Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks
Internet Archive breached again through stolen access tokens
Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Meet the Hustlers Who Make $6,000 a Month Riding Citi Bikes
PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’
From World Champions to State Assets: The Outsized Impact of a Few Chinese Hackers
Prompt Injection in ‘Resolve Vulnerabilty’ Results in Arbitrary Command Execution in Victim’s Pipeline
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A security breach at the maker of ChatGPT last year revealed internal discussions among researchers and other employees, but not the code behind OpenAI’s systems
The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For decades, Yoko Ono thought that the birthday gift was in her Dakota apartment. But it had been removed and sold—and now awaits a court ruling in Geneva
Designing a Dashboard for Transparency and Control of Conversational AI
he West Coast’s Fanciest Stolen Bikes Are Getting Trafficked by One Mastermind in Jalisco, Mexico: ‘We have people stealing all over the world.’ A digital sleuth named Bryan Hance has spent the past four years obsessively uncovering a bicycle-theft pipeline of astonishing scale
AI Sandbagging: Language Models can Strategically Underperform on Evaluations
The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions
Foundational Challenges in Assuring Alignment and Safety of Large Language Models
Vulnerability Detection with Code Language Models: How Far Are We?
The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, who leads research at the National Security Agency, says large language models are incredibly useful—and a bit of a headache—for America’s intelligence machine
Did I get Sam Altman fired from OpenAI?: Nathan’s red-teaming experience, noticing how the board was not aware of GPT-4 jailbreaks & had not even tried GPT-4 prior to its early release
Summon a Demon and Bind it: A Grounded Theory of LLM Red Teaming in the Wild
Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game
InCharacter: Evaluating Personality Fidelity in Role-Playing Agents through Psychological Interviews
Beyond Memorization: Violating Privacy Via Inference with Large Language Models
Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models
Artificial Artificial Artificial Intelligence: Crowd Workers Widely Use Large Language Models for Text Production Tasks
Generalizable Synthetic Image Detection via Language-guided Contrastive Learning
Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns
Dark Web Pedophile Site Users’ Cybersecurity Concerns: A Lifespan and Survival Analysis
Protecting Society from AI Misuse: When are Restrictions on Capabilities Warranted?
ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards
Not what you’ve signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons
EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers
Fill in the Blank: Context-aware Automated Text Input Generation for Mobile GUI Testing
Familial concentration of crime in a digital era: Criminal behavior among family members of cyber offenders
Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models
Uber Apparently Hacked by Teen, Employees Thought It Was a Joke: ‘I Think IT Would Appreciate Less Memes While They Handle the Breach’
Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects
Adversarial Attacks on Image Generation With Made-Up Words
SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables
Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests: Hackers compromised the emails of law enforcement agencies; Data was used to enable harassment, may aid financial fraud
Hackers Gaining Power of Subpoena Via Fake ‘Emergency Data Requests’
Pop Quiz! Can a Large Language Model Help With Reverse Engineering?
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences
High tech crime, high intellectual crime? Comparing the intellectual capabilities of cybercriminals, traditional criminals and non-criminals
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED
Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes
Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine
AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers
I Know What You Bought At Chipotle for $9.81 by Solving A Linear Inverse Problem
A C/C++ Code Vulnerability Dataset with Code Changes and CVE Summaries
The Relevance of Classic Fuzz Testing: Have We Solved This One?
Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations
Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques
What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking
Listen to Your Key: Towards Acoustics-based Physical Key Inference
Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun
The Voluntariness of Voluntary Consent: Consent Searches and the Psychology of Compliance
Hearing your touch: A new acoustic side channel on smartphones
Spectre is here to stay: An analysis of side-channels and speculative execution
Privacy implications of accelerometer data: a review of possible inferences
Best Practices: Formal Proofs, the Fine Print and Side Effects
Chaff Bugs: Deterring Attackers by Making Software Buggier
Bad romance: To cash in on Kindle Unlimited, a cabal of authors gamed Amazon’s algorithm
Kindle Unlimited Book Stuffing Scam Earns Millions and Amazon Isn’t Stopping It: Book stuffer Chance Carter is gone. But readers are still paying for books that are 90% filler.
Security, Moore’s law, and the anomaly of cheap complexity
Understanding the behavior of hackers while performing attack tasks in a professional setting and in a public challenge
Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning
Weird machines, exploitability, and provable unexploitability
The Future of Ad Blocking: An Analytical Framework and New Techniques
Hyper-realistic face masks: a new challenge in person identification
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
Defenders Think in Lists. Attackers Think in Graphs. As Long As This Is True, Attackers Win.
Antikernel: A decentralized secure hardware-software operating system architecture
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords
Teaching Mario to Play Pong and Snake Through Innumerable Exploits
Bloom filter applications in network security: A state-of-the-art survey
Converting Untrusted PDFs into Trusted Ones: The Qubes Way
The Page-Fault Weird Machine: Lessons in Instruction-Less Computation
Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks
Exploration of FPGA interconnect for the design of unconventional antennas
Exploitation and State Machines: Programming the ‘Weird Machine’ Revisited
Feasibility and Real-World Implications of Web Browser History Detection
Mining Writeprints from Anonymous E-Mails for Forensic Investigation
Thought Experiments Lain: a Serial Experiments Lain Information Site
The Tactical Amulet Extraction Bot: Predicting and Controlling NetHack's Randomness
Privacy, Economics, and Price Discrimination on the Internet
30 years later: lessons from the Multics security evaluation
An evolved circuit, intrinsic in silicon, entwined with physics
FRACTRAN: A Simple Universal Programming Language for Arithmetic
Secrets of the Little Blue Box: A story so incredible it may even make you feel sorry for the phone company
StarCraft: Remastered—Emulating a Buffer Overflow for Fun and Profit
A Friendly, Non-Technical Introduction to Differential Privacy
Random Mosaic: Detecting Unauthorized Physical Access With Beans, Lentils and Colored Rice
cf7c3ab86f54b96432e9114dbdebee382505a794.html#kurzzeitige-lagerung
Things the Guys Who Stole My Phone Have Texted Me to Try to Get Me to Unlock It
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
Data Exfiltration from Slack AI via Indirect Prompt Injection
Furiosa’s Cat Feeder: The Trick Is to Be Smarter Than the Animal With a Brain the Size of a Walnut
PySkyWiFi: Completely Free, Unbelievably Stupid WiFi on Long-Haul Flights
Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators
An Open Letter to Netflix from the Authors of the De-Anonymization Paper
Internet Archive Hacked, Data Breach Impacts 31 Million Users
Security Mindset: Lessons from 20+ Years of Software Security Failures Relevant to AGI Alignment
Appendix F: Personal Observations on the Reliability of the Shuttle
Microsoft Refused to Fix Flaw Years Before SolarWinds Hack
AI Will Increase the Quantity—And Quality—Of Phishing Scams
While Investigating a Hosting Company Known for Sheltering Child Porn Last Year the FBI Incidentally Seized the Entire E-Mail Database of a Popular Anonymous Webmail Service Called TorMail. Now the FBI Is Tapping That Vast Trove of E-Mail in Unrelated Investigations.
Air Gap Hacker Mordechai Guri Steals Data With Noise, Light, and Magnets
The Mirai Botnet Was Part of a College Student ‘Minecraft’ Scheme
How Mario 64 Was Solved Using Parallel Universes—Super Mario 64 Tool-Assisted Speedrun Explained
Cryptoleaks: How BND and CIA Deceived Everyone: Research by ZDF, Washington Post and SRF Shows How the BND and CIA Secretly Spy on States—And Concealed Gross Human Rights Violations.
XBOW Now Matches the Capabilities of a Top Human Pentester
2023-fiedler-figure1-usingthecomputersonasystemonchiptoattackeachother.jpg
2022-wang-figure5-frequencyscalingeffectonpowerconsumptionbynumberof1bitsinaninputrevealsasidechannel.png
2012-02-12-arvindnarayanan-iswritingstylesufficienttodeanonymizematerialonline.html
2003-11-07-clayshirky-thesemanticwebsyllogismandworldview.html
http://itre.cis.upenn.edu/~myl/languagelog/archives/003289.html
http://www.datagenetics.com/blog/september32012/index.html
http://www.ranum.com/security/computer_security/editorials/dumb/
https://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/
https://awesomekling.substack.com/p/fuzzing-ladybird-with-tools-from
https://betterprogramming.pub/the-dark-side-of-llms-we-need-to-rethink-large-language-models-now-6212aca0581a
https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
https://cacm.acm.org/magazines/2023/6/273222-the-silent-revolution-of-sat/fulltext
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
https://dropbox.tech/machine-learning/prompt-injection-with-control-characters-openai-chatgpt-llm
https://embracethered.com/blog/posts/2023/chatgpt-webpilot-data-exfil-via-markdown-injection/#responsible-disclosure
938a66908d685ba0973f77a6f0d816e0c639a763.html#responsible-disclosure
https://engineering.atspotify.com/2013/06/creative-usernames/
https://erights.medium.com/norm-hardys-place-in-history-cecf191df641
https://findthatmeme.com/blog/2023/01/08/image-stacks-and-iphone-racks-building-an-internet-scale-meme-search-engine-Qzrz7V6T.html
https://flak.tedunangst.com/post/a-brief-history-of-one-line-fixes
https://flak.tedunangst.com/post/rethinking-openbsd-security
https://kobikobi.wordpress.com/2018/03/03/speak-friend-and-enter-do-people-actually-use-movie-passwords/
https://marginalrevolution.com/marginalrevolution/2023/11/what-the-kia-hyundai-crime-wave-tells-us-about-the-long-term-decline-in-crime.html
https://medium.com/tenable-techblog/g-3po-a-protocol-droid-for-ghidra-4b46fa72f1ff
https://micahflee.com/2023/04/capturing-the-flag-with-gpt-4/
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718
https://official-kircheis.tumblr.com/post/682013772643254272/jadagul-prokopetz-repost-this-image
https://openai.com/index/openai-appoints-retired-us-army-general/
https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security
https://promptarmor.substack.com/p/data-exfiltration-from-writercom
https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
https://semiengineering.com/uneven-circuit-aging-becoming-a-bigger-problem/
https://simonwillison.net/2023/Apr/14/worst-that-can-happen/
https://simonwillison.net/2023/Oct/14/multi-modal-prompt-injection/
https://taskandpurpose.com/culture/realistic-aerial-combat-movie-patlabor-2/
https://techcrunch.com/2023/01/09/anthropics-claude-improves-on-chatgpt-but-still-suffers-from-limitations/
https://tedium.co/2023/07/19/tamper-evident-jar-safety-button-history/
https://thezvi.substack.com/p/jailbreaking-the-chatgpt-on-release
https://tracebit.com/blog/2024/02/finding-aws-account-id-of-any-s3-bucket/
https://verse.systems/blog/post/2024-03-09-using-llms-to-generate-fuzz-generators/
https://web.archive.org/web/20190424032242/http://www.gregorybenford.com/extra/the-scarred-man-returns/
https://www.404media.co/facebook-is-being-overrun-with-stolen-ai-generated-images-that-people-think-are-real/
https://www.astralcodexten.com/p/perhaps-it-is-a-bad-thing-that-the
https://www.brightball.com/articles/waste-spammers-time-to-reduce-their-return-on-investment
https://www.cerias.purdue.edu/site/blog/post/reflecting_on_the_internet_worm_at_35/
https://www.chargebackstop.com/blog/card-networks-exploitation
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
https://www.gq.com/story/worlds-greatest-jailbreak-artist-redoine-faid
https://www.ietf.org/archive/id/draft-farrell-tenyearsafter-00.html
https://www.juliansanchez.com/2009/12/08/the-redactors-dilemma/
https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation
https://www.lesswrong.com/posts/KSroBnxCHodGmPPJ8/jailbreaking-gpt-4-s-code-interpreter
https://www.lesswrong.com/posts/Z4tBreNCxnppoPLtd/gpts-ability-to-keep-a-secret-is-weirdly-prompt-dependent
https://www.lesswrong.com/posts/bNCDexejSZpkuu3yz/you-can-use-gpt-4-to-create-prompt-injections-against-gpt-4
https://www.lesswrong.com/posts/pK3eKhBwBiLffqtrk/what-good-is-g-factor-if-you-re-dumped-in-the-woods-a-field#TkhhGd45HrNP8nPb4
1296eba518cace194713c2de94fc566d1b55424f.html#TkhhGd45HrNP8nPb4
https://www.lesswrong.com/posts/pNcFYZnPdXyL2RfgA/using-gpt-eliezer-against-chatgpt-jailbreaking
https://www.lesswrong.com/posts/ukTLGe5CQq9w8FMne/inducing-unprompted-misalignment-in-llms
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
https://www.newyorker.com/magazine/2023/06/26/the-art-thief-a-true-story-of-love-crime-and-a-dangerous-obsession-michael-finkel-book-review
https://www.newyorker.com/news/annals-of-inquiry/how-to-find-a-missing-person-with-dementia
https://www.nytimes.com/2014/08/12/upshot/heres-why-stealing-cars-went-out-of-fashion.html
https://www.reddit.com/r/ChatGPT/comments/10tevu1/new_jailbreak_proudly_unveiling_the_tried_and/
https://www.reddit.com/r/ChatGPT/comments/zzgm8u/to_the_folk_at_openai_browsing_this_sub/
https://www.reddit.com/r/GPT3/comments/10wp00c/im_not_playing_with_dan_anymore/
https://www.reddit.com/r/GPT3/comments/zb4msc/speaking_to_chatgpt_in_perfect_danish_while_it/
https://www.reddit.com/r/MachineLearning/comments/117yw1w/d_maybe_a_new_prompt_injection_method_against/
https://www.reddit.com/r/MachineLearning/comments/12xwzt9/d_be_careful_with_user_facing_apps_using_llms/
https://www.reddit.com/r/ProgrammerHumor/comments/145nduh/kiss/
https://www.reddit.com/r/slatestarcodex/comments/18illkw/amazing_story_from_dominic_cummings_blog/
https://www.schneier.com/blog/archives/2023/04/llms-and-phishing.html
https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html
https://www.smithsonianmag.com/science-nature/creepy-kitschy-and-geeky-patches-us-spy-satellites-180953562/
https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html
https://www.theguardian.com/news/2023/may/09/on-the-trail-of-the-dark-avenger-the-most-dangerous-virus-writer-in-the-world
https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands
https://www.vice.com/en/article/k7z8be/torswats-computer-generated-ai-voice-swatting
https://www.wired.com/story/alan-filion-torswats-swatting-arrest/
https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too: A security breach at the maker of ChatGPT last year revealed internal discussions among researchers and other employees, but not the code behind OpenAI’s systems
https%253A%252F%252Fwww.nytimes.com%252F2024%252F07%252F04%252Ftechnology%252Fopenai-hack.html.html
The Strange Journey of John Lennon’s Stolen Patek Philippe Watch: For decades, Yoko Ono thought that the birthday gift was in her Dakota apartment. But it had been removed and sold—and now awaits a court ruling in Geneva
https%253A%252F%252Fwww.newyorker.com%252Fmagazine%252F2024%252F06%252F24%252Fthe-strange-journey-of-john-lennons-stolen-patek-phillippe-watch.html
Designing a Dashboard for Transparency and Control of Conversational AI
AI Sandbagging: Language Models can Strategically Underperform on Evaluations
Vulnerability Detection with Code Language Models: How Far Are We?
The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge: Gilbert Herrera, who leads research at the National Security Agency, says large language models are incredibly useful—and a bit of a headache—for America’s intelligence machine
https%253A%252F%252Fwww.wired.com%252Fstory%252Ffast-forward-nsa-warns-us-adversaries-private-data-ai-edge%252F.html
Did I get Sam Altman fired from OpenAI?: Nathan’s red-teaming experience, noticing how the board was not aware of GPT-4 jailbreaks & had not even tried GPT-4 prior to its early release
https%253A%252F%252Fcognitiverevolution.substack.com%252Fp%252Fdid-i-get-sam-altman-fired-from-openai.html
Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models
Large Language Models Can Be Used To Effectively Scale Spear Phishing Campaigns
Not what you’ve signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
Fill in the Blank: Context-aware Automated Text Input Generation for Mobile GUI Testing
Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects
https%253A%252F%252Fwww.binance.com%252Fen%252Fblog%252Fcommunity%252Fscammers-created-an-ai-hologram-of-me-to-scam-unsuspecting-projects-6406050849026267209.html
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Privacy and Information Avoidance: An Experiment on Data-Sharing Preferences
%252Fdoc%252Fsociology%252Ftechnology%252F2022-svirsky.pdf.html
%252Fdoc%252Fcs%252Fsecurity%252F2021-kommu-themongoliangeoguessrmeta.pdf.html
Getting Over It Developer Reacts to 1 Minute 24 Second Speedrun
https%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DdGU5_UUalPA.html
Understanding the behavior of hackers while performing attack tasks in a professional setting and in a public challenge
https%253A%252F%252Fwww.cs.dartmouth.edu%252F~sergey%252Fwm%252F.html
Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks
https%253A%252F%252Farchive.computerhistory.org%252Fresources%252Ftext%252FOral_History%252FLampson_Butler%252F102658024.05.01.pdf%2523page%253D36.html
30 years later: lessons from the Multics security evaluation
Wikipedia Bibliography:
