Congrats to Andrey Labunets and me for finding kernel LPE in iOS that has been fixed today in iOS 16.2

We did an experimental security analysis of perceptual hashing systems when they are applied for content scanning. Two discoveries: (1) It is possible to conduct physical surveillance on high-value target individuals by manipulating the content database.

Our group has two papers at NDSS. (1) Come see Ashish talk about our work on phy surveillance, CSAM and E2EE comms, Tuesday around 3.40 pm. (work with Andrey Labunets Tadayoshi (Yoshi) Kohno)

Maybe OpenAI could also reconsider a "non-disparagement" (nondisclosure) clause in their bug bounty rules at bugcrowd.com/openai?

A great talk by Meredith Whittaker: "Feelings Are Facts: Love, Privacy, and the Politics of Intellectual Shame" media.ccc.de/v/38c3-feeling… Everyone, both in the security community and beyond, should attend these talks for many reasons. One of them is to calibrate our moral compass [1].

Hello Zurich! Anyone wants to meet up to chat about infosec, AI, art, or random stuff?

Simon Willison Great work and a very elegant idea! I’m curious how the multi-turn chat case is handled - specifically when the prompt expects an adversarially controlled summary of the resulting action to be fed back into the context window, either for the user to consider or for the P-LLM to

Hello SummerCon, are you still accepting last-minute submissions or is your cfp completely locked by now?