Category: IT Security

Posted on

Adobe’s About Face: useless feature or stroke of genius?

The news is not exactly fresh, but has been recently bounced again: Adobe’s Project About Face should make Photoshop able to detect human face editing and revert the image to its pristine condition.

As Adobe states on its website,

This new research is part of a broader effort across Adobe to better detect image, video, audio and document manipulations. Past Adobe research focused on image manipulation detection from splicing, cloning, and removal, whereas this effort focuses on the Face Aware Liquify feature in Photoshop because it’s popular for adjusting facial features, including making adjustments to facial expressions. The feature’s effects can be delicate which made it an intriguing test case for detecting both drastic and subtle alterations to faces.

The first reaction would be something along “who cares? There are plenty of tools to create my deep fakes, so… screw Adobe!” But that would be a rather dull conclusion, as by developing these technologies (assumed that they work properly) Adobe is creating a (big and wide) market niche. Continue reading “Adobe’s About Face: useless feature or stroke of genius?”

Posted on

The risk of using US subscription-bases’ services

Adobe block of Venezuelan accounts upon enforcement of an USA President Executive Order questions the subscription-based business model.

Once a path is paved, it will be not crossed just once. In other words: since the USA has started an extensive commercial ban against the EU and its member States, it is within the realm of possible that IT companies and software manufacturer are ordered to stop doing business with a Country.

The Adobe-Venezuelan quarrel is different from the Google – HuaWei story, because while the latter involves (at least in theory) two companies, the former is an act against a Country.

To build an IT industry entirely EU based is a top priority, but the European Commission and the member States seem not caring.

Posted on

Understanding the robustness of a perimeter defense

This video shows the different penetrating power of various pistol caliber and gives a useful tip for those who (claim to) work in the IT security field: when setting up a perimeter defense, the “penetrating power” of the attack should be taken into account.

In other words, there is no “one-fit-all” solution when it comes to building a digital bulletproof vest, and if somebody thinks that a fancy leather jacket might be the very same than a kevlar vest with ceramic plates, he might be wrong. Deadly, as it would be the infrastructure he claimed to protect.

Posted on

Prevention and Repression of Computer Crime against the EU: the problem is clear, the solution doesn’t

On May 17, 2019 the Council of the European Union has established

a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states, including cyber-attacks against third States or international organisations where restricted measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP).

In other words, this framework allows the EU to enforce a series of sanctions – including the prohibition of entry into the EU – to  those who attack the computer resources located in the Union from other countries. At first glance, everything would look normal and – all in all – acceptable. But since the devil is in the details, a more in-depth look at the matter reveals a few problems.

Firstly, the violation of the principles of due process: a computer attack is a crime and for sanctions to be applied to the culprits,  a proper trial is necessary. In the outline envisaged by the Council of European Union, this is not foreseen.  A blatant violation of the fundamental rights of the individual (also) recognized by the Nice Charter.

Secondly, even if the first condition is met, it must be remembered that in criminal matters the jurisdiction belongs strictly and solely to the national legislator. What cases and which penal codes or similar rules will be applied in order to decide whether we are dealing with an event which falls within the scope of the ‘framework’ laid down by the Council?

Thirdly, are we talking about public policy, state security or the defense of the interests of the Union? The question is not trivial because in the first case the “domain” is that of a hypothetical “EU Ministry of the Interior”, in the second of the hypothetical “European secret services” and in the third case of the “Ministry of Defense”. Ambiguously, however, the Council speaks of “discouraging” (i.e. “preventing”) and “opposing” (i.e. “reacting”) in order to achieve the objectives of the foreign policy “And” those of the common security. This means that “prevention” and “reaction” to the cyber attacks are instruments of “enforcement” of the foreign policy of the EU also independently of security issues.

Let’s get ready to face very interesting issues…

Posted on

Apple, Facial Recognition and the Right of Defense (plus, a sting at the GDPR)

The news is gaining momentum: Osumane Bah, a student that has been charged of multiple ? theft in ? Apple stores located in several cities of the United States, filed a suit against the Cupertino-based company seeking for a compensation of one billion USD for having been wrongly identified by Apple as the author of these crimes. The decisive evidence that lead to his involvement in the investigations, this is Mr. Bah’s basis of the claim, is that he has been ? wrongly identified by a facial recognition system operated either by Apple or a security company hired for the job. Continue reading “Apple, Facial Recognition and the Right of Defense (plus, a sting at the GDPR)”