Friday Squid Blogging: Underwater Cameras for Observing Squid

Interesting research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

The Misaligned Incentives for Cloud Security

Russias Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians success was their ability to move through these...

The Story of the 2011 RSA Hack

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come...

New Disk Wiping Malware Targets Israel

Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian...

AIs and Fake Comments

This month, the New York state attorney general issued a report on a scheme by "U.S. Companies and Partisans to Hack Democracy." This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US...

Friday Squid Blogging: Picking up Squid on the Beach

Make sure theyre dead. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Double-Encrypting Ransomware

This seems to be a new tactic: Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a "side-by-side encryption" attack, in which attacks encrypt some of an...

Bizarro Banking Trojan

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways­ -- either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the...

Apple Censorship and Surveillance in China

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance...

Adding a Russian Keyboard to Protect against Ransomware

A lot of Russian malware -- the malware that targeted the Colonial Pipeline, for example -- wont install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense: In Russia, for example, authorities there generally will not initiate a cybercrime...

Is 85% of US Critical Infrastructure in Private Hands?

Most US critical infrastructure is run by private corporations. This has major security implications, because its putting a random power company in -- say -- Ohio -- up against the Russian cybercommand, which isnt a fair fight. When this problem is discussed, people regularly quote the statistic...

Friday Squid Blogging: Far Side Squid Comic

A classic. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning via Zoom, July 8-9, 2021. I’ll be speaking at an Informa event on...

Ransomware Is Getting Ugly

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware, and the criminals have just posted personnel records -- "including the results of psychological assessments and polygraph tests;...

New US Executive Order on Cybersecurity

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of ne...

Book Sale: Beyond Fear

I have 80 copies of my 2000 book Beyond Fear available at the very cheap price of $5 plus shipping. Note that there is a 20% chance that your book will have a "BT Counterpane" sticker on the front cover. Order your signed copy here...

AI Security Risk Assessment Tool

Microsoft researchers just released an open-source automation tool for security testing AI systems: "Counterfit." Details on their blog...

Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish...

Newly Declassified NSA Document on Cryptography in the 1970s

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: "NSA Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era," Cryptographic Quarterly, Spring 1996, author still classified...

Friday Squid Blogging: COVID Relief Funds

A town in Japan built a giant squid statue with its COVID relief grant. One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for "urgent support," such as for medical staff and long-term care facilities. But a...

Teaching Cybersecurity to Children

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children -- an age at which Australian kids first attend school -- not to share information such as date of birth or full names with...

The Story of Colossus

Nice video of a talk by Chris Shore on the history of Colossus...

New Spectre-Like Attacks

Theres new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details: The new line of attacks exploits the micro-op...

Tesla Remotely Hacked from a Drone

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component ConnMan used in Tesla automobiles that allowed them to compromise parked ca...

Identifying the Person Behind Bitcoin Fog

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of peoples bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years. Identifying the person behind Bitcoin Fog serve...

Friday Squid Blogging: On Squid Coloration

Nice excerpt from Martin Wallins book Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Serious MacOS Vulnerability Patched

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance thats barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific...

Identifying People Through Lack of Cell Phone Use

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, theres this bit about cell phone surveillance: After Faïds helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd, detective units...

Second Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. I have 600 copies of the book available. When theyre gone, the sale is over and the price will revert to normal. Order here. Please be patient on delivery. Its a lot of work to...

Security Vulnerabilities in Cellebrite

Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is...

When AIs Start Hacking

If you dont have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activit...

Friday Squid Blogging: Squid-Shaped Bike Rack

Theres a new squid-shaped bike rack in Ballard, WA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

On North Korea’s Cyberattack Capabilities

Excellent New Yorker article on North Koreas offensive cyber capabilities...

Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. Its been there for four months. We dont know who put it there. Codecov said the breach allowed the attackers to export information stored in its users continuous integration CI environments. This information was then sent to a...

Biden Administration Imposes Sanctions on Russia for SolarWinds

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service SVR, and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in...

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorists iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities...

Friday Squid Blogging: Blobs of Squid Eggs Found Near Norway

Divers find three-foot "blobs" -- egg sacs of the squid Illex coindetii -- off the coast of Norway. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Cybersecurity Experts to Follow on Twitter

Security Boulevard recently listed the "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021." I came in at 7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. If you are one of the 134K people who read me from Twitter, "hi."...

NSA Discloses Vulnerabilities in Microsoft Exchange

Amongst the 100+ vulnerabilities patch in this months Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA...

DNI’s Annual Threat Assessment

The office of the Director of National Intelligence released its "Annual Threat Assessment of the U.S. Intelligence Community." Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States increasing use of cyber...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning via Zoom, July 8-9, 2021. I’ll be speaking at an Informa event on...

The FBI Is Now Securing Networks Without Their Owners’ Permission

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised...

More Biden Cybersecurity Nominations

News: President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John "Chris" Inglis as the first ever national cyber director NCD. I know them both, and think theyre both good...

Friday Squid Blogging: Jurassic Squid and Prey

A 180-million-year-old Vampire squid ancestor was fossilized along with its prey. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Backdoor Added — But Found — in PHP

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject "fix typo" and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internets websites use...

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Googles Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by "Western government operatives actively conducting a counterterrorism operation": The exploits, which went back to early 202...

Signal Adds Cryptocurrency Support

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, "a form of digital cash designed to work efficiently on mobile devices while protecting users privacy and even their anonymity." Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describe...

Phone Cloning Scam

A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. Whats clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy...

Wi-Fi Devices as Physical Object Sensors

The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals. "When 802.11bf will be...

Friday Squid Blogging: 500-Million-Year-Old Cephalopod

The oldest known cephalopod -- the ancestor of all modern octopuses, squid, cuttlefish and nautiluses -- is 500 million years old. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...