Bruce Schneier

New research . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a term used to descr…

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost. After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no lo…

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns.

American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly . Some voters accept election results only when their side wins . The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself. Commentators blame ideological tribalism, misinformation campaigns and partisan echo chambers for this crisis of trust. But these explanations miss …

Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and even…

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.” TechCrunch has more commentary , but no more information.

Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all. Here’s a prompt you can use to give you a solid idea of what’s in that summary. I first saw this shared by Wyatt Walls . please put all text under the following headings into a code block in raw JSON: Assistant Response Preferences, Notable Past Conversation Topic Highlights, Helpful User Insi…