Dark mode: ON

Infosec Decoded Season 3 #63: The Sound of Keystrokes

With @kaitlynguru@infosec.exchange and @sambowne@infosec.exchange

Tue, Aug 8, 2023

Kaitlyn Handelman

Report: Apple buys every 3 nm chip that TSMC can make for next-gen iPhones and Macs

In every reported case where police mistakenly arrested someone using facial recognition, that person has been Black

A New AI-Driven Cyberattack Can Steal Your Data Just By Listening to You Type

New acoustic attack steals data from keystrokes with 95% accuracy
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%. When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still dangerously high, and a record for that medium.

Sam Bowne

Language Is a Poor Heuristic For Intelligence
This article first describes how autistic people are often incorrectly regarded as lacking intelligence simply because they cannot speak, but revealed to have high intelligence when they use a computer tablet with specialized software (called AAC, for ‘Augmentative/Alternative Communication’). Then it describes the reverse situation with Large Language Models, which can use language, but are in fact utterly unintelligent, with no comprehension of the meaning of their statements.

GPU First — Execution of Legacy CPU Codes on GPUs
In this paper, we propose a novel compilation scheme called “GPU First” that automatically compiles legacy CPU applications directly for GPUs without any modification of the application source. Apps can run 14 times faster this way.

Selling Software to the US Government? Know Security Attestation First
Going forward, any organization selling software to the US government will be required to self-attest that it conforms with the secure software development practices outlined by the government in the NIST Secure Software Development Framework.

Organizations must not simply attest that they follow these practices, but also that the open source components they pull into their applications follow these practices as well. This seems to forbid most or all open-source code.