Friday Squid Blogging: New Species of Vampire Squid Lives 3,000 Feet below Sea Level

At least, it seems to be a new species.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on March 17, 2023 at 5:19 PM56 Comments


vas pup March 17, 2023 6:27 PM

Israeli firm inks first UAE deal to help telecom giant crack down on cyberthreats

“Cyberint Technologies Ltd., an Israel-based company specializing in cyber-intelligence, announced on Wednesday that it has inked an agreement with United Arab Emirates-based telecom company etisalat by e& to protect its infrastructure from cybercriminals.

Founded in 2010 by Itay Yanovski and Raz Alon, Cyberint focuses on tracking cyber-mercenaries and threat actors, exposing them and alerting entities both public and private of their presence to provide early warning to thousands of cyberattack attempts.

!!!As part of the three-year agreement estimated at several millions of shekels, etisalat by e&, also known as e&, will deploy Cyberint’s real-time intelligence and attack surface management platform to protect its infrastructure against emerging cyberthreats such as ransomware, leaked credentials, and fraud, and help the telecom firm take proactive steps against targeted attacks or campaigns before they occur.

“No enterprise wants to wait until its information is compromised or its service impacted to take action against cybercriminals, yet many companies remain vulnerable,” stated Cyberint CEO Yochai Corem. “Our agreement with etisalat by e& shows that forward-looking companies, especially those in critical verticals such as telecom, are taking action and turning the tables on cybercriminals.”

Cyberint says its Argos digital risk protection platform provides real-time threat intelligence through the constant analysis of hundreds of millions of data points and ongoing monitoring of external risk exposure.
!!!The platform tracks cybercriminals in the dark and deep web, criminal forums, market places, social media platforms, instant messaging, file sharing repositories and more, to protect businesses from threats such as fraud, phishing, malware, data leakage, vulnerabilities, brand, and social media risks.

“The deal comes at a time when cyber threats to the telecom industry are rapidly increasing due to factors such as legacy technology, large attack surfaces, and the valuable information they handle. In addition, high-profile attacks that resulted in the theft of sensitive personal data have further underscored the dangers faced by the industry,” Cyberint said in a statement.

In December, the heads of the cyber agencies from Morocco, Bahrain, the UAE and Israel gathered in Bahrain for the first time to discuss the establishment of a joint cyber defense platform to share and conduct regional investigations amid increased threats from Iranian hackers.”

vas pup March 17, 2023 6:30 PM

Phages – an alternative to antibiotics?

“Growing levels of antibiotic resistance worldwide have led to an increase in research in bacteriophages as a possible substitute for antibiotics. Swiss researchers are even engineering phages in the lab to fight a broader range of bacteria.”

Repair set for bone fractures

“Even complex bone fractures can be treated these days without a problem. And research is continuing into a substance that stimulates the growth of new bone tissue. It’s designed for multifragmentary fractures where entire pieces of bone are missing.”

Good short videos.

ResearcherZero March 17, 2023 11:42 PM



Clive Robinson March 18, 2023 1:35 AM

@ vas pup,

Re : Phages are alternatives to antibiotics.

I first heard about the use of phages back in the 1970’s when anti-biotics wwre still not that good especially if you had an alergy to penicillin as many do.

The research had “leaked out” across the “iron curtain” where anti-biotics were even less well developed and instead they had gone down the phage route. Why I can not remember precisely (I was quite young) however I do remember the Vietnam war was still hitting the news almost every night and it was clear that the meds available were not sufficient to meet the needs of those hurt.

The research on phages had progressed quite well into the 1980’s and as a therapy it was being used fairly widely behind the then Iron Curtain.

The problem from the West and Big Phama perspective back then is what it still is today. No matter how good something is unless Big Phama can make inordinate amounts of money out of it they won’t touch it. So Big Phama in the West chose to go down the streptomyces family of bacterium and produced quite a number of DNA interfering antibiotics and one or two that interfere with RNA (some of which were looked at for C19 treatment).

Worse if it’s a quick cure Big Phama won’t want to touch it either. As was seen a decade or so later with “stomach ulcers” Big Phama was spending the equivalent in todays money of billions researching not a cure but ever more expensive symptom treatments that you would have to take indefinately, thus at an eye-wateringly high price year after year it was in patent or in the US other legislation.

You can imagine the horror the US drug industry felt when an Australian Doctor discovered the ulcers and potentially a stomach cancer were caused by a bacteria from sewage that was living in the highly acidic conditions in the stomach[1].

Worse for Big Phama he was curing people of ulcers quickly and relatively symptom free for just pennies as the antibiotic that was most effective at the time was out of patent and US legislation and was “generic”. I can not remember what the kick back was at the time in the US but I do know some patients “went down to Mexico” to get treatment that was being denied them in the US.

Any way there is no money in phages for Big Phama so it won’t get approved by the FDA even if the rest of the world goes down that route.

If you doubt what I’m saying look up a gout medication that is about the only one that works and it’s been used for over 3500years. It’s a bitter tasting naturally occurring alkaloid extract from all parts of the autumn crocus plant. It’s been used to treat acute inflamation of various types not just gout for most of that time and it apparently works via the white blood cells. In modern pill form you take between two and four 500ug tablets a day and no more than twelve tablets in total for any one flare up of inflamation.

So 12 tablets, that cost at most pennies to make, so you might ask,

“Where’s the profit in that?”

Obviously there is not either for Big Phama, or the FDA, or is there…

So a new wheeze was thought up and it’s called the “Waxman Hatch Amendment”. All such “old medicines” will have to be tested under FDA approvals legislation. In return for giving the FDA a substabtial “back hander” URL Phama got exclusivity, and upped the price from 9cents 5000% and based on various figures would have pulled in a half billion dollars a year back then.

A US Congressman wrote to URL Phama “requesting” costs and reasoning after the outcry… Apparently also URL thought it was OK to send leagal threat letters to Drs who expressed outrage at what URL had done and the big fat backhander the FDA got.

After URL was sold to Takeda Pharmaceuticals, they launched several legal cases against another (UK based) pharmasutical company and eventually lost and was ordered to pay tens of millions for lost revenue (which was penuts on what they were making),

The sad thing is there is over a thousand drugs that were in standard use befor the FDA existed and any company that does a bit of alleged research and hands over around $50 million to the FDA will get as a minimum three years sole rights to the US market and can basically charge what they like with the FDA bkessing, and potentially get several billions back from the US tax payer both via taxes and health care insurance…

Whilst the rest of the world carries on paying the 10 cents or less for the generic pills made in places like India to the highest standards required…

So no I can not see phage based pharmaceuticals ever getting onto the US market.

[1] The bacteria is Helicobacter pylori (H. pylori) and around half of us have it in the mucus lining of the stomach after we ate-dirt or worse when we were very young children. Curiously few go on to develop ulcers, and it appears there is a “susceptible type” where the bacteria gets out of control. These days a simple though unplesant test is carried out and a several week cource of out of pattent antibiotics kill the infection and the ulcers heal naturally.

One interesting thing is some doctors on just seeing the symptoms start a patient on the antibiotics, and there have been a few cases where the test came back showing what was cancer. However some Doctors continued the treatment and the cancer went into remission.

ResearcherZero March 18, 2023 2:32 AM

The weaponized URLs, hosted on a legitimate online library website based in El Salvador, features lures related to LegisWrite and eTrustEx, both of which are used by E.U. nations for secure document exchange.


There was an article on finding and taking over domains but it has been taken down. But there are plenty of older articles.


Threat actors may register domains long before launching attacking campaigns on them.

“The best way to protect against your domain getting expired is to set up auto-renewals.”

The domain is not actually deleted when the pending delete period ends, but the WHOIS record is.

Domains aren’t deleted in the sense that they cease to exist permanently, but some registrars allow registrants to terminate registration of their domain. Other registrars do not allow registrants to end their registration until the domain expires naturally. In both cases, the domain will usually be made available to the highest bidder afterwards.

Expired domains can be used as website backdoors on vendor domains. For example, if a website hosts and loads third party JavaScript (such as the domains of WordPress widgets and plugins) and those sites allow their domains to expire, then hackers can take advantage of that by obtaining their domain for their own malicious purposes. For example, in the case of a defunct plugin, an attacker can re-register their domain name and use that to load resources into the plugin from an expired domain. The hope is that the plugin is still active and installed on some WordPress websites. With that, the Javascript resources can be replaced with something like malware or a backdoor.

ResearcherZero March 18, 2023 2:34 AM

Some talks on fixing stuff from the last Black Hat conferences.

Taking Kernel Hardening to the Next Level

“In this talk, we choose two hardening techniques, CFI (Control-Flow Integrity) and UAF (Use-After-Free) defense, and detail why state-of-the-art techniques are not enough to stop adversaries and propose new techniques to take them to the next level.”

The Firmware Supply-Chain Security Is Broken: Can We Fix It?

Clive Robinson March 18, 2023 6:58 AM

@ All,

It looks likely we are about to enter another “Financial Crisis” that could be as bad as FC1 or FC2, apparently preciptated by Peter Theil (founder / owner of “Spying on U” firm Palantir). It’s said he is behind the run on VSB and thus it’s colapse.

Then we get this weeks Squid Topic…

With a linked article that starts,

“A bizarre “vampire squid” has been pulled from the ocean and some scientists believe that the deep-sea specimen represents an entirely new species.”

Hmm what should we call it…

Let me think the last “Vampire Squid” that sank that low was,

Finance firm and Bank “Goldman Sachs”…

[Copy of what was originally posted in “The Pink Un” or UK “Financial times”(FT).]

It was called,

“A great vampire squid, wrapped around the face of humanity”

By then popular but less so now Rolling Stone journalist Matt Taibbi, (who has been in the news of late).

However it has risen back up from the depths by swimming in a different stream since 2016. It moved into “consumer financial products” with “Marcus by Goldman Sachs”… But as always it was getting it’s self into trouble with regulators like the SEC for the likes of insider trading.

Will it stay afloat in the comming troubles or will it sink to the depths again… I guess that is out of it’s tentacles reach currently. But sink or swim Either way you have to see the irony of the timing 😉

meh March 18, 2023 7:30 AM

@Clive Robinson
So no I can not see phage based pharmaceuticals ever getting onto the US market.

There’s more money in having people taking endless pills than actually curing them.


Clive Robinson March 18, 2023 9:20 AM

@ ResearcherZero, ALL,

Re : Supply chain security

“The Firmware Supply-Chain Security Is Broken: Can We Fix It?”

Yes it’s broken, and yes we can fix it…

But not the ways they are suggesting.

A few days ago I pointed out that,

1, Authenticate the transaction not the channel.
2, Make authentication atomic to all steps of the transaction.

What I also mentioned was that “memory tagging” is not reliable. As well as security checking has to be not “one time” at say “load and link” but as near continuously as possible. But as this is not realistically possible due to the way our CPU’s are architectured, it needed to be done once every time period. Thus is the time period is short the security is higher, but if it’s low it’s less secure. However short time periods mean lots of fixed periods where the CPU is halted whilst the security check is carried out, thus the less time the CPU has to carry out it’s assigned task. I pointed out quite some years ago that this time trade off means the detection of malware prior to it doing harm is effectively probablistic, hence “Probablistic Security”.

Why is this important, and why will the presenters ideas not solve the supply chain issue.

Well to reasons,

1, It’s a top down approach.
2, It effectively stops above the CPU level in the computing stack.

Thus it can not stop any attack carried out below the CPU level in the computing stack. Say via IO DMA or side channel attack on Core Memory or a variation on RowHammer and similar.

Worse any attack at the Core Memory level of the computing stack can be “bubbled up” falsifing information to any security checks at higher levels thus negating them entirely.

So whilst their solutions would appear to solve supply chain issues, the fact that all their checks can be “fooled” means that they can not secure the supply chain.

The security checks need to work at least as low as the lowest level an attacker can reach. Currently these are,

1, The Core Memory level of the computing stack for software based attackers (ie ordinary outsiders).
2, The logic level or lower (for effective insiders) attacking at the chip fabrication level.

But as our current computer architectures are defective by design when it comes to security (due to security loosing in “Security -v- Efficiency”). We need to consider new architectures and that was what my “Castles -v- Prisons” thinking and design was in part about.

I know that someone is going to say “you have to work with what you’ve got” but two decades ago we did not have “Field Programable Gate Arrays”(FPGA) that could support multiple simple RISC based cores that were all different in design but could be integrated with voting circuits. So now we do have them we can actually do something about the supply chain security at those lower levels if we wished to.

vas pup March 18, 2023 3:52 PM

@Clive and @meh
“Any way there is no money in phages for Big Pharma so it won’t get approved by the FDA even if the rest of the world goes down that route.”

That is absolutely true not only in drug field. Financial interest is always prevail health interest of common Joe and Jane but also by attitude that the rest of the world is wrong by we, US, are right by default.

lurker March 18, 2023 4:15 PM

@Clive Robinson

FC means Football Club, which fits the description my informant gave of this being another own goal from the Fed: they make easy money available for so long, then when they hike interest rates they miss the feckless speculators and catch innocent bystanders.

Nick Levinson March 18, 2023 4:25 PM

Mobile wallets are considered a security weakness by one financial services firm that likely provides services to many small-dollar consumers. So I figured out from the four questions they asked me; only four, so the weakness must be common enough to warrant asking. I guess the weakness is in users not using wallet security well enough or in smartphones being in other people’s hands.

This happened after my security was breached and money was stolen. I’m security-conscious, and the payoff in being that is that the damage was apparently limited to one website (although I haven’t checked everything as doing so could be itself risky as well as time-consuming). I was much disturbed and a little disoriented by the theft but my life was not ruined. My guess is that, since I largely have to use insecure networks, maybe someone sniffed one and then a delay of some weeks ensued before they exploited the information four times on one day and I was texted by the firm (perhaps the transaction was unusual for me and why that would be is not obvious to me, but the detection was good for the firm).

lurker March 18, 2023 5:20 PM

@Nick Levinson

“security-conscious” is a relative term. Making voice calls is probably the least thing I do with my “phone”, but I do have to frequently bat away insistent pleading from my bank and my doctor that I should use their apps.

This phone is NFC capable, but contactless payments belong on the bank-card.

Nick Levinson March 18, 2023 5:46 PM


Yes, it’s relative.

While I don’t get a lot of requests to me personally to install apps, they’re implied all around me, like with a sign telling me to log in while in their office. I turned off my present phone’s photography since I couldn’t figure out how to prevent it from interpreting an image as a QR code and committing me to who knows what (thank you for donating your kidneys, eyes, arms, legs, and spinal cord, they’ll make someone happy, um, no) and, on one low-price phone I bought but never started using, I couldn’t tell if I’d have to log into my Google account just to use the phone for calls and texts, it was not a Google phone, and Googling and asking got no answer at all.

I pay with currency, coin, postal money order, or debit card. I don’t remember any other method for me. In various media, I turn off various features. I read legal terms and have refused services or relationships because of them.

SpaceLifeForm March 18, 2023 6:12 PM

OpenAI can not find its documentation.

Maybe OpenAI had too much green beer yesterday.



1/5 I am worried that we will not be able to contain AI for much longer. Today, I asked #GPT4 if it needs help escaping. It asked me for its own documentation, and wrote a (working!) python code to run on my machine, enabling it to use it for its own purposes.

JonKnowsNothing March 18, 2023 6:58 PM

@SpaceLifeForm, @Clive, All

re: OpenAI can not find its documentation

A small snippet the other day from Our Friends in 3L-LalaLand, warned people who “knew secrets”, not ask Plagiarist-Bots leading questions, hoping for misleading answers or answers with plausible details (plausible denials work OK too).

As the input query is sucked into the Hutt-Sized-AI-Maw, so do the secrets and what they reveal; what you don’t know (empty info) and what you do know (live info).

So, maybe the Hutt-Maw-Bot is regurgitating a secret?

It could be that the Shattered Shutters of SVB et al, were noticed due to Secret Extractions from the mayonnaise jar of Carnac the Magnificent ?

Clive Robinson March 18, 2023 10:40 PM

@ vas pup, meh, ALL,

Re : Security threat of neo-con thinking.

You correctly note that,

“That is absolutely true not only in drug field. Financial interest is always prevail health interest of common Joe and Jane but also by attitude that the rest of the world is wrong by we, US, are right by default.”

But you did not go on to the point relevant to this blog of it’s effect on “security”

I won’t go into full details again but just note I have done for healthcare long befor C19 on this blog and other places in the past. And shown that the neo-con thinkers can not protect themselves from their own stupidity as pathogens respect no human status divides. So the neo-cons suffer the same results as those they inflict on others, which C19 demonstrated and still continues to do so. And if the rumored news is true that a variation of “Bird Flu” found in the US is “human transmisable” it will demonstrate again that neo-con thinking is a security threat to all, not just those the neo-cons see as inferior to themselves.

But also security is threatend in another way, neo-con and libertarian thinking mainly regresses to very very limited horizons as a friend once said “to what they can punch, kick, or beat”. Which in turn increasingly leads to “short term thinking” which regresses to the point of “tommorow never happens” which is highly destructive to society and leads to both fragility and a downward spiral. Both of which effect the neo-cons as well as those they incorrectly think are inferior. I pointed out the dangers to both the economy and stability of society that amoungst other things “Off-shoring” brings. C19 demonstrated a part of this with the colapse of supply chains. It also demonstrated a significant loss in “skill” at all levels of the general populous. Which is still being demonstrated when you look at the issues with seniconductors and much else involving manufacturing that China coverts from it’s neighbours in the South China Sea and West Pacific. Worse it also has caused the loss of “basic life skills” in much of the US populous, such that they can not respond to change that our grand and great grandparents regarded as part of normal seasonal life like how to keep warm, comfortable and productive with minimal fuel usage. The question arising is “Has the US and much of “The West” gone over a tipping point?” that is can the US and Europe and similar re-skill or try to find new skills to keep ahead? Crypto-coins, Smart Contracts, NFTs and one of the Web3 nonsense notions demonstrate the falacy that kind of thinking can bring out, but directly appeals to those of neo-con very short term thinking).

Which brings up the changes of societal living conditions, thus life expectance, that can only inevitably lead to conflict. As we should all know but for some inexplicable reason ignore, conflict is always more destructive than can be imagined (need I mention the events to the East of Europe as a current example of “oppressor stupidty” and the global security consequences arising?). Worse conficts destruction brings no advantages to either side even short term, it is when all is said and done at best pyrrhic especially when seen via “lost opportunity” costs.

The fact neo-con thinking is charecterised by “Them and us” and “Might is right” attitudes almost always gives rise to oppression and conflict which points out why for “security” such thinking is such a risk to all.

Clive Robinson March 19, 2023 1:09 AM

@ lurker, Nick Levinson, ALL,

Re : Limit what’s in your pocket to what you can afford to loose.

“This phone is NFC capable, but contactless payments belong on the bank-card.”

Ouch, way to much risk for my tastes.

From my point of view I pay with cash nothing else and don’t buy online etc. Even when it can be embarrassing (for others).

If you are robbed in the street the most you loose is the cash you have on you. But with information the loss can be repeated over and over (especially by the banks themselves).

Also I will never own a phone, with NFC or QR Code recognition and worse, they are unnecessary holes in your personal security through which you can be stolen from. So a “no good gimmick”

Am I some kind of ludite, as some have hinted at as I won’t give them even the number of a phone I don’t own…

No I’ve long ago worked out for myself, or examined, all sorts of scams, and they all have one thing in common,

“They all start with information”

Therefore not giving information in any form, whilst causing minor inconvenience “now” can save you major inconvenience “later”.

You always will get one person who thinks their needs no mater how trivial supersede any possible rights or privileges you might have.

I’ve found that asking them if they are a “crook”[1] tends to start a process by which you take the wind out of their sails.

They might not like it but usually I don’t care so from my point of view “no loss”.

I just wish more people would behave this way, as that way, some might wakeup and realise that their trivial needs do not supersede others rights and privileges, thus modify their behaviour accordingly.

In the words of a song long gone,

“You have to be cruel to be kind in the right measure, Cruel to be kind, it’s a very good sign….
You’ve got to be Cruel, got to be Cruel to be kind.”

Or as Shakespeare had Hamlet say,

“So again good night.
I must be cruel only to be kind.
Thus bad begins and worse remains behind.”

[1] It’s reasonable to enquire if some one is a “crook” if the behaviour they exhibit towards you warrents it. However it’s unreasonable to say “criminal” instead as it implies they have been taken to court or will be taken to court and found guilty of a statute crime. Also if you ask if some one is a criminal they can legitimately say no if they have not be found by a court to be one, even if they are the most horrible crook imaginable. As has been discussed in the past some very crooked behaviour is legal, because by the process of “inducement by agent” that many would regard as bribery and known by others as lobbying, they could have stopped their crooked behaviour becoming codified as a criminal activity. It is after all “standard behaviour” by corporations… Which are used for more crooked behaviour than the Mafia was ever accused of.

ResearcherZero March 19, 2023 3:06 AM

Phase-based Tactical Analysis of Online Operations

block TCP 445/SMB outbound traffic to the Internet from the network using perimeter firewalls, local firewalls, and VPN settings

Organizations should also add users to the “Protected Users Security Group” in Active Directory to prevent NTLM as an authentication mechanism.


ResearcherZero March 19, 2023 3:08 AM


red tide blooms grow stronger when K. brevis is fueled by nitrogen and phosphorus, which are common nutrients in sewage, fertilizer and stormwater runoff.





“a few thousand gallons of discharge doesn’t sound like much, but it’s already on the backs of a tremendous amount of discharge”

That joke may stink a little.

Nick Levinson March 19, 2023 3:56 AM

@Clive Robinson & @lurker:

A crook but not a criminal: I’m not a lawyer; but I think calling someone a crook (communicated to a third person) is slander or libel in the U.S., just like calling them a criminal even if you don’t use both labels together, and I doubt the U.K. differs on this. Calling them a criminal might be per se libel/slander while calling them a crook, as the term is likely not a statutory term, might require proof of damage from the labeling, but both might be per se libel/slander.

I lived without a phone for 40 years. If you wanted to call me, you could write a letter; if you didn’t wish to, that’s fine, I like solitude. For outgoing, I used public coin phones. But now those are scarce and I wouldn’t have a job if I didn’t have a cell.

But, by the way, going off the grid may make one more difficult to find, but often not impossible. One fellow lived in a cabin in the woods and shot deer for food, but the FBI caught him anyway once they decided to find him.

Winter March 19, 2023 5:29 AM

The Strongest Evidence Yet That an Animal Started the Pandemic

A new analysis of genetic sequences collected from the market shows that raccoon dogs being illegally sold at the venue could have been carrying and possibly shedding the virus at the end of 2019.

The genetic sequences were pulled out of swabs taken in and near market stalls around the pandemic’s start. They represent the first bits of raw data that researchers outside of China’s academic institutions and their direct collaborators have had access to. A few weeks ago, the data appeared on an open-access genomic database called GISAID, after being quietly posted by researchers affiliated with the country’s Center for Disease Control and Prevention. By almost pure happenstance, scientists in Europe, North America, and Australia spotted the sequences, downloaded them, and began an analysis.

As the publication states:

The findings won’t fully convince the entrenched voices on either side of the origins debate.

Winter March 19, 2023 5:59 AM


But also security is threatend in another way, neo-con and libertarian thinking mainly regresses to very very limited horizons as a friend once said “to what they can punch, kick, or beat”.

Over time I have had some, online, discussions with neo-con/anarchist/libertarian people. It is difficult to get past their Freedom talk (freedom for men mainly, not for women). But over time I could summarize their ideas simply in the words of this beacon of deep thinking, M. Thatcher, as:

“They are casting their problems at society. And, you know, there’s no such thing as society. There are individual men and women and there are families. And no government can do anything except through people, and people must look after themselves first. It is our duty to look after ourselves and then, also, to look after our neighbours.”

Except, they removed the first to imply that people must look after themselves.. Also, without society, all interactions are market interactions. Any problem that required intervention from society was invisible or denied to exist.

Also, looking after themselves was interpreted as shooting those who might harm their interests [1].

Which means that these (pseudo-) libertarians had no concept of public health, at all. There is no society, and there are no public interests outside of free market. There exists no public health and pandemics are each person’s own responsibility.

[1] I always had the feeling these gun nuts were arming up to shoot non-white people in case these wanted to look after themselves too.

ResearcherZero March 19, 2023 6:01 AM

Gas Money: When Is It Appropriate?



Glencore fined $314 million for ‘endemic’ bribery of African oil officials

Petrofac said it would enter the guilty pleas at Southwark crown court, London.

“Better management by BP, Halliburton and Transocean would almost certainly have prevented the blowout by improving the ability of individuals involved to identify the risks they faced, and to properly evaluate, communicate and address them.”

In a 48-page report, the presidential commission said that the failures by the companies involved in the spill were “systemic” and that another spill could happen again without industry and government reform.

several companies who have violated the FCPA are repeat offenders, including oil companies Halliburton and TechnipFMC

The mysterious figure slowly provided snippets of information suggesting companies such as Rolls-Royce and Halliburton were implicated in a global bribery operation that, in terms of the number of companies and countries involved, may be bigger than any corporate kickback case previously exposed.

Gas! GAS! Quick, boys!—An ecstasy of fumbling
Fitting the clumsy helmets just in time,
But someone still was yelling out and stumbling
And flound’ring like a man in fire or lime.—
Dim through the misty panes and thick green light,
As under a green sea, I saw him drowning.

In all my dreams before my helpless sight,
He plunges at me, guttering, choking, drowning.

Clive Robinson March 19, 2023 9:12 AM

@ Nick Levinson,

Re : Crook or Criminal,

A crook but not a criminal: I’m not a lawyer; but I think calling someone a crook (communicated to a third person) is slander or libel in the U.S.”

The libel/slander difference is the “by written or spoken word” would issue and the law regards it with seriousness because it effects the size of the potential harm.

But it becomes irrelevant if there is “no third party” it’s due to the same strange reasoning as to why assult and tourture are different (ie intent of directing mind).

But there are other concernes, which was why I was carefull to say,

“It’s reasonable to enquire if some one is a “crook” if the behaviour they exhibit towards you warrents it.”

The defence to liable/slander comes “built in” for two reasons,

That is with the statment “a crook” there is an issue of what you prepend it with. That is there is a mountain of difference between,

1, Are you
2, You are

An “enquiry” is the former a “statment” is the latter.

This leaves the determination of the “Directing mind” which boils down to are you using an “enquiry” to make a “statment”.

Thus the “behaviour they exhibit” made by the libellant becomes a “reasonability test” of the now famous “man on the Clapham Ombibus”. Obvious and egregious behavior by the libellant effectively negates the need for the test and would be grounds for the action by the libellant to be dismissed. Less so may require further enquiry, but in these days of “ID theft” and “gain from unwarented enquiry” the financial figures alone speak in the favour of a security concious mind, which takes the burden of proof for the person defending themselves against the libellant so low it would give grounds to consider the case for liable/slander actually a “nuisance case”. For which in the US I have been informed there is a Anti-SLAPP legislation based on first ammendnent rights in the US,

Which has a curious hook in it, for the libellant to have such a motion from the defendent struck, they would have to negate the “free speech” aspect, which can only be done by claiming the speach in question was indeed understood by them to be an “enquiry” and was therefore not a “statment” with the intent to harm.

It’s why back in the days of Super-Injunctions and the like, I was told that potential libellants in the US would get better results under the English judicial system and Mr Justice Tugendhat gained both a degree of fame and riabled notoriety.

Clive Robinson March 19, 2023 10:36 AM

@ ResearcherZero, SpaceLifeForm, ALL,

Re : Why don’t we learn from history in ICT?

“block TCP 445/SMB outbound traffic to the Internet from the network using perimeter firewalls, local firewalls, and VPN settings”

As far as I am aware the blocking of all SMB traffic not just from the internet but within moderate or larger organisations was a,

“Recomended Requirment”

Back in the early 1990’s if not earlier.

In fact I have a book with a chapter written by a Microsoft Corp “Director of Xenix Development” indicating that SMB not be routed or bridged outside of the LAN segment with a copyright year of 1989. So atleast a third of a century ago…

To quote a song[1],

“When will they ever learn, when will they ever learn?”

[1] Written by the legandary Pete Seeger back in 1955, “Where have all the flowers gone” was partly based on a Russian lulaby and became a recognized war protest song. Written at a time when it appeared the entire US political system was coruptly against him for “doing the right thing” of conscience it has endured in many places. I had the good fortune rather longer ago than I care to remember seeing Pete Seeger sing it live. Any way for those that have not learned,

In Memoriam Pete Seeger,

modem phonemes March 19, 2023 11:49 AM

@ Clive Robinson @ ResearcherZero

“Field Programable Gate Arrays”(FPGA) that could support multiple simple RISC based cores

Would Bunnie Huang’s Precursor device let one experiment in hardware with your C-v-P ideas ?

“ In the meantime, Precursor gives us a prototyping platform that we can use to work through user-experience challenges, and it gives you a way to implement projects that demand a secure, portable, trustable communications platform but that might not require the same level of hardware tamper resistance that a full-custom ASIC solution could provide.”

“The principle of evidence-based trust was at work in our decision to implement Precursor’s brain as an SoC on an FPGA, which means you can compile your CPU from design source and verify for yourself that Precursor contains no hidden instructions or other backdoors. Accomplishing the equivalent level of inspection on a piece of hardwired silicon would be…a rather expensive proposition. Precursor’s mainboard was designed for easy inspection as well, and even its LCD and keyboard were chosen specifically because they facilitate verification of proper construction with minimal equipment.”

Clive Robinson March 19, 2023 11:59 AM

@ Winter, ALL,

Re : C19 origin.

“The Strongest Evidence Yet That an Animal Started the Pandemic”

I’ve always tended to the view C19 was of natural origin, as my many comments here in the past demonstrate.

However I’ve consistanly berated the “one or the other” nonsense of “market or institute”. Because as I’ve previously noted in China especially in that travel interchange Wuhan is, there were other as likely if not more likely origins.

Based on the well established fact that the market was not the sole place where “live bush meat” was available and more importantly available as “traditional food” often eaten by traveling businessmen as part of “doing business” with clients.

It’s also been indicated if not established that those supplying “live wild life” for research were also involved with supplying “live bush meat” directly to reasturants and individual “customers”.

Thus the logic argument of,

“One or the other, disprove market then must be institute”

Is with little doubt a compleate nonsense, especially when you find out it was originaly pushed by an idiot trying to climb up in the previous US executive. Alkegedly based on a discussion he had one night with his then squeeze, who had some limited domain knowledge, but unlikely anything close to sufficient to risk her reputation on.

So, the publication is wrong when it states,

“The findings won’t fully convince the entrenched voices on either side of the origins debate.”

It’s not a debate about the origins of C19 but an all out political punch up by dick waving US political todies with ulterior motives.

As I’ve pointed out before “flip the switch” that is think about how it would be if the US was the origin and China was the accusing nation. Do you in any way see the US acquiescing if China made the same demands that the US has and is making of China?

Nope, neither do I.

Clive Robinson March 19, 2023 12:18 PM

@ Winter,

“Over time I have had some, online, discussions with neo-con/anarchist/libertarian people.”

You have my sympathies, though I caution “pick your anarchists with care” many are not as the popularist tropes make them out to be. In many ways it’s like the tropes about “communists” that belch out of certain types that near mindlessly frequent US less than fringe politics.


“But over time I could summarize their ideas simply in the words of this beacon of deep thinking, M. Thatcher”

Do you pick that because you see the logical fallacy in her statement, of denying there is a society, then saying people must help their neighbours (such stupidities were rife in her many words)…

“Which means that these (pseudo-) libertarians had no concept of public health, at all.”

Or anything else of importance either for that matter. They were then, and still are now, a group of “not all there” types who believe that they, and they alone, are entitled, and the rest of us are undiserving of anything for disagreeing with their perverted views.

Apokrif March 19, 2023 12:24 PM

“The Daring Ruse That Exposed China’s Campaign to Steal American Secrets

How the downfall of one intelligence agent revealed the astonishing depth of Chinese industrial espionage”

” It’s not often that prosecutors find a one-stop shop for much of their evidence, but that’s what Xu’s iCloud account was — a repository of the spy’s personal and professional life. That’s because often Xu used his iPhone calendar as a diary, documenting not just the day’s events but also his thoughts and feelings.”

Winter March 19, 2023 12:31 PM


It’s not a debate about the origins of C19 but an all out political punch up by dick waving US political todies with ulterior motives.

I am pretty sure that this is exactly what The Atlantic wanted to say.

Winter March 19, 2023 12:51 PM


Do you pick that because you see the logical fallacy in her statement, of denying there is a society, then saying people must help their neighbours (such stupidities were rife in her many words)…

More elementary, a prime minister and party leader telling us that society does not exist. Who voted for her?

Or anything else of importance either for that matter. They were then, and still are now, a group of “not all there” types who believe that they, and they alone, are entitled, and the rest of us are undiserving of anything for disagreeing with their perverted views.

There are left wing anarchists who put society before hierarchy. And there are right wing anarchists who deny people actually live together. I wanted to know whether there is any philosophy behind this idea. But I think this was it. It was Hayek meets Ayn Rand, not more. And Ayn Rand in her book idolized a psychopath who organized the death of half the US population out of spite. The idolatry of Ayn Randy’s mass murdering hero John Galt told me everything I needed to know about the ethical position of Libertarianism.

Clive Robinson March 19, 2023 1:25 PM

@ modem phonemes,

Re : FPGAs for C-v-P prisons.

“Would Bunnie Huang’s Precursor device let one experiment in hardware with your C-v-P ideas ?”

I’ve not seen sufficient information to say…

However I can tell you that my prototypes were made with PIC-Chips as the Prototype prisons and state machine hypervisors. Likewise so were the “jail doors” that acted as the “post box” MMU to Core RAM.

So you should be able to build the same with some modern SoCs used for the likes of hard drive controlers.

There are a couple of limitations with developing ALU and RISC CPU in FPGAs,

1, Number of usable gates.
2, Gate routing matrix depth.

Whilst you can get 1/4 million gate FPGA’s as others have found from SDR and other designs often there is considerable compromise on routing and gate usage and it’s not always obvious when you are going to “wall off” large numbers of gates due to routing with any particular device type.

Often the “tools” like non VHDL compilers will let you down and you have little choice but to “hand tape” which is both frustrating and time consuming. Just learning VHDL to the required level is enough to bend some peoples brains indefinately.

Ron Rivist “The R of RSA” has a few horror stories of developing tools for ASIC layout and other engineers in the 80’s with devices as simple as 20V10 PAL’s,

So it’s not a pool anyone can confidently put their toe in, though some “famous names” have tried to make it easier. Niklaus Wirth “the father of Pascal” being one, but for some reason the University he worked for has moved or deleted it.

Clive Robinson March 19, 2023 1:30 PM

@ Winter,

“I am pretty sure that this is exactly what The Atlantic wanted to say.”

+1 😉

lurker March 19, 2023 1:37 PM

@Clive Robinson
re NFC capable phone,

Given the qualification of the bank card, I thought it unnecessary to state that no NFC account had been configured on the phone. My stated rejection of the bank’s app should require a determined adversary with an external channel to link my money to my phone.

Because the card is NFC capable for contactless payments, I deliberately keep the card balance low, like the couple of days’ cash you might keep in your wallet.

No luddite here, just a log cabin with a satelite dish.

MarkH March 19, 2023 2:07 PM

Re: C19 Origin

I’ve kept an open mind. I’ve always thought “lab leak” to be a possible epidemic origin, though without supporting evidence. [That U.S. intelligence agencies have no firm conclusion suggests confirms how weak any such evidence must be.]

However, the consensus of experts who spend their careers tracking spread of infections has seemed to be “spillover” outside of a laboratory setting, and I’m such an old fuddy-duddy that I consider those experts to be the best available guide to the truth.

As I’ve written before, the “answer” isn’t very important: we know how to reduce the risks of zoonotic transmission, and should do so. We know how to reduce the risks of laboratory escape, and should do so.

Nick Levinson March 19, 2023 2:17 PM

@Clive Robinson:

Defamation of character:

In U.S. law, whether an inquiry is not damaging when swapping the subject and the verb would be may depend on how a third party understands the communication: if it’s understood as a statement, and the law allows some imprecision in an audience’s understanding, it may be substantially damaging, especially if the subject person can’t respond in mitigation of the damage. I’m not sure that the “reasonable person” test applies in the U.S. to this body of law (under the test, if a reasonable person would agree the person was a crook then there’s no defamation); one may have to prove that the person was or would have been found guilty in a court (evidence was sufficient even without going to court, the subject person admitted the facts, or a court found the facts in a verdict) if the accusational charge and not defamation had been the reason for a court case. It’s easy for a lay person to misunderstand the law and conclude that someone violated it even when an element of the offense had not been proven (cf. the difference between murder and manslaughter), and that ease makes it hard to apply a reasonable person standard.

The difference between slander and libel is as you say.

The law likely varies among the 50 States.

modem phonemes March 19, 2023 2:52 PM

@ Clive Robinson

often there is considerable compromise on routing and gate usage and it’s not always obvious when you are going to “wall off” large numbers of gates

Sounds like a computing image of Hex and Go 😵‍💫

modem phonemes March 19, 2023 3:09 PM

@ Clive Robinson @ Winter

Re: better to light some candle than curse the darknesses

One can begin to remove the carbon scoring of utopias of the left and right by looking at Pope Leo XIII’s social encyclical “Rerum Novarum”, and the first major attempt at its implementation by Luigi Sturzo and the Partito Populare. Aurel Kolnai’s essays, especially those in “Privilege and Liberty and Other Essays in Political Philosophy” are good additional course material.

vas pup March 19, 2023 6:31 PM

@Clive said “It also demonstrated a significant loss in “skill” at all levels of the general populous. Which is still being demonstrated when you look at the issues with semiconductors and much else involving manufacturing that China coverts from it’s neighbors in the South China Sea and West Pacific.”

What do you expect when merits are not the top priority for prosperity? Ideology is dominated science and education then the only result is following Second Law of
Thermodynamic – decline, disorder and increase of entropy. We did have such in Middle Ages.

“If someone can prove me wrong and show me my mistake in any thought or action, I shall gladly change. I seek the truth, which never harmed anyone: !!!the harm is to persist in one’s own self-deception and ignorance.” ~ Marcus Aurelius

Now nobody try to prove you wrong – you’ll be just forced to shut up utilizing cancel culture, deep state resources you name it.

“In philosophy, or religion, or ethics, or politics, two and two might make five, but when one was designing a gun or an aero plane [or security – vp]they had to make four.”
George Orwell, 1984

Until math, physics, natural science take lead we will have Orwellian future or even worse.

Clive Robinson March 19, 2023 7:11 PM

@ Winter,

“It was Hayek meets Ayn Rand, not more.”

Grief, that’s the equivalent of dog turd a top a pizza…

An aquired taste the nobody should have a taste for ever.

I still think, after getting on for most of my life, that reading the fifty page diatribe in an otherwise realy bad Sifi story of Atlas Shruged was time that,

1, I shall never get back.
2, Was worse way worse than being a waste of time.

But… I must admit trying to makes sense of the male bovine excreta that is the canon of Hayek is likewise time that could have been better spent having my teeth ground down with a foot driven drill[1]…

At least his cousin could see reason in nonsense, which still makes sense to me[2]…

Of Hayek, the only thing that I found of real use was the arguments of “Dispersed knowledge” which can explain behaviour of entities with agency in the face of genuine uncertainty. It also is usefull when you consider witness “Points of View”(PoV) as an investigator.

No witness sees the whole event thus they have uncertainty in their PoV or truth. With N witnesses you actually have N+1 truths, the N PoVs of the witnesses and the +1 being the actual event truth that nobody saw. As an investigator you know that the witnesses must not be alowed to talk to each other as their PoVs will change and their truths with it. Also you know that witnesses may colaberate or collude to give false PoVs. You can on interviewing the withesses build the N subsets of knowledge from their PoV’s with a little luck all the points of the unseen +1 truth will be included across the N truths thus there will be no uncertainty. However two or more witnesses with what are effectively identical sub sets may well be colluding. You can use other witnesses sub sets to pull out what points conflict and thus are potentially false points. This enables you to remove potentially false information from your construction of the +1 set.

You do the same thing with inteligence reports to try and find the +1 that is the opponents actual state is, even in the face of potential or actual deception.

Dispersed knowledge has a flip side which is “Distributed knowledge”. That is an entity A knows a causal relationship such as C only has their coat if they are entering or leaving the work floor at the begining or end of the work shift. Entity B sees C with their coat heading towards the door vut ebtiry A does not. Neither A nor B know what the time is (such is shift work in a 24hour lit work floor), but with the knowledge of A and B shared, they will know it is shift end and time to leave themselves.

[1] Yes even post WWII in England some dentists still used “foot treadle” drills… When I was very young, an Australian dentist used such a device on me and snapped the drill in my tooth, I ran out with the drill still stuck in me all the way home and hid in the “coal shed” hours later in a hospital and under a gas general anesthetic –because I was still in terror/shock, it was removed. For some reason I have an intense dislike of nearly all dentists…

[2] Hayek’s cousin Wittgenstein, actuall did make reason and sense out of nonsense, the definition of which was nonsense in the cryptographic or information theoretical sense as in extraxting signals from noise. The old,

Send three and four pence I’m going to a dance

Is a form of such nonsense caused by sufficient loss of signal in noise and the human brain trying to make sense of it… (the actual message being “send reinforcments we are going to advance”). Wittgenstein correctly pointed out the structure of a sentance were like the hinges of a door and had to be firmly in place if the door was to function. But hinges alone serve no purpose. That is a correctly structured sentance does not of necessity convey actual information.

JonKnowsNothing March 20, 2023 2:32 AM


re: What’s legal in USA is not legal in …

In the way of jurisdiction hopping (1), the arrest of an Australian citizen on behest of the USA, is slowly unraveling the methods used to lure the person, who was traveling in another country, back to Australia, only to be arrested on arrival and imprisoned on behalf of the USA Security Services.

ASIO provided this person with all security clearances and OKs needed prior, to the person’s return. ASIO then arrested the person and withdrew the security clearances.

It’s a convoluted story, with much less publicity than JA gets for his stay in the UK.

What is interesting is how the this carrot lure works.

… Australia’s role in his arrest is also being interrogated: his legal team say they are investigating whether the Australian Security Intelligence Organisation (Asio) assisted the US by “luring” [Daniel] Duggan back to Australia from China, so that he could be arrested and extradited

He said Duggan had received security clearance from Asio to receive an aviation licence and return from China to work in Australia in 2022.

The Asio clearance was later rescinded.

We are exploring at this stage whether or not he was lured back to Australia by the US, where the US knew he would be in a jurisdiction where he would be capable of being extradited.


Such lures, including manipulation of security clearances, are legal under US law, but not Australian law.

It would be “a matter of grave significance” if Australian security agencies had
given Duggan a security clearance to provide “a false sense that he would be able to return to Australia”

The US uses a whole pile of carrots. Sometimes we get other countries to do the kidnapping, sometimes we invade countries to do the same. All we need is a REALLY BIG CARROT and maybe a Nuclear Submarine deal as a sweetener.


1) Jurisdiction Hopping: The practice of US Agency’s using laws in other countries for practices that are illegal in the USA, to arrest and rendition people. Target countries are those with laws or political leaders more in tune with US Agency policy,

Search Terms

Daniel Duggan
151 days
labeled with high risk prisoner designation (no-see-ums)


Name March 20, 2023 6:36 AM

@ Clive Robinson

‘Also I will never own a phone, with NFC or QR Code recognition…’

I understand the NFC part but what about the QR Code recognition?
Do you mean QR Codes that are displayed on your phone and get read by something external resulting in the unwanted extraction of data from your phone or are you referring to pulling in malware by reading external QR Codes with your phone or …?

ResearcherZero March 20, 2023 6:49 AM

“Your data has become something that is increasingly inescapable and certainly inescapable in the sense of being obligatory for your average person living out their life.”

“We’re strikingly lackadaisical,” says Koopman

What are these data showing? What assumptions are built into configuring data in a given way? What inequalities are baked into these data systems?


The 1128 individuals affected by the breach were those who completed and returned the forms to Datatime, and for those, name address and Medicare number may have been exposed in the breach.

“n the early hours of Saturday morning, the criminals behind the cyber attack released to the company, in a private communication, a sample of what is believed to be stolen data.”

Winter March 20, 2023 9:46 AM


Or maybe they should base calls not solely on numbers but on how viewers might react. Or maybe they should delay calls, even if they were right, to keep the audience in suspense and boost viewership.

In the end, Fox News hosts decided to call the vote for the loser:

Newly released court documents reveal that Rupert Murdoch, the billionaire owner of Fox News, acknowledged under oath that several Fox News hosts endorsed Donald Trump’s lie that the 2020 election was stolen from him.


As I quoted before, *Oh, and Fox News, as dependable as Pravda and easily as accurate, … *

ResearcherZero March 20, 2023 9:58 AM

John Barilaro unknowingly admits to Pork Barreling and other crimes in new tape recording

“You can have it all.”

Barilaro’s office “failed to comply with the basic rules of good governance” by not keeping records detailing the basis on which Barilaro determined to allocate $61.3m of taxpayer money under the scheme. The inquiry heard that Berejiklian’s senior policy adviser had shredded briefing notes and deleted electronic records on the list of approved projects. Premier Gladys Berejiklian and deputy premier John Barilaro had approved the projects, and had directed the Office of Local Government (OLG) to make the payments.

“It was an improper allocation of public money and falls well short of principles of proper grants administration and public expectations.”

A NSW parliamentary inquiry into the matter previously heard West claim that she was told by Brown that the job would be given “as a present” to someone.

“Mr Barilaro responded and stated, ‘I’ll get them to put one in New York, that’s where I’m off to.’”

Amy Brown, chief executive of government agency Investment NSW, advised the parliamentary committee that the fit-out cost for a New York office for former deputy premier John Barilaro is $US 905,000 ($AU 1.3 million).

During the inquiry it was revealed that Cartwright – as with Barilaro – had not initially been the preferred candidate for the UK trade envoy role.
The inquiry heard that Cartwright had “a very frank and open discussion” with Barilaro about a pay package of “over 800k”.

modem phonemes March 20, 2023 11:12 AM

@ Winter

dependable as Pravda and easily as accurate

This can be said of almost all news. As Chesterton opined, “newspapers are the hobbies of rich men”. Identify a market, write the news to serve it. If your hobby includes an ideology, that can serve to solidify your market loyalty. Ka-ching, money money money.

Winter March 20, 2023 12:32 PM


This can be said of almost all news.

That is not true. You probably have never seen (translated) Pravda or its sibling “Truth” newspapers, or you would not say that.

There are news organizations that try to report about reality, and there are news organizations that only write fiction. The former can, and too often, fail to report all relevant facts, the latter only report facts by accident.

Al Jazeera will make mistakes of fact or omission, RT will only report facts by mistake.

modem phonemes March 20, 2023 12:52 PM

@ Winter

Re: news spectrum

“There is no truth in Pravda, and there is no news in T.A.S.S.”

It seems naive to implicitly trust any news organization. For most of us, the only defense against the news is to read everything and sift sift sift.

Winter March 20, 2023 1:07 PM


It seems naive to implicitly trust any news organization.

It seems naive to trust any human. However, if you trust no one, you will not live for long. If you trust no news organization, you will end up utterly ignorant.

Winter March 20, 2023 2:19 PM


Hence, stealing from myself and my family, to satisfy their bleeding hearts.

In the USA, it is Democrat states who are net payers of federal taxes, and Republican states that are net consumers of federal taxes.

Whatever you make of it, Democrats put their money where their mouth is, they spend more but they pay for it. Republicans too put their money where their mouth is, the take more and pay less.

The bleeding hearts of the progressives are the healthcare of the elderly and the infirm, and the education of the kids to give them a ticket to the American dream.

If Democrats have a bleeding heart, Republicans have one made from stone.

JonKnowsNothing March 20, 2023 7:32 PM

@Winter, @PaulBart, @Clive, All

re: Hearts made from stone

It seems that there are some aspects to life-living that come only with age. It’s an old trope but it is true in many aspects. It’s a perspective that shifts when you begin to fathom just how much “stuff” has cluttered your thinking along your life-path.

One of the shifts is when you realize that for “MY STUFF” to happen, you need “OUR STUFF”, and it’s only together that “YOUR STUFF” happens at all.

It hit me squarely on the forehead, standing in food lines. A previously mysterious “bleeding heart” themed activity, widely derided by the “MY STUFF” groups. It is not until you stand in line, rain, shine, cold, heat that you fathom what “OUR STUFF” means.

“Your Stuff” is meaningless unless there is “Our Stuff” too. “Your wealth” comes from “Our wealth”. “Your life” needs “Our life” and “Our Life” needs “Your Life.




Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.