AI Wrote Better Phishing Emails

Phishing Email (from the article)

WIRED schreibt, dass es Forschern gelungen ist, mit Hilfe von GPT3, dem Generative Pre-trained Transformer 3 ML Netzwerk, Phishing Mails zu erzeugen, die deutlich wirksamer sind als von Menschen geschriebene Mails.

Endlich ein Einsatzbereich für AI, der sich auch ohne VC Geld lohnt.

Source: AI Wrote Better Phishing Emails Than Humans in a Recent Test | WIRED

Malicious PyPI Packages

It was a matter of time. After the npm-repository was hit later last year and ruby gems were found mining crypto-currency, this times it’s PyPI that spreads bad code. Supply chain attacks, as this vector is typically referred to, becomes an increasing problem. Foremost for software vendors.

The rich supply of community maintained packages make particular languages attractive to businesses. Plenty of ready made packages allow to rapidly build the most important components required to bootstrap any SaaS business. Authentication, database connectivity, model view abstraction layers, web request routing, html templating, it all can be found in either of these, at no added cost.

However, nothing in life is free and the price vendors pay is the added risk of unvalidated or unverified sources.

Snyk Acquires FossID

FossID is a software composition analysis tool that scans code for open source licenses and vulnerabilities. It is the third acquisition by Snyk in the past 6 months.

FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities

Source: Snyk Acquires FossID to Accelerate Worldwide Developer-First Security Adoption | Snyk

Sicherheitsalbtraum: Vernetzte Türklingeln 

Vernetzte Türklingeln: Das Internet der Dinge liefert. Auch zu Weihnachten.

Günstige digitale Videoklingeln weisen schwere Sicherheitslücken wie Authentifizierungsprobleme auf und werden teils schon mit Softwarefehlern geliefert.

Aus dem heise.de Artikel.

Palantir founding member of Gaia-X

Palantir is an US based company specialising in Big Data, with a very particular focus on decision making for governental and corporate situations. The companies products have inspiring names like Gotham or Metropolis and have sparked ethical controversies, when it comes to their usage. In particular these two products provides capabilities to military and police, paving the way to what is referred to predictive policing. The company now is a founding member of Europe’s Gaia-X program, which Evgeny Morozov points out, is not compatible with European data sovereignty ideas.

Snyk closes mega funding round

snyk

Snyk closes mega funding round: the London based company offers open-source services and products for modern security. The company announced the funding round on it’s own blog. The company, founded by Guy Podjarny, grew rapidly since it’s founding in 2015. The product addresses modern security needs for a container driven IT world. With open source and developer first approaches it delivers an approach that hits a nerve. Increasing complexity of software development and dependencies to open-source components drives demand. Dependencies to open-source components are a twofold reality: They allow faster development for any product team. At the same time, they bring a level of complexity that requires additional management. This reality created a market for companies like Snyk, but also WhiteSource or BlackDuck, in the security space, with a special focus on software development.

Snyk helps software-driven organizations find and fix vulnerabilities in open source dependencies and container images.

We are truly humbled to announce the closing of our latest funding round—an investment of $200 million led by Addition—to modernize the security industry.

from the Snyk blog.

The funding round is a Series D. Snyk closes mega funding round: With previous rounds, the company expanded internationally before. This recent funding round let’s expect further rapid growth of the brand and product. The size of the funding sets expectations for the near future pace of growth.

Source: Snyk Closes $200M to Modernize Security Industry | Snyk

Peter Schaar
Peter Schaar beim 30. Chaos Communication Congress in Hamburg, 2013, Bild: Wikipedia / Tobias Klenze / CC-BY-SA 4.0.

Kurze Durchsage von Peter Schaar zur Telefonortung wegen Corona: Handy-Ortung war demzufolge keine Idee der wissenschaftlichen Beratungskommission für die Corona-Pandemie. Es war die gesellschaftliche Situation, die es der Politik ermöglicht hat, einen lang gehegten Wunsch umzusetzen. Peter Schaar war übrigens von 2003 bis 2013 Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).

Update: Ulrich Kelber, der amtierende Bundesdatenschutzbeauftragte, sieht das wohl ähnlich.

‘We’ve created a privacy industry’

‘We’ve created a privacy industry’ was a statement you could often hear when Europe introduced General Data Protection Regulations (GDPR) and the German implementation DatenSchutz GrundVerOrdnung (DSGVO). Already back in 2016 first predictions arrived, that GDPR will boost European software industry and give them a unique selling point. After the regulation became effective in Europe May 25th 2018(!), after a 2 years transition period, perceived only complaints happened. Affected data controllers and processors cited the difficulties implementing these regulations. A BitKom funded survey even indicates the regulation is hurting the European market.

'We've created a privacy industry'
Panel on Internet Security and Privacy

Now, around 1.5years later, the industry seems to have settled on the regulation and business continues as usual. Subjectively perceived, privacy is indeed still an obstacle to decision makers in the market. Even politicians keep on imploring data to be the new oil, demanding a data driven economy and to weakend the underlying ideas of european data protection acts. Meanwhile, the opportunity has moved along. Californian Start-Ups discovered this niche and turn privacy it into value:

Privacy-focused technology companies are offering a variety of services, from personal data scrubbing to business-focused software meant to help companies comply with the law.

Source: ‘We’ve created a privacy industry’: California law fuels wave of startups