USN-6633-1: Bind vulnerabilities

Read Time:58 Second

Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered
that Bind incorrectly handled parsing large DNS messages. A remote attacker
could possibly use this issue to cause Bind to consume resources, leading
to a denial of service. (CVE-2023-4408)

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Bind icorrectly handled validating DNSSEC messages. A remote attacker
could possibly use this issue to cause Bind to consume resources, leading
to a denial of service. (CVE-2023-50387)

It was discovered that Bind incorrectly handled preparing an NSEC3 closest
encloser proof. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2023-50868)

It was discovered that Bind incorrectly handled reverse zone queries when
nxdomain-redirect is enabled. A remote attacker could possibly use this
issue to cause Bind to crash, leading to a denial of service.
(CVE-2023-5517)

It was discovered that Bind incorrectly handled recursive resolution when
both DNS64 and serve-stable were enabled. A remote attacker could possibly
use this issue to cause Bind to crash, leading to a denial of service.
(CVE-2023-5679)

Read More

Love Bytes – How AI is shaping Modern Love

Read Time:6 Minute, 29 Second

AI has made the dating scene. In a big way. Nealy one in four Americans say they’ve spiced up their online dating photos and content with artificial intelligence (AI) tools. Yet that might do more harm than good, as 64% of people also said that they wouldn’t trust a love interest who used AI-generated photos in their profiles.

That’s only two of the findings from this year’s Modern Love research. Our second annual study surveyed 7,000 people in seven countries to discover how AI and the internet are changing love and relationships. And it should come as no surprise that AI has ushered in several hefty changes.

In all, we found that mixing love and AI has its ups and downs. For one, people cite how effective AI is. Almost 7 in 10 people said they got more interest and better responses using AI-generated content than their own. However, people also said they didn’t like receiving AI-coded sentiments. Some 57% said they’d be hurt or offended if they found out their Valentine’s message was written by AI.

The tricky part is this — people still find it tough to spot AI content. Only 24% of people said they were sure they could tell if a message or love letter was written by an AI tool like ChatGPT. Still, 42% said they saw fake profiles or photos on dating sites, apps, and social media in the past year.

Moreover, two-thirds of people said that they’re more concerned about phony AI-created content now than they were a year ago. As further findings from McAfee Labs show, those concerns have their roots in reality.

Lovestruck, or scam-struck? Online daters said it’s tough to tell what’s real and what’s fake

Without question, the rise of powerful AI tools has complicated the online dating landscape. In particular, AI has made it easier for romance scammers to trick people looking for love online. They can ramp up their scams more quickly and with more sophistication than ever before.

In fact, the McAfee Labs team has seen an increase in Valentine’s campaign themes, including malware campaigns, malicious URLs, and a variety of spam and scams. They expect these numbers will continue to rise as February 14 gets closer. Since late January, our Labs team has uncovered that:

Malicious Valentine file-based campaigns rose by 25%.
Malicious Valentine URLs rose by 300%.
Valentine spam (including email scams) rose by 400%.

These findings fall right in line with what online daters told us. Nearly one-third of Americans said that an online love interest turned out to be a scammer. Another 14% said they discovered an interest was an AI-bot and not a real person.

Scammers often go outside the app

What’s at stake in these scams? Money, personal info, and sometimes both.

While many romance scammers make initial contact with their victims on dating websites and apps, they quickly move the conversation elsewhere, such as chat apps like WhatsApp and Telegram. In other cases, they move to texts. This gives scammers an advantage, as many dating platforms have fraud detection measures in place. And it’s here where romance scammers commit theft and fraud.

Large, organized crime operations run many romance scams. Moving the conversation from a dating site or app is often a sign that the victim has been “passed along” to a senior scammer who excels at extracting payments and personal info from victims. People shared the top types of info that scammers tried to tease out of them:

Online dating calls for some modern-day detective work

In a dating pool filled with an increasing number of scams and AI content, online daters find themselves doing some detective work.

Our study found that 38% of people said they used reverse image search on profile pictures of people they’ve met on social media or dating sites. Another 60% of respondents said they often use social media to dig into the background of their potential partners. As a result:

35% said it made their opinion about this person more positive, and 23% said it made their opinion about them more negative.
13% said it made them realize they were being scammed, and 7% said they realized their potential partner had scammed others before.

And rounding out those findings, 11% said they discovered something else entirely — that their potential special person was already in a relationship.

Steps for protecting yourself from online romance and AI scams

Online dating has always called for a bit of caution. Now with AI hitting the dating scene, it calls for a little skepticism, if not a little detective work. That, in combination with the right tools to protect your privacy, identity, and personal info, can mean the difference between a budding relationship or heartbreak — whether that’s financial, emotional, or both. The following steps can help:

Scrutinize any texts, emails, or direct messages you receive from strangers. AI-written messages have a few telltale signs. For example, AI-generated messages might lack a certain substance.
Do a reverse-image search of any profile pictures the person uses. You might find if they’re tied to another name or to details that don’t match up. If that’s what you spot, it’s likely a scam.
Never send money or gifts to someone you haven’t met in person, even if they send you money first. Scammers often send money to soften up their victims and build trust. Likewise, don’t share personal or account info, even if the other person is forthcoming with theirs.
Talk to someone you trust about this new love interest. It can be easy to miss things that don’t add up. So, pay attention to your friends or family when they show signs of concern, and take the relationship slowly.
Invest in tools to help identify online scams. Online protection software like ours can help you spot fakes and scams. Features like McAfee Scam Protection use advanced AI to detect scam links in texts, email, and social media messages before you click. Our Personal Data Cleanup can keep you safer still by removing your personal info from sketchy data broker sites — places where scammers go to harvest useful info on their victims. And if the unfortunate happens, we offer $2 million in identity theft coverage and identity restoration support.​

The ”AI’s” have it. Online dating has changed

The past year has brought plenty of change to online dating. People now use AI to pepper up their dating profiles and pics, compose love notes, or come up with a few lines for the inside of a card. Likewise, scammers have welcomed AI just as warmly. They use it to fuel content and chats that swindle victims looking for love, backed by sophisticated and large-scale operations that run like a business.

Yet today’s online daters still have what it takes to spot a fake. They have several tools and protections available to them, many powered by AI that can help them steer clear of heartbreak, both the financial and emotional kind. That, along with a mix of healthy skepticism and detective work, they can still date online with confidence, even as AI continues to make its way onto the dating scene.

Survey Methodology

The survey was conducted online between January 2024 by Market Research Company, MSI-ACI via email inviting people 18 years and older to complete an online questionnaire. In total 7,000 adults completed the survey from 7 countries included the United States, United Kingdom, France, Germany, Australia, India, and Japan.

 

 

The post Love Bytes – How AI is shaping Modern Love appeared first on McAfee Blog.

Read More

Molly White Reviews Blockchain Book

Read Time:1 Minute, 3 Second

Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own:

In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how “for decades, technologists have dreamed of building a grassroots internet access provider”. He describes one project that “got further than anyone else”: Helium. He’s right, as long as you ignore the fact that Helium was providing LoRaWAN, not Internet, that by the time he was writing his book Helium hotspots had long since passed the phase where they might generate even enough tokens for their operators to merely break even, and that the network was pulling in somewhere around $1,150 in usage fees a month despite the company being valued at $1.2 billion. Oh, and that the company had widely lied to the public about its supposed big-name clients, and that its executives have been accused of hoarding the project’s token to enrich themselves. But hey, a16z sunk millions into Helium (a fact Dixon never mentions), so might as well try to drum up some new interest!

Read More

APIs and automation: The good, the bad, and the better

Read Time:4 Minute, 17 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

APIs are often adopted by businesses as a way to automate certain operational tasks. This not only helps to introduce efficiencies, it also reduces the chance of human error in repetitive, manual actions. But the relationship between APIs and automation doesn’t end there.

To streamline the API management process, developers have started automating a variety of tasks in the API lifecycle, from development to production. In this article, we explore where these automations live, how they impact the development process, and what teams need to look out for.

What is API automation?

API automation is the process of automating a variety of tasks associated with designing, building, deploying, testing, and managing APIs. This automated approach lets developers navigate the API lifecycle by using controlled streamlined processes for repetitive, manual tasks.

This enables greater consistency throughout the lifecycle, and can improve the success and reliability of functions like testing (both in development and production) and security. In addition, introducing automation also enables more efficiency in the process, allowing developers to focus more of their efforts on more strategic tasks.

While not all tasks related to APIs can be automated, there are a variety that lend themselves to it quite nicely. These include:

API documentation: Some tools can automatically generate API documentation based on the code base.
Code generation: Other tools can automatically create code snippets, using API documentation and specifications as inputs.
Versioning: Automated processes can facilitate the management of multiple API versions, ensuring that new changes don’t break anything.
Deployment: Introducing automation into the API deployment process can introduce more consistency and reduce the scope of potential errors.
Monitoring: Perhaps most importantly, automated monitoring can reduce a lot of the burden on teams while also introducing more real-time visibility.

Regardless of which of these steps are automated, it’s important to note that all progress and outcomes need to be monitored regularly to ensure that the parameters around the automation are appropriate. As such, there is still an important human element in the process, but with less of a burden.

API test automation

Perhaps the most common (and useful) task that gets automated in the API lifecycle is testing. In fact, there’s a whole suite of solutions that focus on API test automation, which is defined as using a testing tool to programmatically run API tests at specific intervals. This is particularly important for fast-paced development teams that want to get their products to market quickly.

Primarily, API test automation augments a manual approach to testing and helps teams prevent problematic changes from reaching production. It helps get quality code out the door faster. Other benefits include:

Being able to identify issues as soon as they’re introduced. Testing can be conducted at such a rate that issues are spotted almost in real time. For example, developers can set up their CI/CD pipeline to automatically run API tests after every code push. This way they can get immediate feedback while the code is still in progress.
Saving time and resources. Automated API testing reduces the burden on QA teams, distributing the testing load across the API lifecycle. This shortens feedback loops and equips teams to get their code live faster.
Reducing the risk of human error. Manual testing is prone to human error. API test automation standardizes how tests are executed and increases confidence in the testing process.

API automation and security

Beyond testing, automation also plays an important role in API security. In fact, the right security platform should be able to automatically:

Identify business logic flaws in pre-production.
Identify every new and changed API, as well as the sensitive data they expose. This information is key for security teams looking to reduce the potential vulnerabilities that come from APIs.
Classify data in API calls and responses.
Detect and help eliminate vulnerabilities at the build phase by providing actionable insights.
Create a baseline for normal API behaviour.
Identity security gaps throughout the API lifecycle.
Send developers remediation insights that are identified in runtime.

In other words, an API security solution should be able to collect, store, and analyze hundreds of attributes across millions of users and API calls and leverage artificial intelligence (AI) and machine learning (ML) to automatically correlate them over time. As such, as you build out your API security strategy — and you should have one — opt for security tools that will go the extra mile and automate tasks that would otherwise be complex and time-consuming for your team.

The future of APIs

APIs are becoming increasingly widespread within the business landscape, and rightfully so. They enable core business operations, support automation, and enable the transfer of data between internal and external applications. As APIs simplify many other functions, the development of APIs also needs to be simplified. Automation will continue to become a core feature in the API lifecycle, making APIs much easier to create and manage down the line.

Read More

APIs and automation: The good, the bad, and the better

Read Time:4 Minute, 17 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

APIs are often adopted by businesses as a way to automate certain operational tasks. This not only helps to introduce efficiencies, it also reduces the chance of human error in repetitive, manual actions. But the relationship between APIs and automation doesn’t end there.

To streamline the API management process, developers have started automating a variety of tasks in the API lifecycle, from development to production. In this article, we explore where these automations live, how they impact the development process, and what teams need to look out for.

What is API automation?

API automation is the process of automating a variety of tasks associated with designing, building, deploying, testing, and managing APIs. This automated approach lets developers navigate the API lifecycle by using controlled streamlined processes for repetitive, manual tasks.

This enables greater consistency throughout the lifecycle, and can improve the success and reliability of functions like testing (both in development and production) and security. In addition, introducing automation also enables more efficiency in the process, allowing developers to focus more of their efforts on more strategic tasks.

While not all tasks related to APIs can be automated, there are a variety that lend themselves to it quite nicely. These include:

API documentation: Some tools can automatically generate API documentation based on the code base.
Code generation: Other tools can automatically create code snippets, using API documentation and specifications as inputs.
Versioning: Automated processes can facilitate the management of multiple API versions, ensuring that new changes don’t break anything.
Deployment: Introducing automation into the API deployment process can introduce more consistency and reduce the scope of potential errors.
Monitoring: Perhaps most importantly, automated monitoring can reduce a lot of the burden on teams while also introducing more real-time visibility.

Regardless of which of these steps are automated, it’s important to note that all progress and outcomes need to be monitored regularly to ensure that the parameters around the automation are appropriate. As such, there is still an important human element in the process, but with less of a burden.

API test automation

Perhaps the most common (and useful) task that gets automated in the API lifecycle is testing. In fact, there’s a whole suite of solutions that focus on API test automation, which is defined as using a testing tool to programmatically run API tests at specific intervals. This is particularly important for fast-paced development teams that want to get their products to market quickly.

Primarily, API test automation augments a manual approach to testing and helps teams prevent problematic changes from reaching production. It helps get quality code out the door faster. Other benefits include:

Being able to identify issues as soon as they’re introduced. Testing can be conducted at such a rate that issues are spotted almost in real time. For example, developers can set up their CI/CD pipeline to automatically run API tests after every code push. This way they can get immediate feedback while the code is still in progress.
Saving time and resources. Automated API testing reduces the burden on QA teams, distributing the testing load across the API lifecycle. This shortens feedback loops and equips teams to get their code live faster.
Reducing the risk of human error. Manual testing is prone to human error. API test automation standardizes how tests are executed and increases confidence in the testing process.

API automation and security

Beyond testing, automation also plays an important role in API security. In fact, the right security platform should be able to automatically:

Identify business logic flaws in pre-production.
Identify every new and changed API, as well as the sensitive data they expose. This information is key for security teams looking to reduce the potential vulnerabilities that come from APIs.
Classify data in API calls and responses.
Detect and help eliminate vulnerabilities at the build phase by providing actionable insights.
Create a baseline for normal API behaviour.
Identity security gaps throughout the API lifecycle.
Send developers remediation insights that are identified in runtime.

In other words, an API security solution should be able to collect, store, and analyze hundreds of attributes across millions of users and API calls and leverage artificial intelligence (AI) and machine learning (ML) to automatically correlate them over time. As such, as you build out your API security strategy — and you should have one — opt for security tools that will go the extra mile and automate tasks that would otherwise be complex and time-consuming for your team.

The future of APIs

APIs are becoming increasingly widespread within the business landscape, and rightfully so. They enable core business operations, support automation, and enable the transfer of data between internal and external applications. As APIs simplify many other functions, the development of APIs also needs to be simplified. Automation will continue to become a core feature in the API lifecycle, making APIs much easier to create and manage down the line.

Read More

USN-6632-1: OpenSSL vulnerabilities

Read Time:21 Second

David Benjamin discovered that OpenSSL incorrectly handled excessively long
X9.42 DH keys. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, leading to a denial of service.
(CVE-2023-5678)

Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)

Read More