Chainkit cyber integrity automation

Chainkit for @Splunk and @elastic is a @CSOonline Hot New Product at @RSAConference! #slide22" target="_blank" rel="nofollow noopener">csoonline.com/article/352730… #RSAC #RSAC2020 #CyberSecurity #InfoSec #CyberStealth

As models get larger if you want the largest amount of GPU memory capacity _today_ you need MI325X with 256GB of HBM3e per GPU - with 8 in a node. Congratulations to the Vultr team for bringing the MI325X to the mass market - explore what it can do for your demanding workloads.

There are only a few ways to get that kind of information. • Inside job – Someone leaked the signer list. • Social engineering – Lazarus studied their emails & behavior. • Device compromise – One or more signers were infected with malware. This means other exchanges are at risk too...

Curious how Coinbase’s new smart wallet works? I was too. Here’s an overview of how it’s possible to create and use a crypto wallet through Touch ID without ever needing a chrome extension. 1. The secret sauce Here's a demo video of a smart wallet in action: x.com/0xCygaar/statu…. There are a couple things happening here. First a wallet is created through Touch ID, then a transaction is signed via Touch ID, and finally the transaction is fully paid for by Base. All of this is made possible by Account Abstraction (AA) aka ERC4337. 2. Passkeys Before we talk about AA, it’s important to understand what passkeys are. Passkeys are a form of authentication that rely on public/private key cryptography rather than traditional passwords. With passkeys, private keys are stored privately on user devices while public keys can be shared with apps. Touch ID / Face ID can be used to prevent unauthorized use of a passkey. 3. Wallet Creation The first step in the flow above is to create a wallet. This wallet is a “smart wallet” - it’s a smart contract deployed on Base rather than your typical EOA. Smart wallets are perhaps the greatest unlock of AA. This particular smart wallet contains code that allows for multiple owners, including ones that are passkey-based. Within the AA flow, a smart wallet is created if it doesn’t already exist. 4. Touch ID Signing Once the wallet exists, the mint transaction can be signed and executed. To accomplish this, the website will prompt the user to sign a user op (think of it as an AA tx). The user first needs to verify they control the passkey (through Touch ID, Face ID, etc) before they can sign the user op. After that, the user op and signature are verified by the smart wallet code and then executed. 5. Free Transactions You’ll notice that the price paid by the user in the demo is 0. This is because AA adds a paymaster service that can be used to sponsor transactions. In this particular case, Base has a paymaster setup to pay for smart wallet mints. Other applications can use paymaster sponsorships as a way to easily onboard users with needing them to have ETH in their wallets. 6. Conclusion All the magic here is made possible by Account Abstraction. While AA has been out for a while, Coinbase’s smart wallet is one of the first to leverage account ownership via passkeys. In the future, it’ll also be possible to control wallets through traditional Web2 signin flows like Google SSO.

Why Azure Logs Should Matter in Your Cybersecurity Strategy Experience how the game-changing power of Azure Log Analysis is fundamentally reshaping your approach to cybersecurity. Build an incident-response plan following actions from first-breach threat actors with the Microsoft Incident Response team. Strengthen your defense approaches in this ever-changing digital environment. Read our blog here techcommunity.microsoft.com/t5/microsoft-s…. #MicrosoftIR #MicrosoftSecurityExperts

🚨 AI Policy Alert: The German Federal Office for Information Security publishes the report "Generative AI Models - Opportunities and Risks for Industry and Authorities." Quotes & comments: "LLMs are trained based on huge text corpora. The origin of these texts and their quality are generally not fully verified due to the large amount of data. Therefore, personal or copyrighted data, as well as texts with questionable, false, or discriminatory content (e.g., disinformation, propaganda, or hate messages), may be included in the training set. When generating outputs, these contents may appear in these outputs either verbatim or slightly altered (Weidinger, et al., 2022). Imbalances in the training data can also lead to biases in the model" (page 9) - "If individual data points are disproportionately present in the training data, there is a risk that the model cannot adequately learn the desired data distribution and, depending on the extent, tends to produce repetitive, one-sided, or incoherent outputs (known as model collapse). It is expected that this problem will increasingly occur in the future, as LLM-generated data becomes more available on the internet and is used to train new LLMs (Shumailov, et al., 2023). This could lead to self-reinforcing effects, which is particularly critical in cases where texts with abuse potential have been generated, or when a bias in text data becomes entrenched. This happens, for example, as more and more relevant texts are produced and used again for training new models, which in turn generate a multitude of texts (Bender, et al., 2021)." (page 10) - "The high linguistic quality of the model outputs, combined with user-friendly access via APIs and the enormous flexibility of responses from currently popular LLMs, makes it easier for criminals to misuse the models for a targeted generation of misinformation (De Angelis, et al., 2023), propaganda texts, hate messages, product reviews, or posts for social media." ➡️ According to the report, special attention should be given to the following aspects: ➵ Raising awareness of users; ➵ Testing; ➵ Handling sensitive data; ➵ Establishing transparency; ➵ Auditing of inputs and outputs; ➵ Paying attention to (indirect) prompt injections; ➵ Selection and management of training data; ➵ Developing practical expertise. ➡️ Of the dozens of AI reports published lately, this one is especially detailed regarding AI-related risk and potential countermeasures. ➡️The document is a must-read for people developing AI or working on AI policymaking and regulation, especially pages 8-28. ➡️ Link to the @BSI_Bund report below. ➡️ For more information on AI policy and regulation, subscribe to my weekly newsletter (link in bio).

Post-PKI is real. The economic benefits of a Quantum Leap in cyber _security_ are irresistible. Ask us how you can start to enjoy them!

@Malcoreio Especially a PKI certificate

I’m applying this to first-principles encryption. PKI and asymmetric encryption was appropriate for the 1980s. No more. Today PKI is an unmitigated mess of risk via excessive complexity and misplaced trust. PKI defeats zero trust. Cleaner simpler lighter-weight ubiquitous zero knowledge symmetric keys, over any cipher, is the way:

@UK_Daniel_Card Yes. But I’m feeling young again by creating the 21st century version of this that’s Post-PKI, via Autonomous Key Management (AKM). Zero-knowledge symmetric cryptography for all. Already Post-Post-Quantum 😎

Learn all about passkeys! With the upcoming release of passkeys in Microsoft 365, it's essential to know what's going on under the hood. Stumbled upon this brilliant piece that will help you understand how passkeys can be used cross-platform. #ble-in-authentication" target="_blank" rel="nofollow noopener">corbado.com/blog/webauthn-…

The CIA Triad - foundation of information security - Confidentiality - Integrity - Availability If you have no smb signing requirements and enforcements, what are you missing?

Looking for an engineering job at the next cyber unicorn? #PostPKI twitter.com/AutoPilotCyber…

@HackingDave More incentive to usher in the Post-PKI era. Keys to the kingdom are not a cyber liability when they are autonomous, zero-knowledge, ephemeral and quantum random:

Why transition cryptography twice before the end of the decade, when you can skip another asymmetric encryption transition (Kyber) and graduate directly to accessible symmetric-only cryptography for all? The post-PKI era is here. media.defense.gov/2022/Sep/07/20…

@UK_Daniel_Card @cyb3rops That’s interesting, I’ve often found integrity tends to get forgotten behind Infra types who only care about availability (in their minds backup 🙄) and security folk who mostly worry about confidentiality. Not always of course, but more often than not.

@VentureBeat Thanks for sharing! Here is the technical thread: x.com/avi_lum/status…

AI has the most valuable unprotected infrastructure in the world. That is about to finally change. This targeted cyber attack (they all are now) was on my ‘inevitable list’ since 2022. There may have prior related cyber attacks before the new disclosure rules. Worse - the back doors of all these AI clusters are wide open, completely unprotected. None of my sources managing GPU clusters protect their PCI, InfiniBand or RoCE networks. So this exploit is spreading like wildfire throughout all GPU attached data, including non-Ray Framework systems. OSI layer coverage means @AutoPilotCyber post-PKI maximum security, enables Zero Copy symmetric encryption for sRDMA, IPsec & TLS over all those exposed networks. The time for Zero Knowledge Zero Trust has come!

What should we call it?

Post-PKI #P2KI is more urgent than Post-Quantum Cryptography #PQC over the short term, And safer over the long term. We said what we said.

@BrianRoemmele So much FUD! Macs also come with a Secure Enclave (aka TPMs elsewhere), which are unaffected by attacks like this. Keeping plaintext encryption keys in memory is sloppy software engineering. Hardware can’t save users from badly written software. support.apple.com/en-gb/guide/se…