I once participated in some work like this, https://en.wikipedia.org/wiki/List_of_mobile_telephone_prefi... was super helpful. I couldn't find a link to libphonegen that they were referencing.
Readit NewsInfoSecErik commented on Researchers discover security vulnerability in WhatsApp univie.ac.at/en/news/deta... · Posted by u/KingNoLimit
Isn't this obvious to anyone who has seen a few base64 encoded json strings or certificates? ey and LS are a staple.
IMO depends on your career. I did a lot of pentesting with Burp Suite so I was able to (forced to) pick it up.
InfoSecErik commented on Fully homomorphic encryption and the dawn of a private internet bozmen.io/fhe... · Posted by u/barisozmen
I'm not talking about the possibility of breaking FHE, though.
What I don't understand is this: if I get encrypted data from someone and, without breaking that encryption, I can perform computations on it that yield a sensible result (even if the result is also encrypted with a key I don't have), then how does that not mean the encryption has been weakened? If the encryption were strong, that should not be possible.
Actually breaking the encryption is a different thing, and I wasn't questioning that.
I think the disconnect is that you assume that being able to do useful computation on some data implies that it must be possible to derive some insight into what the data is (side-channels or the like).
It's a fair assumption to start with. But the folks building FHE basically claim "nuh-uh", and I haven't seen anything to indicate they're wrong. Maybe some new Math grad will sort it out.
I've been fiddling with the Collatz Conjecture off and on for years now. I'm convinced I found a pattern that I haven't been able to find mentioned anywhere. Granted, that could be because I lack the mathematical language needed to search for it.
First, I'm going to use an implicit even step after the odd step, as 3*odd + 1 always equals even. If you look at the path a number takes to its next lowest number, for example 5->8->4, visualize it by just looking at the even and odd steps like so: 5->10, you will see that other numbers follow a similar pattern:
9->10
13->10
17->10
What do these number have in common? They follow the pattern 5 + k(2^n) where n is the number of even steps (with the implicit even step, two in this case).
For another example, look at 7:
7->1110100
Seven even steps, so the next number will be 7 + 2^7 = 135:
135->1110100
I'd love to hear if this has been found and documented somewhere. If not, I have additional ramblings to share.
I too have been playing with the conjecture for fun. Your insight is interesting because of the appearance of 2^n, given that that always resolves to 1 for all n.
InfoSecErik commented on I had to take down my course-swapping site or be expelled linkedin.com/posts/jdkaim... · Posted by u/jdkaim
Update: I immediately took down my class project site after receiving yesterday’s ultimatum. I still don’t think the simple demo site violated the letter or spirit of the registration rules, but I took it down because I always want to operate in good faith.
They followed up today to thank me for doing it, but also indicated that they were putting a hold on my account anyway. As a result, I am not going to be able to register for my final quarter and have been de facto expelled at the end of this quarter.
Unless, that is, I agree to work on a comparable solution for the university focused on solving the underlying problem I was building HuskySwap for. They would presumably own the IP and were clear that I wouldn’t be compensated. But it was implied that they would then remove the hold, allowing me to graduate.
I really love UW and have had a wonderful time here. But this is so demoralizing.
Update #2:
I appreciate you guys for all of your advice.
This platform was never intended to be monetized, and I am not planning to get a lawyer involved as I have faith that UW leadership will make it right in the end.
I'm not planning to pursue this project at this point. If they came up to me at first with the offer to work with them it might be different, but the way they handled it makes me just want to walk away.
Do what I did when UDub pushed me out: finish at UOregon.
Can some folks in the cybersecurity arena recommend some good email newsletters, websites, blogs, accounts, etc to follow to keep up in the space?
InfoSecErik commented on An AWS IAM Security Tooling Reference ramimac.me/aws-iam-tools-... · Posted by u/mariuz
PMapper author here: I can't give PMapper the love it deserves, but I fully support the work done in Fennerr's fork at https://github.com/Fennerr/PMapper .
InfoSecErik commented on The Trouble with __all__ gauge.sh/blog/the-trouble... · Posted by u/the1024
The author seems to expect someone to be patrolling imports with a gun rather than a strongly-worded "we're not liable if you hurt yourself" sign.
It doesn’t sound like her enough. Unless they found something very specific it was clearly just another voice actress that sounds close to her.
When I heard the demo, I assumed they licensed her voice until I read the press release.
InfoSecErik commented on Our bacteria are more personal than we thought, new study shows phys.org/news/2024-03-bac... · Posted by u/wglb
I remember hearing about this sort of thing from a grad student a few years back. She pointed out that there were interesting privacy concerns with these microbiomes, given how we leave traces of it.