NFTs, AI, and more trend technologies
[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 10 February 2022.]
February is a week old. Even though it is still Winter, we do not hibernate. We currently work on our call for papers and the locations for this year’s events. Following the IT news these days is no helping with selecting interesting topics. Information technology has taken a steep turn into the past. Reading product information has more in common with fantasy novels than with hard facts. Magic is hard at work given the many wonderful features modern applications may or may not have.
Code based on the blockchain is getting a lot of news coverage. DeepSec deliberately did not include content this technology in our past conferences. Mentioning blockchain in your abstract is still a good way of not getting accepted for presentation or training. We briefly considered introducing Bitcoin into our ticket shop, but a superficial research yielded too many disadvantages. Cryptocurrencies are now the playground for start-ups and ill-advised methods to hide financial transactions. Furthermore, people are starting to look for alternative uses such as the Non Fungible Token (NFT) scams. Attesting the authenticity of digital data can be done in lots of other ways and without wasting precious energy. From the perspective of information security, the many attacks on cryptocurrency platforms (either exchange platforms or components of cryptocurrency applications) can be traced on the lack of secure code design or the lack of secure coding. Given the current state of affairs of this “new” “technology” we will probably skip Web3, too. Web1 and Web4 are better. 🥳
Speaking of technology, the pandemic has affected supply chains around the globe. The reasons are more complicated than transport capacity or a reduction of the workforce (i.e. persons). This means that information technology will soon discover that resources are not unlimited. Moore’s Law has already collided with reality. It just takes a while to realise this. Application programmers haven’t done this. Code is still created with the mindset of the 1990s, where performance problems were guaranteed to be solved by the next version of hardware. My secure coding classes always cover the use of computing and network resources, because adversaries like to build attack/kill chains around limitations. If your high-end, state-of-the-art artificial intelligence relies on a computing model that can only live in data centres, then the logical step is to sever the connection and deal with the newly created dumb intelligence. Divide and conquer still applies to IT security. Why bother with the hard targets if you can peel the defences down one by one?
The relationship between artificial intelligence and security experts is ambivalent. If you research both topics together, then you will find very few publications dealing with the security of the algorithms. You will find many security products that use AI algorithms to boost their performance. Most of it is still machine learning, i.e. using computing power for enhanced statistics. Even GPT3 is a language prediction algorithm and not an using-intelligence algorithm. The results might be impressive, but unless AI can tackle the field of philosophy intelligently, then it has still a long way to go. Why do I mention this? Well, we would like to shed some light on the current state of AI research from the IT security perspective. Hopefully, you haven’t thought about this connection yet and found some inspiration.
The call for papers will be out soon. First, we will fix the trainings in order to use more time for advertising. If you have content for state-of-the-art trainings, then let us know. The preliminary training schedule will be published in April 2022.