New Podcast – Shantanu Bhattacharya: What do File Security and LLM Optimisation Have in Common?

CyAN member and 360Sequrity CEO/founder Shantanu Bhattacharya joins us for a repeat recording of a discussion about two seemingly unrelated, but definitely connected aspects of security: what are the gaps in protecting sensitive data on key systems, and why does improving LLM performance support this mission?

Our conversation covers everything from how attackers can subvert operating systems’ boot processes and logging mechanisms, to why inefficient AI systems are an entry point for the bad guys.

Notes and Links:

08:20 We won’t go into details about the UNIX filesystem paradigm and devices – just assume “everything is a file” and go from there.
09:44 ADS: https://owasp.org/www-community/attacks/Windows_alternate_data_stream
IBM has some additional information on ADS as an attack vector: https://developer.ibm.com/articles/alternate-data-streams/
10:40 Check out Varonis’ series on fileless pen testing: https://www.varonis.com/blog/master-fileless-malware-penetration-testing
12:00 It’s left as an exercise to the reader to look up how different boot sequences work. John didn’t do so well in his OS architecture courses at uni.
12:50 If your kernel is hijacked, nothing’s going to save you.
13:05 https://en.wikipedia.org/wiki/Blue_Pill_(software)
14:30 https://en.wikipedia.org/wiki/Master_boot_record
15:53 GUID Partition: Table https://en.wikipedia.org/wiki/GUID_Partition_Table – go donate to wikipedia.
16:38 Raw, not Ra. Ancient Egyptians all used block filesystems until at least the 18th or 19th dynasty.
17:07 They terrify us.
18:32 Stacks and heaps are memory concepts. Stacks are basically shorter-term memory areas for smaller information storage, and heap memory is slower and more persistent.
20:05 See above for examples of fileless attacks that don’t rely on writing anything to a disk
23:55 In most modern operating systems, there are multiple types of permissions granted to some permutation of the owner, the owner’s user group(s), and all users. This is part of file metadata.
25:00 Examples: who you are = your user ID. What you know = your password. What you have = a smart card/token. Biometrics makes this a bit messier, but you get the idea.
26:46 When you login, you establish who you are.
28:21 Eierlegende Wollmilchsau, for you cunning linguists
29:33 First thing you want to do when infiltrating a system is to shut off the security cameras…
29:48 See around 31:00 for an explanation of non-repudiation
37:29 We don’t always agree with Dr. Bender’s takes on AI, but she’s obviously a) incredibly thoughtful and well informed, and b) demonstrably able to take a critical look at the capabilities of LLMs from not only a technological but also a linguistic approach to their limitations. Check out any of her papers and interviews: https://faculty.washington.edu/ebender/
39:40 Something that’s likely to happen a lot more frequently soon, given the utterly insane power usage expectations of planned not only AI datacentres…

You can listen to this audio-only episode on Apple Podcasts, Podcast Republic, Spotify, or Amazon/Audible.

Shantanu Bhattacharya on LinkedIn: https://www.linkedin.com/in/shantanuprofile/
John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/

Check out the rest of CyAN’s media channels at https://cybersecurityadvisors.network/media – and visit us at https://cybersecurityadvisors.network

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/