Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we don’t know, but can’t rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates don’t feel pain and other emotions. “If they can … | Continue reading
Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month per … | Continue reading
The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the cont … | Continue reading
FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition. | Continue reading
Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typi … | Continue reading
Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case you’re wondering, no, that is not normal in the security community. While experts tell me that the concept of a “res … | Continue reading
New research on the changing migration of the Doryteuthis opalescens as a result of climate change. News article: Stanford researchers have solved a mystery about why a species of squid native to California has been found thriving in the Gulf of Alaska about 1,800 miles north of … | Continue reading
These techniques are not new, but they’re increasingly popular: …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data ex … | Continue reading
North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or … | Continue reading
The malicious uses of these technologies are scary: Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s pa … | Continue reading
Based on two years of leaked messages, 60,000 in all: The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, an … | Continue reading
Research: Abstract: The retreating ice cover of the Central Arctic Ocean (CAO) fuels speculations on future fisheries. However, very little is known about the existence of harvestable fish stocks in this 3.3 million–square kilometer ecosystem around the North Pole. Crossing the … | Continue reading
Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of gro … | Continue reading
In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement. | Continue reading
The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or … | Continue reading
News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. […] Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critic … | Continue reading
This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source softwar … | Continue reading
Greenpeace has published a report, “Squids in the Spotlight,” on the extent and externalities of global squid fishing. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines h … | Continue reading
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I … | Continue reading
Oops: Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here. | Continue reading
Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery. There aren’t many weak keys out there, but there are some: So far, Böck has identified only … | Continue reading
This will be law soon: Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress. […] The reporting requirement legislation was approved by the House and the Senate on Thursday and … | Continue reading
This is a current list of where and when I am scheduled to speak: I’m participating in an online panel discussion on “Ukraine and Russia: The Online War,” hosted by UMass Amherst, at 5:00 PM Eastern on March 31, 2022. I’m speaking at Future Summits in Antwerp, Belgium on May 18, … | Continue reading
The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Re … | Continue reading
A fossilized ancestor of the vampire squid — with ten arms — was discovered and named Syllipsimopodi bideni after President Biden. Here’s the research paper. Note: Vampire squids are not squids. (Yes, it’s weird.) As usual, you can also use this squid post to talk about the secur … | Continue reading
It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of reg … | Continue reading