“‘Computer Security’ Tag”,2019-11-15

Bibliography for tag cs/security, most recent first: 4 related tags, 174 annotations, & 168 links (parent).

• See Also
• Gwern
  • “Research Ideas”, Gwern2017
  • “On Seeing Through and Unseeing: The Hacker Mindset”, Gwern2012
• Links
  • “Emacs Arbitrary Code Execution and How to Avoid It”
  • “When Machine Learning Tells the Wrong Story”
  • “Hacking Back the AI-Hacker: Prompt Injection As a Defense Against LLM-Driven Cyberattacks”, Pasquini et al 2024
  • “The Global Surveillance Free-For-All in Mobile Ad Data”, Krebs2024
  • “Internet Archive Breached Again through Stolen Access Tokens”, Abrams2024
  • “Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code”
  • “Turning Everyday Gadgets into Bombs Is a Bad Idea”
  • “Meet the Hustlers Who Make $6,000 a Month Riding Citi Bikes”
  • “Magika: AI-Powered Content-Type Detection”, Fratantonio et al 2024
  • “PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’”, Guri2024
  • “From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers”
  • “How Elon Musk Got Tangled Up in Blue § Homoglyph Attack”, Mac & Conger2024
  • “Prompt Injection in ‘Resolve Vulnerabilty’ Results in Arbitrary Command Execution in Victim’s Pipeline”, GitLab2024
  • “A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A Security Breach at the Maker of ChatGPT Last Year Revealed Internal Discussions among Researchers and Other Employees, but Not the Code behind OpenAI’s Systems”, Metz2024
  • “The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For Decades, Yoko Ono Thought That the Birthday Gift Was in Her Dakota Apartment. But It Had Been Removed and Sold—And Now Awaits a Court Ruling in Geneva”, Fielden2024
  • “Designing a Dashboard for Transparency and Control of Conversational AI”, Chen et al 2024
  • “He West Coast’s Fanciest Stolen Bikes Are Getting Trafficked by One Mastermind in Jalisco, Mexico: ‘We Have People Stealing All over the World.’ A Digital Sleuth Named Bryan Hance Has Spent the past Four Years Obsessively Uncovering a Bicycle-Theft Pipeline of Astonishing Scale”, Solomon2024
  • “AI Sandbagging: Language Models Can Strategically Underperform on Evaluations”, Weij et al 2024
  • “The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions”, Wallace et al 2024
  • “Foundational Challenges in Assuring Alignment and Safety of Large Language Models”, Anwar et al 2024
  • “Vulnerability Detection With Code Language Models: How Far Are We?”, Ding et al 2024
  • “The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, Who Leads Research at the National Security Agency, Says Large Language Models Are Incredibly Useful—And a Bit of a Headache—For America’s Intelligence Machine”, Knight2024
  • “Exploiting Novel GPT-4 APIs”, Pelrine et al 2023
  • “Did I Get Sam Altman Fired from OpenAI?: Nathan’s Red-Teaming Experience, Noticing How the Board Was Not Aware of GPT-4 Jailbreaks & Had Not Even Tried GPT-4 prior to Its Early Release”, Labenz2023
  • “Did I Get Sam Altman Fired from OpenAI? § GPT-4-Base”, Labenz2023
  • “Summon a Demon and Bind It: A Grounded Theory of LLM Red Teaming in the Wild”, Inie et al 2023
  • “Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game”, Toyer et al 2023
  • “InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews”, Wang et al 2023
  • “Beyond Memorization: Violating Privacy Via Inference With Large Language Models”, Staab et al 2023
  • “Security Weaknesses of Copilot Generated Code in GitHub”, Fu et al 2023
  • “Demystifying RCE Vulnerabilities in LLM-Integrated Apps”, Liu et al 2023
  • “Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models”, Heiding et al 2023
  • “How Correlated Are You?”, Downey2023
  • “The Ghost Trilemma”, Mukherjee et al 2023
  • “An Empirical Study & Evaluation of Modern CAPTCHAs”, Searles et al 2023
  • “PIGEON: Predicting Image Geolocations”, Haas et al 2023
  • “Artificial Artificial Artificial Intelligence: Crowd Workers Widely Use Large Language Models for Text Production Tasks”, Veselovsky et al 2023
  • “Putting out the Hardware Dumpster Fire”, Fiedler et al 2023
  • “Generalizable Synthetic Image Detection via Language-Guided Contrastive Learning”, Wu et al 2023
  • “Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns”, Hazell2023
  • “Dark Web Pedophile Site Users’ Cybersecurity Concerns: A Lifespan and Survival Analysis”, Chopin & Décary-Hétu2023
  • “How Secure Is Code Generated by ChatGPT?”, Khoury et al 2023
  • “Generative AI: Impact on Email Cyber-Attacks”, DarkTrace2023
  • “Protecting Society from AI Misuse: When Are Restrictions on Capabilities Warranted?”, Anderljung & Hazell2023
  • “ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards”, Alotaibi et al 2023
  • “Not What You’ve Signed up For: Compromising Real-World LLM-Integrated Applications With Indirect Prompt Injection”, Greshake et al 2023
  • “Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons”, Zehavi & Shamir2023
  • “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers”, Mahdad et al 2022
  • “Fill in the Blank: Context-Aware Automated Text Input Generation for Mobile GUI Testing”, Liu et al 2022
  • “Familial Concentration of Crime in a Digital Era: Criminal Behavior among Family Members of Cyber Offenders”, Weijer & Moneva2022
  • “Do Users Write More Insecure Code With AI Assistants?”, Perry et al 2022
  • “Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models”, Struppek et al 2022
  • “BTD: Decompiling X86 Deep Neural Network Executables”, Liu et al 2022
  • “Uber Apparently Hacked by Teen, Employees Thought It Was a Joke: ‘I Think IT Would Appreciate Less Memes While They Handle the Breach’”, Porter2022
  • “Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects”, Hillmann2022
  • “Adversarial Attacks on Image Generation With Made-Up Words”, Millière2022
  • “SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables”, Guri2022
  • “Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing”, Long et al 2022
  • “Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests: Hackers Compromised the Emails of Law Enforcement Agencies; Data Was Used to Enable Harassment, May Aid Financial Fraud”, Turton2022
  • “Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’”, Krebs2022
  • “Pop Quiz! Can a Large Language Model Help With Reverse Engineering?”, Pearce et al 2022
  • “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on X86”, Wang et al 2022d
  • “Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences”, Svirsky2022
  • “High Tech Crime, High Intellectual Crime? Comparing the Intellectual Capabilities of Cybercriminals, Traditional Criminals and Non-Criminals”, Schiks et al 2022
  • “A Deep Dive into an NSO Zero-Click IMessage Exploit: Remote Code Execution”, Beer & Groß 2021
  • “Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED”, Nassi et al 2021
  • “EvilModel: Hiding Malware Inside of Neural Network Models”, Wang et al 2021
  • “Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes”
  • “The Mongolian Meta”, kommu & dylandank 2021
  • “Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine”, Johnson2021
  • “AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers”, Guri2020
  • “I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem”, Fleder & Shah2020
  • “A C/C++ Code Vulnerability Dataset With Code Changes and CVE Summaries”, Fan et al 2020
  • “The Relevance of Classic Fuzz Testing: Have We Solved This One?”, Miller et al 2020
  • “Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations”, Nassi et al 2020
  • “Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques”, Kim et al 2020
  • “IJON: Exploring Deep State Spaces via Fuzzing”, Aschermann et al 2020
  • “Psychic Paper”, Siguza2020
  • “What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking”, Kröger et al 2020
  • “Listen to Your Key: Towards Acoustics-Based Physical Key Inference”, Ramesh et al 2020
  • “Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun”, Foddy2020
  • “The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance”, Sommers & Bohns2019
  • “Hearing Your Touch: A New Acoustic Side Channel on Smartphones”, Shumailov et al 2019
  • “Spectre Is Here to Stay: An Analysis of Side-Channels and Speculative Execution”, Mcilroy et al 2019
  • “V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing”, Li et al 2019
  • “Privacy Implications of Accelerometer Data: a Review of Possible Inferences”, Kröger et al 2019
  • “ExSpectre: Hiding Malware in Speculative Execution”, Wampler2019
  • “Best Practices: Formal Proofs, the Fine Print and Side Effects”, Murray & Oorschot2018
  • “SonarSnoop: Active Acoustic Side-Channel Attacks”, Cheng et al 2018
  • “Chaff Bugs: Deterring Attackers by Making Software Buggier”, Hu et al 2018
  • “Bad Romance: To Cash in on Kindle Unlimited, a Cabal of Authors Gamed Amazon’s Algorithm”, Jeong2018
  • “Kindle Unlimited Book Stuffing Scam Earns Millions and Amazon Isn’t Stopping It: Book Stuffer Chance Carter Is Gone. But Readers Are Still Paying for Books That Are 90% Filler.”, Zetlin2018
  • “Security, Moore’s Law, and the Anomaly of Cheap Complexity”, Flake2018
  • “Understanding the Behavior of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge”, Ceccato et al 2018
  • “Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning”, Anderson et al 2018
  • “Deep Reinforcement Fuzzing”, Böttinger et al 2018
  • “Weird Machines, Exploitability, and Provable Unexploitability”, Dullien2017
  • “The Future of Ad Blocking: An Analytical Framework and New Techniques”, Storey et al 2017
  • “Hyper-Realistic Face Masks: a New Challenge in Person Identification”, Sanders et al 2017
  • “Join Me on a Market for Anonymity”, Moser & Böhme2016
  • “The Search for the Perfect Door”, Ollam2016
  • “When Coding Style Survives Compilation: De-Anonymizing Programmers from Executable Binaries”, Caliskan et al 2015
  • “Microsoft Sheds Reputation As an Easy Mark for Hackers”, Wingfield2015
  • “Defenders Think in Lists. Attackers Think in Graphs. As Long As This Is True, Attackers Win.”, Lambert2015
  • “Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture”, Zonenberg2015
  • “What Are Weird Machines?”, Bratus2015
  • “Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords”, Blocki et al 2014
  • “Teaching Mario to Play Pong and Snake Through Innumerable Exploits”
  • “Bloom Filter Applications in Network Security: A State-Of-The-Art Survey”, Geravand & Ahmadi2013
  • “The Page-Fault Weird Machine: Lessons in Instruction-Less Computation”, Bangert2013
  • “The Configuration Complexity Clock”, Hadlow2012
  • “Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-Iks”, White et al 2011
  • “Exploration of FPGA Interconnect for the Design of Unconventional Antennas”, Tavaragiri et al 2011
  • “Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited”, Flake2011
  • “Digital Image Forensics: a Booklet for Beginners”, Redi et al 2010
  • “Feasibility and Real-World Implications of Web Browser History Detection”, Janc & Olejnik2010
  • “Mining Writeprints from Anonymous E-Mails for Forensic Investigation”, Iqbal2010
  • “Thought Experiments Lain: a Serial Experiments Lain Information Site”, Eng2009
  • “De-Anonymizing Social Networks”, Narayanan & Shmatikov2009
  • “The Tactical Amulet Extraction Bot: Predicting and Controlling NetHack’s Randomness”
  • “Why I’m Not an Entropist”, Syverson2009
  • “Orangutans, Resistance and the Zoo”, Hribal2008
  • “A Case Study of Preferential Bestiality”, Earls & Lalumière2007
  • “Exposing Private Information by Timing Web Applications”, Bortz2007
  • “How To Break Anonymity of the Netflix Prize Dataset”, Narayanan & Shmatikov2006
  • “Oral History of Butler Lampson § WWW”, Lampson & Kay2006 (page 36)
  • “Remote Physical Device Fingerprinting”, Kohno2005
  • “Toward a Broader View of Security Protocols”, Blaze2004
  • “Privacy, Economics, and Price Discrimination on the Internet”, Odlyzko2003
  • “30 Years Later: Lessons from the Multics Security Evaluation”, Karger & Schell2002
  • “Timing Attacks on Web Privacy”, Felten & Schneider2000
  • “An Evolved Circuit, Intrinsic in Silicon, Entwined With Physics”, Thompson1997
  • “An Empirical Study of the Reliability of UNIX Utilities”, Miller et al 1990
  • “FRACTRAN: A Simple Universal Programming Language for Arithmetic”, Conway1987
  • “Secrets of the Little Blue Box: A Story so Incredible It May Even Make You Feel Sorry for the Phone Company”, Rosenbaum1971
  • “A Small Lathe Built in a Japanese Prison Camp”, Bradley1949
  • “Scunthorpe”, Sandberg2024
  • “StarCraft: Remastered—Emulating a Buffer Overflow for Fun and Profit”
  • “Stargate Physics 101”
  • “How a North Korean Fake IT Worker Tried to Infiltrate Us”
  • “Computing With Time: Microarchitectural Weird Machines”
  • “How Exploits Impact Computer Science Theory”
  • “Gyrophone: Recognizing Speech From Gyroscope Signals”, Michalevsky2024
  • “A Friendly, Non-Technical Introduction to Differential Privacy”
  • “Random Mosaic: Detecting Unauthorized Physical Access With Beans, Lentils and Colored Rice”
  • “Things the Guys Who Stole My Phone Have Texted Me to Try to Get Me to Unlock It”
  • “An Informal Review of CTF Abuse”
  • “Bypassing Airport Security via SQL Injection”
  • “Pulling JPEGs out of Thin Air”
  • “Trusted Third Parties Are Security Holes”, Szabo2024
  • “Control-Flow Bending: On the Effectiveness of Control-Flow Integrity”
  • “Why I Attack”, Carlini2024
  • “Data Exfiltration from Slack AI via Indirect Prompt Injection”, PromptArmor2024
  • “Furiosa’s Cat Feeder: The Trick Is to Be Smarter Than the Animal With a Brain the Size of a Walnut”
  • “Lessons from the Debian/OpenSSL Fiasco”
  • “PySkyWiFi: Completely Free, Unbelievably Stupid WiFi on Long-Haul Flights”
  • “Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators”
  • “An Open Letter to Netflix from the Authors of the De-Anonymization Paper”
  • “Weird Machines HQ”
  • “Internet Archive Hacked, Data Breach Impacts 31 Million Users”
  • “Inside North Korea’s Hacker Army”
  • “Security Mindset: Lessons from 20+ Years of Software Security Failures Relevant to AGI Alignment”
  • “Language Models Model Us”
  • “Appendix F: Personal Observations on the Reliability of the Shuttle”
  • “Microsoft Refused to Fix Flaw Years Before SolarWinds Hack”
  • “AI Will Increase the Quantity—And Quality—Of Phishing Scams”
  • “While Investigating a Hosting Company Known for Sheltering Child Porn Last Year the FBI Incidentally Seized the Entire E-Mail Database of a Popular Anonymous Webmail Service Called TorMail. Now the FBI Is Tapping That Vast Trove of E-Mail in Unrelated Investigations.”
  • “Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets”
  • “The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme”
  • “How Mario 64 Was Solved Using Parallel Universes—Super Mario 64 Tool-Assisted Speedrun Explained”
  • “Cryptoleaks: How BND and CIA Deceived Everyone: Research by ZDF, Washington Post and SRF Shows How the BND and CIA Secretly Spy on States—And Concealed Gross Human Rights Violations.”
  • “XBOW Now Matches the Capabilities of a Top Human Pentester”, XBOW 2024
  • “Bag Check”, Munroe2024
  • “Sufficiently Advanced Testing”
  • Sort By Magic
    • digital-theft
    • data-harvesting
    • ai-misuse
    • security-architecture
  • Wikipedia
• Miscellaneous
• Bibliography