LukaszOlejnik

LukaszOlejnik, 1 month ago to random

Official attributions of Russian cyber operations made by Germany, Czech Republic, USA, UK. Political parties and government institutions targeted by Russian military intelligence. Previously, Poland, Lithuania, Slovakia and Sweden were affected. I classify it as level 2 impact in my 4-level impact on States (https://blog.lukaszolejnik.com/cyber-escalation-ladder-model-based-on-international-law/). This IS a violation of cyber norms.

LukaszOlejnik, 1 month ago to Cybersecurity

My book 'PROPAGANDA: from disinformation and influence to operations and information warfare' treats the subject adequately, comprehensively, broadly, expertly. Information surrounds us. How does information influence work? An expert arrangement of the subject. https://blog.lukaszolejnik.com/propaganda-my-book-on-information-security/

#book #mybook #cybersecurity #propaganda #author #disinformation #informationsecurity

fj, 1 month ago to random French

⚛️ Major update on the Quantum Algorithm for LWE

Hongxun Wu & Thomas Vidick have found an issue in Step 9, related to how the quantum vector state is composed.

🔐 LWE remains quantum-secure, for now.
”The claim of showing a polynomial time quantum algorithm for solving LWE with polynomial modulus-noise ratios does not hold.”

👉 Quantum algorithms are hard to validate, unlike classical algorithms, you can't just run a proof of concept and extrapolate asymptotics.

https://eprint.iacr.org/2024/555

LukaszOlejnik, 1 month ago to random

Russian cyber group infiltrated the systems of a hydroelectric dam in France and water utilities in the United States and Poland. Claims to tamper with industrial control settings. Sabotage attempt?

The aimed political effect of these cyber operators is evident.

It may be seen as crossing the threshold interference in internal affairs.

https://www.wired.com/story/cyber-army-of-russia-reborn-sandworm-us-cyberattacks/

https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf

image/png
image/png
image/png

fbajak, 2 months ago to random

In a scathing indictment of Microsoft security, a Biden admin-appointed panel says “a cascade of errors” by the tech giant let state-backed Chinese hackers break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo. https://apnews.com/article/microsoft-cybersecurity-hack-raimondo-breach-b0901a93cca2ffaf05edacbfb9ecf3da

LukaszOlejnik, 2 months ago to random

I consulted in a report of @owa about harms or dangers of in-appliation browsers (IABs), when websites open in apps rather than web browsers. It deteriorates user experience, and introduces security and privacy risks. Digital Markets Act case. https://open-web-advocacy.org/blog/in-app-browsers-the-worst-erosion-of-user-choice-you-havent-heard-of/

image/png
image/png

LukaszOlejnik, 2 months ago to random

What's the privacy of Apple Pay? Unsurprisingly, it's not cash, even when paying in over-the-counter cafe or store. Theoretically merchants may request user addresses. However, if I understand correctly these may be edited out in "Wallet & Apple Pay defaults in Settings" to be arbitrary. Of course bank/card-provider still have real addresses, but maybe there's little reason to share it with retailers (when they do not need it)? :-)

image/png

sdw, 3 months ago to random

European iPhone users will be on a timer once out of the EU: after a ‘grace period’, alternative app marketplaces will stop working.

LukaszOlejnik, 3 months ago to random

My comments for Telegraph about Google Gemini hiccup: generation of weird, falsified images of human history. When AI Ethics and risk-assessment goes really bad. I’m concerned also as a person with a disability. https://www.telegraph.co.uk/news/2024/02/23/google-gemini-ai-images-wrong-woke/

image/png

owa, 3 months ago to random

Apple will break Web Apps (PWAs) in the EU within the next week ‼️

In order to stop them, we need evidence from you that the harm they are choosing to inflict on EU businesses and consumers is real and significant.

👇👇 Please fill in our NEW more detailed survey: https://forms.gle/oD8chWN1oQzN6s5aA

LukaszOlejnik, 4 months ago to random

iPhone apps are collecting quite some A LOT OF user private data. Extremely verbose, allowing to fingerprint, perhaps even track users.

Context from my works. About privacy risks of light data: https://blog.lukaszolejnik.com/ambient-light-sensor-privacy-constraints-gdpr-data-protection-by-design-gdpr-state-of-the-art/
Risks of battery information: https://blog.lukaszolejnik.com/battery-status-not-included-assessing-privacy-in-w3c-web-standards/

Data source: https://twitter.com/mysk_co/status/1753960043450356137

image/png
image/png
image/png

LukaszOlejnik, 4 months ago to random

The President of Ukraine announced the creation of a new arm of the Armed Forces. Unmanned Systems Force. Military strategy history happening before our eyes. https://www.president.gov.ua/en/news/pidpisav-ukaz-yakij-rozpochinaye-stvorennya-okremogo-rodu-si-88817

LukaszOlejnik, 4 months ago to random

Light sensor leaking private data. Privacy review of ambient light sensors. Data leak risk now validated by external research group. Vindicates my work, and that we did at the W3C Device and Sensors WG. Safe setup already in your web browser! #GDPR https://blog.lukaszolejnik.com/ambient-light-sensor-privacy-constraints-gdpr-data-protection-by-design-gdpr-state-of-the-art/

The paper post constraints about the safety parameters. Reduced precision crucial to limit the privacy risks. Too much precision allows reconstruction of faces in front of the screen! https://www.science.org/doi/10.1126/sciadv.adj3608

image/jpeg
image/jpeg
image/jpeg

LukaszOlejnik, 5 months ago to privacy

Issues of data protection and human dignity of generative AI processing and creations are an important one. My #GDPR complaint about OpenAI's data processing. It concerns input and output, access to information, and technology design.
Context/writeup: https://blog.lukaszolejnik.com/ai-llms-gdpr-complaint-and-human-dignity/

The fullcomplaint is here: https://lukaszolejnik.com/stuff/OpenAI_GDPR_Complaint_LO.pdf?ref=mastodon
The supplement is here https://lukaszolejnik.com/stuff/OpenAI_GDPR_Complaint_supplement.pdf?ref=mastodon

#privacy #ai #artificialintelligence #openai #chatgpt #dataprotection #humanrights

lcamtuf, 5 months ago to random

This is a pretty good quote from Matt Levine:

"I used to write a lot about crypto. The reason I liked writing about crypto is that it seemed to be rediscovering all of regular finance from first principles, quickly, in public. It was a fabulous laboratory for understanding financial structures. If you wanted a public demonstration of why, I don’t know, infinitely leveraged shadow banks were bad, you could wait 20 minutes and crypto would give you one."

I made the same point before: the most interesting part of the phenomenon wasn't that it's necessarily good or bad, that it's energy-hungry or not - but that you're getting an empirical validation of many of the crusty old principles of "classical" finance. Funnily, delivered to you by the folks who rejected all that dogma in the first place.

LukaszOlejnik, 5 months ago to random

Competition aspects of Privacy Sandbox's Protected Audience API. We lack technology standards for competition but such technology changes naturally must respect competition law. Privacy can be a parameter of competition investigations. https://blog.lukaszolejnik.com/competition-aspects-of-privacy-sandboxs-protected-audience-api/

The full content of my LL.M. dissertation at University of Edinburgh Law School The University of Edinburgh https://lukaszolejnik.com/stuff/PrivacySandbox_PAAPI_LLM_LO.pdf

LukaszOlejnik, 5 months ago to privacy

My data protection assessment of Privacy Sandbox's Protected Audience API. I analyse it through the lens of #GDPR and #ePrivacy. It can be used in line with EU Data Protection, and may even help solving the cookie-consent fatigue. My LL.M. dissertation. https://blog.lukaszolejnik.com/data-protection-assessment-of-privacy-sandboxs-protected-audience-api/

The full content of my LL.M. dissertation at University of Edinburgh Law School The University of Edinburgh https://lukaszolejnik.com/stuff/PrivacySandbox_PAAPI_LLM_LO.pdf
#privacy #dataprotection #dataprotectionlaw #privacysandbox #web #webbrowser #standards

q3k, 6 months ago to random

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parti
es.

1/4

LukaszOlejnik, 6 months ago to random

My life story, or life with a disability. I have a hearing impairment. I am a person with a disability. I explain what it is about. Why did I write this? Because I hope it will be useful to at least one person. https://blog.lukaszolejnik.com/invisible-disability-in-the-world-of-technology/

LukaszOlejnik, 7 months ago to random

My privacy analysis of EU #eIDAS proposal. Dated 2022, I was consulted on the level of EU Parliament work. My recommendation was to remove the flawed-certificate requirement. https://blog.lukaszolejnik.com/privacy-analysis-of-european-eid-regulation-proposal/

The problem is that the proposal is now nearly finalised and the mechanism persists. The risk is the construction of surveillance capability in Europe.

LukaszOlejnik, 7 months ago to privacy

Less spoken about U.S. Biden's Executive Order on AI is that it has a lot to unpack about #privacy. That's a privacy win, even without something like #GDPR. Thread. It even uses the highly technical term "differential-privacy" (and privacy-enhancing technologies)!

image/jpeg
image/jpeg
image/jpeg

LukaszOlejnik, 7 months ago to random

Every macOS/iPhone (2020+) susceptible to information leak, for example GMail password theft. By visiting a website from Safari/Firefox. CPU architecture attack. Great research! https://ileakage.com/files/ileakage.pdf

image/png
image/png

LukaszOlejnik, 7 months ago to random

The Triangulation cyber espionage tool uses outstanding stealth techniques after infection of smartphones "the victim receives an invisible iMessage attachment with a zero-click exploit". First use of Canvas fingerprinting. Daws a pink triangle and checks a "checksum" based on hardware-linked output. Likely identifying a device.

Capable to turn on the microphone... It can location (GSM/GPS). Attackers "used private undocumented APIs"?https://securelist.com/triangulation-validators-modules/110847/

image/png
image/png

LukaszOlejnik, 7 months ago (edited 7 months ago) to random

I’ll have a seminar on the various tech-policy-legal aspects and facets of cyberwarfare at King’s College London, Department of War Studies. 22.11, 14:30. How do the laws of war apply in this domain? What is the role of private companies? Is it legitimate to target data centres? Is the use of deepfakes legitimate?

No risks to participants foreseen! https://www.kcl.ac.uk/events/cyberwarfare-a-crash-course-in-theory-and-practice