2981 matches found
AI in the 2026 Midterm Elections
We are nearly one year out from the 2026 midterm elections, and it's far too early to predict the outcomes. But it's a safe bet that artificial intelligence technologies will once again be a major storyline. The widespread fear that AI would be used to manipulate the 2024 US election seems rather...
Use of Generative AI in Scams
New report: "Scam GPT: GenAI and the Automation of Fraud." This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and...
Microsoft Still Uses RC4
Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Cambridge Public Library on October 22, 2025 at 6 PM ET. The event is sponsored by Harvard Bookstore. I’m giving a virtual talk about my book Rewiring Democracy at 1 PM ET on October 23, 2025...
Assessing the Quality of Dried Squid
Research: Nondestructive detection of multiple dried squid qualities by hyperspectral imaging combined with 1D-KAN-CNN Abstract: Given that dried squid is a highly regarded marine product in Oriental countries, the global food industry requires a swift and noninvasive quality assessment of this...
AI in Government
Just a few months after Elon Musk's retreat from his unofficial role leading the Department of Government Efficiency DOGE, we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Ev...
My Latest Book: Rewiring Democracy
I am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21. Rewiring Democracy looks beyond common tropes like deepfakes to exami...
Subverting AIOps Systems Through Poisoned Input Data
In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out...
Eavesdropping on Phone Conversations Through Vibrations
Researchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It's more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it's a start...
AI Applications in Cybersecurity
There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here's where to register to attend, or participate, in the fourth. Some really great stuff here...
SIGINT During World War II
The NSA and GCHQ have jointly published a history of World War II SIGINT: "Secret Messengers: Disseminating SIGINT in the Second World War." This is the story of the British SLUs Special Liaison Units and the American SSOs Special Security Officers...
Automatic License Plate Readers Are Coming to Schools
Fears around children is opening up a new market for automatic license place readers...
The Semiconductor Industry and Regulatory Compliance
Earlier this week, the Trump administration narrowed export controls on advanced semiconductors ahead of US-China trade negotiations. The administration is increasingly relying on export licenses to allow American semiconductor firms to sell their products to Chinese customers, while keeping the...
Friday Squid Blogging: A Case of Squid Fossil Misidentification
What scientists thought were squid fossils were actually arrow worms...
Another Supply Chain Vulnerability
ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department's computer systems--with minimal supervision by U.S. personnel--leaving some of the nation's most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigatio...
Security Vulnerabilities in ICEBlock
The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement ICE officials, promises that it "ensures user privacy by storing no personal data." But that claim has come under scrutiny. ICEBlock creator...
Hiding Prompt Injections in Academic Papers
Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan's Waseda University, South Korea's KAIST, China's Peking University and the National University of Singapore, as wel...
Surveillance Used by a Drug Cartel
Once you build a surveillance system, you can't control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice...
Iranian Blackout Affected Misinformation Campaigns
Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that's one way to identify fake accounts and misinformation campaigns...
Here’s a Subliminal Channel You Haven’t Considered Before
Scientists can manipulate air bubbles trapped in ice to encode messages...
Largest DDoS Attack to Date
It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It...
Surveillance in the US
Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and...
Australia Requires Ransomware Victims to Declare Payments
A new Australian law requires larger companies to declare any ransomware payments they have made...
The Voter Experience
Technology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now have better ways of scaling outreach...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking remotely at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page...
CISA Identifies Five New Vulnerabilities Currently Being Exploited
Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don't have any details about who is exploiting them, or how. News article. Slashdot thread...
AI and Civil Service Purges
Donald Trump and Elon Musk's chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government...
Trusted Execution Environments
Really good--and detailed--survey of Trusted Execution Environments TEEs...
Criminals Exploiting FBI Emergency Data Requests
I've been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the...
Friday Squid Blogging: Squid as a Legislative Negotiating Tactic
This is an odd story of serving squid during legislative negotiations in the Philippines. Blog moderation policy...
Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
The "long lost lecture" by Adm. Grace Hopper has been published by the NSA. Note that there are two parts. Its a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She wa...
Meta Is Testing Facial Recognition for Police and Military
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. Alternate news story...
1980s Hacker Manifesto
Forty years ago, The Mentor--Loyd Blankenship--published "The Conscience of a Hacker" in Phrack. You bet your ass we're all alike… we've been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominate...
Palo Alto Crosswalk Signals Had Default Passwords
Palo Alto's crosswalk signals were hacked last year. Turns out the city never changed the default passwords...
The Wegman’s Supermarket Chain Is Probably Using Facial Recognition
The New York City Wegman's is collecting biometric information about customers...
Friday Squid Blogging: Squid Found in Light Fixture
Probably a college prank. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...
IoT Hack
Someone hacked an Italian ferry. It looks like the malware was installed by someone on the ferry, and not remotely...
Someone Boarded a Plane at Heathrow Without a Ticket or Passport
I'm sure there's a story here: Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes...
AI vs. Human Drivers
Two competing arguments are making the rounds. The first is by a neurosurgeon in the New York Times. In an op-ed that honestly sounds like it was paid for by Waymo, the author calls driverless cars a "public health breakthrough": In medical research, there’s a practice of ending a study early whe...
Substitution Cipher Based on The Voynich Manuscript
Here's a fun paper: "The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext": Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript MS 408, Yale University Beinecke Library is compatible with being a ciphertext ...
Friday Squid Blogging: Vampire Squid Genome
The vampire squid Vampyroteuthis infernalis has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That's more than twice as large as the biggest squid genomes. It's technically not a squid: "The vampire squid is a fascinating twig tenaciously hanging onto the cephalop...
The AI-Designed Bioweapon Arms Race
Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they're created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used ...
Louvre Jewel Heist
I assume I don't have to explain last week's Louvre jewel heist. I love a good caper, and have like many others eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons tha...
Rewiring Democracy is Coming Soon
My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship , will be published in just over a week. No reviews yet, but you can read chapters 12 and 34 of 43 chapters total. You can order the book pretty much everywhere, and a copy signed by me here. Pleas...
AI and the Future of American Politics
Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have seen plenty of warning signs from elections worldwide demonstrating how AI can be used t...
Flok License Plate Surveillance
The company Flok is surveilling us as we drive: A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia's 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four...
Daniel Miessler on the AI Attack/Defense Balance
His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if you’re...
Details of a Scam
Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here's an almost: Then he added, "Here at Chase, we'll never ask for your personal information or passwords." On the contrary, he gave me more information--two "cancellation codes" and a long case numbe...
Friday Squid Blogging: Jigging for Squid
A nice story...