment and Safety of Large Language Models
“Vulnerability Detection With Code Language Models: How Far Are We? ”, Ding et al 2024
Vulnerability Detection with Code Language Models: How Far Are We?
“The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, Who Leads Research at the National Security Agency, Says Large Language Models Are Incredibly Useful—And a Bit of a Headache—For America’s Intelligence Machine ”, Knight 2024
“Exploiting Novel GPT-4 APIs ”, Pelrine et al 2023
“Did I Get Sam Altman Fired from OpenAI?: Nathan’s Red-Teaming Experience, Noticing How the Board Was Not Aware of GPT-4 Jailbreaks & Had Not Even Tried GPT-4 prior to Its Early Release ”, Labenz 2023
“Did I Get Sam Altman Fired from OpenAI? § GPT-4-Base ”, Labenz 2023
“Summon a Demon and Bind It: A Grounded Theory of LLM Red Teaming in the Wild ”, Inie et al 2023
Summon a Demon and Bind it: A Grounded Theory of LLM Red Teaming in the Wild
“Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game ”, Toyer et al 2023
Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game
“InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews ”, Wang et al 2023
InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews
“Beyond Memorization: Violating Privacy Via Inference With Large Language Models ”, Staab et al 2023
Beyond Memorization: Violating Privacy Via Inference with Large Language Models
“Security Weaknesses of Copilot Generated Code in GitHub ”, Fu et al 2023
“Demystifying RCE Vulnerabilities in LLM-Integrated Apps ”, Liu et al 2023
“Devising and Detecting Phishing: Large Language Models versus Smaller Human Models ”, Heiding et al 2023
Devising and Detecting Phishing: Large Language Models versus Smaller Human Models
“How Correlated Are You? ”, Downey 2023
“The Ghost Trilemma ”, Mukherjee et al 2023
“An Empirical Study & Evaluation of Modern CAPTCHAs ”, Searles et al 2023
“PIGEON: Predicting Image Geolocations ”, Haas et al 2023
“Artificial Artificial Artificial Intelligence: Crowd Workers Widely Use Large Language Models for Text Production Tasks ”, Veselovsky et al 2023
“Putting out the Hardware Dumpster Fire ”, Fiedler et al 2023
“Generalizable Synthetic Image Detection via Language-Guided Contrastive Learning ”, Wu et al 2023
Generalizable Synthetic Image Detection via Language-guided Contrastive Learning
“Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns ”, Hazell 2023
Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns
“Dark Web Pedophile Site Users’ Cybersecurity Concerns: A Lifespan and Survival Analysis ”, Chopin & Décary-Hétu 2023
Dark web pedophile site users’ cybersecurity concerns: A lifespan and survival analysis
“How Secure Is Code Generated by ChatGPT? ”, Khoury et al 2023
“Generative AI: Impact on Email Cyber-Attacks ”, DarkTrace 2023
Generative AI: Impact on Email Cyber-Attacks
“Protecting Society from AI Misuse: When Are Restrictions on Capabilities Warranted? ”, Anderljung & Hazell 2023
Protecting Society from AI Misuse: When are Restrictions on Capabilities Warranted?
“ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards ”, Alotaibi et al 2023
“Not What You’ve Signed up For: Compromising Real-World LLM-Integrated Applications With Indirect Prompt Injection ”, Greshake et al 2023
“Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons ”, Zehavi & Shamir 2023
“EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers ”, Mahdad et al 2022
EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers
“Fill in the Blank: Context-Aware Automated Text Input Generation for Mobile GUI Testing ”, Liu et al 2022
Fill in the Blank: Context-aware Automated Text Input Generation for Mobile GUI Testing
“Familial Concentration of Crime in a Digital Era: Criminal Behavior among Family Members of Cyber Offenders ”, Weijer & Moneva 2022
“Do Users Write More Insecure Code With AI Assistants? ”, Perry et al 2022
“Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models ”, Struppek et al 2022
Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models
“BTD: Decompiling X86 Deep Neural Network Executables ”, Liu et al 2022
“Uber Apparently Hacked by Teen, Employees Thought It Was a Joke: ‘I Think IT Would Appreciate Less Memes While They Handle the Breach’ ”, Porter 2022
“Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects ”, Hillmann 2022
Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects
“Adversarial Attacks on Image Generation With Made-Up Words ”, Millière 2022
“SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables ”, Guri 2022
SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables
“Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing ”, Long et al 2022
Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing
“Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests: Hackers Compromised the Emails of Law Enforcement Agencies; Data Was Used to Enable Harassment, May Aid Financial Fraud ”, Turton 2022
“Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’ ”, Krebs 2022
Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’
“Pop Quiz! Can a Large Language Model Help With Reverse Engineering? ”, Pearce et al 2022
Pop Quiz! Can a Large Language Model Help With Reverse Engineering?
“Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on X86 ”, Wang et al 2022d
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
“Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences ”, Svirsky 2022
Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences
“High Tech Crime, High Intellectual Crime? Comparing the Intellectual Capabilities of Cybercriminals, Traditional Criminals and Non-Criminals ”, Schiks et al 2022
“A Deep Dive into an NSO Zero-Click IMessage Exploit: Remote Code Execution ”, Beer & Groß 2021
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
“Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED ”, Nassi et al 2021
Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED
“EvilModel: Hiding Malware Inside of Neural Network Models ”, Wang et al 2021
“Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes ”
Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes
“The Mongolian Meta ”, kommu & dylandank 2021
“Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine ”, Johnson 2021
“AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers ”, Guri 2020
AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers
“I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem ”, Fleder & Shah 2020
I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem
“Unraveling The Mystery Of The Metal Sculpture Found In Utah ”
Unraveling The Mystery Of The Metal Sculpture Found In Utah
“A C/C++ Code Vulnerability Dataset With Code Changes and CVE Summaries ”, Fan et al 2020
A C/
“Password Similarity Using Probabilistic Data Structures ”, Berardi et al 2020
“The Relevance of Classic Fuzz Testing: Have We Solved This One? ”, Miller et al 2020
The Relevance of Classic Fuzz Testing: Have We Solved This One?
“Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations ”, Nassi et al 2020
Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations
“Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques ”, Kim et al 2020
Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques
“IJON: Exploring Deep State Spaces via Fuzzing ”, Aschermann et al 2020
“Psychic Paper ”, Siguza 2020
“What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking ”, Kröger et al 2020
What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking
“Listen to Your Key: Towards Acoustics-Based Physical Key Inference ”, Ramesh et al 2020
Listen to Your Key: Towards Acoustics-based Physical Key Inference
“Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun ”, Foddy 2020
Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun
“The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance ”, Sommers & Bohns 2019
The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance
“Hearing Your Touch: A New Acoustic Side Channel on Smartphones ”, Shumailov et al 2019
Hearing your touch: A new acoustic side channel on smartphones
“Spectre Is Here to Stay: An Analysis of Side-Channels and Speculative Execution ”, Mcilroy et al 2019
Spectre is here to stay: An analysis of side-channels and speculative execution
“V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing ”, Li et al 2019
“Privacy Implications of Accelerometer Data: a Review of Possible Inferences ”, Kröger et al 2019
Privacy implications of accelerometer data: a review of possible inferences
“ExSpectre: Hiding Malware in Speculative Execution ”, Wampler 2019
ExSpectre: Hiding Malware in Speculative Execution
“Best Practices: Formal Proofs, the Fine Print and Side Effects ”, Murray & Oorschot 2018
Best Practices: Formal Proofs, the Fine Print and Side Effects
“SonarSnoop: Active Acoustic Side-Channel Attacks ”, Cheng et al 2018
“Chaff Bugs: Deterring Attackers by Making Software Buggier ”, Hu et al 2018
“Bad Romance: To Cash in on Kindle Unlimited, a Cabal of Authors Gamed Amazon’s Algorithm ”, Jeong 2018
Bad romance: To cash in on Kindle Unlimited, a cabal of authors gamed Amazon’s algorithm
“Kindle Unlimited Book Stuffing Scam Earns Millions and Amazon Isn’t Stopping It: Book Stuffer Chance Carter Is Gone. But Readers Are Still Paying for Books That Are 90% Filler. ”, Zetlin 2018
“Security, Moore’s Law, and the Anomaly of Cheap Complexity ”, Flake 2018
“Understanding the Behavior of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge ”, Ceccato et al 2018
“Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning ”, Anderson et al 2018
Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning
“Deep Reinforcement Fuzzing ”, Böttinger et al 2018
“Weird Machines, Exploitability, and Provable Unexploitability ”, Dullien 2017
Weird machines, exploitability, and provable unexploitability
“The Future of Ad Blocking: An Analytical Framework and New Techniques ”, Storey et al 2017
The Future of Ad Blocking: An Analytical Framework and New Techniques
“Hyper-Realistic Face Masks: a New Challenge in Person Identification ”, Sanders et al 2017
Hyper-realistic face masks: a new challenge in person identification
“Join Me on a Market for Anonymity ”, Moser & Böhme 2016
“The Search for the Perfect Door ”, Ollam 2016
“When Coding Style Survives Compilation: De-Anonymizing Programmers from Executable Binaries ”, Caliskan et al 2015
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
“Microsoft Sheds Reputation As an Easy Mark for Hackers ”, Wingfield 2015
“When Failure Sneaks into Stealth Games ”, Yang 2015
When failure sneaks into stealth games
“Defenders Think in Lists. Attackers Think in Graphs. As Long As This Is True, Attackers Win. ”, Lambert 2015
Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.
“Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture ”, Zonenberg 2015
Antikernel: A decentralized secure hardware-software operating system architecture
“What Are Weird Machines? ”, Bratus 2015
“Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords ”, Blocki et al 2014
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords
“Teaching Mario to Play Pong and Snake Through Innumerable Exploits ”
Teaching Mario to Play Pong and Snake Through Innumerable Exploits
“Bloom Filter Applications in Network Security: A State-Of-The-Art Survey ”, Geravand & Ahmadi 2013
Bloom filter applications in network security: A state-of-the-art survey
“Converting Untrusted PDFs into Trusted Ones: The Qubes Way ”
Converting untrusted PDFs into trusted ones: The Qubes Way
“The Page-Fault Weird Machine: Lessons in Instruction-Less Computation ”, Bangert 2013
The Page-Fault Weird Machine: Lessons in Instruction-less Computation
“The Configuration Complexity Clock ”, Hadlow 2012
“Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-Iks ”, White et al 2011
Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks
“Exploration of FPGA Interconnect for the Design of Unconventional Antennas ”, Tavaragiri et al 2011
Exploration of FPGA interconnect for the design of unconventional antennas
“Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited ”, Flake 2011
Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited
“Digital Image Forensics: a Booklet for Beginners ”, Redi et al 2010
“Unicode Security Mechanisms: Recommended Confusable Mapping for IDN ”, Consortium 2010
Unicode Security Mechanisms: Recommended confusable mapping for IDN
“Feasibility and Real-World Implications of Web Browser History Detection ”, Janc & Olejnik 2010
Feasibility and Real-World Implications of Web Browser History Detection
“Mining Writeprints from Anonymous E-Mails for Forensic Investigation ”, Iqbal 2010
Mining writeprints from anonymous e-mails for forensic investigation
“Thought Experiments Lain: a Serial Experiments Lain Information Site ”, Eng 2009
thought experiments lain: a Serial Experiments Lain information site
“So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users ”, Herley 2009
So long, and no thanks for the externalities: the rational rejection of security advice by users
“De-Anonymizing Social Networks ”, Narayanan & Shmatikov 2009
“The Tactical Amulet Extraction Bot: Predicting and Controlling NetHack’s Randomness ”
The Tactical Amulet Extraction Bot: Predicting and controlling NetHack’s randomness
“Why I’m Not an Entropist ”, Syverson 2009
“Orangutans, Resistance and the Zoo ”, Hribal 2008
“A Case Study of Preferential Bestiality ”, Earls & Lalumière 2007
“Exposing Private Information by Timing Web Applications ”, Bortz 2007
Exposing private information by timing web applications
“How To Break Anonymity of the Netflix Prize Dataset ”, Narayanan & Shmatikov 2006
“Oral History of Butler Lampson § WWW ”, Lampson & Kay 2006 (page 36)
“Remote Physical Device Fingerprinting ”, Kohno 2005
Remote physical device fingerprinting
Confessions of a Master Jewel Thief, Mason 2005
“Toward a Broader View of Security Protocols ”, Blaze 2004
“Privacy, Economics, and Price Discrimination on the Internet ”, Odlyzko 2003
Privacy, Economics, and Price Discrimination on the Internet
“30 Years Later: Lessons from the Multics Security Evaluation ”, Karger & Schell 2002
30 years later: lessons from the Multics security evaluation
“Timing Attacks on Web Privacy ”, Felten & Schneider 2000
“An Evolved Circuit, Intrinsic in Silicon, Entwined With Physics ”, Thompson 1997
An evolved circuit, intrinsic in silicon, entwined with physics
“An Empirical Study of the Reliability of UNIX Utilities ”, Miller et al 1990
“FRACTRAN: A Simple Universal Programming Language for Arithmetic ”, Conway 1987
FRACTRAN: A Simple Universal Programming Language for Arithmetic
Computer Viruses, Cohen 1985
“Secrets of the Little Blue Box: A Story so Incredible It May Even Make You Feel Sorry for the Phone Company ”, Rosenbaum 1971
“A Small Lathe Built in a Japanese Prison Camp ”, Bradley 1949
“Scunthorpe ”, Sandberg 2025
“StarCraft: Remastered—Emulating a Buffer Overflow for Fun and Profit ”
StarCraft: Remastered—Emulating a buffer overflow for fun and profit
“Stargate Physics 101 ”
“How a North Korean Fake IT Worker Tried to Infiltrate Us ”
How a North Korean Fake IT Worker Tried to Infiltrate Us
“Computing With Time: Microarchitectural Weird Machines ”
“How Exploits Impact Computer Science Theory ”
How Exploits Impact Computer Science Theory
“Adversarial Misuse of Generative AI ”
Adversarial Misuse of Generative AI
“Gyrophone: Recognizing Speech From Gyroscope Signals ”, Michalevsky 2025
Gyrophone: Recognizing Speech From Gyroscope Signals
“A Friendly, Non-Technical Introduction to Differential Privacy ”
A friendly, non-technical introduction to differential privacy
“Random Mosaic: Detecting Unauthorized Physical Access With Beans, Lentils and Colored Rice ”
Random Mosaic: Detecting unauthorized physical access with beans, lentils and colored rice
“HexHive/printbf: Brainfuck Interpreter inside Printf ”
“Things the Guys Who Stole My Phone Have Texted Me to Try to Get Me to Unlock It ”
Things the guys who stole my phone have texted me to try to get me to unlock it
“An Informal Review of CTF Abuse ”
An informal review of CTF abuse
“Bypassing Airport Security via SQL Injection ”
Bypassing airport security via SQL injection
“Pulling JPEGs out of Thin Air ”
Pulling JPEGs out of thin air
“Hacking Yourself a Satellite—Recovering BEESAT-1 ”
“Trusted Third Parties Are Security Holes ”, Szabo 2025
“Control-Flow Bending: On the Effectiveness of Control-Flow Integrity ”
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
“Why I Attack ”, Carlini 2025
“Data Exfiltration from Slack AI via Indirect Prompt Injection ”, PromptArmor 2025
Data Exfiltration from Slack AI via indirect prompt injection
“Furiosa’s Cat Feeder: The Trick Is to Be Smarter Than the Animal With a Brain the Size of a Walnut ”
Furiosa’s Cat Feeder: The trick is to be smarter than the animal with a brain the size of a walnut
“Lessons from the Debian/OpenSSL Fiasco ”
“PySkyWiFi: Completely Free, Unbelievably Stupid WiFi on Long-Haul Flights ”
PySkyWiFi: completely free, unbelievably stupid WiFi on long-haul flights
“Sarah Meiklejohn ”
“Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators ”
Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators
“An Open Letter to Netflix from the Authors of the De-Anonymization Paper ”
An open letter to Netflix from the authors of the de-anonymization paper
“The Scarred Man Returns ”, Benford 2025
“Weird Machines HQ ”
“The Ken Thompson Hack ”, WikiWikiWeb 2025
“Nicolas Christin ”
“Internet Archive Hacked, Data Breach Impacts 31 Million Users ”
Internet Archive hacked, data breach impacts 31 million users
“Inside North Korea’s Hacker Army ”
“Role Embeddings: Making Authorship More Salient to LLMs ”
Role embeddings: making authorship more salient to LLMs
“Security Mindset: Lessons from 20+ Years of Software Security Failures Relevant to AGI Alignment ”
Security Mindset: Lessons from 20+ years of Software Security Failures Relevant to AGI Alignment
“Language Models Model Us ”
“Appendix F: Personal Observations on the Reliability of the Shuttle ”
Appendix F: Personal Observations on the Reliability of the Shuttle
“Microsoft Refused to Fix Flaw Years Before SolarWinds Hack ”
“AI Will Increase the Quantity—And Quality—Of Phishing Scams ”
AI Will Increase the Quantity—and Quality—of Phishing Scams
“Coding Machines ”
“Found on the Web, With DNA: a Boy’s Father ”
“While Investigating a Hosting Company Known for Sheltering Child Porn Last Year the FBI Incidentally Seized the Entire E-Mail Database of a Popular Anonymous Webmail Service Called TorMail. Now the FBI Is Tapping That Vast Trove of E-Mail in Unrelated Investigations. ”
“Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets ”
Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets
“The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme ”
The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme
“How Mario 64 Was Solved Using Parallel Universes—Super Mario 64 Tool-Assisted Speedrun Explained ”
How Mario 64 was solved using parallel universes—Super Mario 64 Tool-Assisted Speedrun Explained
“Cryptoleaks: How BND and CIA Deceived Everyone: Research by ZDF, Washington Post and SRF Shows How the BND and CIA Secretly Spy on States—And Concealed Gross Human Rights Violations. ”
danielvf
“XBOW Now Matches the Capabilities of a Top Human Pentester ”, XBOW 2025
XBOW now matches the capabilities of a top human pentester
“Bag Check ”, Munroe 2025
“Sufficiently Advanced Testing ”
Sufficiently Advanced Testing
Sort By Magic
Annotations sorted by machine learning into inferred 'tags'. This provides an alternative way to browse: instead of by date order, one can browse in topic order. The 'sorted' list has been automatically clustered into multiple sections & auto-labeled for easier browsing.
Beginning with the newest annotation, it uses the embedding of each annotation to attempt to create a list of nearest-neighbor annotations, creating a progression of topics. For more details, see the link.
Miscellaneous
/doc/cs/ security/ 2023-fiedler-figure1-usingthecomputersonasystemonchiptoattackeachother.jpg : /doc/cs/ security/ 2012-terencetao-anonymity.html : /doc/ai/ 2003-11-07-clayshirky-thesemanticwebsyllogismandworldview.html /doc/cs/ security/ 2001-12-02-treginaldgibbons-isyoursonacomputerhacker.html : /doc/cs/ security/ lobel-frogandtoadtogether-thebox-crop.jpg : http://itre.cis.upenn.edu/ ~myl/ languagelog/ archives/ 003289.html : http://www.datagenetics.com/ blog/ september32012/ index.html : http://www.ranum.com/ security/ computer_security/ editorials/ dumb/ : http://www.underhanded-c.org/ : https://awesomekling.substack.com/ p/ fuzzing-ladybird-with-tools-from https://binarly.io/ posts/ The_Far_Reaching_Consequences_of_LogoFAIL/ : https://blog.trailofbits.com/ 2023/ 02/ 14/ curl-audit-fuzzing-libcurl-command-line-interface/ : https://cacm.acm.org/ magazines/ 2023/ 6/ 273222-the-silent-revolution-of-sat/ fulltext : https://codeanlabs.com/ blog/ research/ cve-2024-4367-arbitrary-js-execution-in-pdf-js/ : https://comsec.ethz.ch/ research/ dram/ zenhammer/ : https://dl.acm.org/ doi/ pdf/ 10.1145/ 1283920.1283940 : https://dropbox.tech/ machine-learning/ prompt-injection-with-control-characters-openai-chatgpt-llm https://engineering.atspotify.com/ 2013/ 06/ creative-usernames/ https://erights.medium.com/ norm-hardys-place-in-history-cecf191df641 https://flak.tedunangst.com/ post/ a-brief-history-of-one-line-fixes : https://flak.tedunangst.com/ post/ rethinking-openbsd-security : https://github.com/ greshake/ llm-security : https://iter.ca/ post/ gh-sig-pwn/ : https://lutrasecurity.com/ en/ articles/ kobold-letters/ : https://medium.com/ tenable-techblog/ g-3po-a-protocol-droid-for-ghidra-4b46fa72f1ff https://micahflee.com/ 2023/ 04/ capturing-the-flag-with-gpt-4/ https://msrc.microsoft.com/ update-guide/ en-US/ vulnerability/ CVE-2022-34718 : https://news.ycombinator.com/ item?id=33806020 : https://news.ycombinator.com/ item?id=36989718 : https://official-kircheis.tumblr.com/ post/ 682013772643254272/ jadagul-prokopetz-repost-this-image : https://openai.com/ index/ openai-appoints-retired-us-army-general/ https://pluralistic.net/ 2024/ 02/ 05/ cyber-dunning-kruger/ #swiss-cheese-security https://promptarmor.substack.com/ p/ data-exfiltration-from-writercom https://radiolab.org/ podcast/ null/ transcript : https://reddit.com/ r/ peanutbutterisoneword/ top/ : https://research.checkpoint.com/ 2023/ opwnai-cybercriminals-starting-to-use-chatgpt/ : https://securelist.com/ operation-triangulation-the-last-hardware-mystery/ 111669/ : https://securelist.com/ satellite-turla-apt-command-and-control-in-the-sky/ 72081/ https://security.googleblog.com/ 2023/ 08/ ai-powered-fuzzing-breaking-bug-hunting.html : https://semiengineering.com/ uneven-circuit-aging-becoming-a-bigger-problem/ https://simonwillison.net/ 2023/ Apr/ 14/ worst-that-can-happen/ https://simonwillison.net/ 2023/ Oct/ 14/ multi-modal-prompt-injection/ https://taskandpurpose.com/ culture/ realistic-aerial-combat-movie-patlabor-2/ https://tedium.co/ 2023/ 07/ 19/ tamper-evident-jar-safety-button-history/ https://thezvi.substack.com/ p/ jailbreaking-the-chatgpt-on-release https://tracebit.com/ blog/ 2024/ 02/ finding-aws-account-id-of-any-s3-bucket/ https://verse.systems/ blog/ post/ 2024-03-09-using-llms-to-generate-fuzz-generators/ https://vulcan.io/ blog/ ai-hallucinations-package-risk : https://web.mit.edu/ kerberos/ www/ dialogue.html : https://www.astralcodexten.com/ p/ perhaps-it-is-a-bad-thing-that-the https://www.brightball.com/ articles/ waste-spammers-time-to-reduce-their-return-on-investment https://www.cerias.purdue.edu/ site/ blog/ post/ reflecting_on_the_internet_worm_at_35/ https://www.chargebackstop.com/ blog/ card-networks-exploitation https://www.da.vidbuchanan.co.uk/ blog/ exploiting-acropalypse.html https://www.gq.com/ story/ worlds-greatest-jailbreak-artist-redoine-faid : https://www.ietf.org/ archive/ id/ draft-farrell-tenyearsafter-00.html https://www.juliansanchez.com/ 2009/ 12/ 08/ the-redactors-dilemma/ https://www.lesswrong.com/ posts/ KSroBnxCHodGmPPJ8/ jailbreaking-gpt-4-s-code-interpreter https://www.lesswrong.com/ posts/ pNcFYZnPdXyL2RfgA/ using-gpt-eliezer-against-chatgpt-jailbreaking https://www.lesswrong.com/ posts/ ukTLGe5CQq9w8FMne/ inducing-unprompted-misalignment-in-llms https://www.multicians.org/ b2.html : https://www.newyorker.com/ news/ annals-of-inquiry/ how-to-find-a-missing-person-with-dementia https://www.nplusonemag.com/ issue-19/ essays/ chat-wars/ : https://www.nytimes.com/ 2014/ 08/ 12/ upshot/ heres-why-stealing-cars-went-out-of-fashion.html https://www.reddit.com/ r/ ChatGPT/ comments/ 10tevu1/ new_jailbreak_proudly_unveiling_the_tried_and/ https://www.reddit.com/ r/ ChatGPT/ comments/ zzgm8u/ to_the_folk_at_openai_browsing_this_sub/ https://www.reddit.com/ r/ GPT3/ comments/ 10wp00c/ im_not_playing_with_dan_anymore/ : https://www.reddit.com/ r/ GPT3/ comments/ zb4msc/ speaking_to_chatgpt_in_perfect_danish_while_it/ : https://www.reddit.com/ r/ ProgrammerHumor/ comments/ 145nduh/ kiss/ https://www.reddit.com/ r/ slatestarcodex/ comments/ 18illkw/ amazing_story_from_dominic_cummings_blog/ : https://www.schneier.com/ blog/ archives/ 2023/ 04/ llms-and-phishing.html : https://www.schneier.com/ essays/ archives/ 2000/ 04/ the_process_of_secur.html : https://www.thecut.com/ article/ amazon-scam-call-ftc-arrest-warrants.html https://www.vice.com/ en/ article/ k7z8be/ torswats-computer-generated-ai-voice-swatting https://www.wired.com/ story/ alan-filion-torswats-swatting-arrest/ : https://www.wired.com/ story/ hacker-honeypot-go-secure/ : https://www.wired.com/ story/ mirai-untold-story-three-young-hackers-web-killing-monster/ :
Bibliography
https://: “A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A Security Breach at the Maker of ChatGPT Last Year Revealed Internal Discussions among Researchers and Other Employees, but Not the Code behind OpenAI’s Systems ”,www.nytimes.com/ 2024/ 07/ 04/ technology/ openai-hack.html https://: “The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For Decades, Yoko Ono Thought That the Birthday Gift Was in Her Dakota Apartment. But It Had Been Removed and Sold—And Now Awaits a Court Ruling in Geneva ”,www.newyorker.com/ magazine/ 2024/ 06/ 24/ the-strange-journey-of-john-lennons-stolen-patek-phillippe-watch https://: “Designing a Dashboard for Transparency and Control of Conversational AI ”,arxiv.org/ abs/ 2406.07882 https://: “AI Sandbagging: Language Models Can Strategically Underperform on Evaluations ”,arxiv.org/ abs/ 2406.07358 https://: “Vulnerability Detection With Code Language Models: How Far Are We? ”,arxiv.org/ abs/ 2403.18624 https://: “The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, Who Leads Research at the National Security Agency, Says Large Language Models Are Incredibly Useful—And a Bit of a Headache—For America’s Intelligence Machine ”,www.wired.com/ story/ fast-forward-nsa-warns-us-adversaries-private-data-ai-edge/ https://: “Did I Get Sam Altman Fired from OpenAI?: Nathan’s Red-Teaming Experience, Noticing How the Board Was Not Aware of GPT-4 Jailbreaks & Had Not Even Tried GPT-4 prior to Its Early Release ”,cognitiverevolution.substack.com/ p/ did-i-get-sam-altman-fired-from-openai https://: “Security Weaknesses of Copilot Generated Code in GitHub ”,arxiv.org/ abs/ 2310.02059 https://: “Devising and Detecting Phishing: Large Language Models versus Smaller Human Models ”,arxiv.org/ abs/ 2308.12287 https://: “Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns ”,arxiv.org/ abs/ 2305.06972 https://: “Not What You’ve Signed up For: Compromising Real-World LLM-Integrated Applications With Indirect Prompt Injection ”,arxiv.org/ abs/ 2302.12173 https://: “Fill in the Blank: Context-Aware Automated Text Input Generation for Mobile GUI Testing ”,arxiv.org/ abs/ 2212.04732 https://: “Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects ”,www.binance.com/ en/ blog/ community/ scammers-created-an-ai-hologram-of-me-to-scam-unsuspecting-projects-6406050849026267209 2022-wang-4.pdf: “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on X86 ”,2021-kommu-themongoliangeoguessrmeta.pdf: “The Mongolian Meta ”,https://: “Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun ”,www.youtube.com/ watch?v=dGU5_UUalPA 2018-ceccato.pdf: “Understanding the Behavior of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge ”,https://: “What Are Weird Machines? ”,www.cs.dartmouth.edu/ ~sergey/ wm/ 2011-white.pdf: “Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-Iks ”,https://: “Oral History of Butler Lampson § WWW ”,archive.computerhistory.org/ resources/ text/ Oral_History/ Lampson_Butler/ 102658024.05.01.pdf#page=36 2002-karger.pdf: “30 Years Later: Lessons from the Multics Security Evaluation ”,1949-bradley.pdf: “A Small Lathe Built in a Japanese Prison Camp ”,