Olivia
Online
Cat Easdon
@cat_easdon
Privacy engineering @Dynatrace + research bridging the gap b/t tech and policy. Prev. fellow @VirtualRoutes, @InternetSociety + hacking CPUs. Opinions my own.
Austria
Joined January 2020
1.1K Following
426 Followers
393 Posts
Pinned Tweet
When we were first poking the Brix trying to get Red Unlock in 2019, I didn't even dream that a full reverse-engineering framework would be possible! This was a lot of fun - kudos for all your hard work and the great discussions, @borrello_pietro @marv0x90 @_rolicz @misc0110 🙌
The never-ending crypto wars. It's not key escrow, it's not a backdoor, it's not client side scanning: a magical solution will be developed that can only be used by the good guys. April 1.
Here are the details about the AMD Signature verification vulnerability we worked on, Enjoy!
https://t.co/b9CPWqIEzO
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
It's OSINT time! 👇
Who to follow
Andreas Kogler
@0xhilbert
Security Researcher | Informatics PhD | Alumni @tugraz | Pwnie Award 2022 | BlackHat Speaker | Power Analysis | Fault Attacks | μ-Architectural Attacks
Daniel Moghimi 
@flowyroll
Senior Scientist @Google. Computer and Hardware Security. Tweets are mine and not my employer's. #downfall
Previously: @UCSD @Qualcomm @WPI @TalosSecurity
Gururaj Saileshwar
@gururajS92
Assistant Professor at University of Toronto.
Research in Computer Architecture and Security.
Exited to announce that @bindinghook has partnered with @MunSecConf to launch the AI-Cybersecurity Essay Prize Competition. This effort is intended to open a meaningful debate on the evolving role of Artificial Intelligence in cybersecurity and what it means for Europe’s future.
In Binding Hook’s latest, privacy researcher @Cat_Easdon asks, ‘How can we put into action ethical AI principles that have a societal and political impact within corporate cultures that have no appetite for ‘politics’?’ https://t.co/uqDcUXXMDO
Pardon the interruption while every civil liberties advocate points out that they've warned about this for decades👇
Regularly scheduled programming of officials demanding backdoors & making unrealistic promises of safety will return shortly.
https://t.co/Be0dcZm2XR
Case in point: there's no way to build a backdoor that only the "good guys" can use.
When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.
Join us at ECCRI for the ✨Virtual Research Workshops✨ this fall with a brilliant lineup of speakers tackling how emerging technologies put pressure on the international order and key pillars of democracy, such as human rights and the rule of law! ⚡️📌🗓️
What happens if your CPU gets something wrong? If it wakes up one day and decides 2+2=5?
Well, most of us will never have to worry about that. But if you work at a company the size of Google, you do, which is why this paper on "mercurial cores" is so fascinating.
What the authors report--and supposedly this is common knowledge at the hyperscalers--is that a couple cores per several thousand machines are "mercurial." Due to subtle manufacturing defects or old age, they give wrong answers for certain instructions. These can cause all sorts of impossible-to-diagnose issues. Some rare problems at Google that were traced back to bad CPUs include:
- Mutexes not working, causing application crashes
- Silent data corruption
- Garbage collectors targeting live memory, causing application crashes
- Kernel state corruption causing kernel panics
What makes CPUs go bad? It's very hard to tell. The authors posit that issues are becoming more frequent as CPUs get more complex, but there aren't solid numbers behind that. There are certainly strong relationships between frequency, temperature, voltage, and bad CPU behavior--most mercurial CPUs only cause problems under very specific conditions, but those conditions vary from CPU to CPU. Age is another source of problems, as older CPUs are more likely to exhibit problems.
Bad CPUs are an especially serious problem because they're very hard to detect. If cosmic rays flip bits in storage or on the network, that can be detected through error coding. But there's no analogy for a CPU that allows cheap online verification of its correctness. Instead, the best detection techniques involve monitoring for symptoms. If a core exhibits exceptionally high rates of process crashes or kernel panics relative to its fellows, that's a strong indication something is wrong with it. For the most critical applications, the authors propose triple modular redundancy--redoing each of its computations on three cores and majority-voting a reliable result.
More than anything, this paper is a call to action--letting everyone know that CPUs can fail. So now, if you ever find a bug you can't diagnose, you can blame the CPU! 🙂
This strong analysis by Stoller. “It was as if every night Google could break into the offices of WSJ and take its subscriber list, and then go to its own advertising clients and tell them that it could sell them access to Wall Street Journal readers for much cheaper rates.”
Lots of people have the impression that the EU’s AI regulation is reducing innovation.
Read the details: it does this: in *critical areas* at a societal level where an AI system hallucinating would have major implications.
Law enforcement, employment decisions , border control.
"Data At Work" is a research project from @crackedlabs that dives deep into the use of surveillance and control technology in a variety of workplaces - including workers' own cars and homes:
https://t.co/1lMSkuC1fs
9/
The 3rd 🔶Privacy Threat Modeling Workshop (WPTM) 🔶 will be fully remote and free to attend! 🙌
The program will be a mix of research presentations 🎓, a panel session 💬, updates on the latest developments 💡 in the privacy threat modeling world. And I get to do the keynote 🤩
I want to share some more details about what we found in our investigation into gambling data that are highly relevant to GDPR enforcement and privacy regulation at large.
For example, this is how companies share personal data with each other during a bunch of 'cookie syncs'.
Okay, I'm just going to throw this out there, but maybe - just maybe - a vendor having the ability to change every one of their kernel drivers in the field at the same time without any approval from IT/end users is a model we need to reconsider... @CrowdStrike.
I’m mostly blaming law enforcement access for the existence of this data, but I also suspect that marketing and data sales revenue streams played a role in its insecure storage. Making that business illegal should be a national security priority.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers