Category: Uncategorized
-
Friday Squid Blogging: Squid Sticker
Friday Squid Blogging: Squid Sticker A sticker for your water bottle. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Mailbox Insecurity
Mailbox Insecurity It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security. Bruce Schneier Go to bruce schneier
-
New Advances in the Understanding of Prime Numbers
New Advances in the Understanding of Prime Numbers Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters. Bruce Schneier Go to bruce schneier
-
Hacking Digital License Plates
Hacking Digital License Plates Not everything needs to be digital and “smart.” License plates, for example: Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on…
-
Short-Lived Certificates Coming to Let’s Encrypt
Short-Lived Certificates Coming to Let’s Encrypt Starting next year: Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS…
-
Upcoming Speaking Events
Upcoming Speaking Events This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts…
-
Ultralytics Supply-Chain Attack
Ultralytics Supply-Chain Attack Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was…
-
Friday Squid Blogging: Biology and Ecology of the Colossal Squid
Friday Squid Blogging: Biology and Ecology of the Colossal Squid Good survey paper. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Full-Face Masks to Frustrate Identification
Full-Face Masks to Frustrate Identification This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap. Bruce Schneier Go to bruce schneier
-
Trust Issues in AI
Trust Issues in AI For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators are built on decades of advancements in linguistics, signal processing, statistics, and other fields going back to the early days of computing—and, often, on seed funding from…
-
Detecting Pegasus Infections
Detecting Pegasus Infections This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for…
-
Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device
Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device Fifteen years ago I blogged about a different SQUID. Here’s an update: Fleeing drivers are a common problem for law enforcement. They just won’t stop unless persuaded—persuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitive’s car is one possibility. But…
-
free book
https://www.troyhunt.com/pwned-the-book-is-now-available-for-free/
-
free!
https://github.com/google/vanir
-
another free waf
https://docs.bunkerweb.io/1.5.12/integrations/
-
that didnt take long…
First of all, it’s highly unlikely that this containerized version of Android 12 will pass Play Integrity checks, especially once the new Play Integrity upgrades roll out next year. That means many Android apps will refuse to run entirely. Second, the container appears to use microG instead of Google Play Services, which means certain features…
-
a monitoring option
https://bluewavelabs.gitbook.io/checkmate/users-guide/pagespeed-monitoring
-
AI and the 2024 Elections
AI and the 2024 Elections It’s been the biggest year for elections in human history: 2024 is a “super-cycle” year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation would overwhelm the…
-
Algorithms Are Coming for Democracy—but It’s Not All Bad
Algorithms Are Coming for Democracy—but It’s Not All Bad In 2025, AI is poised to change every aspect of democratic politics—but it won’t necessarily be for the worse. India’s prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can help diverse democracies to…
-
Details about the iOS Inactivity Reboot Feature
Details about the iOS Inactivity Reboot Feature I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.…
-
why CAs?
https://follow.agwa.name/notice/AoZSMI38xcA3TrN1sm
-
i can only plug for them
https://sfconservancy.org/news/2024/nov/29/openwrt-one-wireless-router-now-ships-black-friday/ my APs are still in working condition..
-
Race Condition Attacks against LLMs
Race Condition Attacks against LLMs These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs…
-
Friday Squid Blogging: Squid-Inspired Needle Technology
Friday Squid Blogging: Squid-Inspired Needle Technology Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
is endemic?
Damien Hinds, a former prisons minister, said about 40% of prison officers did not turn up for their shift at Wandsworth on the day of Khalife’s escape, but the Ministry of Justice insisted it had been adequately staffed.
-
NSO Group Spies on People on Behalf of Governments
NSO Group Spies on People on Behalf of Governments The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the…
-
FlipaClip animation app data breach exposes details of almost 900,000 users
FlipaClip animation app data breach exposes details of almost 900,000 users Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Security Analysis of the MERGE Voting Protocol
Security Analysis of the MERGE Voting Protocol Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In…
-
What Graykey Can and Can’t Unlock
What Graykey Can and Can’t Unlock This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile…
-
Secret Service Tracking People’s Locations without Warrant
Secret Service Tracking People’s Locations without Warrant This feels important: The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn’t need a warrant. Bruce Schneier Go to bruce…
-
The Scale of Geoblocking by Nation
The Scale of Geoblocking by Nation Interesting analysis: We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing…
-
Friday Squid Blogging: Transcriptome Analysis of the Indian Squid
Friday Squid Blogging: Transcriptome Analysis of the Indian Squid Lots of details that are beyond me. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Case Studies: Real-World Examples of AI Enhancing Cybersecurity Measures
Artificial intelligence (AI) and machine learning are revolutionizing the field of cybersecurity, providing advanced tools and techniques to protect against evolving threats. By leveraging data science and sophisticated algorithms, AI is able to enhance security measures and detect potential risks before they can cause harm. One of the key benefits of AI in cybersecurity is…
-
12 times less CPU and 486 times more memory efficient!!!
https://medium.com/cimb-niaga-engineering/delivering-superior-banking-experiences-bc7ca491eae5
-
they say its right up there with orbstack
https://podman-desktop.io/
-
i m a small shop
https://minituff.github.io/nautical-backup/introduction/ https://github.com/MODSetter/SurfSense https://almeidapaulopt.github.io/tsdproxy/
-
life so complicated
Musk’s Five Commandments Musk’s five sequential commandments (aka “The Algorithm”) include:
-
the mtr of trace
https://github.com/sectordistrict/intentrace
-
is your internet so slow?
https://mlumiste.com/technical/liveportrait-compression/
-
i want to play too
https://taipangame.com/play https://store.steampowered.com/app/2943280/Dustland_Delivery/
-
i thought we use dns because ip addresses were hard to remember?
https://github.com/pubky/pkdns https://github.com/anacrolix/btlink https://dnslink.io/ https://github.com/mwarning/KadNode but whats wrong with https://www.namecoin.org/ https://ens.domains/ and yes, this! https://github.com/okTurtles/dnschain
-
more auto scanning
https://magicloops.dev/loop/3f3781f3-f987-4672-8500-bacbeefca6db/view https://www.mayhem.security/ – https://en.m.wikipedia.org/wiki/2016_Cyber_Grand_Challenge https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html?m=1
-
real men have fabs!
https://semiwiki.com/semiconductor-manufacturers/344511-real-men-have-fabs/
-
free money?
https://www.patched.codes/
-
where does the actual content sit?
https://github.com/ghobs91/chronicl
-
a free scanner for your api server
https://github.com/akto-api-security/akto
-
so its not a static analysis thing?
https://github.com/mindersec/minder
-
why not all the other things too?
https://www.itpro.com/infrastructure/data-centres/microsoft-wants-to-drastically-cut-carbon-emissions-so-its-building-data-centers-with-wood
-
u play with dji i play with skydio
https://archive.is/eJsQq but u see.. if china ever…for every $ of military aid the usa gives to taiwan, pledge to give the same to russia or the dprk.. ah i think we got ww3 on the table…
-
free computers!
ok i look at it this way. if u have 40-50 nodes. 1 of them is free. https://lwn.net/SubscriberLink/993828/eb9b437bf7604da3/ as in beer
-
on remote programming
https://zed.dev/faq https://orbstack.dev/ and a bit more https://github.com/rockyzhang24/dotfiles/blob/master/.config/nvim/colors/monokai.lua https://github.com/catppuccin/catppuccin
-
pwn me
so my bank wanted me to uninstall https://whowho.en.aptoide.com/app which I’m ok with.. it shipped with the phone, pops up korean notifications n i never actually opened it before.. and https://github.com/KieronQuinn/Smartspacer which i disagree with. i mean. how about tell me exactly why? i might contact the dev to talk about it? ok i actually don’t…
-
bash backend?
https://github.com/OliveTin/OliveTin https://clace.io/docs/quickstart/
-
wal vs zil vs journaling
https://www.infoq.com/presentations/tigerbeetle/ https://en.m.wikipedia.org/wiki/FoundationDB https://www.truenas.com/docs/references/zilandslog/ https://en.m.wikipedia.org/wiki/Journaling_file_system
-
i dont even program ok
so once upon ppl had php which go talk to the sql. and js which displayed the output it was a tossup..if u had to count. count with js or with php. but eventually js won. and whole websites were just 1 html n 1 div. js did everything on the client. including talk to…
-
why not a txt record?
https://blog.apnic.net/2022/12/02/improving-sshs-security-with-sshfp-dns-records/
-
cloudflare workers?
https://gitlip.com/blog/infinite-git-repos-on-cloudflare-workers https://github.com/jonfraser/simpletext
-
your own AS!
-
so they fixed the bug yeah
https://www.theguardian.com/uk-news/2020/nov/06/companies-house-forces-business-name-change-to-prevent-security-risk https://xkcd.com/327/ now think about AI prompts. and eventually only random noise will be acceptable inputs. i want this tshirt… https://www.redbubble.com/i/t-shirt/EICAR-AV-Test-String-QR-Code-by-stevelord/43649350.NL9AC oh yes in other news.. https://www.newscientist.com/article/2140747-laws-of-mathematics-dont-apply-here-says-australian-pm/
-
linus torvalds
I want to get an EXPLANATION and the whole “what the f*ck is theconcept”. No more random rules. No more nonsensical code. No more ofthis “one place honors seals, another one does not”.Seriously. As long as this is chock-full of these kinds of random”this makes no sense”, please don’t send any patches AT ALL. Explainthe…
-
Theo de Raadt
I don’t think you understand the problem space well enough to come up withyour own solution for it. I spent a year on this, and ship a complete systemusing it. You are asking such simplistic questions above it shocks me. https://lwn.net/ml/linux-kernel/[email protected]/ From: Theo de Raadt <deraadt-AT-openbsd.org> To: Jeff Xu <jeffxu-AT-google.com> > On Wed, Oct 18,…
-
we might be on to something here…
https://e2b.dev/ https://flox.dev/ https://devenv.sh/ https://devpod.sh/ https://www.devspace.sh/ https://containers.dev/ https://github.com/features/codespaces https://code.visualstudio.com/docs/devcontainers/containers https://www.jetify.com/devbox https://github.com/gitpod-io/gitpod https://hocus.dev/?f=2 https://github.com/coder/code-server https://www.kasmweb.com/
-
32bit time?
https://www.theregister.com/2020/04/02/boeing_787_power_cycle_51_days_stale_data/ 51 days * 86400 seconds * 1000 => 4406400000 2^32 => 4294967296 >>> round((4406400000 – 2**32)/(1000 * 3600), 3) 30.954 Or just ticking every 1.025 ms (e.g. at 975 Hz instead of 1khz)… that brings us to : (4406400000 – 1.025*2 ^ 32)/1000 so a difference of 1.12 hours with the “51 days” mention.…
-
pebkac
https://github.com/corbt/agent.exe Amazingly my employer continues to pay me hundreds of dollars an hour to search Kagi and type on a computer they paid for and own! https://news.ycombinator.com/item?id=41926770
-
about sums it up
“This additional friction is necessary to protect customers against large unauthorised transactions.” https://www.straitstimes.com/singapore/new-framework-holds-financial-institutions-telcos-accountable-to-scam-victims-kicks-in-on-dec-16
-
what does it mean to sign?
how is the blockchain not related to or or ? ah this is closer to what i had in mind when i heard “signing”… oh got ah!
-
better than sliced bread
https://github.com/HarvsG/WireGuardMeshes https://medium.com/netmaker/battle-of-the-vpns-which-one-is-fastest-speed-test-21ddc9cd50db but maybe dun do this with your fly… https://community.fly.io/t/what-is-included-in-10-month-plan/4896 https://fly.io/docs/blueprints/connect-private-network-wireguard/
-
i heard china had oversupply?
https://chipsandcheese.com/p/running-spec-cpu2017-on-chinese-cpus just my cup of teh ahahahahaha but the problem is these shits r not cheap…
-
just randomly sayin..
at first there was enterprise software. and it was shit. so people moved to the cloud. then the cloud got expensive and some people started moving back on-prem. wait what? https://world.hey.com/dhh/the-only-thing-worse-than-cloud-pricing-is-the-enterprisey-alternatives-854e98f3
-
where’s the money?
trying to get a eu.org domain name hah! might need to run ns here -> https://desec.io/ and then I’m super curious who’d host such a service like ifconfig.me
-
i don’t need a shittier iphone
https://forum.syncthing.net/t/discontinuing-syncthing-android/23002 ah. and i rated it as the best thing since sliced bread. android has morphed from a hand held computer in its early days to a shittier iphone nowadays. i hope a new open source hand held computer will appear and take over its old niche.
-
why are not more people doing this?
btw.just for fun. i do have a e2-micro instance on gcp us west1. supposedly free tier. i vpn to it from my shit computer at home – 2gb ram debian 12 32bit atom..via wireguard. and port forward 25, 80, 143,443 from the fixed ip of the gcp e2 micro instance to the vpn lan ip…
-
test
1 for 1 mushroom swiss
-
Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!