New Lawsuit Attempting to Make Adversarial Interoperability Legal
Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision—and an even more obscure typo. Read this.
Friday Squid Blogging: Squid Purses
Squid-shaped purses for sale.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
My TED Talks
I have spoken at several TED conferences over the years.
- TEDxPSU 2010: “Reconceptualizing Security”
- TEDxCambridge 2013: “The Battle for Power on the Internet”
- TEDMed 2016: “Who Controls Your Medical Data?”
I’m putting this here because I want all three links in one place.
Rare Interviews with Enigma Cryptanalyst Marian Rejewski
The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma.
Details from his biography.
The UK Bans Default Passwords
The UK is the first country to ban default passwords on IoT devices.
On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.
The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.
The UK may be the first country, but as far as I know, California is the first jurisdiction. It banned default passwords in 2018, the law taking effect in 2020.
This sort of thing benefits all of us everywhere. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US. And they’re not going to make one for the UK and another for the rest of Europe, either. They’ll remove the default passwords and sell those devices everywhere.
Another news article.
AI Voice Scam
Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.
WhatsApp in India
Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.
Whale Song Code
During the Cold War, the US Navy tried to make a secret code out of whale song.
The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end. In theory, this idea was relatively simple. As work progressed, the Navy found a number of complicated problems to overcome, the bulk of which centered on the authenticity of the code itself.
The message structure couldn’t just substitute the moaning of a whale or a crying seal for As and Bs or even whole words. In addition, the sounds Navy technicians recorded between 1959 and 1965 all had natural background noise. With the technology available, it would have been hard to scrub that out. Repeated blasts of the same sounds with identical extra noise would stand out to even untrained sonar operators.
In the end, it didn’t work.
Friday Squid Blogging: Searching for the Colossal Squid
A cruise ship is searching for the colossal squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Long Article on GM Spying on Its Cars’ Drivers
Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.
Sidebar photo of Bruce Schneier by Joe MacInnis.