TechLetters #139 Supply-chain issue of malicious software packages on the rise. CPU bugs leak data. Privacy-preserving database.
Security
List of malicious software packages. Python, node/npm, …. Installation may lead to a breach. New entries every day it seems. Over 7400 entries only for Node.
AI cyber competition. White House announces a competition to "use artificial intelligence (AI) to protect the United States’ most important software, such as code that helps run the internet and our critical infrastructure"
Breach of tens of millions of UK voters’ data. Cyberattack on the UK’s Electoral Commission. Undetected for more than a year (since 2021 until 2022). Culprit unknown. Number of affected people unknown. However, no risk of impact on election results, as paper used in election.
Another micro architectural CPU security weakness. In Intel processors. Downfall. The risk? Well, a program on your computer can steal sensitive data. Like passwords, encryption keys. Bypassing normal protections that would make it impossible through isolation. "undermine the security of computers running everywhere across the internet".
The US bans US investments in China's advanced chip and artificial intelligence sectors, quantum information technologies. Due to concerns and a desire to prevent the Chinese military from accessing US technology and capital.
Assessment of Lapsu$. Ransomware group.
Privacy
Meta/Facebook is deploying privacy-preserving technologies to create a database the uses of which is unknown for its operator. Private queries! First application: discovering when/if password security is breached. It's likely that it MAY be deployed in the more privacy-friendly technologies in different domain, too. Like in advertisements, why not.
Other
There's a problem with ChatGPT? "52% of ChatGPT’s answers contain inaccuracies and 77% are verbose. Nevertheless, users still prefer ChatGPT’s responses 39.34% of the time due to their comprehensiveness and articulate language style". Study based on programming assignments and Stack Overflow.
In case you feel it's worth it to forward this content further:
If you’d like to share: