Lifeboat Foundation

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users’ private keys.

The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong, who reported the issues to Threema on October 3, 2022. The weaknesses have since been addressed as part of updates released by the company on November 29, 2022.

Threema is an encrypted messaging app that’s used by more than 11 million users as of October 2022. “Security and privacy are deeply ingrained in Threema’s DNA,” the company claims on its website.

In December, reports suggested that Microsoft had acquired Fungible, a startup fabricating a type of data center hardware known as a data processing unit (DPU), for around $190 million. Today, Microsoft confirmed the acquisition but not the purchase price, saying that it plans to use Fungible’s tech and team to deliver “multiple DPU solutions, network innovation and hardware systems advancements.”

“Fungible’s technologies help enable high-performance, scalable, disaggregated, scaled-out data center infrastructure with reliability and security,” Girish Bablani, the CVP of Microsoft’s Azure Core division, wrote in a blog post. “Today’s announcement further signals Microsoft’s commitment to long-term differentiated investments in our data center infrastructure, which enhances our broad range of technologies and offerings including offloading, improving latency, increasing data center server density, optimizing energy efficiency and reducing costs.”

A DPU is a dedicated piece of hardware designed to handle certain data processing tasks, including security and network routing for data traffic. The approach is intended to help reduce the load on CPUs and GPUs for core computing tasks related to a given workload.

Check out all the on-demand sessions from the Intelligent Security Summit here.

The faster attackers can gain control over human or machine identities during a breach attempt, the easier it becomes to infiltrate core enterprise systems and take control. Attackers, cybercriminal gangs and advanced persistent threat (APT) groups share the goal of quickly seizing control of identity access management (IAM) systems.

Impersonating identities is how attackers move laterally across networks, undetected for months. IAM systems — in particular, older perimeter-based ones not protected with zero-trust security — are often the first or primary target.

Check out all the on-demand sessions from the Intelligent Security Summit here.

At their best, AI systems extend and augment the work we do, helping us to realize our goals. At their worst, they undermine them. We’ve all heard of high-profile instances of AI bias, like Amazon’s machine learning (ML) recruitment engine that discriminated against women or the racist results from Google Vision. These cases don’t just harm individuals; they work against their creators’ original intentions. Quite rightly, these examples attracted public outcry and, as a result, shaped perceptions of AI bias into something that is categorically bad and that we need to eliminate.

While most people agree on the need to build high-trust, fair AI systems, taking all bias out of AI is unrealistic. In fact, as the new wave of ML models go beyond the deterministic, they’re actively being designed with some level of subjectivity built in. Today’s most sophisticated systems are synthesizing inputs, contextualizing content and interpreting results. Rather than trying to eliminate bias entirely, organizations should seek to understand and measure subjectivity better.

Artificial Intelligence is the buzzword of the year with many big giants in almost every industry trying to explore this cutting-edge technology. Right from self-checkout cash registers to AI-based applications to analyse large data in real-time to advanced security check-ins at the airport, AI is just about everywhere.

Currently, the logistics industry is bloated with a number of challenges related to cost, efficiency, security, bureaucracy, and reliability. So, according to the experts, new age technologies like AI, machine learning, the blockchain, and big data are the only fix for the logistics sector which can improve the supply chain ecosystem right from purchase to internal exchanges like storage, auditing, and delivery.

AI is an underlying technology which can enhance the supplier selection, boost supplier relationship management, and more. When combined with big data analytics AI also helps in analysing the supplier related data such as on-time delivery performance, credit scoring, audits, evaluations etc. This helps in making valuable decisions based on actionable real-time insights.

Check out all the on-demand sessions from the Intelligent Security Summit here.

Over the last half-decade, quantum computing has attracted tremendous media attention. Why?

After all, we have computers already, which have been around since the 1940s. Is the interest because of the use cases? Better AI? Faster and more accurate pricing for financial services firms and hedge funds? Better medicines once quantum computers get a thousand times bigger?

Check out all the on-demand sessions from the Intelligent Security Summit here.

The metaverse is becoming one of the hottest topics not only in technology but in the social and economic spheres. Tech giants and startups alike are already working on creating services for this new digital reality.

The metaverse is slowly evolving into a mainstream virtual world where you can work, learn, shop, be entertained and interact with others in ways never before possible. Gartner recently listed the metaverse as one of the top strategic technology trends for 2023, and predicts that by 2026, 25% of the population will spend at least one hour a day there for work, shopping, education, social activities and/or entertainment. That means organizations that use the metaverse effectively will be able to engage with both human and machine customers and create new revenue streams and markets.

While it is still unclear how cryptocurrencies will alter in value and where we will be in 2023 — one thing is clear, they are undoubtedly here to stay.

As 2022 draws to a close, the cryptocurrency market is under great scrutiny. From the crypto winter of 2021 that saw Bitcoin lose almost a third of its value and other cryptocurrencies follow suit to security issues with crypto exchanges, bridges, and web 3.0 apps, and of course, FTX’s dramatic failure, it’s almost impossible to disbelieve tales of gloom. However, looking at the forecasts for 2023, it appears the market may rebound, and now may even be an ideal moment to invest.

Continue reading “Why blockchain will remain a big deal in 2023 and beyond” »

A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest.

“Code-generating systems are currently not a replacement for human developers,” Neil Perry, a PhD candidate at Stanford and the lead co-author on the study, told TechCrunch in an email interview. “Developers using them to complete tasks outside of their own areas of expertise should be concerned, and those using them to speed up tasks that they are already skilled at should carefully double-check the outputs and the context that they are used in in the overall project.”

The Stanford study looked specifically at Codex, the AI code-generating system developed by San Francisco-based research lab OpenAI. (Codex powers Copilot.) The researchers recruited 47 developers — ranging from undergraduate students to industry professionals with decades of programming experience — to use Codex to complete security-related problems across programming languages including Python, JavaScript and C.