2979 matches found
Friday Squid Blogging: Squid Purse
Perfect for an evening out. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
NSA Over-surveillance
Here in 2022, we have a newly declassified 2016 Inspector General report--"Misuse of Sigint Systems"--about a 2013 NSA program that resulted in the unauthorized that is, illegal targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. Theres nothing really...
Apple Only Commits to Patching Latest OS Version
People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its...
Friday Squid Blogging: On Squid Ink
Its aimed at children, but its a good primer. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Friday Squid Blogging: Emotional Support Squid
The Monterey Bay Aquarium has a video--"2 Hours Of Squid To Relax/Study/Work To"--with 2.4 million views. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Relay Attack against Teslas
Nice work: Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while youre in the grocery store, intercepting your key...
Friday Squid Blogging: Colossal Squid in New Zealand Museum
Its in Timaru. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Facebook Has No Idea What Data It Has
This is from a court deposition: Facebooks stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022...
Russia Creates Malware False-Flag App
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. Its actually malware, and provides information back to the Russians: The hackers pretended to be a "community of free people around the world who are fighting...
San Francisco Police Want Real-Time Access to Private Surveillance Cameras
Surely no one could have predicted this: The new proposal--championed by Mayor London Breed after Novembers wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area--would authorize the police department to use non-city-owned security cameras and camera networks to live...
Friday Squid Blogging: Signature Steamed Giant Squid with Thai Lime Sauce
From a restaurant in Singapore. Its not actually giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
The Limits of Cyber Operations in Wartime
Interesting paper by Lennart Maschmeyer: "The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations": Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utili...
The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms
Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didnt enter any of its own in the contest. The agencys mathematicians, however, worked with NI...
ICE Is a Domestic Surveillance Agency
Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York...
Friday Squid Blogging: Strawberry Squid Video
Beautiful video shot off the California coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
“Change Password”
Oops: Instead of telling you when its safe to cross the street, the walk signs in Crystal City, VA are just repeating CHANGE PASSWORD. Somethings gone terribly wrong here...
Friday Squid Blogging: Far Side Cartoon
Squid, of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Decrypting Hive Ransomware Data
Nice piece of research: Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damag...
Using EM Waves to Detect Malware
I dont even know what I think about this. Researchers have developed a malware detection system that uses EM waves: "Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification." Abstract: The Internet of Things IoT is constituted of devices that are exponential...
Norton’s Antivirus Product Now Includes an Ethereum Miner
Norton 360 can now mine Ethereum. Its opt-in, and the company keeps 15%. Its hard to uninstall this option...
People Are Increasingly Choosing Private Web Search
DuckDuckGo has had a banner year: And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020 23.6 billion. Thats big. Even so, the company, which bills itself as the "Internet privacy company," offering a search engine and...
Stolen Bitcoins Returned
The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishiis wallet after obtaining the private key, which made it possible to...
Friday Squid Blogging: Squeeze the Squid
Squeeze the Squid is a band. It just released its second album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Friday Squid Blogging: Bigfin Squid Captured on Video
"Eerie video captures elusive, alien-like squid gliding in the Gulf of Mexico." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Friday Squid Blogging: Squid Game Cryptocurrency Was a Scam
The Squid Game cryptocurrency was a complete scam: The SQUID cryptocurrency peaked at a price of $2,861 before plummeting to $0 around 5:40 a.m. ET., according to the website CoinMarketCap. This kind of theft, commonly called a "rug pull" by crypto investors, happens when the creators of the cryp...
Tracking Stolen Cryptocurrencies
Good article about the current state of cryptocurrency forensics...
Details of the Recent T-Mobile Breach
Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. Ive lost count of how many times T-Mobile has been hacked...
New Windows Zero-Day
Googles Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesnt affect the cryptography, but allows attackers to escalate system privileges: Attackers were combining an exploit for it with a separate one targeting a...
North Korea ATM Hack
The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...
Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters
Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Amazon Supplier Fraud
Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped...
EFF's 30th Anniversary Livestream
It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EF...
Friday Squid Blogging: Squid Deception
This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Calling Squid "Calamari" Makes It More Appetizing
Research shows that what a food is called affects how we think about it. Research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Cabinet of Secret Documents from Australia
This story of leaked Australian government secrets is unlike any other I've heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the...
Poor Security at the UK National Health Service
The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required." This is the same NHS that was debilitated by WannaCry. EDITED TO ADD 2/13: More news. And don't think that US hospitals are much better...
New Book Coming in September: "Click Here to Kill Everybody"
My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE. The table of contents has changed since I last blogged about this, and ...
Analyzing Cyber Insurance Policies
There's a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract: In this research paper, we seek to answer fundamental questions concerning the current state of the cyber insurance market. Specifically, by collecting over 100 full insurance policies...
Cybersecurity Mission Creep in the US
Interesting paper: "Cybersecurity Mission Creep." Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust...
The Realities of AI Video Surveillance
The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. Th...
Friday Squid Blogging: Squid-Inspired Fluid Pump
This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
NSO Group Hacking WhatsApp Despite Court Order
WhatsApp has caught the NSO Group phishing its users, in violation of a court order...
CISA Security Leak
Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...
On AI Security
Good report: Executive Summary: Let's say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don't actually work for measuring AI capabilities even when they are NOT emergent systemic properties like...
Laurie Anderson Is Quoting Me
Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said "If you think technology will solve your problems, you don't understand technology and you don't understand your problems." Also in interviews: "Of course, it's...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the...
How Dangerous Is Anthropic’s Mythos AI?
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan a...
Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Insider Betting on Polymarket
Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets--defined as wagers of $2,500 or more at odds of 35 percent or less--on the platform had an average win rate of around 52 percent in markets...
Rowhammer Attack Against NVIDIA Chips
A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new--and potentially much more consequential--territory: GDD...