- + Salt Typhoon’s Reach Continues to Grow—The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon. [Author: Bruce Schneier] [Category: Uncategorized, Ch...
- + Casino Players Using Hidden Cameras for Cheating—The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accom...
- + Friday Squid Blogging: Squid on Pizza—Pizza Hut in Taiwan has a history of weird pizzas, including a “2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and ca...
- + Scams Based on Fake Google Emails—Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post . ...
- + Spyware Maker NSO Group Found Liable for Hacking WhatsApp—A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy...
- + Criminal Complaint against LockBit Ransomware Writer—The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware. [Author...
- + Friday Squid Blogging: Squid Sticker—A sticker for your water bottle. Blog moderation policy. [Author: Bruce Schneier] [Category: Uncategorized, squid]
- + Mailbox Insecurity—It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier , they can open any mailbo...
- + New Advances in the Understanding of Prime Numbers—Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algor...
- + Hacking Digital License Plates—Not everything needs to be digital and “smart.” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive...
- + Short-Lived Certificates Coming to Let’s Encrypt—Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that̵...
- + Upcoming Speaking Events—This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Compu...
- + Friday Squid Blogging: Biology and Ecology of the Colossal Squid—Good survey paper . Blog moderation policy. [Author: Bruce Schneier] [Category: Uncategorized, academic papers, squid]
- + Ultralytics Supply-Chain Attack—Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary : On December 4, a malicious version 8.3.41...
- + Jailbreaking LLM-Controlled Robots—Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions. [Author: Bruce Schneier] [Category: Unc...
- + Full-Face Masks to Frustrate Identification—This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for lo...
- + Trust Issues in AI—For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators ar...
- + Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device—Fifteen years ago I blogged about a different SQUID. Here’s an update : Fleeing drivers are a common problem for law enforcement. They ju...
- + Detecting Pegasus Infections—This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detectio...
- + AI and the 2024 Elections—It’s been the biggest year for elections in human history: 2024 is a “ super-cycle ” year in which 3.7 billion eligible voters in ...
- + Algorithms Are Coming for Democracy—but It’s Not All Bad—In 2025, AI is poised to change every aspect of democratic politics —but it won’t necessarily be for the worse. India’s prime mi...
- + Details about the iOS Inactivity Reboot Feature—I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are ...
- + Friday Squid Blogging: Squid-Inspired Needle Technology—Interesting research : Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into ...
- + Race Condition Attacks against LLMs—These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt inject...
- + NSO Group Spies on People on Behalf of Governments—The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco ...
- + What Graykey Can and Can’t Unlock—This is from 404 Media : The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retr...
- + Security Analysis of the MERGE Voting Protocol—Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways . Abstract: The recently published “MERGE” prot...
- + Friday Squid Blogging: Transcriptome Analysis of the Indian Squid—Lots of details that are beyond me. Blog moderation policy. [Author: Bruce Schneier] [Category: Uncategorized, squid]
- + The Scale of Geoblocking by Nation—Interesting analysis : We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to p...
- + Secret Service Tracking People’s Locations without Warrant—This feels important : The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed o...
- + New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones—Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it autom...
- + Mapping License Plate Scanners in the US—DeFlock is a crowd-sourced project to map license plate scanners . It only records the fixed scanners, of course. The mobile scanners on cars are...
- + Steve Bellovin’s Retirement Talk—Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next. [Author: Bruce S...
- + Why Italy Sells So Much Spyware—Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the ...
- + Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days—Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more ze...
- + Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs—Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post . Blog moderation policy. [Au...
- + Good Essay on the History of Bad Password Policies—Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to hi...
As of 12/30/24 9:43am. Last new 12/30/24 9:43am. Score: 487
- Next feed in category: Packet Storm Security