Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission + - Sloppy AI defenses take cybersecurity back to the 1990s, researchers say (scworld.com)

Submitted by spatwei
spatwei writes: LAS VEGAS — Just as it had at BSides Las Vegas earlier in the week, the risks of artificial intelligence dominated the Black Hat USA 2025 security conference on Aug. 6 and 7.

We couldn't see all the AI-related talks, but we did catch three of the most promising ones, plus an off-site panel discussion about AI presented by 1Password.

The upshot: Large language models and AI agents are far too easy to successfully attack, and many of the security lessons of the past 25 years have been forgotten in the current rush to develop, use and profit from AI.

We — not just the cybersecurity industry, but any organization bringing AI into its processes — need to understand the risks of AI and develop ways to mitigate them before we fall victim to the same sorts of vulnerabilities we faced when Bill Clinton was president.

"AI agents are like a toddler. You have to follow them around and make sure they don't do dumb things," said Wendy Nather, senior research initiatives director at 1Password and a well-respected cybersecurity veteran. "We're also getting a whole new crop of people coming in and making the same dumb mistakes we made years ago."

Her fellow panelist Joseph Carson, chief security evangelist and advisory CISO at Segura, had an appropriately retro analogy for the benefits of using AI.

"It's like getting the mushroom in Super Mario Kart," he said. "It makes you go faster, but it doesn't make you a better driver."

Submission + - Phishing training is pretty pointless, researchers find (scworld.com)

Submitted by spatwei
spatwei writes: LAS VEGAS — Phishing training for employees as currently practiced is essentially useless, two researchers said at the Black Hat security conference on Wednesday.

In a scientific study involving thousands of test subjects, eight months and four different kinds of phishing training, the average improvement rate of falling for phishing scams was a whopping 1.7%.

"Is all of this focus on training worth the outcome?" asked researcher Ariana Mirian, a senior security researcher at Censys and recently a Ph.D. student at U.C. San Diego, where the study was conducted. "Training barely works."

At the beginning of Mirian's presentation, Mirian asked how many people in the audience of cybersecurity professionals believed that phishing training worked. About half raised their hands, to her mock dismay.

Submission + - In Barcelona, certain buses run on biomethane produced from human waste (lemonde.fr)

Submitted by alternative_right
alternative_right writes: Odorless, quiet, sustainable. On the last day of July, passengers boarded Barcelona's V3 bus line with no idea where its fuel came from. Written in large letters on the bus façade, just below its name "Nimbus," a sign clearly stated: "This bus runs on biomethane produced from eco-factory sludge." Still, the explanation was likely too vague for most to grasp its full meaning. The moist matter from wastewater treated at the Baix Llobregat treatment plant was used to produce the biomethane. In other words: the human waste of more than 1.5 million residents of the Catalan city.

Submission + - Security flaws in carmaker's web portal let a hacker remotely unlock cars (techcrunch.com)

Submitted by schwit1
schwit1 writes: A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.

Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of an admin account that granted “unfettered access” to the unnamed carmaker’s centralized web portal.

With this access, a malicious hacker could have viewed the personal and financial data of the carmaker’s customers, tracked vehicles, and enrolled customers in features that allow owners — or the hackers — to control some of their cars’ functions from anywhere.

Zveare said he doesn’t plan on naming the vendor, but said it was a widely known automaker with several popular sub-brands.

He said while the security flaws in the portal’s login system was a challenge to find, once he found it, the bugs let him bypass the login mechanism altogether by permitting him to create a new “national admin” account.

Comment Re:Sold his stock (Score 3, Informative) 81

I gave all my Apple wealth away because wealth and power are not what I live for. I have a lot of fun and happiness. I funded a lot of important museums and arts groups in San Jose, the city of my birth, and they named a street after me for being good. I now speak publicly and have risen to the top. I have no idea how much I have but after speaking for 20 years it might be $10M plus a couple of homes. I never look for any type of tax dodge. I earn money from my labor and pay something like 55% combined tax on it. I am the happiest person ever. Life to me was never about accomplishment, but about Happiness, which is Smiles minus Frowns. I developed these philosophies when I was 18-20 years old and I never sold out.

Submission + - Ask Slashdot: How many of you are using RSS readers?

Submitted by alternative_right
alternative_right writes: I use RSS to cover all of my news-reading needs because I like a variety of sources spanning several fields in politics, philosophy, science, and heavy metal. However, it seems Google wanted to kill off RSS a few years back and it has fallen out of favor. Some of us are holding on, but how many? And what software do you use (or did you write your own XML parsers)?

Submission + - The Soviet Union's secret tsunami (phys.org)

Submitted by alternative_right
alternative_right writes: Days and months passed without any recognition of the tsunami and earthquake. Even an interview with a Russian volcanologist, Alexander Evgenievich Svyatlovsky, was stored as a "state secret," despite him merely explaining how the tsunami had originated.

Such secrecy was common at the height of the cold war, with Chernobyl and other disasters often being underreported by the Soviet authorities. It was only after the release of state archives in the early 2000s that the full picture could be told.

Comment Re: Oh my goodness!! (Score 0) 25

by GillBates0 (#65566168) Attached to: The Great Indian IT Squeeze

India's dominant position in global medical tourism by 2025 is the product of exceptional cost savings, high-caliber care, minimal wait times, robust government support, and a unique blend of ancient and contemporary healing arts. Westerners are drawn by affordability, experience, and technology, while Africans cite both cost and cultural familiarity. Strategic partnerships with Japanese firms like Toyota Tsusho and Secom are pushing standards even higher, particularly in super-specialty domains and hospital management.

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.perplexity.ai%2Fsear...

Comment Indiaâ(TM)s dominant position in global medic (Score 2) 25

by GillBates0 (#65566164) Attached to: The Great Indian IT Squeeze

Indiaâ(TM)s dominant position in global medical tourism by 2025 is the product of exceptional cost savings, high-caliber care, minimal wait times, robust government support, and a unique blend of ancient and contemporary healing arts. Westerners are drawn by affordability, experience, and technology, while Africans cite both cost and cultural familiarity. Strategic partnerships with Japanese firms like Toyota Tsusho and Secom are pushing standards even higher, particularly in super-specialty domains and hospital management.

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.perplexity.ai%2Fsear...

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close