| |||||||
| |||||||
Want to sponsor my next edition and reach over 1,000 cybersecurity professionals? | |||||||
| |||||||
EU Government Hits Pause on Proposed CSAM Scanning Legislation | |||||||
The European Union Council has cancelled a planned vote on draft legislation that would require end-to-end encrypted messaging apps to scan messages for CSAM prior to encryption. Whilst it’s something that seems like a good idea on the surface, many digital rights activists have rightly raised concerns about the wider privacy implications. Most proposals suggest either running messages content through a fuzzy-hashing algorithm or feeding them into AI. In both cases, app providers would be required to add extra handling of unencrypted messages. The key issue at play is that such a system would need to be opaque by design, which leaves little room for any controls enforcing that it only be used for its intended purpose. Although the legislation proposes limiting scanning to only images, videos, or URLs, the potential is still ripe for abuse. One often proposed privacy-friendly solution is that no data leaves the user’s device. Instead, message content would be hashed and scanned locally against a constantly updating database of known hashes, similar to how an antivirus works. Content that matches signatures for known CSAM would then be uploaded for further analysis, or reported to authorities. However, it would be entirely possible for a sufficiently motivated government to add hashes for essentially anything they want, weaponizing the system for generic surveillance. | |||||||
| |||||||
| |||||||
Security Company Loots $3 Million From Crypto Exchange Bank Account | |||||||
During a bug bounty attempt, Web3 security firm CertiK found a vulnerability on the Kraken crypto exchange platform. The flaw enabled them to add arbitrary amounts to their account balance, seemingly out of thin air. Whilst demonstrating the vulnerability would have been enough to make their point, CertiK went a step further (actually several miles), by adding over $3m to their account balance, then withdrawing the money from the exchange. CertiK’s stated justification is that they wanted to test whether the platform would actually let them withdraw money that doesn’t exist, and chose such a large amount to test if the company’s internal security controls would catch such a large fraudulent withdrawal. Whilst I agree that both tests are incredibly important, and it’s embarrassing that Kraken failed at every level, this would be the sort of thing you’d expect to see from a contracted pentest, not a random external company operating under a bug bounty policy. Whether or not CertiK’s actions were legal or not, it’s a lot of money to be liable for should the transfer go wrong (or some pesky Lazarus hackers steal your not so hard earned winnings before you get a chance to return them). Ironically, Kraken’s bug bounty terms of service seems to use generic boilerplate language which makes no mention of customer or exchange funds, nor explicitly puts withdrawing them out of scope. Whilst it’s common sense that looting the company bank account is highly unethical, and not an acceptable part of bug bounty, Kraken’s policy doesn’t exactly say that you can’t. | |||||||
| |||||||
| |||||||
| |||||||
Vulnerability Watch | |||||||
| |||||||
| |||||||
| |||||||
| |||||||
White House bans Kaspersky, major ransomware attack disrupts hospitals, and more – MalwareTech (2024)
Table of Contents
Want to sponsor my next edition and reach over 1,000 cybersecurity professionals?
Vulnerability Watch
Top Articles
Breaking down the Broncos’ initial 2021 53-man roster
2023 Denver Broncos Roster | The Football Database
Netr Aerial Viewer
Washu Parking
Main Moon Ilion Menu
Toyota Campers For Sale Craigslist
From Algeria to Uzbekistan-These Are the Top Baby Names Around the World
Otterbrook Goldens
Displays settings on Mac
Weapons Storehouse Nyt Crossword
B67 Bus Time
FIX: Spacebar, Enter, or Backspace Not Working
Nioh 2: Divine Gear [Hands-on Experience]
Calmspirits Clapper
Nene25 Sports
Bad Moms 123Movies
How do I get into solitude sewers Restoring Order? - Gamers Wiki
Itziar Atienza Bikini
Amazing deals for DKoldies on Goodshop!
My Homework Lesson 11 Volume Of Composite Figures Answer Key
St. Petersburg, FL - Bombay. Meet Malia a Pet for Adoption - AdoptaPet.com
Full Standard Operating Guideline Manual | Springfield, MO
Craigslist Org Appleton Wi
Dewalt vs Milwaukee: Comparing Top Power Tool Brands - EXTOL
Elite Dangerous How To Scan Nav Beacon
Finding Safety Data Sheets
From This Corner - Chief Glen Brock: A Shawnee Thinker
Unreasonable Zen Riddle Crossword
Angel Haynes Dropbox
Wbap Iheart
Earthy Fuel Crossword
Flaky Fish Meat Rdr2
Everything You Need to Know About NLE Choppa
Car Crash On 5 Freeway Today
Waffle House Gift Card Cvs
Regis Sectional Havertys
Poe Flameblast
Insideaveritt/Myportal
Riverton Wyoming Craigslist
The Angel Next Door Spoils Me Rotten Gogoanime
Ucsc Sip 2023 College Confidential
Killer Intelligence Center Download
Learn4Good Job Posting
Pas Bcbs Prefix
Best Restaurant In Glendale Az
Blog Pch
The Goshen News Obituary
Festival Gas Rewards Log In
Kobe Express Bayside Lakes Photos
Dumb Money Showtimes Near Regal Stonecrest At Piper Glen
Latest Posts
95.9 KISS-FM announces date for Katie Schurk and Nick Vitrano's return to air with Otis Day
Broncos release initial unofficial 2024 depth chart
Article information
Author: Nicola Considine CPA
Last Updated:
Views: 5843
Rating: 4.9 / 5 (69 voted)
Reviews: 84% of readers found this page helpful
Author information
Name: Nicola Considine CPA
Birthday: 1993-02-26
Address: 3809 Clinton Inlet, East Aleisha, UT 46318-2392
Phone: +2681424145499
Job: Government Technician
Hobby: Calligraphy, Lego building, Worldbuilding, Shooting, Bird watching, Shopping, Cooking
Introduction: My name is Nicola Considine CPA, I am a determined, witty, powerful, brainy, open, smiling, proud person who loves writing and wants to share my knowledge and understanding with you.