secure

OpenAI says its agreement with the Pentagon is completely secure. His way of convincing us: “Trust us”

by

Don’t worry about anything, really. Trust us. Who says it is OpenAI, a company led by Sam Altman that has earned the reputation of saying one thing on one hand and doing another on the other. There are whole books written on that premise, and it is inevitable not to remember it now that this gigantic startup has signed a disturbing agreement. soap opera. OpenAI reached an agreement with the Department of Defense to integrate its AI models into government agencies, replacing Anthropic. They did so by indicating that they would impose requirements on the use of these models and would have red lines similar to those defended in Anthropic: no mass espionage, no development of autonomous weapons. That decision has cost Anthropic the contract with the DoDbut also has been tagged as a “risk to the supply chain.” Trust us. There are two problems here. The first, that OpenAI has never shown the contract that makes it clear that there are red lines to the use of GPT by the military. And the second and most serious, that according to OpenAI we do not need it because we only need to trust them. Altman himself tried to dispel doubts explaining that they had added amendments to the agreement to ensure that those red lines were not crossed. The wall of opacity. Despite promises of transparency, OpenAI refuses to publish the contract. The firm’s head of national security, Katrina Muligan, he came to affirm in that it does not feel “obliged” to share the legal language of the agreement. This has raised suspicions about what has really been signed behind the scenes. Holes everywhere. Brad Carson, who served as secretary of the US Army under Obama, indicated at The Intercept how Sam Altman’s legal language in his posts on X is suspect. The CEO of OpenAI mention for example that “the AI ​​system will not be intentionally used for domestic surveillance of US citizens.” That “intentionally” is, according to experts like Carson, a kind of blank check to allow data on American citizens to be captured while spying on foreigners “by accident” but systematically. As Carson explains, They are trying to confuse you with complicated legal terms that ordinary people think mean something completely different. But lawyers know what it means. And lawyers know that this is no protection. The human factor. The integration of OpenAI’s AI into DoD systems now falls under the direct supervision of Secretary of Defense Pet Hegseth and President Trump. This represents an ethical dilemma: the security of the system depends on the political will of figures who have traditionally had no problem eliminating restrictions on mass surveillance systems. Quo vadis, OpenAI. The 180º turn it’s clear for OpenAI. While in its beginnings the startup was defined With the message of creating AI systems “for the benefit of humanity” and prohibiting the military use of its technology, this agreement demonstrates that such premises no longer seem to exist. another bad sign. This way of acting by OpenAI has caused it to be openly criticized on networks, but there have also been internal problems. This is demonstrated by the fact that its director of robotics, Caitlin Kalinowski, has decided to resign from office over concerns about the company’s military negotiations. And an obvious question. The dispute between the Department of Defense and the Pentagon centered precisely on the fact that they did not want Anthropic to establish red lines. OpenAI claims to have established basically the same ones, so how is it possible that the DoD allows OpenAI to establish them when it has not allowed Anthropic to do so? It doesn’t seem to make any sense. What a mess. We are living a real soap opera with three protagonists. The US Department of Defense (DoD) – now renamed the Department of War –, the company Anthropic and its rival, OpenAI. The DoD, which used Anthropic’s AI for military operations, He demanded to be able to use it without restrictionsbut Dario Amodei, CEO of the startup, he flatly refused. That was the moment Sam Altman took advantage of to become the new ally of the DoDsomething that has been seen by many as opportunistic and morally reprehensible. Image | Xataka with Freepik In Xataka | The war between Anthropic and the Pentagon points to something terrifying: a new “Oppenheimer Moment”

iPhones were supposed to be the most secure cell phones in the world. It was supposed

by

Imagine a tool capable of bend the security of a mobile simply browsing a website, without downloading any file or accepting any permission. It’s scary, but if that cell phone is also an iPhonethings get even worse. It is not the argument of a conspiracy theory, it is reality and it has just destroyed Apple’s aura of invulnerability. What has happened? Google security engineers have published a report detailing ‘Coruna’, a sophisticated hacking kit designed specifically to compromise iOS devices. According to the investigation, Coruna uses a chain of ‘zero-day’ vulnerabilities which give almost total access to the device. It’s going to be something similar to Pegasusbut even more sophisticated. The most disturbing thing is that it has been located in the hands of cybercriminals, but its origin appears to be in US government agencies. What Coruna does. As we said, all you have to do is visit a malicious website for it to take action. Coruna’s architecture is based on an extremely complex exploit chain that takes advantage of flaws in the browser’s rendering engine and in the operating system core itself. In this way, it takes control of the iPhone silently, without the user downloading any files or accepting any additional permissions. The good news is that Apple patched one of these vulnerabilities with iOS 17.3, so if your phone is on this version or higher, you have nothing to worry about. However, despite these limitations, it is estimated to have infected tens of thousands of devices. Image: Google Timeline. In early 2025, Google first detected parts of this exploit chain that had been used by a commercial surveillance company. In the middle of the year he reappeared in a campaign against Ukraine attributed to Russian espionage and at the end of the year he made the jump to China, where he was hiding on fake websites about finance and cryptocurrencies. The kit stole cryptocurrencies and other data from victims, such as photos or email accounts. Who has developed this. In statements to Wiredthe head of the security company iVerify, highlights that the code is “extremely sophisticated and its development has cost millions of dollars.” The most striking detail is that Coruna shares modules with the one known as “triangulation operation”another cyberattack targeting iOS discovered by Kaspersky and attributed to the NSA. At the moment it is a suspicion, but according to iVerify, the signs clearly point to it being the work of some US government agency or contractor. How it has ended up in the wrong hands. It is the question that experts ask themselves and at the moment there is no answer, but there is a hypothesis. Zero-day exploits are those that the manufacturer, in this case Apple, has not yet detected and are the most expensive ones sold on the black market. The theory is that it was sold by an exploit broker to some foreign intelligence service and from there it made the jump to cybercrime organizations. iVerify analyzed a version of Coruna and found that the code had been modified to install malware that emptied cryptocurrency wallets. These additions were “poorly written” and contrasted greatly with the underlying code, which fits with the theory that it was conceived by a very well-funded organization and then ended up in the world of cybercrime. Image | Apple, edited with Gemini In Xataka | Anthropic has become the Apple of our era and OpenAI our Microsoft: a story of love and hate

boost your own WeChat 100% secure not fake

by

Just a few hours ago Pavel Durov, CEO and founder of Telegram, he reported through his channel that Putin’s government had blocked access to Telegram by Russian citizens. Today that limitation has gone one step further with the blocking of WhatsApp and other Meta apps such as Instagram or Facebook. Context. In Russia there is an organization called Roskomnadzor, aka Russian Telecommunications Supervision Agency. It’s the Russian regulator, in a nutshell. Just a day ago, Roskomnadzor announced restrictions on Telegram alleging that it was not applying Russian law, that “no real measure is applied to combat fraud and the use of messaging for criminal and terrorist purposes.” WHATSAPP Tricks and tips to HIDE YOURSELF TO THE MAXIMUM and maintain your PRIVACY Better, much better, Max. In Russia there are two predominant messaging apps: Telegram and WhatsApp, but from Moscow they have been promoting Max for some time. Since the summer of last year, all mobile phones and tablets sold in the country must have it pre-installed. This app has been developed by VKontakte, the Russian Facebook, whose control falls de facto to the Russian government. Screenshot of Max’s landing page | Image: Xataka Max integrates with government services and centralizes communications through a platform controlled by the Kremlin. Let’s think about a Russian WeChat. The excuse is the protection of citizens’ data, the complaint is that they seek to limit digital freedoms and monitor the activity of citizens. And now, WhatsApp. With its pluses and minuses, WhatsApp is a fairly secure and robust app that, at least, is end-to-end encrypted. That does not fit with the Kremlin’s mission to control the communications of Russian citizens. WhatsApp has at least 100 million users, or rather, it had, because during the evening yesterday the Russian authorities eliminated it from the app directory maintained by Roskomnadzor. In short, Moscow has deleted WhatsApp and other Meta apps from the Russian Internet. WhatsApp has been blocked, while Instagram and Facebook have been declared extremist and are only accessible via VPN, they point out from Financial Times. The YouTube experience has also been downgraded, although it is unclear whether it will be blocked entirely or not. WhatsApp, for its part, has issued a statement in X ensuring that “the Russian government tried to completely block WhatsApp to force people to use a state surveillance application. Trying to isolate more than 100 million users from private and secure communication is a setback and can only reduce the security of Russian citizens. We continue to do everything we can to keep users connected.” The problem. Although from the point of view of the Russian government it makes sense to promote Max, the truth is that blocking Telegram and WhatsApp means disconnecting the population. Everyone, including those on the front lines and civilians who use the app to find out about attacks, suffer from war. The blockade, however, was evidently going to happen. An increase in control. Russia has been promoting a campaign against foreign courier services for four years, accusing Telegram from being used by Ukraine to recruit agents and organize attacks, without going any further. Since last year the government has been reducing network speed when using WhatsApp, making its use more frustrating and forcing Max into exile. Another of the obligations imposed by Russia directly affects Apple, which since September 1 You have to pre-install RuStorethe Russian app store, on all the company’s devices. Until that day, it was only required on Android devices. Cover image | Dimitri Karastelev In Xataka | When Europe launched its satellites decades ago it did so without encryption. Now he just discovered that someone else knew: Russia

We thought two-step authentication apps were secure. Researchers have shown how easy it is to hack them

by

The two-step verification With authentication apps it is one of the safest methods to protect our accounts, or so we thought. They count in Ars Technica that a group of researchers from several American universities have discovered a new type of attack on Android that is capable of copying these codes in less than 30 seconds, which is precisely the time it takes to refresh. Pixnapping. It is the name of this new attack capable of stealing two-step authentication codes from apps such as Google Authenticator or Microsoft Authenticator. These apps show codes that are automatically refreshed every 30 seconds, so it is more secure than, for example, SMS verification, which usually gives a margin of 10 or 15 minutes to copy the code. With this technique, researchers have managed to crack the six-digit code in just 23 seconds, which leaves plenty of time to use the code and log in to the account they want to steal. How it works. Any app on Android can launch a pixnapping attack without needing to obtain special permissions. Once underway, the attack occurs in three steps: The malicious app uses Android APIs to communicate with the app it wants to spy on. These calls force the target app to display specific data (the authentication codes) and send this information to the Android rendering pipeline, which is responsible for displaying each app’s pixels on the screen. Pixnapping performs graphical operations on the pixels that have been received by the rendering pipeline. Identify the coordinates of each pixel of interest and check if the color is white or non-white. White pixels take less time to render than non-white pixels. By measuring time, pixnapping is able to reconstruct images from the render pipeline data. Speed ​​is key. Pixnapping can also obtain other types of information that is visible on the screen, such as account numbers or personal information, but the speed with which it runs makes it especially dangerous for these authentication apps. To achieve this, the researchers reduced the number of samples per pixel, so that they could decipher all six digits in 30 seconds. Which phones does it affect? As we said, pixnapping only affects the Android operating system, but it seems to extend to quite a few versions. The investigation verified that the attack could be carried out on devices with versions from Android 13 to Android 16. They have only reproduced it on Pixel phones and a Samsung Galaxy S25, but they believe that due to the mechanism of the attack, any Android will be affected. How to protect yourself. Waiting for now. Google has already released a patch does little to mitigate this attack, but they have found that there are ways to bypass it. In statements to The RegisterGoogle confirmed that they would release a second patch in December to put an end to it. The good news is that they say they have no evidence that there are apps taking advantage of this vulnerability. Image | Pixnapping In Xataka | One click and goodbye to our passwords. This is the vulnerability that affects the extensions of several managers

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.