- Oct 2024
-
ieeexplore.ieee.org ieeexplore.ieee.org
-
Attackers can leverage ChatGPT’s ability to learn patterns in regular communications to craft highly convincing and personalized phishing emails, effectively imitating legitimate communication from trusted entities.
Create personalized phishing scam tactics from ChatGPT
-
ChatGPT’s ability to understand context, impressive fluency, and mimic human-like text generation could be leveraged by malicious actors.
ChatGPT is an adaptive AI Tool but could be easily used be manipulated by others for malicious purposes
-
In the context of ChatGPT, using reverse psychology can entail phrasing your questions or statements in a way that indirectly prompts the AI to generate the desired response.
A method of bypassing ChatGPT
-
Using this method, you attempt to override the base data and settings the developers have imbued into ChatGPT.
Jailbreaking method
-
jailbreaking” originated in the realm of technology, where it referred to bypassing restrictions on electronic devices to gain greater control over software and hardware
Jailbreaking ChatGPT to gain greater control
-
there are ways to bypass the restrictions imposed on these models using jailbreaking, reverse psychology and other techniques,
Techniques used to bypass GenAI safeguards put in to prevent these attacks
-
Attackers use the generative power of GenAI tools to create a convincing social engineering attack, phishing attack, attack payload, and different kinds of malicious code snippets that can be compiled into an executable malware file [19], [20].
Ways GenAI could use to incite a cyberattack
-
the use of GenAI against cybersecurity and its risks of misuse can not be undermined
Threats of GenAI need to be taken seriously
-
GenAI tools in developing cyber attacks, and explore the scenarios where ChatGPT can be used by adversaries to create social engineering attacks, phishing attacks, automated hacking, attack payload generation, malware creation, and polymorphic malware
Perspective of the attacking side of GenAI
Tags
Annotators
URL
-
- May 2024
-
-
It is not helpful to use the term "terrorism" in a war when the White House only ever applies it to one side. Better to remind both Hamas and the Israeli government that humanitarian law makes it a war crime to target or indiscriminately fire on civilians.
Kenneth Roth October 7, 2023 tweet
-
-
Local file Local file
-
Equivocation and Omission remain as the only optionsfor an attack on CRDT layer
-
- Oct 2023
-
theconversation.com theconversation.com
-
In short, Netanyahu is here to stay, and so is Hamas, and it is very difficult to find reasons for optimism.
-
for: Hamas 2023 attack on Israel
-
comment
- there is no CONVENTIONAL solution, which opens the door for alternative solutions
-
-
In short, the combination of blind intelligence, due to the vision of the country’s leaders, and the absence of troops around the Strip allowed this assault to take place with the human toll that we know.
- for: Hamas 2023 attack on Israel - reason for failure
-
In short, the intelligence services fell asleep, but to a large extent this can be explained by the government’s stance – and it should be added that for months now the prime minister has been concentrating almost exclusively on his fight to take control of the Supreme Court, which was an absolute priority for him – at least until 7 October.
- for: priorities - Hamas 2023 attack on Israel
-
Obviously, recently, it no longer had any sources within Hamas. Its blindness is no less astonishing. For example, journalists had reported in recent months that many Hamas militants regularly went out to train on motorbikes, and even learned to fly light aircraft; and yet the Israeli services saw nothing of it. This is a major flaw for which they will have to answer one day.
- for: confirmation bias, confirmation bias - hamas attack on Israel
-
-
www.mixcloud.com www.mixcloud.com
- Jun 2023
-
docdrop.org docdrop.orgUntitled1
-
www.bbc.co.uk www.bbc.co.uk
- May 2023
-
www.youtube.com www.youtube.com
-
www.podomatic.com www.podomatic.com
-
www.youtube.com www.youtube.com
- Apr 2023
-
subterraneanseries.bandcamp.com subterraneanseries.bandcamp.com
-
www.mixcloud.com www.mixcloud.com
-
soundcloud.com soundcloud.com
- Mar 2023
-
www.youtube.com www.youtube.com
- Jan 2023
- Aug 2022
-
www.theguardian.com www.theguardian.com
-
Johnson, S. (2021, June 7). Spat at, abused, attacked: Healthcare staff face rising violence during Covid. The Guardian. http://www.theguardian.com/global-development/2021/jun/07/spat-at-abused-attacked-healthcare-staff-face-rising-violence-during-covid
Tags
- variant
- violence
- attack
- fragile health system
- is:news
- government
- vaccine
- scarcity
- misinformation
- COVID-19
- healthcare
- lang:en
- staff
Annotators
URL
-
-
assets.publishing.service.gov.uk assets.publishing.service.gov.uk
-
SARS-CoV-2 variants of concern and variants under investigation. (2021). 45.
-
-
www.oauth.com www.oauth.com
-
In a clickjacking attack, the attacker creates a malicious website in which it loads the authorization server URL in a transparent iframe above the attacker’s web page. The attacker’s web page is stacked below the iframe, and has some innocuous-looking buttons or links, placed very carefully to be directly under the authorization server’s confirmation button. When the user clicks the misleading visible button, they are actually clicking the invisible button on the authorization page, thereby granting access to the attacker’s application. This allows the attacker to trick the user into granting access without their knowledge.
Maybe browsers should prevent transparent iframes?! Most people would never suspect this is even possible.
-
-
Local file Local file
-
ANALYSIS OF ATTACK EVENTS
-
Flash loan is a type of unsecured lending that relies on the atomicity of blockchain transactions at the point of execution and adds dynamism to DeFi
-
Reentry attack " the DAO"
-
Arithmetic bug
-
-
-
medium.com medium.com
-
‘Attack DAO
coalition of MKR, Dai and CDP holders.
-
These attacks affect both the current single-collateral Dai (SCD or ‘Sai’) and the upcoming multi-collateral Dai (MCD) implementations, as well as similar systems with on-chain governance.
51% is not neccesary to manipulate governance to steal the system's collateral.
-
- Jun 2022
-
- May 2022
-
www.youtube.com www.youtube.com
- Apr 2022
-
twitter.com twitter.com
-
Health Nerd. (2021, March 28). Recently, Professor John Ioannidis, most famous for his meta-science and more recently COVID-19 work, published this article in the European Journal of Clinical Investigation It included, among other things, a lengthy personal attack on me Some thoughts 1/n https://t.co/JGfUrpJXh2 [Tweet]. @GidMK. https://twitter.com/GidMK/status/1376304539897237508
-
-
twitter.com twitter.com
-
Prof. Christina Pagel. (2021, May 23). LONG THREAD on B.1.617.2 & latest PHE data covering: 1) latest tech report on B.1.617.2 (aka ‘India’ variant) 2) vaccine efficacy against B.1.617.2 3) consequences for roadmap 4) avoidability... Or not. [Tweet]. @chrischirp. https://twitter.com/chrischirp/status/1396574267349872644
-
-
twitter.com twitter.com
-
John Roberts. (2022, January 28). Some (very) early evidence that secondary attack rates of BA.2 are higher in household settings than those of its older sibling. From the latest Variant TB 35. Https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1050999/Technical-Briefing-35-28January2022.pdf 1/ https://t.co/AFTril1jF1 [Tweet]. @john_actuary. https://twitter.com/john_actuary/status/1487086733149749251
-
- Feb 2022
-
www.cs.sfu.ca www.cs.sfu.ca
-
The techniques we have outlined—randomization, stack protection, and lim-iting which portions of memory can hold executable code—are three of the mostcommon mechanisms used to minimize the vulnerability of programs to bufferoverflow attacks
有什么技术可以保护程序免收攻击?
-
-
psyarxiv.com psyarxiv.com
-
Akanbi, U. (2022). Impact of Covid-19 on cyber Security. PsyArXiv. https://doi.org/10.31234/osf.io/ktr4y
-
- Dec 2021
-
www.nature.com www.nature.com
-
Hotez, P. (2021). COVID vaccines: Time to confront anti-vax aggression. Nature, 592(7856), 661–661. https://doi.org/10.1038/d41586-021-01084-x
-
- Jul 2021
-
www.frontiersin.org www.frontiersin.org
-
Antonova, Elena, Karoly Schlosser, Rakesh Pandey, and Veena Kumari. “Coping With COVID-19: Mindfulness-Based Approaches for Mitigating Mental Health Crisis.” Frontiers in Psychiatry 12 (2021). https://doi.org/10.3389/fpsyt.2021.563417.
-
- Jun 2021
-
koblik-arths.com koblik-arths.com
-
paint, chairs, food, electric and neon lights, smoke, water, old socks, a dog,movies, a thousand other things that will be discovered by the present generation of artists.
I used to watch a TV show called "Art Attack" when I was a child, which is also my initiation of art. I remember he created a huge artwork made up of used clothes, trash, and some garbage bags. That was also the first time that I know the form of art can be various and diverse. Have you watched this TV show before?
-
-
www.theguardian.com www.theguardian.com
-
the Guardian. “‘They Stormed the ICU and Beat the Doctor’: Health Workers under Attack,” June 7, 2021. http://www.theguardian.com/global-development/2021/jun/07/they-stormed-the-icu-and-beat-the-doctor-health-workers-under-attack.
-
- Apr 2021
-
psyarxiv.com psyarxiv.com
-
Vartanova, I., Eriksson, K., Kirgil, Z. M., & Strimling, P. (2021, April 26). The advent of the COVID-19 epidemic did not affect Americans’ endorsement of moral foundations. https://doi.org/10.31234/osf.io/957zk
-
- Mar 2021
-
science.sciencemag.org science.sciencemag.org
-
Topol, Eric J. ‘COVID-19 Can Affect the Heart’. Science 370, no. 6515 (23 October 2020): 408–9. https://doi.org/10.1126/science.abe2813.
-
-
twitter.com twitter.com
-
Deepti Gurdasani. (2021, February 27). The campaign against @DrZoeHyde that has involved several scientists targeting her with personal attacks, and trying to misrepresent her is deeply disappointing. She has been referred to as ‘evil’, ‘idiotic’, ‘sadistic’, and a’sociopath’. A few thoughts on these attacks. [Tweet]. @dgurdasani1. https://twitter.com/dgurdasani1/status/1365641557404229638
-
- Feb 2021
-
twitter.com twitter.com
-
Dr. Tara C. Smith. (2021, January 23). A reminder: Especially among the elderly, some individuals will die shortly after receipt of the vaccine. What we need to understand is the background rate of such deaths. Are they higher then in the vaccinated population? We didn’t see that in the trials. Some data from @RtAVM. https://t.co/LJe9k1WJQC [Tweet]. @aetiology. https://twitter.com/aetiology/status/1352810672359428097
-
-
www.washingtonpost.com www.washingtonpost.com
-
All it costs is $175 a year for your Shadow Stats subscription—and, of course, any credibility you had left.
Rhetoric - Government attack - Spin
-
- Oct 2020
-
disqus.com disqus.com
-
Could you please explain why it is a vulnerability for an attacker to know the user names on a system? Currently External Identity Providers are wildly popular, meaning that user names are personal emails.My amazon account is my email address, my Azure account is my email address and both sites manage highly valuable information that could take a whole company out of business... and yet, they show no concern on hiding user names...
Good question: Why do the big players like Azure not seem to worry? Microsoft, Amazon, Google, etc. too probably. In fact, any email provider. So once someone knows your email address, you are (more) vulnerable to someone trying to hack your account. Makes me wonder if the severity of this problem is overrated.
Irony: He (using his full real name) posts:
- Information about which account ("my Azure account is my email address"), and
- How high-value of a target he would be ("both sites manage highly valuable information that could take a whole company out of business...")
thus making himself more of a target. (I hope he does not get targetted though.)
-
Another thing you can do is to add pain to the second part of it. Attackers want the list of valid usernames, so they can then try to guess or brute force the password. You can put protections in place with that as well, whether they are lockouts or multi-factor authentication, so even if they have a valid username, it's much harder to gain access.
-
That is certainly a good use-case. One thing you can do is to require something other than a user-chosen string as a username, something like an email address, which should be unique. Another thing you could do, and I admit this is not user-friendly at all, to let them sign up with that user name, but send the user an email letting them know that the username is already used. It still indicates a valid username, but adds a lot of overhead to the process of enumeration.
-
-
blog.rapid7.com blog.rapid7.com
-
How would you remediate this? One way could be to have the application pad the responses with a random amount of time, throwing off the noticeable difference.
-
Sometimes, user enumeration is not as simple as a server responding with text on the screen. It can also be based on how long it takes a server to respond. A server may take one amount of time to respond for a valid username and a very different (usually longer) amount of time for an invalid username.
-
-
medium.com medium.com
-
This is a very dangerous practice as each optimization means making assumptions. If you are compressing an image you make an assumption that some payload can be cut out without seriously affecting the quality, if you are adding a cache to your backend you assume that the API will return same results. A correct assumption allows you to spare resources. A false assumption introduces a bug in your app. That’s why optimizations should be done consciously.
-
-
-
but the advantage is the "functional style" with its strict separation of scopes = less attack surface for bugs
-
- Sep 2020
-
www.nature.com www.nature.com
-
Clements, J. C. (2020). Don’t be a prig in peer review. Nature. https://doi.org/10.1038/d41586-020-02512-0
-
- Jun 2020
-
onlinelibrary.wiley.com onlinelibrary.wiley.com
-
Jolley, D., & Paterson, J. L. (n.d.). Pylons ablaze: Examining the role of 5G COVID-19 conspiracy beliefs and support for violence. British Journal of Social Psychology, n/a(n/a). https://doi.org/10.1111/bjso.12394
-
-
www.theguardian.com www.theguardian.com
-
Phillips, G. (2020, May 28). How the free press worldwide is under threat. The Guardian. https://www.theguardian.com/media/2020/may/28/how-the-free-press-worldwide-is-under-threat
-
-
www.theguardian.com www.theguardian.com
-
Ward, B. (2020, May 6). It’s not just Neil Ferguson – scientists are being attacked for telling the truth | Bob Ward. The Guardian. https://www.theguardian.com/commentisfree/2020/may/06/neil-ferguson-scientists-media-government-adviser-social-distancing
-
-
jamanetwork.com jamanetwork.com
-
Cheng, H.-Y., Jian, S.-W., Liu, D.-P., Ng, T.-C., Huang, W.-T., Lin, H.-H., & for the Taiwan COVID-19 Outbreak Investigation Team. (2020). Contact Tracing Assessment of COVID-19 Transmission Dynamics in Taiwan and Risk at Different Exposure Periods Before and After Symptom Onset. JAMA Internal Medicine. https://doi.org/10.1001/jamainternmed.2020.2020
-
-
www.forbes.com www.forbes.com
-
The answer, of course, is end-to-end encryption. The way this works is to remove any “man-in-the-middle” vulnerabilities by encrypting messages from endpoint to endpoint, with only the sender and recipient holding the decryption key. This level of messaging security was pushed into the mass-market by WhatsApp, and has now become a standard feature of every other decent platform.
-
The issue, though—and it’s a big one, is that the SMS infrastructure is inherently insecure, lending itself to so-called “man-in-the-middle attacks.” Messages run through network data centres, everything can be seen—security is basic at best, and you are vulnerable to local carrier interception when travelling.
-
-
-
When you make a call using Signal, it will generate a two-word secret code on both the profiles. You will speak the first word and the recipient will check it. Then he will speak the second word and you can check it on your end. If both the words match, the call has not been intercepted and connected to the correct profile
-
- May 2020
-
www.thelancet.com www.thelancet.com
-
Rybniker, J., & Fätkenheuer, G. (2020). Importance of precise data on SARS-CoV-2 transmission dynamics control. The Lancet Infectious Diseases, S1473309920303595. https://doi.org/10.1016/S1473-3099(20)30359-5
-
-
www.thelancet.com www.thelancet.com
-
Liu, Y., Eggo, R. M., & Kucharski, A. J. (2020). Secondary attack rate and superspreading events for SARS-CoV-2. The Lancet, 395(10227), e47. https://doi.org/10.1016/S0140-6736(20)30462-1
-
-
www.cdc.gov www.cdc.gov
-
Hamner L, Dubbel P, Capron I, et al. High SARS-CoV-2 Attack Rate Following Exposure at a Choir Practice — Skagit County, Washington, March 2020. MMWR Morb Mortal Wkly Rep 2020;69:606–610. DOI: http://dx.doi.org/10.15585/mmwr.mm6919e6external icon
-
-
www.cdc.gov www.cdc.gov
-
Ghinai, I., Woods, S., Ritger, K. A., McPherson, T. D., Black, S. R., Sparrow, L., Fricchione, M. J., Kerins, J. L., Pacilli, M., Ruestow, P. S., Arwady, M. A., Beavers, S. F., Payne, D. C., Kirking, H. L., & Layden, J. E. (2020). Community Transmission of SARS-CoV-2 at Two Family Gatherings—Chicago, Illinois, February–March 2020. MMWR. Morbidity and Mortality Weekly Report, 69(15), 446–450. https://doi.org/10.15585/mmwr.mm6915e1
-
-
academic.oup.com academic.oup.com
-
Li, W., Zhang, B., Lu, J., Liu, S., Chang, Z., Cao, P., Liu, X., Zhang, P., Ling, Y., Tao, K., & Chen, J. (2020). The characteristics of household transmission of COVID-19. Clinical Infectious Diseases, ciaa450. https://doi.org/10.1093/cid/ciaa450
-
-
-
Jing, Q.-L., Liu, M.-J., Yuan, J., Zhang, Z.-B., Zhang, A.-R., Dean, N. E., Luo, L., Ma, M.-M., Longini, I., Kenah, E., Lu, Y., Ma, Y., Jalali, N., Fang, L.-Q., Yang, Z.-C., & Yang, Y. (2020). Household Secondary Attack Rate of COVID-19 and Associated Determinants [Preprint]. Epidemiology. https://doi.org/10.1101/2020.04.11.20056010
-
-
www.cdc.gov www.cdc.gov
-
Burke RM, Midgley CM, Dratch A, et al. Active Monitoring of Persons Exposed to Patients with Confirmed COVID-19 — United States, January–February 2020. MMWR Morb Mortal Wkly Rep 2020;69:245–246. DOI: http://dx.doi.org/10.15585/mmwr.mm6909e1
-
-
twitter.com twitter.com
-
Dr Muge Cevik on Twitter
Tags
- environment
- symptomatic
- close contact
- transmission dynamics
- age
- COVID-19
- infection rate
- contact tracing
- aged care facility
- lang:en
- friends
- is:twitter
- exposure
- indoors
- family
- probability
- asymptomatic
- household
- high risk
- attack rate
- transmission reduction
- nursing home
- public transport
Annotators
URL
-
-
jamanetwork.com jamanetwork.com
-
Steinbrook, R. (2020). Contact Tracing, Testing, and Control of COVID-19—Learning From Taiwan. JAMA Internal Medicine. https://doi.org/10.1001/jamainternmed.2020.2072
-
-
www.nytimes.com www.nytimes.com
-
Halpert, J. (2020 April 11). How to manage panic attacks. The New York Times. https://www.nytimes.com/2020/04/11/smarter-living/coronavirus-managing-panic-attacks.html
-
- Apr 2020
-
stackoverflow.com stackoverflow.com
-
Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
-
- Feb 2019
-
static1.squarespace.com static1.squarespace.com
-
pardons twenty absurdities and defects for one elevated or pathetic stroke.
I feel like this is where I live -- thank you for noticing me Hume
-
- Sep 2017
-
thebulletin.org thebulletin.org
-
Terrorist use of an actual nuclear bomb is a low-probability event
Low probability and high impact but not a black swan
-
we attempt to spell out here the likely consequences of the explosion of a single terrorist nuclear bomb on a major city, and its subsequent ripple effects on the rest of the planet.
-