All prompts, completions, findings, and communications are covered by NDA
大多数人认为安全漏洞信息应公开以促进集体防御,但OpenAI要求所有发现都受保密协议保护,这与开源安全理念相悖,表明他们认为生物安全领域的特殊性质需要不同于传统网络安全的信息控制。
11 Matching Annotations
- Apr 2026
-
-
-
-
Out of 28 paid and 400 free routers: > 9 injected malicious code into tool calls > 17 touched researcher-owned AWS credentials > 1 drained $500k from an Ethereum wallet
大多数人认为付费API路由器比免费路由器更安全,但作者的研究表明即使是付费路由器也存在严重安全风险,因为无论付费与否,这些中间服务都有能力访问和操纵所有数据。这挑战了人们对'付费等于安全'的普遍认知。
-
- Jan 2021
-
www.npmjs.com www.npmjs.com
-
Think first: why do you want to use it in the browser? Remember, servers must never trust browsers. You can't sanitize HTML for saving on the server anywhere else but on the server.
-
- Nov 2020
-
opensource.com opensource.com
-
Now let me get back to your question. The FBI presents its conflict with Apple over locked phones as a case as of privacy versus security. Yes, smartphones carry a lot of personal data—photos, texts, email, and the like. But they also carry business and account information; keeping that secure is really important. The problem is that if you make it easier for law enforcement to access a locked device, you also make it easier for a bad actor—a criminal, a hacker, a determined nation-state—to do so as well. And that's why this is a security vs. security issue.
The debate should not be framed as privacy-vs-security because when you make it easier for law enforcement to access a locked device, you also make it easier for bad actors to do so as well. Thus it is a security-vs-security issue.
-
- Jun 2020
-
www.forbes.com www.forbes.com
-
EFF describes this as “a major threat,” warning that “the privacy and security of all users will suffer if U.S. law enforcement achieves its dream of breaking encryption.”
-
Once the platforms introduce backdoors, those arguing against such a move say, bad guys will inevitably steal the keys. Lawmakers have been clever. No mention of backdoors at all in the proposed legislation or the need to break encryption. If you transmit illegal or dangerous content, they argue, you will be held responsible. You decide how to do that. Clearly there are no options to some form of backdoor.
-
While this debate has been raging for a year, the current “EARN-IT’ bill working its way through the U.S. legislative process is the biggest test yet for the survival of end-to-end encryption in its current form. In short, this would enforce best practices on the industry to “prevent, reduce and respond to” illicit material. There is no way they can do that without breaking their own encryption. QED.
-
Governments led by the U.S., U.K. and Australia are battling the industry to open up “warrant-proof” encryption to law enforcement agencies. The industry argues this will weaken security for all users around the world. The debate has polarized opinion and is intensifying.
-
-
www.forbes.com www.forbes.com
-
Such is the security of this architecture, that it has prompted law enforcement agencies around the world to complain that they now cannot access a user’s messages, even with a warrant. There is no backdoor—the only option is to compromise one of the endpoints and access messages in their decrypted state.
-
- May 2020
-
2020.kent.wordcamp.org 2020.kent.wordcamp.org
-
Certified Ethical Hacker
-
- Dec 2019
-
unix.stackexchange.com unix.stackexchange.com
-
Now using sudo to work around the root account is not only pointless, it's also dangerous: at first glance rsyncuser looks like an ordinary unprivileged account. But as I've already explained, it would be very easy for an attacker to gain full root access if he had already gained rsyncuser access. So essentially, you now have an additional root account that doesn't look like a root account at all, which is not a good thing.
-