<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>security analysis &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/security-analysis/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Fri, 06 Sep 2024 15:16:21 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>YubiKey Side-Channel Attack</title>
		<link>https://noise.getoto.net/2024/09/06/yubikey-side-channel-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 06 Sep 2024 15:16:21 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cloning]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[security tokens]]></category>
		<category><![CDATA[side-channel attacks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69329</guid>

					<description><![CDATA[There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It&#8217;s a complicated attack, requiring the victim&#8217;s username and password, and physical access to their YubiKey&#8212;as well as some technica...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Leaked GitHub Python Token</title>
		<link>https://noise.getoto.net/2024/08/02/leaked-github-python-token/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 02 Aug 2024 11:01:41 +0000</pubDate>
				<category><![CDATA[leaks]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[supply chain]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69214</guid>

					<description><![CDATA[<p>Here’s a disaster that <a href="https://www.techradar.com/pro/security/github-token-leak-could-have-put-the-entire-python-language-at-risk">didn’t happen</a>:</p>
<blockquote><p>Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).</p></blockquote>
<p>JFrog discussed what <a href="https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/">could have happened</a>:</p>
<blockquote><p>The implications of someone finding this leaked token could be extremely severe. The holder of such a token would have had administrator access to all of Python’s, PyPI’s and Python Software Foundation’s repositories, supposedly making it possible to carry out an extremely large scale supply chain attack...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Code Written with AI Assistants Is Less Secure</title>
		<link>https://noise.getoto.net/2024/01/17/code-written-with-ai-assistants-is-less-secure/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 17 Jan 2024 12:14:03 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[artificial intelligence]]></category>
		<category><![CDATA[programming]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68294</guid>

					<description><![CDATA[<p>Interesting research: “<a href="https://arxiv.org/abs/2211.03622">Do Users Write More Insecure Code with AI Assistants?</a>“:</p>
<blockquote><p><b>Abstract:</b> We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants’ language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Microsoft is Soft-Launching Security Copilot</title>
		<link>https://noise.getoto.net/2023/10/25/microsoft-is-soft-launching-security-copilot/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 25 Oct 2023 11:07:23 +0000</pubDate>
				<category><![CDATA[artificial intelligence]]></category>
		<category><![CDATA[computer security]]></category>
		<category><![CDATA[incident response]]></category>
		<category><![CDATA[LLM]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67992</guid>

					<description><![CDATA[Microsoft has announced an early access program for its LLM-based security chatbot assistant: Security Copilot.
I am curious whether this thing is actually useful.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Existential Risk and the Fermi Paradox</title>
		<link>https://noise.getoto.net/2022/12/02/existential-risk-and-the-fermi-paradox/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 02 Dec 2022 20:07:46 +0000</pubDate>
				<category><![CDATA[complexity]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66183</guid>

					<description><![CDATA[<p>We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater.</p>
<p>In <a href="https://www.schneier.com/books/a-hackers-mind/"><i>A Hacker’s Mind</i></a> (coming in February 2023), I write:</p>
<blockquote><p>Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable. The trajectory may appear to be upwards when viewed in hindsight, but from a more granular point of view there are a lot of ups and downs. It’s a “noisy” process.</p>
<p>Technology changes the amplitude of the noise. Those near-term ups and downs are getting more severe. And while that might not affect the long-term trajectories, they drastically affect all of us living in the short term. This is how the twentieth century could—statistically—both be the most peaceful in human history and also contain the most deadly wars...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Museum Security</title>
		<link>https://noise.getoto.net/2022/10/19/museum-security/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 19 Oct 2022 11:16:37 +0000</pubDate>
				<category><![CDATA[interviews]]></category>
		<category><![CDATA[physical security]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65987</guid>

					<description><![CDATA[<p>Interesting <a href="https://www.theatlantic.com/ideas/archive/2022/10/van-gogh-tomato-soup-national-gallery-london/671764/">interview</a>:</p>
<blockquote><p>Banks don’t take millions of dollars and put them in plastic bags and hang them on the wall so everybody can walk right up to them. But we do basically the same thing in museums and hang the assets right out on the wall. So it’s our job, then, to either use technology or develop technology that protects the art, to hire honest guards that are trainable and able to meet the challenge and alert and so forth. And we have to keep them alert because it’s the world’s most boring job. It might be great for you to go to a museum and see it for a day, but they stand in that same gallery year after year, and so they get mental fatigue. And so we have to rotate them around and give them responsibilities that keep them stimulated and keep them fresh...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Securing Your Smartphone</title>
		<link>https://noise.getoto.net/2021/11/15/securing-your-smartphone/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 15 Nov 2021 14:18:15 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Phishing]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[smartphones]]></category>
		<category><![CDATA[threat models]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=64052</guid>

					<description><![CDATA[This is part 3 of Sean Gallagher&#8217;s advice for &#8220;securing your digital life.&#8221;
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Advice for Personal Digital Security</title>
		<link>https://noise.getoto.net/2021/11/11/advice-for-personal-digital-security/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 11 Nov 2021 12:06:11 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[threat models]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63857</guid>

					<description><![CDATA[ArsTechnica&#8217;s Sean Gallagher has a two&#8211;part article on &#8220;securing your digital life.&#8221;
It&#8217;s pretty good.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 34/150 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-10 08:11:13 by W3 Total Cache
-->