DOGE as a National Cyberattack
February 13 2025In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act...
Read moreDelivering Malware Through Abandoned Amazon S3 Buckets
February 12 2025Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software...
Read moreTrusted Execution Environments
February 11 2025Really good—and detailed—survey of Trusted Execution Environments (TEEs.)
Read morePairwise Authentication of Humans
February 10 2025Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.
To mitigate that risk, I have...
Read more
UK Is Ordering Apple to Break Its Own Encryption
February 8 2025The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to...
Read moreFriday Squid Blogging: The Colossal Squid
February 8 2025Long article on the colossal squid. Blog moderation policy.
Read moreScreenshot-Reading Malware
February 7 2025Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases...
Read moreOn Generative AI Security
February 5 2025Microsoft’s AI Red Team just published “Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report...
Read moreDeepfakes and the 2024 US Election
February 4 2025Interesting analysis:
We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI...
Read more
Recent Comments