Bruce Schneier

Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they’re created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used to screen DNA orders. The results of the test suggested there was a risk of dangerous protein variants slipping past existing screening software, so the situation was treated like the equivalent of a ze…

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it had been. Then they used the new quantum-safe ratchet to implement a parallel secure messaging system. Now, when the protocol encrypts a message, it sources encryption keys from both the classic Double Ra…

Good Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations. The texts are ploys to get unsuspecting victims to fork over their credit-card details. The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cos…

I assume I don’t have to explain last week’s Louvre jewel heist . I love a good caper, and have (like many others ) eagerly followed the details . An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons than valuables—seven minutes, in and out. There were security lapses : The Louvre, it turns out—at least certain nooks of the ancient former palace—is something like an anopticon: a place where no one…

Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with a footprint extending from the Vatican to the Middle East to Silicon Valley. It calls its proprietary system Altamides, which it describes in promotional materials…

There is a new cigar named “ El Pulpo The Squid.” Yes, that means “The Octopus The Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Two people found the solution . They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian’s Archives of American Art. This comes as an awkward time, as Sanborn is auctioning off the solution. There were legal threats—I don’t understand their basis—and the solvers are not publishing their solution.

This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network for years . During that time, F5 said, the hackers took control of the network segment the c…

Interesting article on people with nonstandard faces and how facial recognition systems fail for them. Some of those living with facial differences tell WIRED they have undergone multiple surgeries and experienced stigma for their entire lives, which is now being echoed by the technology they are forced to interact with. They say they haven’t been able to access public services due to facial verification services failing, while others have struggled to access financial services. Social media fi…

Scouting America (formerly known as Boy Scouts) has a new badge in cybersecurity. There’s an image in the article; it looks good. I want one.