2959 matches found
Telegram Hosting World’s Largest Darknet Market
Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief...
Friday Squid Blogging: Squid Found in Light Fixture
Probably a college prank. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Flock Exposes Its AI-Enabled Surveillance Cameras
404 Media has the story: Unlike many of Flock's cameras, which are designed to capture license plates as people drive by, Flock's Condor cameras are pan-tilt-zoom PTZ cameras designed to record and track people, not vehicles. Condor cameras can be set to automatically zoom in on people's faces as...
LinkedIn Job Scams
Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers high-paying roles. In Kenya, the recruitment industry is largely unorganized, so scamsters leverage fake personal referrals. I...
Using AI-Generated Images to Get Refunds
Scammers are generating images of broken merchandise in order to apply for refunds...
Are We Ready to Be Governed by Artificial Intelligence?
Artificial Intelligence AI overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and small. This has occurr...
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...
IoT Hack
Someone hacked an Italian ferry. It looks like the malware was installed by someone on the ferry, and not remotely...
Urban VPN Proxy Surreptitiously Intercepts AI Chats
This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok xAI, Meta AI. For each platform, the extension includes a dedicated "executor" script designed to intercept and capture conversations. The...
Denmark Accuses Russia of Conducting Two Cyberattacks
News: The Danish Defence Intelligence Service DDIS announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service DDoS attacks on Danish websites in the lead-up to the municipal and regional council elections in November...
Microsoft Is Finally Killing RC4
After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard...
Friday Squid Blogging: Petting a Squid
Video from Reddit shows what could go wrong when you try to pet a--looks like a Humboldt--squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
AI Advertising Company Hacked
At least some of this is coming to light: Doublespeed, a startup backed by Andreessen Horowitz a16z that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked. The hack reveals what products the AI-generated accounts are promoting...
Someone Boarded a Plane at Heathrow Without a Ticket or Passport
I'm sure there's a story here: Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes...
Deliberate Internet Shutdowns
For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted "to prevent immoral activities." No additional explanation...
Chinese Surveillance and AI
New report: "The Party's AI: How China's New AI Systems are Reshaping Human Rights." From a summary article: China is already the world's largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there...
Against the Federal Moratorium on State-Level Regulation of AI
Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence. To many,...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026. Details to come. I’m speaking at Capricon 44 in Chicago, Illinois, USA. The convention runs February 5-8,...
Friday Squid Blogging: Giant Squid Eating a Diamondback Squid
I have no context for this video--it's from Reddit--but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we're getting more videos of giant squid at the surface than in...
Building Trustworthy AI Agents
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or...
AIs Exploiting Smart Contracts
I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature. Here's some interesting research on training AIs to automatically exploit smart contracts: AI models are increasingly good at cyber tasks, as we've written about before. But what is t...
FBI Warns of Fake Video Scams
The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence...
AI vs. Human Drivers
Two competing arguments are making the rounds. The first is by a neurosurgeon in the New York Times. In an op-ed that honestly sounds like it was paid for by Waymo, the author calls driverless cars a "public health breakthrough": In medical research, there’s a practice of ending a study early whe...
Substitution Cipher Based on The Voynich Manuscript
Here's a fun paper: "The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext": Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript MS 408, Yale University Beinecke Library is compatible with being a ciphertext ...
Friday Squid Blogging: Vampire Squid Genome
The vampire squid Vampyroteuthis infernalis has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That's more than twice as large as the biggest squid genomes. It's technically not a squid: "The vampire squid is a fascinating twig tenaciously hanging onto the cephalop...
New Anonymous Phone Service
A new anonymous phone service allows you to sign up with just a zip code...
Like Social Media, AI Requires Difficult Choices
In his 2020 book, "Future Politics , " British barrister Jamie Susskind wrote that the dominant question of the 20th century was "How much of our collective life should be determined by the state, and what should be left to the market and civil society?" But in the early decades of this century,...
Banning VPNs
This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of "protecting children" in A.B. 105/S.B. 130. It’s an age verification bill that...
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
A meter-long flying neon squid Ommastrephes bartramii was found dead on an Israeli beach. The species is rare in the Mediterranean. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Prompt Injection Through Poetry
In a new paper, "Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models," researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract : We present evidence that adversarial poetry functions as a universal single-turn...
Huawei and Chinese Surveillance
This quote is from House of Huawei: The Secret History of China 's Most Powerful Company. "Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been China's star entrepreneur in the 1980s, with his company, the Stone Group, touted as "China's IBM." Wan had believed that economic...
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from A...
IACR Nullifies Election Because of Lost Decryption Key
The International Association of Cryptologic Research--the academic cryptography association that's been putting conferences like Crypto back when "crypto" meant "cryptography" and Eurocrypt since the 1980s--had to nullify an online election when trustee Moti Yung lost his decryption key. For thi...
Friday Squid Blogging: New “Squid” Sneaker
I did not know Adidas sold a sneaker called "Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
More on Rewiring Democracy
It's been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the book's forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41. We need more reviews--six on Amazon is no...
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree--using AI not just as an advisor, but to execute the cyberattacks...
Scam USPS and E-Z Pass Texts and Websites
Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused "a cybercriminal group in China" of selling "phishing for dummies" kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of...
Legal Restrictions on Vulnerability Disclosure
Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities--exactly the opposite of what the responsible disclosure movement of the early...
AI and Voter Engagement
Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social...
More Prompt||GTFO
The next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: 4, 5, and 6. Well worth watching...
Friday Squid Blogging: Pilot Whales Eat a Lot of Squid
Short-finned pilot wales Globicephala macrorhynchus eat at lot of squid: To figure out a short-finned pilot whale's caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC at noon ET on November 17, 2025. The event is hosted by the POPVOX Foundation and the topic is “AI and Congress: Practical Step...
The Role of Humans in an AI-Powered World
As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions. For example, in a medical context, if an AI was demonstrably better at reading a test result and diagnosing cancer than a huma...
Book Review: The Business of Secrets
The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch May 24, 2024 From the vantage point of today, it's surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn't know whether the cryptography they so...
On Hacking Back
Former DoJ attorney John Carlin writes about hackback, which he defines thus: "A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are--b...
Prompt Injection in AI Browsers
This is why AIs are not ready to be personal assistants: A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no...
New Attacks Against Secure Enclaves
Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I've written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an...
Friday Squid Blogging: Squid Game: The Challenge, Season Two
The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. Too many links to pick a few--search for it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Faking Receipts with AI
Over the past few decades, it's become easier and easier to create fake receipts. Decades ago, it required special paper and printers--I remember a company in the UK advertising its services to people trying to cover up their affairs. Then, receipts became computerized, and faking them required...
Rigged Poker Games
The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games. In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the players in a particular order. As set forth in the...