TP-Link Router Botnet

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution RCE possible so that the malware can spread itself across the internet automatically. This high severity security flaw tracked as CVE-2023-1389 has also been us...

RIP Mark Klein

2006 AT&T whistleblower Mark Klein has died...

China, Russia, Iran, and North Korea Intelligence Sharing

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have...

Silk Typhoon Hackers Indicted

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China's Ministry of Publ...

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven't seen before. Which introduces another type of attack made possibly by abusing websites that don't monitor...

Friday Squid Blogging: Squid Loyalty Cards

Squid is a loyalty card platform in Ireland. Blog moderation policy...

Rayhunter: Device to Detect Cellular Surveillance

The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area. It runs on a $20 mobile hotspot...

The Combined Cipher Machine

Interesting article--with photos!--of the US/UK "Combined Cipher Machine" from WWII...

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don't have any details about who is exploiting them, or how. News article. Slashdot thread...

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job...

Friday Squid Blogging: Eating Bioluminescent Squid

Firefly squid is now a delicacy in New York. Blog moderation policy...

“Emergent Misalignment” in LLMs

Interesting research: "Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs": Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model act...

UK Demanded Apple Add a Backdoor to iCloud

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. I...

North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a "Multisig Cold Wallet" when,...

More Research Showing AI Breaking the Rules

These researchers had LLMs play chess against better opponents. When they couldn't win, they sometimes resorted to cheating. Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than an...

Friday Squid Blogging: New Squid Fossil

A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy...

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

Device Code Phishing

This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...

Story About Medical Device Security

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don't remember the story at all, or who the company was. But it sounds about right...

Atlas of Surveillance

The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US...

Friday Squid Blogging: Squid the Care Dog

The Vanderbilt University Medical Center has a pediatric care dog named "Squid." Blog moderation policy...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025. My talk is at 4:00 PM ET on the 15th. I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. The list is maintaine...

AI and Civil Service Purges

Donald Trump and Elon Musk's chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government...

DOGE as a National Cyberattack

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history--not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the...

Delivering Malware Through Abandoned Amazon S3 Buckets

Here's a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don't realize that they have been abandoned, and still...

Trusted Execution Environments

Really good--and detailed--survey of Trusted Execution Environments TEEs...

Pairwise Authentication of Humans

Here's an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode TOTP between any pair of persons. This i...

UK Is Ordering Apple to Break Its Own Encryption

The Washington Post is reporting that the UK government has served Apple with a "technical capability notice" as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and...

Friday Squid Blogging: The Colossal Squid

Long article on the colossal squid. Blog moderation policy...

Screenshot-Reading Malware

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition OCR to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more...

AIs and Robots Should Sound Robotic

Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance an...

On Generative AI Security

Microsoft's AI Red Team just published "Lessons from Red Teaming 100 Generative AI Products." Their blog post lists "three takeaways," but the eight lessons in the report itself are more useful: 1. Understand what the system can do and where it is applied. 2. You don't have to compute gradients t...

Deepfakes and the 2024 US Election

Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project source for our analysis, which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used...

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the 90 users in...

Friday Squid Blogging: On Squid Brains

Interesting. Blog moderation policy...

Fake Reddit and WeTransfer Sites are Pushing Malware

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing...

ExxonMobil Lobbyist Caught Hacking Climate Activists

The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists: The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly...

CISA Under Trump

Jen Easterly is out as the Director of CISA. Read her final interview: There's a lot of unfinished business. We have made an impact through our ransomware vulnerability warning pilot and our pre-ransomware notification initiative, and I'm really proud of that, because we work on preventing somebo...

New VPN Backdoor

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the...

Friday Squid Blogging: Beaked Whales Feed on Squid

A Travers' beaked whale Mesoplodon traversii washed ashore in New Zealand, and scientists conlcuded that "the prevalence of squid remains in its stomachs suggests that these deep-sea cephalopods form a significant part of the whale's diet, similar to other beaked whale species." Blog moderation...

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy IWORD 2024 at Johns Hopkins University's Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to...

AI Will Write Complex Laws

Artificial intelligence AI is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies--all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is onl...

AI Mistakes Are Very Different from Human Mistakes

Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Over the...

Biden Signs New Cybersecurity Order

President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates for protecting government networks...

Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can't solve? "If you're working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain," he said. … Researchers hope to...

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

FBI Deletes PlugX Malware from Thousands of Computers

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from "approximately 4,258 U.S.-based computers and networks." Details: To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is...

Phishing False Alarm

A very security-conscious company was hit with a presumed massive state-actor phishing attack with gift cards, and everyone rallied to combat it--until it turned out it was company management sending the gift cards...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025. I’m also signing books there on Saturday, February 8, starting at 1:45 PM. I’m speaking at Boskone 62 in Boston,...