2981 matches found
Friday Squid Blogging: Giant Squid vs. Blue Whale
A comparison aimed at kids...
New Cryptanalysis of the Fiat-Shamir Protocol
A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis...
GPT-4o-mini Falls for Psychological Manipulation
Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024's GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts...
Indirect Prompt Injection Attacks Against LLM Assistants
Really good research on practical attacks against LLM agents. "Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous" Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as...
The UK May Be Dropping Its Backdoor Mandate
The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately...
AI Agents Need Data Integrity
Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a "Magna Carta for the Web" to restore the balance of power between individuals and institutions. This mirrors the original charter's purpose: ensuring that those who occupy a territory have ...
Zero-Day Exploit in WinRAR File
A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature ...
China Accuses Nvidia of Putting Backdoors into Their Chips
The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China's cyber regulator on Thursday said it had held a meeting with Nvidia over what it called "serious security issues" with the company's artificial intelligence chips. It said US AI experts had "revealed...
Surveilling Your Children with AirTags
Skechers is making a line of kid's shoes with a hidden compartment for an AirTag...
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies
An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article: According to court documents, Chapman hosted the North Korean IT workers' computers in her own home between October...
Friday Squid Blogging: Stable Quasi-Isodynamic Designs
Yet another SQUID acronym: "Stable Quasi-Isodynamic Design." It's a stellarator for a fusion nuclear power plant...
Google Sues the Badbox Botnet Operators
It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google's security...
Friday Squid Blogging: The Giant Squid Nebula
Beautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth's sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula's bipolar shape is distinguished here by the telltale blue emission from doubly...
Hacking Trains
Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...
Report from the Cambridge Cybercrime Conference
The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here...
Friday Squid Blogging: How Squid Skin Distorts Light
New research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
How Cybersecurity Fears Affect Confidence in Voting Systems
American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn't just political polarization--it's a creeping...
Friday Squid Blogging: Gonate Squid Video
This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...
Another Move in the Deepfake Creation/Detection Arms Race
Deepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats. The...
The Combined Cipher Machine
Interesting article--with photos!--of the US/UK "Combined Cipher Machine" from WWII...
Story of an Undercover CIA Agent who Penetrated Al Qaeda
Rolling Stone has a long investigative story non-paywalled version here about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the "real life spies" file: a fake Sudanese diving resort run by Mossad...
Friday Squid Blogging: “Squidbleed” Vulnerability
In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
AI Surveillance and Social Progress
In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong--shoplift, litter, jaywalk, you name it--the system will notice, retain it, tie it to your official government record, communicate...
Embedding Forbidden Text in Spyware to Discourage AI Analysis
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it...
Flock Exposes Its AI-Enabled Surveillance Cameras
404 Media has the story: Unlike many of Flock's cameras, which are designed to capture license plates as people drive by, Flock's Condor cameras are pan-tilt-zoom PTZ cameras designed to record and track people, not vehicles. Condor cameras can be set to automatically zoom in on people's faces as...
The Trump Administration’s Increased Use of Social Media Surveillance
This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US: The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political...
That Time Tom Lehrer Pranked the NSA
Bluesky thread. Here's the paper, from 1957. Note reference 3...
Using Signal Groups for Activism
Good tutorial by Micah Lee. It includes some nonobvious use cases...
Reimagining Democracy
Imagine that all of us--all of society--have landed on some alien planet and need to form a government: clean slate. We do not have any legacy systems from the United States or any other country. We do not have any special or unique interests to perturb our thinking. How would we govern ourselves...
RIP Mark Klein
2006 AT&T whistleblower Mark Klein has died...
Measuring the Attack/Defense Balance
"Who's winning on the internet, the attackers or the defenders?" I'm asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain's latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all...