A deepfake video conference call—with everyone else on the call a fake—fooled a finance worker into sending $25M to the criminals’ account. This article has been indexed from Schneier on Security Read the original article: Deepfake Fraud
Category: Schneier on Security
David Kahn
David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed. This article has been indexed from Schneier on…
New Images of Colossus Released
GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article. This article has been indexed from Schneier on Security Read the original article: New Images of Colossus Released
NSA Buying Bulk Surveillance Data on Americans without a Warrant
It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise. Some news articles.…
Microsoft Executives Hacked
Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant…
Friday Squid Blogging: Footage of Black-Eyed Squid Brooding Her Eggs
Amazing footage of a black-eyed squid (Gonatus onyx) carrying thousands of eggs. They tend to hang out about 6,200 feet below sea level. As usual, you can also use this squid post to talk about the security stories in the…
Chatbots and Human Conversation
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and…
Friday Squid Blogging: New Foods from Squid Fins
We only eat about half of a squid, ignoring the fins. A group of researchers is working to change that. As usual, you can also use this squid post to talk about the security stories in the news that I…
Zelle Is Using My Name and Voice without My Consent
Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when…
Canadian Citizen Gets Phone Back from Police
After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to…
Second Interdisciplinary Workshop on Reimagining Democracy
Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023) at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about…
Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered
They’re Ryukyuan pygmy squid (Idiosepius kijimuna) and Hannan’s pygmy squid (Kodama jujutsu). The second one represents an entire new genus. As usual, you can also use this squid post to talk about the security stories in the news that I…
Friday Squid Blogging: Sqids
They’re short unique strings: Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven’t dug into…
AI Is Scarily Good at Guessing the Location of Random Photos
Wow: To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places…
Ben Rothke’s Review of A Hacker’s Mind
Ben Rothke chose A Hacker’s Mind as “the best information security book of 2023.” This article has been indexed from Schneier on Security Read the original article: Ben Rothke’s Review of A Hacker’s Mind
Data Exfiltration Using Indirect Prompt Injection
Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their…
Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists
The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022.…
GCHQ Christmas Codebreaking Challenge
Looks like fun. Details here. This article has been indexed from Schneier on Security Read the original article: GCHQ Christmas Codebreaking Challenge
OpenAI Is Not Training on Your Dropbox Documents—Today
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot of confusion. It seems not to be true.…
Police Get Medical Records without a Warrant
More unconstrained surveillance: Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.),…