TechLetters ☕️ Solving the (!) 25-YEAR-OLD PRIVACY BUG in web browsers. 17 years of cyberattacks on industrial systems. AI cyberattacks won't be a game changer for now.
Privacy
Solving web browsing history leaks. The oldest (25+ years) privacy bug? https://blog.lukaszolejnik.com/fixing-web-browser-history-leaks/
Solving the risk of web user tracking using HTTP Strict Transport Security. HSTS is meant for security, but can be used to invade user privacy. https://sbingler.github.io/hsts-tracking-prevention-spec/draft-bingler-hsts-tracking-prevention.html
European Commission aims to weaken EU data protection/privacy law GDPR really soon. Brace yourself for Olympic Games in lobbying reloaded. Some may want to decrease protections, others to shred it completely. https://www.politico.eu/article/eu-gdpr-privacy-law-europe-president-ursula-von-der-leyen/
Security
17 years of cyberattacks on industrial systems (PLCs). This is going in a very serious direction. Dangerous environment with potential kinetic effects (physical destruction, causing injury). Most attacks (82%) require zero environment knowledge, indicating high feasibility. Impact ranges from limited (data leak) to severe (firmware or logic manipulation). A notable proportion of attacks (47/119) target network components, followed by control logic (25) and I/O (12). https://arxiv.org/pdf/2403.00280
Present-day AI models are unlikely to enable breakthrough capabilities for threat actors. However, as frontier AI becomes more advanced, the types of cyberattacks possible will evolve, requiring ongoing improvements in defense strategies. https://arxiv.org/pdf/2503.11917
Other
The UK has implemented the Foreign Influence Registration Scheme (FIRS). It requires individuals and organisations to register if directed by a foreign power to engage in political influence activities in the UK.
Under the enhanced tier, registration is mandatory when acting on behalf of specified foreign powers or foreign power-controlled organisations to carry out a broader range of "relevant activities", which must also be registered if conducted directly by those organisations.
While Recognised News Publishers are exempt under the political influence tier, this exemption does not apply under the enhanced tier. As such, news publishers, journalists, universities, and other organisations must register if acting under the direction of a specified foreign power or entity.
In the media context, “relevant activities” include:
Conducting or arranging interviews
Publishing news reports
Creating video reports
Engaging in investigative journalism
All when directed by a specified foreign power or its controlled entity.
Currently, the enhanced tier applies to Russia and Iran, and registration can be completed online.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: