Security Research Legal Defense Fund We aim to help fund legal representation for persons who face legal issues due to good faith security research and vulnerability disclosure in cases that would advance cybersecurity for the public int...

We’re excited to welcome Casey Ellis (@cje.io) and Jen Ellis (@infosecjen.bsky.social) to the board of the Security Research Legal Defense Fund (SRLDF.org), bringing even more expertise, focus, and reach to supporting good faith security research defend against frivolous and unfair prosecution.

[39c3] There is NO WAY we ended up getting arrested for this (Malta edition) The talk goes through the full journey, 1. The talk describes in more detail how the arrests were carried out on November 12th, 2022 including the confiscation of all computer equipment, the time spe...

Hear the story of three University of Malta students who got arrested (but eventually pardoned) for disclosing a vulnerability in good faith, #39C3 day 3. @srldf.bsky.social helped support their legal defense. events.ccc.de/congress/202...

The Security Research Legal Defense Fund is now on the socials, here and Twitter (@SecurityLDF). It's my honor to be on the SRLDF Board with @harleygeiger.bsky.social and Jim Dempsey, and I am proud of the work we've been able to do and help hackers in trouble.

A Legal Defense Fund for Hackers with Harley Geiger and Charley Snyder Shmoocon 2024 YouTube video by Media Archives

Watch @harleygeiger.bsky.social and Charley Snyder introduce "A Legal Defense Fund for Hackers" at Shmoocon 2024 www.youtube.com/watch?v=jRiQ...

Stop.

Good morning, Night City.

Scoop: NIST's Computer Security Division — responsible for research & standards on cyber, privacy, cryptography, AI, etc. — has lost more than a dozen people, including its chief, to early retirements. www.cybersecuritydive.com/news/nist-cy...

The departures could imperil key work.

BREAKING.

From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.

Absolute masterclass.

“Whoever creates this stuff has no idea what pain is whatsoever. I am utterly disgusted,” Miyazaki said. “I would never wish to incorporate this technology into my work at all. I strongly feel that this is an insult to life itself.”

Came here for this info. Thank you, Meredith.

@sellars.bsky.social, @caseyellis.bsky.social, Dane Sherrets, Dawn Song, @harleygeiger.bsky.social, Ilona Cohen, Lauren McIlvenny, Madhulika Srikumar, Mark Jaycox, Markus Anderljung, Nadine Farid Johnson, Nicholas Carlini, Micolas Miailhe, Nik Marda, @peterhenderson.bsky.social, ...

Podcast: risky.biz/RBNEWS393/
Newsletter: risky.biz/risky-bullet...

-Trump administration stops treating Russian hackers as a threat
-Meta seeks permanent NSO ban
-New Cellebrite 0-days come to light
-3rd-party breaches are now a headache for cyber insurers
-WazaWaka and Ermakov get home detention

Every effort to demolish a hierarchy is in fact an effort to establish a hierarchy.

Norton Asks Department of Defense to Clarify Policy on Department’s Use of Transponders on Aircraft in the National Capital Region WASHINGTON, D.C. – After receiving recent reports that the Department of Defense (DoD) has asserted that ADS-B, a type of transponder used to communicate GPS data and project aircraft trajectory, is e...

In August 2023 I took @harleygeiger.bsky.social's "How hackers can send feedback directly to policymakers like the pros" at @defcon.bsky.social and today we have renewed interest in a 2023 letter in the military's broad use of ADS-B exemptions.
norton.house.gov/media/press-...

Last Friday, I spoke on a panel at the MIT Sloan AI Conference. I discussed the broken AI Harm reporting landscape, the importance of evals, safe harbors, structured disclosures, and our proposed Coordinated Flaws Disclosure framework as a path forward. Great questions and thanks for having me!

U.K. orders Apple to let it spy on users’ encrypted accounts Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users.

Learning nothing from Salt Typhoon - where China hacked a backdoor built into the phone system for law enforcement use - the UK demands more backdoors for law enforcement use.

Lead with kindness

They cant get my data if i am Fully Dissolved in a bath tub full of sodium hydroxide

Very grateful for work of the volunteers and ambassadors, though the list is incomplete without a monumental thanks to @beauwoods.com.

Around one hundred cybersecurity researchers and practitioners, and cyber policymakers in the Dirksen Senate Building room 106 for Hackers on the Hill

Thank you to the dozens of volunteers and ambassadors who helped plan, set up, and run Hackers on the Hill this year, as well as the ~150 hackers who attended and the 20+ staffers who were gracious enough to host us (many on a day their office was officially closed). ❤️

A few special thank yous

It is absolutely wild that LLM vendors have tried to file DMCA claims against researchers testing LLMs that the vendors themselves trained on unlicensed copyrighted material.

Glad to see that they're losing DMCA as a weapon.
www.centerforcybersecuritypolicy.org/insights-and...

If your cyber lawyer’s personal laptop isn’t covered in stickers, can you really trust them

The #SCOTUS ruling in Loper Bright Enterprises v. Raimondo reversed the long-standing Chevron doctrine. How will this impact cybersecurity regulations? Dive into our analysis by Harley Geiger, Ines Jordan-Zoob, and Tanvi Chopra. www.centerforcybersecuritypolicy.org/insights-and...

For whom doth the siren wail? These practiced attentions and intentions fly to bear thee unto comfort and recovery amidst enchanted machines and chemistry. Take heart. Take ours.

Zone four, four alpha dispatch.

Your AI Girlfriend Is a Data-Harvesting Horror Show The privacy mess is troubling because the chatbots actively encourage you to share details that are far more personal than in a typical app.

“Mozilla dug into 11 different AI romance chatbots, including popular apps such as Replika, Chai, Romantic AI, EVA AI Chat Bot & Soulmate, and CrushOn.AI. Every single one earned the Privacy Not Included label, putting these chatbots among the worst categories of products Mozilla has ever reviewed.”

The Hacking Policy Council's @harleygeiger.bsky.social discusses the importance of #AI red teaming and how it can test for biases, discrimination, inaccuracies, and more undesirable outcomes during his lightning talk at #SOTN2024.