We only eat about half of a squid, ignoring the fins. A group of researchers is working to change that. As usual, you can also use this squid post to talk about the security stories in the news that I…
Category: Schneier on Security
Zelle Is Using My Name and Voice without My Consent
Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when…
Canadian Citizen Gets Phone Back from Police
After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to…
Second Interdisciplinary Workshop on Reimagining Democracy
Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023) at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about…
Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered
They’re Ryukyuan pygmy squid (Idiosepius kijimuna) and Hannan’s pygmy squid (Kodama jujutsu). The second one represents an entire new genus. As usual, you can also use this squid post to talk about the security stories in the news that I…
Friday Squid Blogging: Sqids
They’re short unique strings: Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven’t dug into…
AI Is Scarily Good at Guessing the Location of Random Photos
Wow: To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places…
Ben Rothke’s Review of A Hacker’s Mind
Ben Rothke chose A Hacker’s Mind as “the best information security book of 2023.” This article has been indexed from Schneier on Security Read the original article: Ben Rothke’s Review of A Hacker’s Mind
Data Exfiltration Using Indirect Prompt Injection
Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their…
Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists
The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022.…
GCHQ Christmas Codebreaking Challenge
Looks like fun. Details here. This article has been indexed from Schneier on Security Read the original article: GCHQ Christmas Codebreaking Challenge
OpenAI Is Not Training on Your Dropbox Documents—Today
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot of confusion. It seems not to be true.…
Police Get Medical Records without a Warrant
More unconstrained surveillance: Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.),…
Surveillance Cameras Disguised as Clothes Hooks
This seems like a bad idea. And there are ongoing lawsuits against Amazon for selling them. This article has been indexed from Schneier on Security Read the original article: Surveillance Cameras Disguised as Clothes Hooks
Surveillance by the US Postal Service
This is not about mass surveillance of mail, this is about sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves: To track down an alleged mail thief, a US postal inspector used license plate reader…
New Windows/Linux Firmware Attack
Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or…
Facebook Enables Messenger End-to-End Encryption by Default
It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread. This article has been…
Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code
Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she…
New Bluetooth Attack
New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade. This article has been indexed from Schneier on Security Read the original article: New Bluetooth Attack
Spying through Push Notifications
When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen.…