Ross Anderson @rossjanderson Twitter profile

Last Seen Profiles

@kadirmelendizli

@Ina44443163

@AHWAmySedaris

@AidanKresnikArt

@uhl_ny

@JasonNixonAB

@Victorious

@JasonNixonAB

@yamako_pocky

@yonce_emily

@pt2543ptpt

@rulyV6

@CuestRaymond

@jacksonoctoberr

@bokeplokalmalam

@parina52

@BiblioKate

@JasonNixonAB

@JeanKB1

@BigGovBad

@AHS_TF

@legal_blondy52

@TC_R18

@shreyaspuranik

@energywebx

@MoncrieffMusic

@PieterDuToit

@PutPittIn

@bokeplokalmalam

@tartsunmw

@amivireads

@OlimpiaSMesport

@AHS_CoachDeLa

@SeaveyDaniel

@JMastranoPGH

Ross Anderson

@rossjanderson

3 years

The Trojan Source vulnerability allows supply-chain attacks on software written in C, C++, Go, Java, Javascript, Python and Rust. We're releasing details after a 99-day coordinated disclosure period, and some of these compilers will be patched quickly. See

19

419

874

Ross Anderson

@rossjanderson

4 years

35

71

879

Ross Anderson

@rossjanderson

4 years

The videos of my first-year undergraduate course on Software and Security Engineering are now online. I've made them available to everyone rather than restricting them to Cambridge students:

15

229

529

Ross Anderson

@rossjanderson

4 years

Here's my Security Engineering book chapter on phones – everything you needed to know, from phone phreaks to Android malware and from SIM swaps and SS7 hacking to 5G:

8

179

460

Ross Anderson

@rossjanderson

4 years

Here are some problems with private contact tracing. We should not give policymakers the false hope that they can avoid hard choices:

24

327

446

Ross Anderson

@rossjanderson

3 years

I'm teaching a course based on my "Security Engineering" book for masters students and final-year undergrads. The first two videos are now online, and open to all:

7

122

308

Ross Anderson

@rossjanderson

2 years

Many citizens, but almost no security engineers, believe that changing your passwords every month makes you less likely to get hacked

Clay Shirky

@cshirky

2 years

Question for academic twitter: What belief is widely held by the general public, but not by scholars in your field? An example: Many citizens, but almost no linguists, believe that English has one dialect that is 'more correct' than the others.

44

27

105

5

66

258

Ross Anderson

@rossjanderson

3 years

One single bitcoin transaction now emits 325kg CO2, more than shipping a ton of gold round the world... !

your #1 source for absurdist true crime 🐀 🐍👑 🌷

@davidgerard

3 years

Gold mining is horribly polluting, and it should stop. And it's *still* cleaner than bitcoin. @FranckLeroy_ runs the numbers.

11

58

201

10

134

259

Ross Anderson

@rossjanderson

4 years

Here's my new Security Engineering book chapter on Signal, Tor, enclaves and blockchains. Likely to be controversial!

8

119

245

Ross Anderson

@rossjanderson

2 years

I have published a detailed rebuttal of the intelligence community's arguments that we should break end-to-end encryption in order to protect children. If it's protecting children you really care about, you'll do quite different things:

7

149

232

Ross Anderson

@rossjanderson

5 years

I've just put the next two chapters of "Security Engineering" v3 online – on cryptography, and on distributed systems

1

91

222

Ross Anderson

@rossjanderson

8 months

The third edition of my Security Engineering texbook will be freely available for download later this year, 42 months after publication. We did that with the first and second editions too, and in each case it increased sales of the paper book!

Yann LeCun

@ylecun

8 months

Only a small number of book authors make significant money from book sales. This seems to suggest that most books should be freely available for download. The lost revenue for authors would be small, and the benefits to society large by comparison.

1K

281

2K

4

77

217

Ross Anderson

@rossjanderson

4 years

Tim, we fought for and won an IP policy fifteen years ago that means we own the copyright in our lectures. Put yours online; mine are here:

Timothy Gowers @wtgowers

@wtgowers

4 years

All Cambridge University's lectures are going to be online next year. It would be wonderful if they were made publicly available in perpetuity: does anyone know whether the university has an enlightened policy on that?

31

97

827

3

56

217

Ross Anderson

@rossjanderson

4 years

We've collected tens of millions of posts to underground crime forums. They're not just an amazing resource for research in cybersecurity and criminology, but also for natural language processing:

3

97

197

Ross Anderson

@rossjanderson

4 years

Here are the last two chapters of the third edition of Security Engineering. They cover the hard interactions between security and society: from self-driving cars to adversarial machine learning, and from opsec to elections

6

93

186

Ross Anderson

@rossjanderson

2 years

Now that I've uploaded this week's lectures, all fifteen videos of my security engineering course are now online. This is 'the film of the book'!

3

65

172

Ross Anderson

@rossjanderson

5 years

Isn't it curious that nobody's written a summary of everything we learned about state surveillance from Edward Snowden? Well, I had a go, in a new introductory chapter for the third edition of my book Security Engineering:

5

97

165

Ross Anderson

@rossjanderson

4 years

Commercial cryptography was developed to protect payment systems against the doomsday scenario of a dishonest insider forging bank cards at scale. Doomsday just happened! For the back story on the tech see chapter 12 of Security Engineering:

Sam Sole

@SamSoleZA

4 years

Postbank forced to replace 12-million bank cards after employees steal 'master key' via @TimesLIVE

21

137

155

3

88

165

Ross Anderson

@rossjanderson

1 year

Back in crypto war 1, GCHQ mandated weak crypto for police radios. Oops! For years, the Chinese embassy could listen in to the special branch folks following their diplomats around...

Sam

@smithsam

1 year

Since all radios used by UK police/spook appear to have backdoors exploitable by others, they could just switch to using signal... oh...

1

6

31

6

80

149

Ross Anderson

@rossjanderson

2 years

We've just released the next two video lectures in my security engineering course, covering virtualisation, containers, sandboxing, app stores and supply-chain security:

0

46

147

Ross Anderson

@rossjanderson

7 years

Next big challenge in software: how do you keep patching a car for 30 years? What's the engineering? The economics?

17

169

139

Ross Anderson

@rossjanderson

5 years

Out today, my Security Engineering book chapter 12 tells the story of the last decade's frauds against card payments and online banking, and how the defences have adapted:

2

57

141

Ross Anderson

@rossjanderson

5 years

Bluetooth negotiates keylength in the clear before key exchange starts; either party can force the length to 8 bits, and so can a middleman. How on earth did this get agreed by dozens of tech companies, and get past NIST?

Luis Grangeia

@lgrangeia

5 years

Bluetooth is broken: A third party can force a one byte encryption key on any Bluetooth connection in range, even between already paired devices. It's bad.

32

1K

2K

4

122

129

Ross Anderson

@rossjanderson

5 years

Two more chapters of Security Engineering v3 are now online – one on access control, and one on nuclear command and control

1

44

129

Ross Anderson

@rossjanderson

5 years

The next chapter of Security Engineering v 3 is on inference control. It tracks the 40-year myth that sensitive personal data can be "anonymised" well enough to turn it into industrial raw material:

3

67

120

Ross Anderson

@rossjanderson

7 years

No point doing a security startup in Britain then, or a fintech one either. Once you have 10,000 customers, you have to hand over the keys

10

170

111

Ross Anderson

@rossjanderson

5 years

We've done a big study of how cybercrime has changed over the past seven years:

6

68

113

Ross Anderson

@rossjanderson

1 year

Peter Gutmann has a delightful one-page paper on post-quantum crypto...

5

40

109

Ross Anderson

@rossjanderson

5 years

This is pretty shocking. 25 of the 28 EU states are breaking data protection law by using ad tracking on their own websites, including when you browse pages on abortion, HIV and mental illness

Financial Times

@FT

5 years

EU citizens being tracked on sensitive government sites

1

36

3

123

113

Ross Anderson

@rossjanderson

5 years

My book chapter on side channels is now out – from Tempest though DPA, template attacks and TPM-fail, and all kinds of acoustic and optical leakage, to Meltdown and Spectre. Comments welcome:

3

70

111

Ross Anderson

@rossjanderson

4 years

"Good research is done with a shovel, not with tweezers" – from my thesis adviser, the late Roger Needham

Frank McGovern

@FrankMcG

4 years

What’s the single best life advice you’ve ever been given? Not a list. Tell me the best ONE. You have to choose.

351

26

206

3

18

108

Ross Anderson

@rossjanderson

3 years

This is what my thesis adviser Roger Needham told me 30 years ago – "good research is done with a shovel, not with tweezers!" When you find yourself picking up the crumbs left by others, it's time to go find a new pile of muck to drive your shovel into

Noah Smith 🐇🇺🇸🇺🇦🇹🇼

@Noahpinion

3 years

Why do so many researchers feel like their academic fields are in crisis, or hitting a dead end? Maybe it's because our academic system keeps researchers pointed in old, tired directions.

10

31

202

1

27

111

Ross Anderson

@rossjanderson

7 years

Microsoft won't patch ten-year-old computers and Samsung won't patch three-year-old phones. Who will patch your car?

Internet of Things Problems - Computerphile

A hacked car that could kill you should be more worrying than a thousand lightbulbs taking Facebook offline. University of Cambridge's Professor Ross Anderso...

www.youtube.com

9

103

102

Ross Anderson

@rossjanderson

12 years

Open access: my book 'Security Engineering' is now available online for free. See http://t.co/bemQg93c

11

186

95

Ross Anderson

@rossjanderson

12 years

We've documented a huge flaw in the chip and pin payment mechanisms that looks like it's already being exploited http://t.co/uT8ZmNZC

3

295

94

Ross Anderson

@rossjanderson

2 years

If you want to protect children, don't ban cryptography. Instead you should raise child benefit, reform children's social services, and stop privatising children's homes.

Patrick Butler

@patrickjbutler

2 years

My @guardian story: Overhaul of children’s social care in England urgent and unavoidable, independent review finds

2

7

14

2

32

85

Ross Anderson

@rossjanderson

3 years

Here's our latest paper on the insecurity of machine learning. There's a huge vulnerability, of a kind familiar to cryptographers, but which the machine-learning community has so far ignored.

Nicolas Papernot

@NicolasPapernot

3 years

Is poisoning ML possible without inserting poison in the model's training set? Yes. @iliaishacked et al. just introduces "data ordering attacks" which are able to target both the integrity and availability of ML simply by *reordering* points during SGD

14

140

482

1

53

86

Ross Anderson

@rossjanderson

5 years

Many thanks... but it's now available free online, so it weighs no more than your laptop or tablet does already. Enjoy!

Ben Goldacre

@bengoldacre

5 years

Yup. I loved Security Engineering by @rossjanderson , the first third could be a pop science classic, but the whole book weighs about fifteen kilos. (I strongly disagree with him on re-use of medical data btw, is a matter of proportionality)

0

7

1

30

86

Ross Anderson

@rossjanderson

7 years

How many of today's cars will still be getting security patches by then? We can't even patch phones for 2 years let along 20

@mikko

7 years

I wonder how many of the cars bought today will fail to start up after 19th of January 2038.

19

139

186

6

68

80

Ross Anderson

@rossjanderson

2 years

A guest lecture by Ian Levy of GCHQ concluded my security engineering course at Edinburgh, and we now have clearance to release the video:

2

30

81

Ross Anderson

@rossjanderson

5 years

My Security Engineering book chapter on smart meters, smart tachographs, curfew tags and other monitoring equipment is now online:

0

44

81

Ross Anderson

@rossjanderson

3 years

Is Apple's NeuralMatch system going to be searching for acts of abuse, or for people? It looks rather like a face recognition network...

3

48

77

Ross Anderson

@rossjanderson

8 years

How to hack the PIN retry counter on an iPhone – proof that the FBI were mistaken in their fight with Apple:

4

91

80

Ross Anderson

@rossjanderson

2 years

We're updating our course on the economics of information security, which is used by many universities and other organisations worldwide:

1

26

79

Ross Anderson

@rossjanderson

9 months

I expect the French definition of "secure" is "something that we can wiretap". That has been the GCHQ definition of secure for encryption in the NHS network and in the public sector more generally, starting in the mid-1990s. Nice to see the French copying us :-)

Meredith Whittaker

@mer__edith

9 months

The French PM is mandating ministers use a small French messaging app. OK. But I’m alarmed that she’s claiming “security flaws” in Signal (et al) to justify the move. This claim is not backed by any evidence, and is dangerously misleading esp. coming from gov.

82

408

1K

6

33

75

Ross Anderson

@rossjanderson

1 year

Just be careful! When we defeated the government in the Lords and stuck section 8 into the Export Control Act 2002, they just waited a few years than started enforcing the same bad stuff using another section of the Act – and denied to our faces that they had agreed not to!

Meredith Whittaker

@mer__edith

1 year

I would call this a victory, not a defeat. And am grateful to the UK government for making their stand clear. This is a really important moment, even if it’s not the final win.

19

173

546

1

24

77

Ross Anderson

@rossjanderson

9 years

Thinking of selling your old phone? Watch out! Android factory reset mostly doesn't quite work:

7

152

68

Ross Anderson

@rossjanderson

5 years

The chapter on physical tamper resistance in Security Engineering v3 is now online:

0

32

74

Ross Anderson

@rossjanderson

3 years

As we warned in "Bugs in our pockets", the European Commission wants client-side scanning not just for pictures, as Apple proposed, but for text too:

Patrick Breyer #JoinMastodon

@echo_pbreyer

3 years

UK tabloid reports on #chatcontrol 2: "The EU Commission is pushing to oblige all providers – such as #WhatsApp , #Skype and #Signal – to scan private chats. If an image sent privately pings an automated system as being suspect, the chat provider will send it to investigators."

4

48

70

1

60

70

Ross Anderson

@rossjanderson

4 years

This is an eye-opener, even for an old cynic like me. I suspect it might kick off a new thread of research in security economics...

Matt Stoller

@matthewstoller

4 years

I wrote up how the massive hack of nuclear weapons facilities (and everyone else) is a result of billionaire private equity barons looting software firms and degrading the security of software products used by IT departments everywhere.

9

94

249

4

27

69

Ross Anderson

@rossjanderson

4 years

The chapter on Network Attack and Defence for the third edition of "Security Engineering" is now online:

2

29

69

Ross Anderson

@rossjanderson

4 years

Vaccine passports could be a real train wreck, combining the ID card issues, health privacy issues, and discrimination by class, race and much else

Ada Lovelace Institute

@AdaLovelaceInst

4 years

Today, the @AdaLovelaceInst publishes the findings and recommendations of a rapid expert deliberation, chaired by @Prof_JonMont , which considers the risks and benefits of the potential roll-out of digital #vaccinepassports . Read it here: 1/8

4

95

141

3

35

69

Ross Anderson

@rossjanderson

5 years

Another chapter of Security Engineering v 3 is now online for review and feedback: chapter 9 on multilelevel security

1

25

70

Ross Anderson

@rossjanderson

4 years

The latest chapter of the third edition of "Security Engineering" asks: what happens to assurance as safety and security become one?

4

32

65

Ross Anderson

@rossjanderson

4 years

How do you jam a neural network? With a sponge attack! A cool new way of confusing natural language processing systems and slowing down machine vision too:

1

35

62

Ross Anderson

@rossjanderson

5 years

This is just awesome! It's one of those papers you see maybe once a year which make you think "Gosh, I wish I'd done that." The research web page is here:

Andy Greenberg (@agreenberg at the other places)

@a_greenberg

5 years

Researchers found that varying the intensity of a laser pointed at a smart speaker’s mic could trick it into behaving as if it were receiving voice commands—silently telling Alexa to make purchases or unlock doors via a window from hundreds of feet away.

33

433

666

1

40

66

Ross Anderson

@rossjanderson

7 years

@terrorwatchdog Cryptographers are not divided at all; our consensus is set out in "Keys Under Doormats"

2

40

62

Ross Anderson

@rossjanderson

3 years

If you build it, they will come: a detailed analysis of the risks of client-side scanning, which the intelligence agencies are working hard to mandate

0

39

62

Ross Anderson

@rossjanderson

4 years

Latest security research: a smart speaker can learn quite a lot about what you're typing on a nearby mobile phone just by listening to the taps

4

33

60

Ross Anderson

@rossjanderson

7 years

Fascinating new study of Palantir gives a sobering insight to network effects, privacy, and regulatory responses:

0

60

59

Ross Anderson

@rossjanderson

4 years

Here's the next chapter for the third edition of Security Engineering – the topic is Electronic and Information Warfare. It's chapter 23 at . Sorry about the month-long pause while I video recorded my undergraduate lectures!

0

32

60

Ross Anderson

@rossjanderson

5 years

The next chapter of Security Engineering v3 is now online for feedback – the chapter on security economics:

0

33

62

Ross Anderson

@rossjanderson

1 year

We've shown how to use Unicode tricks to put Trojans in source code and manipulate LLMs to give the wrong answers. In our latest paper we show how they can be used for search engine optimisation, and to spread disinformation:

2

30

60

Ross Anderson

@rossjanderson

11 years

We now have eight weeks to opt out of central collection of our NHS medical records for resale to private companies: http://t.co/IuNUqdlUdt

5

139

59

Ross Anderson

@rossjanderson

6 years

A memoir on Russian ciphers by John Tiltman, now declassified by the NSA, may shed light on what inspired Shannon's work on information theory:

3

43

59

Ross Anderson

@rossjanderson

7 years

First-class piece of analysis; anyone who thinks that all social problems can be solved by blockchains (or other tech magic) must read this!

Nicholas Bohm

@NicholasBohm

7 years

Paper on why electronic wills are not a clever idea has now moved to

0

4

13

2

42

57

Ross Anderson

@rossjanderson

5 years

The third chapter of my book, on the psychology and usability aspects of security engineering, is now online at

Ross Anderson

@rossjanderson

5 years

Isn't it curious that nobody's written a summary of everything we learned about state surveillance from Edward Snowden? Well, I had a go, in a new introductory chapter for the third edition of my book Security Engineering:

5

97

165

3

25

58

Ross Anderson

@rossjanderson

7 years

Let's get lots of scruffy geeks to travel in business class one week and scare away the bankers. Denial-of-service attack on business model

matt blaze

@mattblaze

7 years

Guy next to last seat on my Amtrak train looks me over as I sit; informs me this is business class (for which I have tix)& I'm in wrong car.

22

5

56

2

12

57

Ross Anderson

@rossjanderson

8 months

Billions are being spent by phone companies to make their crypto "quantum safe" under US government mandates. The main effect is closing loopholes created during the crypto wars by earlier US government mandates, which now let China observe US wiretaps

Yehuda Lindell

@LindellYehuda

8 months

I think that there's a huge amount of damage being done due to the over-hype of the quantum danger to cryptography. Organizations are wasting valuable resources to address something that (except in rare cases) doesn't need to be addressed.

11

14

83

4

20

56

Ross Anderson

@rossjanderson

2 years

Thanks, Cory, but this was mostly the work of Tim Clifford, an undergrad who was a research intern with us this summer! Credit where credit's due

Cory Doctorow NONCONSENSUAL BLUE TICK (AFK)

@doctorow

2 years

Today, I read "ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks," a preprint from an Oxford, Cambridge, Imperial College and University of Edinburgh team including the formidable @rossjanderson : 21/

2

25

135

2

8

57

Ross Anderson

@rossjanderson

4 years

People thought for years that the effect on a firm's stock price of a cybersecurity breach was transient; however, data collected and analysed last week at WEIS by Dennis Malliouras show that this is simply not the case:

Phil Venables

@philvenables

4 years

I can imagine this pattern has been locked and loaded into various algo trading approaches for quite a while.

3

1

10

2

24

56

Ross Anderson

@rossjanderson

4 years

I'll be giving a talk in 15 minutes at the Remote Chaos experience (this year's CCC) on the crypto wars, the proposed upload filter and what it all means for the looming cold war with China

0

13

54

Ross Anderson

@rossjanderson

5 years

After I gave a talk on the sustainability of Safety, Security and Privacy at 36C3, the audience voted to select the cover art for the 3rd edition of Security Engineering:

1

18

54

Ross Anderson

@rossjanderson

9 years

New report on David Cameron's proposal to regulate cryptography: wrong in principle, and unworkable in practice

5

117

54

Ross Anderson

@rossjanderson

5 years

Facial recognition has improved by an order of magnitude since 2012. How does it work and what does it mean? See my new Security Engineering book chapter on biometrics:

0

28

53

Ross Anderson

@rossjanderson

1 year

This ignores economics. Most systemic failures happen because Alice guards a system but Bob pays the cost of failure. In a world with externalities, asymmetric information and other market failures, security and safety will fail too.

Heather Adkins - Ꜻ - Spes consilium non est

@argvee

1 year

The cybersecurity industry shouldn’t exist. We built the internet wrong, and we can solve most of our cybersecurity problems at their root by rearchitecting technology platforms to be safe-by-default instead of buying security products.

101

177

1K

5

17

53

Ross Anderson

@rossjanderson

3 years

I'm due to be on the BBC News Channel speaking about Apple at 15:20

3

2

52

Ross Anderson

@rossjanderson

6 years

Truly spooky new method of remote surveillance:

SonarSnoop: Active Acoustic Side-Channel Attacks

We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart...

arxiv.org

1

32

50

Ross Anderson

@rossjanderson

4 years

Every so often, when I read Craig Murray's blog about a certain extradition hearing taking place in London, I start to be worried about two things: what's being done in my name, and the rule of law:

Your Man in the Public Gallery: Assange Hearing Day 18

It is hard to believe, but Judge Baraitser on Friday ruled that there will be no closing speeches in the Assange extradition hearing. She accepted the proposal initially put forward by counsel for th

www.craigmurray.org.uk

4

33

46

Ross Anderson

@rossjanderson

4 years

The penultimate chapter of Security Engineering v3 is now online ... it's about copyright at DRM

1

27

52

Ross Anderson

@rossjanderson

3 years

The government wants to set up a Cyber Security Council to examine and regulate us all, and yet it did not have the wit to register its own domain before somebody else did. The Russians and Chinese will be rolling on the floor laughing...

hackerfantastic.x

@hackerfantastic

3 years

The UK government wants to decide who is allowed to be an ethical hacker or not and tie it to legal defense exemptions under the upcoming amended Computer Misuse Act. A government that has shown itself to be nothing but corrupt and unethical...

20

130

308

2

19

50

Ross Anderson

@rossjanderson

4 years

I wish I'd thought of this. A simple and useful application for augmented reality...

Massimo

@Rainmaker1973

4 years

Through her project, Alaina Gassler, 14, is seeking to make driving safer by reducing blind spots. She designed a system that uses a webcam to display anything that might block the driver’s line of sight and won the 2019 Samueli Foundation Prize

5

77

427

1

17

50

Ross Anderson

@rossjanderson

3 years

The lectures on security economics and security psychology from my graduate security engineering course are now online:

0

13

49

Ross Anderson

@rossjanderson

4 years

If you're running a UK company and you keep personal information on EU citizens, better plan to keep the data in the EU.

Prof Paul Bernal

@PaulbernalUK

4 years

The annulment of the #privacyshield has significant potential implications for the UK post-Brexit. We’ll be in the same position then as the US is now: needing some way to get adequacy under the GDPR. How will we do that, given our failure to protect privacy generally?

4

25

39

3

31

47

Ross Anderson

@rossjanderson

6 years

If your security people don't get this, you have it coming.

Melanie Ensign

@iMeluny

6 years

I’ve witnessed so many security pros fail to communicate even the most basic idea that no one, NO ONE, in infosec should be calling users dumb, stupid, or the weakest link for not understanding how to do something others train to master.

20

176

588

1

20

50

Ross Anderson

@rossjanderson

9 months

The Foundation for Information Policy Research has been engaged in the crypto wars, and in policy tussles from medical privacy to AI regulation, for 25 years now. Celebration on November 30! Time to ask: what's changed and what's next?

3

28

49

Ross Anderson

@rossjanderson

2 years

A powerful argument why we should stop using "AI" and "machine learning" in policy discussions, and challenge the use of these terms by others!

Tech Policy Press

@techpolicypress

2 years

The Center on Privacy & Technology at Georgetown Law is removing “artificial intelligence,” “AI,” and “machine learning” from its institutional vocabulary. Read why in this piece from its Executive Director, Emily Tucker:

18

225

474

2

33

48

Ross Anderson

@rossjanderson

2 years

A survey of the many ways in which blockchains can end up being centralised, and even mutable. Lots of fascinating technical detail from centrality analyses to software vulns and smart contract monoculture...

Trail of Bits

@trailofbits

2 years

For the past year, Trail of Bits was engaged by DARPA to confirm if one of the things that everybody thinks they "knows" about cryptocurrency is actually true: Are blockchains really decentralized?

4

16

50

2

24

45

Ross Anderson

@rossjanderson

3 years

Here's a blog post about our latest attack on machine learning, which attacks the randomness assumption that underlies stochastic gradient descent:

Ross Anderson

@rossjanderson

3 years

Here's our latest paper on the insecurity of machine learning. There's a huge vulnerability, of a kind familiar to cryptographers, but which the machine-learning community has so far ignored.

1

53

86

1

19

48

Ross Anderson

@rossjanderson

4 years

Really important article – perhaps 6% of the people you phone will pick up the call. And from a call centre, as planned in England, it will be even worse. Insert your own call centre horror story here ...

Scott Feldman Esq.

@sfeldman0

4 years

Contact Tracing Is Harder Than It Sounds

0

3

5

2

24

48

Ross Anderson

@rossjanderson

3 years

Given all the effort we put in to worrying about y2k, why did nobody see this one coming?

#HaydSays

@haydsays

3 years

I don't know who else needs to know this, but an INT variable has limits.. Type int, which uses 32 bits giving it a range of -2147483648 to +2147483647, inclusive.. Today's date string ["YYMMDDHHMM"] is 2201010001, which is larger than that. HAPPY NEW YEAR!

107

1K

7K

9

7

47

Ross Anderson

@rossjanderson

4 years

If you asked why we shouldn't have centralised medical record systems, here is one answer

Sami Laiho

@samilaiho

4 years

Hi, my name is Sami - I am a #vastaamo breach victim. Finnish people are in the middle of a data breach of never before seen scale when it comes to the sensitivity of the personal info stolen. #report #dontpay

8

23

148

2

33

46

Ross Anderson

@rossjanderson

9 months

The NCA has spent years attacking encryption, saying it might stop them arresting men for downloading images of children. Now they complain that most of the men they do prosecute escape jail. What's going on? #E2EE #Chatcontrol

4

25

45

Ross Anderson

@rossjanderson

7 years

The media frenzy over #WannaCry is overblown but gives useful insights into the economics of information security

2

56

47

Ross Anderson

@rossjanderson

4 years

Here's the first of a new series of briefing papers on the effects of the pandemic on crime, from the Cambridge Cybercrime Centre:

0

25

45

Ross Anderson

@rossjanderson

1 year

Will GPT models choke on their own exhaust? Training models on data generated by earlier models introduces a curse of recursion, as the tails of the distributions disappear, and the output tends towards garbage:

3

17

44

Ross Anderson

@rossjanderson

4 years

We're resuming our old tradition of "three paper Thursdays" at Cambridge. Each Thursday one of us will discuss three research papers on security which we think are worth reading:

2

20

44

Ross Anderson

@rossjanderson

2 years

Disturbing analysis of the Online Safety Bill, as now amended, from a senior barrister I've worked with on interception cases in the past. We all know clause 104 is the secret policeman's Trojan horse; it's great to see someone knowledgeable flesh out the details

Index on Censorship

@IndexCensorship

2 years

The Govt have said they are removing #LegalButHarmful from the #OnlineSafetyBill . But there are still some significant challenges with the Bill. Read our newly commissioned legal opinion from @mryderkc :

1

19

16

0

35

43

Ross Anderson

@rossjanderson

3 years

"Don’t ever take a fence down until you know why it was put up" – Robert Frost

Privacy Matters

@PrivacyMatters

3 years

Seriously? "The EU’s General Data Protection Regulation (GDPR) aims to give people protection over their data privacy and confidence to engage in the digital economy, but in practice it overwhelms people with consent requests and complexity they cannot understand" 🤷‍♂️🙇🏼

10

37

87

1

12

44

Ross Anderson

@rossjanderson

3 years

The Post Office had the law changed to make it easier to prosecute sub-postmasters, leading to the largest every miscarriage of justice case in the UK -- and undermining the rights of many other defendants in criminal trials ever since

1

31

43