OUR PICKSCalifornia’s Fire-Insurance Crisis Just Got Real | Should Killer Robots Be Allowed to Disobey Orders?, and more

Published 12 August 2024

 

·  Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All
Security researcher Bill Demirkapi found more than 15,000 hardcoded secrets and 66,000 vulnerable websites—all by searching overlooked data sources

·  California’s Fire-Insurance Crisis Just Got Real
The Park Fire has sent homeowners falling through the state’s shredded safety net

·  What China’s Dominance in Electronics Manufacturing Means for U.S. National Security
One of the most pressing concerns today is the growing dominance of China’s heavily state-subsidized electronics manufacturing industry

·  What Do Americans Really Think About the Bombing of Hiroshima and Nagasaki?
Scratch beneath the surface, and the American public today, as in 1945, does not display an ethically based taboo against using nuclear weapons or killing enemy civilians

·  ‘I’m Afraid I Can’t Do That’: Should Killer Robots Be Allowed to Disobey Orders?
Militaries will need to demonstrate that it’s possible to build ethical, responsible autonomous weapons that don’t say no,or show that they can engineer a safe and reliable right-to-refuse

 

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All  (Matt Burgess, Wired)
If you are where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data.
Today, at the Defcon security conference in Las Vegas, Demirkapi is unveiling the results of this work, detailing a massive trove of leaked secrets and wider website vulnerabilities. Among at least 15,000 developer secrets hard-coded into software, he found hundreds of username and password details linked to Nebraska’s Supreme Court and its IT systems; the details needed to access Stanford University’s Slack channels; and more than a thousand API keys belonging to OpenAI customers. (Cont.)