Tracked as CVE-2024-23917, the flaw carries a CVSS rating of 9.8
Monthly Archives: February 2024
Google and CSA Singapore Combat Android Fraud With New Pilot
The initiative aim to tackle mobile fraud by auto-blocking apps seeking sensitive permissions
Meta to Introduce Labeling for AI-Generated Images Ahead of US Election
Meta will start working on detecting AI images generated from rival services ahead of the November 2024 US presidential election
Ransomware Payments Hit $1bn All-Time High in 2023
Chainalysis monitoring of blockchain transactions reveals ransomware payments hit a record $1bn in 2023
Teaching LLMs to Be Deceptive
Interesting research: “Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training“:
Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques? To study this question, we construct proof-of-concept examples of deceptive behavior in large language models (LLMs). For example, we train models that write secure code when the prompt states that the year is 2023, but insert exploitable code when the stated year is 2024. We find that such backdoor behavior can be made persistent, so that it is not removed by standard safety training techniques, including supervised fine-tuning, reinforcement learning, and adversarial training (eliciting unsafe behavior and then training to remove it). The backdoor behavior is most persistent in the largest models and in models trained to produce chain-of-thought reasoning about deceiving the training process, with the persistence remaining even when the chain-of-thought is distilled away. Furthermore, rather than removing backdoors, we find that adversarial training can teach models to better recognize their backdoor triggers, effectively hiding the unsafe behavior. Our results suggest that, once a model exhibits deceptive behavior, standard techniques could fail to remove such deception and create a false impression of safety.
Especially note one of the sentences from the abstract: “For example, we train models that write secure code when the prompt states that the year is 2023, but insert exploitable code when the stated year is 2024.”
And this deceptive behavior is hard to detect and remove.
The Covert Art of Steganography
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In cybersecurity, where information is both an asset and a potential target, various techniques are used to secure data and communications. One such covert art is steganography, which hides information within seemingly innocuous files to avoid detection. This article dives into the fascinating world of steganography, its history, techniques, and applications in the digital age.
Understanding steganography
Steganography, derived from the Greek words “steganos” (meaning covered) and “graphy” (meaning writing), is the art of concealing information within other data in a way that is not easily noticeable. Unlike cryptography, which seeks to make information unreadable, steganography aims to hide the existence of the information itself.
Historical roots
Steganography can be traced back to ancient times when people sought secure means of communication. Tattooing messages on shaved heads was one of the earliest recorded uses, allowing messengers to transmit information undetected. Another historical example is using invisible ink to write hidden messages during wartime.
Digital steganography
Steganography has evolved into a sophisticated practice in the digital age, utilizing the vast amounts of data exchanged on the internet. Digital steganography is the process of hiding information within digital media, such as images, audio files, and even executable files. The goal is to render the hidden data invisible to both human observers and automated tools.
Digital steganography techniques
Image steganography: One of the most common forms, image steganography conceals data within image files. This can be achieved by carefully altering the color of pixels or by hiding information in certain parts of the image.
Audio steganography: Concealing data inside audio files involves manipulating the amplitude or frequency of the sound signal. Steganographers can embed information by carefully altering specific audio elements without compromising the overall quality.
Text steganography: This technique involves hiding information within text documents by manipulating the spacing, formatting, or even the choice of words. Invisible characters or whitespace can also be strategically placed to encode a secret message.
Video steganography: Similar to image steganography, this method embeds data within video files. Changes in pixel values or frames can be carefully altered to carry hidden information.
Network steganography: This involves embedding data within network protocols or communication channels. Information can be transmitted undetected by manipulating the timing or frequency of network packets.
Modern applications
Secure communication: Steganography finds applications in secure communication, allowing individuals to exchange sensitive information without attracting unwanted attention. By embedding messages within seemingly harmless files, parties can communicate covertly.
Digital watermarks: Steganography is used for digital watermarking, where information is embedded in multimedia files to authenticate their origin or prove ownership.
Covert channel communication: In cybersecurity, steganography establishes covert channels within networks, enabling discreet communication between entities.
Information hiding in software: Steganography is utilized in software applications to hide license keys or other critical information to protect them from unauthorized access.
Countering steganography
As steganography poses a potential security threat, countermeasures have been developed to detect and prevent its use:
Steganalysis tools: Specialized tools are designed to detect patterns and anomalies in files that may indicate the presence of hidden information.
Statistical analysis: Steganalysis often involves statistical analysis of files, looking for deviations from expected patterns. Changes in file size, color distribution, or audio frequency can be indicators.
Metadata inspection: Examining metadata associated with digital files can reveal inconsistencies that suggest the presence of hidden information.
Checksums and hashing: Using checksums or hashing techniques can help verify the integrity of files. Changes to the hidden information may alter the file’s checksum.
Conclusion
From ancient art to the digital form, steganography is a fascinating combination of creativity and technology, and as it evolves, the techniques used to hide information have become more sophisticated, posing challenges for security experts. Understanding steganography’s history, techniques, and applications is critical for developing practical countermeasures and ensuring communication security. The intricate balance between those who hide information and those who aim to uncover it continues to shape the cybersecurity landscape, making steganography a perpetual and fascinating facet of the digital world.
The Covert Art of Steganography
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In cybersecurity, where information is both an asset and a potential target, various techniques are used to secure data and communications. One such covert art is steganography, which hides information within seemingly innocuous files to avoid detection. This article dives into the fascinating world of steganography, its history, techniques, and applications in the digital age.
Understanding steganography
Steganography, derived from the Greek words “steganos” (meaning covered) and “graphy” (meaning writing), is the art of concealing information within other data in a way that is not easily noticeable. Unlike cryptography, which seeks to make information unreadable, steganography aims to hide the existence of the information itself.
Historical roots
Steganography can be traced back to ancient times when people sought secure means of communication. Tattooing messages on shaved heads was one of the earliest recorded uses, allowing messengers to transmit information undetected. Another historical example is using invisible ink to write hidden messages during wartime.
Digital steganography
Steganography has evolved into a sophisticated practice in the digital age, utilizing the vast amounts of data exchanged on the internet. Digital steganography is the process of hiding information within digital media, such as images, audio files, and even executable files. The goal is to render the hidden data invisible to both human observers and automated tools.
Digital steganography techniques
Image steganography: One of the most common forms, image steganography conceals data within image files. This can be achieved by carefully altering the color of pixels or by hiding information in certain parts of the image.
Audio steganography: Concealing data inside audio files involves manipulating the amplitude or frequency of the sound signal. Steganographers can embed information by carefully altering specific audio elements without compromising the overall quality.
Text steganography: This technique involves hiding information within text documents by manipulating the spacing, formatting, or even the choice of words. Invisible characters or whitespace can also be strategically placed to encode a secret message.
Video steganography: Similar to image steganography, this method embeds data within video files. Changes in pixel values or frames can be carefully altered to carry hidden information.
Network steganography: This involves embedding data within network protocols or communication channels. Information can be transmitted undetected by manipulating the timing or frequency of network packets.
Modern applications
Secure communication: Steganography finds applications in secure communication, allowing individuals to exchange sensitive information without attracting unwanted attention. By embedding messages within seemingly harmless files, parties can communicate covertly.
Digital watermarks: Steganography is used for digital watermarking, where information is embedded in multimedia files to authenticate their origin or prove ownership.
Covert channel communication: In cybersecurity, steganography establishes covert channels within networks, enabling discreet communication between entities.
Information hiding in software: Steganography is utilized in software applications to hide license keys or other critical information to protect them from unauthorized access.
Countering steganography
As steganography poses a potential security threat, countermeasures have been developed to detect and prevent its use:
Steganalysis tools: Specialized tools are designed to detect patterns and anomalies in files that may indicate the presence of hidden information.
Statistical analysis: Steganalysis often involves statistical analysis of files, looking for deviations from expected patterns. Changes in file size, color distribution, or audio frequency can be indicators.
Metadata inspection: Examining metadata associated with digital files can reveal inconsistencies that suggest the presence of hidden information.
Checksums and hashing: Using checksums or hashing techniques can help verify the integrity of files. Changes to the hidden information may alter the file’s checksum.
Conclusion
From ancient art to the digital form, steganography is a fascinating combination of creativity and technology, and as it evolves, the techniques used to hide information have become more sophisticated, posing challenges for security experts. Understanding steganography’s history, techniques, and applications is critical for developing practical countermeasures and ensuring communication security. The intricate balance between those who hide information and those who aim to uncover it continues to shape the cybersecurity landscape, making steganography a perpetual and fascinating facet of the digital world.
expat-2.6.0-1.fc38
FEDORA-2024-8a2c093df5
Packages in this update:
expat-2.6.0-1.fc38
Update description:
Rebase to version 2.6.0
expat-2.6.0-1.fc39
FEDORA-2024-269826c2b3
Packages in this update:
expat-2.6.0-1.fc39
Update description:
Rebase to version 2.6.0
Chinese Spies Hack Dutch Networks With Novel Coathanger Malware
Dutch intelligence services have blamed China for an attack last year targeting FortiGuard devices