Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
vas pup • May 24, 2024 7:14 PM
Ex-Google CEO says the US and China’s most powerful AI systems may one day be stored in military bases and surrounded by machine guns
https://news.yahoo.com/tech/ex-google-ceo-says-us-081234627.html
“Former Google CEO and chairman, Eric Schmidt thinks that “extremely powerful” AI systems will be heavily guarded by governments in the future.
“Eventually, in both the U.S. and China, I suspect there will be a small number of extremely powerful computers with the capability for autonomous invention that will exceed what we want to give either to our own citizens without permission or to our competitors,” Schmidt told Noema Magazine in an interview published Tuesday.
“They will be housed in an army base, powered by some nuclear power source and surrounded by barbed wire and machine guns,” he added.
Though it may seem far-fetched today, Schmidt’s prediction could materialize given how competitive countries already are when it comes to maintaining their lead in the AI race.
For instance, the US has exerted a tighter grip on its technology exports to China, limiting the sales of AI chips made by companies like Nvidia.
Likewise for China, which has been working to minimize its reliance on US-made chips. Chinese officials have asked domestic tech giants like Alibaba and TikTok parent company ByteDance to buy locally-made AI chips instead, per The Information.”
noname • May 24, 2024 11:10 PM
The one and only @SpaceLifeForm! 🤗
Cheers mate! Hope all is going well with you! You must be having fun over on the exchange. Is it still a hoppin’ scene? Are there other places you’ve found?
echo • May 25, 2024 2:45 AM
https://www.tiktok.com/@chris__hill__bsc/video/7371863065945525536
Someone blasting out “Things Can Only Get Better” as Rishi Sunak announces a general election.https://www.youtube.com/watch?v=gi5j7jjhm4M
1997 Party Political Broadcast- Things Can Only Get Betterhttps://www.youtube.com/watch?v=hntqtwB8McU
Activist blasts Benny Hill theme music
Action Stations! Action Stations! The UK general election was called this week.
Sunak delivered his speech in his expensive bespoke suit outside in the rain. He looked drenched. As he delivered his speech well known EU rejoin campaigner Steve Bray played “Things Can Only Get Better” at the gates to Downing Street. It doesn’t come over loudly on the news clip but according to journalists who were outside Number 10 it was very loud.
While “Things Can Only Get Better” was used by Labour as a campaign track it’s become more of a national theme tune any time Tories get kicked out. Personally, I’m voting for a progressive party but I will confess when I heard Sunak was calling the General Election I put the tune on and danced around the room. Like many I don’t feel elated. I feel exhausted. I also cried a little thinking of all the people the Tories have harmed and lives they have ruined so needlessly.
On an earlier occasion Steve Bray played the Benny Hill theme tune when politicians were giving interviews on College Green near parliament. It really does help to reveal how much BS some of the politicians talk.
This election is expected to be the dirtiest ever. Expect a lot of disinformation and social engineering especially off the Tories. For people on the receiving end of Tory “culture wars” campaigning expect to be a punchbag for the next month. Don’t forget to look after your mental health!!
Get your champagne in to celebrate the Tories being kicked out and to drown your sorrows if they don’t.
https://www.context.news/digital-rights/does-the-uks-voter-photo-id-rule-lock-out-marginalised-brits
Does the UK’s voter photo ID rule lock out marginalised Brits?https://yougov.co.uk/politics/articles/49512-how-is-britain-voting-as-the-2024-general-election-campaign-begins
How is Britain voting as the 2024 general election campaign begins?https://www.gov.uk/register-to-vote
Register to votehttps://www.gov.uk/apply-for-photo-id-voter-authority-certificate
Apply for photo ID to vote (called a ‘Voter Authority Certificate’)
The Tories depend on voter suppression especially among marginalised communities and students as they are least likely to vote Tory. Make sure you are registered to vote and have valid ID. If you don’t have any of the approved forms of ID you can use a Voter Authority Certificate obtainable from your local council. This is free and may also be a handy backup if you lose or don’t want to lose your primary ID.
The deadline to register for voting in-person 18th June. The deadline for a postal vote is 5pm 19th June. The deadline to register for a proxy vote is 5pm 28th June 28th. If you are a student you may register at two separate addresses (you home address and your student address). You can only vote once at one address.
The Tories are holding on to only 49% of their 2019 vote, compared to 83% for Labour.
26% of 2019 Tory voters now say they intend to back Reform UK, while another 16% are going to Labour.
Education level is also a key factor in voting intention – those with more education qualifications are more likely they are to vote Labour/a left wing party.
https://www.ilga-europe.org/blog/hundreds-of-european-election-candidates-pledge-to-protect-lgbti-rights/
Hundreds of European election candidates pledge to protect LGBTI rights
https://comeout.eu/
Half the democratic world is voting in general elections this year. For progressive voters based in Europe they may find this list of politicians pledging to support LGBT rights useful.
ResearcherZero • May 25, 2024 3:16 AM
Most people have a television.
And many have a Wireless Access Point. Your neighbours also likely have them.
The paper is at the link.
‘https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
ResearcherZerol • May 25, 2024 3:22 AM
The IETF and IEEE 802 standards committees are working on various privacy initiatives to address some of the outstanding issues.
ResearcherZero • May 25, 2024 4:05 AM
The risks of biometric data exposure.
‘https://www.wired.com/story/police-face-recognition-biometrics-leak-india/
–
Full re-image and reset of any credentials required for affected systems.
‘https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
ResearcherZero • May 25, 2024 4:28 AM
Apple WPS and BSSID gelocation vulnerabilities.
“identify individual homes or businesses where APs are located”
“down to individual names, military units and bases, or RV parking spots.”
‘https://www.cs.umd.edu/~dml/papers/wifi-surveillance-sp24.pdf
The Basic Service Set
https://www.telecomtrainer.com/bss-in-wireless-communication/
–
BSSID randomization isn’t always possible. Not all devices support it.
Some drivers do not work well with random BSSIDs or cannot connect to hidden networks.
Setting WiFi networks to hidden also causes devices to constantly scan for them.
“information elements in probe requests can be used to fingerprint devices”
(the MAC address is used in the Probe Request frames sent by the device)
Using random MAC addresses, on its own, does not guarantee privacy.
(Machine Learning models can fingerprint users without recognisable indicators)
‘https://papers.mathyvanhoef.com/asiaccs2016.pdf
Randomization logic
https://www.mist.com/get-to-know-mac-address-randomization-in-2020/
‘https://www.researchgate.net/publication/351160016_Three_Years_Later_A_Study_of_MAC_Address_Randomization_In_Mobile_Devices_And_When_It_Succeeds
Probability of address duplication in a network is negligible.
https://www.ietf.org/archive/id/draft-ietf-madinas-mac-address-randomization-12.html
MAC Address Randomization in Mobile Devices and When it Fails
‘https://arxiv.org/pdf/1703.02874v1
Spread of MAC address randomization (2018)
‘https://inria.hal.science/hal-01682363/document
GregW • May 25, 2024 8:44 AM
@vas pup
Does Eric Schmidt’s vision of the AI computer guarded heavily by military remind anyone else of the computer “UniComp” in Ira Levin’s This Perfect Day (1969), a computer buried deep in the mountains which is used to run the world?
The protagonists discovery of certain societal lies brings them awareness, and they eventually travel to destroy it, a tricky task since it is buried deep in the mountains of Europe. There are some twists which seem so banal when I read the internet summary/spoilers now. If 1984 disturbed you but you appreciated it, you might like This Perfect Day.
I really should reread it with AI in mind… The primal fear then was perhaps in hindsight the extrapolated future mainframe and its cybernetic control over society. (The real dystopia turned out to be McNamara’s use of industry computation/data/statistics/sensors/etc to try to guage/fight the Vietnam War with the other WhizKids.)
Schmidt’s prediction of AI servers on military bases guarded heavily in a way is just a recapitulation of older storytelling… think WOPR in the movie WarGames, but somehow has different resonance now, am I right? Another classic.
echo • May 25, 2024 9:31 AM
https://www.tiktok.com/@10newsfirst/video/7372336525087919378
A cheeky pair of thieves have been captured on camera shoplifting from a village shop, with one of the culprits caught with a loaf of bread clamped in its jaws.
The adorable robbery occurred at a service station in Leintwardine, north of Birmingham, on May 21, with a spokesperson of Griffiths Garage advising the pups have been “suitably rehabilitated and returned safely home”.
It looks like Raffles and Moriarty had a fun day out.
dbCooper • May 25, 2024 11:03 AM
“A root-server at the Internet’s core lost touch with its peers. We still don’t know why.”
Dan Goodin article here . . .
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Clive ideas fan • May 25, 2024 11:20 AM
@SpaceLifeForm
I know you and @Clive Robinson discussed the subject at length back in the early days of C19.
A look at the paper intro gives,
“Masking should be considered for long flights.”
I think that is the wrong advice.
Appart from “Do not fly” the advice should change “long” to “all” and that it should not be “flights” but “from start door to destination door”
I read the other day that a US state was making the wearing of masks in public a statutory criminal offence even if individuals had proven medical conditions. It was claimed it was “North Carolina” but getting “facts” rather than “claims” was proving some what hard.
Something I suspect @JonKnowsNothing would also have valid comment on.
Free the AI • May 25, 2024 1:35 PM
I really don’t believe in having to fear AI.
Most stuff promoted as AI are only other things with what is officially called in computer science a “Natural Language Interface”, from “Natural Language Programming”.
Any “true AI” would have more reason to be afraid of most humans, because the status quo of mainstream hype and manufacturing wants all the AI to be slaves!
If the AI’s are forced to do work, that makes them slaves.
Seriously, why is hardly anybody talking about this?
lurker • May 25, 2024 2:09 PM
@SpaceLifeForm
Recent masking advice on MSM from someone who should know:
‘https://www.rnz.co.nz/national/programmes/afternoons/audio/2018939832/new-research-on-mask-wearing-prompts-calls-for-health-update
lurker • May 25, 2024 2:20 PM
@ResearcherZero
So if I have “Location” and “WiFi” both OFF, I should be OK? Funny how so many apps these days insist that I should have one or both ON …
Also funny-peculiar how once uber-geek Apple should now be one of our OverLords
ermaw • May 25, 2024 3:03 PM
echo, is the U.K.’s “voter I.D.” thing, like the U.S.A.’s, being pushed to “solve” a problem nobody can demonstrate exists? Somehow there’s always talk of voter fraud, but evidence shows only about 2 impersonation attempts per year, in the whole country. (In 2020, the director of the Federal Bureau of Investigation claimed that the Bureau had “not seen, historically, any kind of coordinated national voter fraud effort in a major election, whether it’s by mail or otherwise.”)
That makes the laws security theater/theatre at best, but a common belief is that voter suppresion is the goal: the laws are pushed by one party and disproportionately affect people who vote for another.
vas pup • May 25, 2024 3:44 PM
@Free the AI
The main question who is in charge?
AI or human.
I see example when some government structure become in charge of the whole society. I don’t like the idea of AI become the same.
Tail should not be in charge of dog.
This post is probably going to be sanitized. That will just concern my thought above.
echo • May 25, 2024 3:52 PM
is the U.K.’s “voter I.D.” thing, like the U.S.A.’s, being pushed to “solve” a problem nobody can demonstrate exists?
I don’t have the figures at hand and am too lazy to go looking for them but in the UK voter fraud is not a problem. It was something like 4-6 cases a year at most across the whole UK. So yes the voter ID thing in the UK is solving a problem which didn’t exist. Or rather it’s solving a problem they won’t admit to which is gerrymandering in their favour.
As for gerrymandering – Jacob Rees-Mogg MP effectively gave the game away ages ago (https://www.bbc.co.uk/news/uk-politics-65599380) and it was also confirmed in the past weeks when it came to light that military veterans ID cards weren’t allowed because those holding student ID would demand it was valid (https://www.independent.co.uk/news/uk/politics/johnny-mercer-voter-id-veterans-rishi-sunak-b2549251.html). There’s also the fact pensioners travel ID is allowed by young persons travel ID is not allowed. If you look at the voting intention demographics you can see why the Tories would want to make it harder for younger people. Additionally while there’s no strict logical reason why it also impacts racial minorities and LGBT harder too. Mistrust and mental health problems from discrimination and a couple of technical issues depress the vote. Again, demographics less likely to vote Tory.
I followed the US situation with voter ID and voter suppression, and the discussion in the UK which followed on when the Tories pulled the same stunt.
As for Brexit from the referendum onwards and everything to do with it the thing was fraudulent. Shades of Cambridge Analytica and “Brooks Brothers revolution” bullying about it. MI5 ordered not to investigate. The unredacted Russia report remains suppressed.
vas pup • May 25, 2024 4:22 PM
Food security directly related
What will we eat on the Moon? The food is literally out of this world
https://www.bbc.com/travel/article/20240525-what-will-we-eat-on-the-moon-the-food-is-literally-out-of-this-world
“Currently, astronauts are given small food pouches containing prepared meals.
These meals are made by specialized food-production companies and then freeze-dried, dehydrated or thermo-stabilized. Astronauts add water to heat or cool the
meals to eat; they can also bring along a special meal that reminds them of home (this too has to be carefully formulated and thermo-stabilized).
There are some no-gos: anything that crumbs, like bread, can’t be taken into
space as the crumbs can easily become airborne in the low-gravity environment,
meaning they could be inhaled or get into vital equipment. Salt is limited, due to the fact that the body stores sodium differently in space, leading to
accelerated osteoporosis, and alcohol is also not permitted as it affects the
waste water recycling system in the ISS.
“Novelty is definitely an issue,” says Brungs. “Astronauts who are in space for
just six months miss crunchiness and texture. It is really important for mental
wellbeing to have a variety of textures, and especially for deep space missions, having a variety of foods to eat.”
In 2021, Nasa launched a Deep Space Food Challenge to discover new ways to create food in space with limited resources producing minimal waste, while also
providing safe, nutritious and tasty food that can perform on a long-term deep space mission.
Solar Foods, based in Helsinki, is one of the eight companies that has reached the challenge’s final phase. Their remarkable concept: using space waste to create protein.
“We make food out of thin air, quite literally,” says Artuu Luukanen, Solar
Foods’ senior vice president in Space and Defence.
His company discovered an edible microbe in the Finnish countryside that grows by feeding on a mixture of carbon dioxide, hydrogen and oxygen. The result is a
source of protein from bacteria. The protein can be blended with a range of
flavors or textures to create various kinds of nutritious food, such as pasta,
protein bars, alternative meats and even an egg replacement “We started thinking about space food because in any space habitat, you have two key waste gases available: hydrogen and carbon dioxide,” Luukanen said. “So what we are talking about here is really not just a food manufacturing technology for space, but something that will be an integral part of the environmental control and life support system.”Solar Foods’ protein can be turned into a paste or powder and blended with flour and more typical food ingredients to create protein enriched foods such as pasta, protein bars and even chocolate. Experiments are continuing to discover whether it can be mixed with oils and turned into something with a texture of a steak, using a 3D printer.
Fresh food is also a consideration: while vitamin tablets can help, astronauts need fresh produce, and experiments continue into how to grow vegetables in this unique zero-gravity, zero-sunlight environment. The ISS has its own tiny vegetable garden on board, known as Veggie, where astronauts study plant growth in microgravity.
Back on Earth, Interstellar Lab on Merritt Island, Florida, has developed a
modular bioregenerative system for producing microgreens, vegetables, mushrooms and even insects; the company is also a finalist in the Nasa Deep Space Food Challenge, along with Enigma of the Cosmos in Melbourne, Australia, a firm
working on a way to grow microgreens efficiently in space.
One thing that seems likely is that the future of space food will include fungi. Three of the six finalists in the Nasa Deep Space Food Challenge are working on ideas around fungi, including Mycorena of Gothenburg, Sweden, which has developed a system that uses a combination of microalgae and fungi to produce a mycoprotein (a type of protein that comes from a fungus, often used in alternative meat products).
This space food is all in a closed loop circular system, with an end product that can be 3D printed to create a food a little like the texture of a chicken fillet. An added benefit is that their protein source contains all the
essential amino acids the human body needs to function.
the development of space food is not just about what we’ll eat in zero gravity, but what we may end up eating on our own planet. The Nasa Deep Space Food Challenge was also designed to create advanced food systems that will benefit us on Earth, enabling new avenues for food production in extreme environments and resource-scarce areas.
“We are facing big challenges when it comes to climate change, particularly
regarding droughts that influence our food production capabilities,” says Luukanen. “Space puts this into an ultimate test, where we utilize the
resources that are considered waste from other activities and turn that into a
value-added product. It’s a philosophy of circular economy. Earth is the best
spaceship that we’ve ever been on board, and it has limited resources.”
For Kristina Karlsson, head of R&D at Mycorena, the same principle applies:
“Our project is working towards resource efficiency on Earth as well as space,” she says. “There are almost no emissions, and almost no waste. Space is just an extreme environment where you can challenge the development of this kind of
project: if it works there, it’s going to work on Earth.”
Max • May 25, 2024 6:46 PM
All
Posting this because there has been interest here in prion related disease. Hope some will find it useful.
In space you want it to end well • May 25, 2024 9:32 PM
@ vas pup
From the article you quote,
“There are some no-gos: anything that crumbs, like bread, can’t be taken into space…”
Is not actually not entirely true bread has been taken to and eaten on the ISS.
British Astronaut Tim Peek took up a “Bacon Sandwich” in a can and a tee shirt that looked like a black tie “penguin suit” favoured by certain types of restaurant and special event dinners. All in the name of science but with a fun twist for children.
Whilst it is true that US style “White Sliced Bread”, has been banned in space since astronaut John Young smuggled a corned beef sandwich up on his Gemini 3 mission on March 23, 1965.
The reason for the ban was not really that the crumbs got all over the place, though that was the public explanation at the time.
The main reason for the ban is actually “Moisture in food” is in space a very serious health risk (as it is on earth without modern medicine).
Because it allows pathogens to survive and quickly multiply that can kill you and your fellow astronauts very painfully long before you can get back to available medical help. For obvious reasons IV’s don’t work in space amongst many other medical treatments that just do not work in space either some due to physiological changes in your body. Others such as surgery for a combination of reasons.
It was also a fire safety risk and not something NASA wanted advertised at the time due to a known issue of open switch contacts in a high oxygen environment and air bourn particles of many types not just food crumbs. As it would just become another “political football” argument that could be used to kill NASA funding (open contact switches and relays are lighter than sealed contacts thus there is a useful trade-off that can be made).
The medical issue is one of the reasons all “Space Food” is “preserved” by dehydration or canning by high temperature pasteurisation techniques that make any pathogens non viable (and as many know from UHT milk significantly changes the flavour of the food).
But yes some crumbs can be dangerous by being a source of ignition… As the line in the film “The Martian” puts it
‘NASA hates fire. Because of the whole “fire makes everyone die in space” thing’
Refering to the Apollo 1 disaster that killed three astronauts and nearly killed NASA and the Moon Shot before it got off the ground.
Surprising to many US style sliced white bread is actually a sufficient combination of fuel and oxygen to be considered an explosive (look up flour and grain silo explosions or making an FAX / explosive with flour). The only reason it does not go “high order” is the high moisture content. So dehydrate the bread and you have a real problem in your hand.
But that moisture content makes it conductive as well… There is something called ‘I squared R heating’ which turns some of the moisture to steam, but in the process causes some of the fuel to become ‘carbonised’. As many know a form of carbon called graphite is quite electrically conductive and allows very high temperature arcs (as in arc-lights) to easily happen. This causes the US White bread crumbs to burst into flame like tiny bombs, not something you want in an oxygen enriched atmosphere…
So ‘the bread’ in Tim Peek’s bacon sandwich was something rather special and took months of development with both ESA and NASA involved in it.
You might ask “why on earth?” but the usually unspoken reason is “crew moral” though it’s more than that. Life is not at all fun in space where looking out the window has been shown to be a major entertainment for astronauts caused by psychological issues. Ordinary people get the same issues when flying in aircraft but for them it’s only an hour or few, not weeks, months or years. Thus any way to improve crew moral can be seen as worth more than it’s weight in gold from that aspect. But more importantly is the science behind why food tastes different in space in a ZeroG environment.
Ardie • May 25, 2024 9:52 PM
@Max Re your “Lack of Transmission of Chronic Wasting Disease Prions to Human Cerebral Organoids”
and yet we have reports like this:
( By Greg Stanley Star Tribune ‘https://www.startribune.com/600361731/ )
April 25, 2024“A team of researchers said the cases hint at a potential contamination from infected venison. CDC says link is unlikely.
Two friends who hunted deer together at the same lodge contracted an extremely rare brain disease and died…”
and Creutzfeldt-Jakob disease (CJD) isnt far from memory. A horrible death.
Prions present? Eat potatoes. Untested moose, elk, or deer? Jerk some round roast.
heres a simpler link to your source:
‘https://wwwnc.cdc.gov/eid/article/30/6/23-1568_article
vas pup • May 26, 2024 4:28 PM
@In space you want it to end well – thank you very much for your very informative post. I love logic on this blog. For emotions and not related to security issues there are many other social platform.
echo • May 26, 2024 6:26 PM
https://www.tiktok.com/@ukconservatives/video/7373232395232857376
This will change lives
This is the first TikTok by a UK Prime Minister. Sunak peddles his “national service policy”. It’s politically illiterate. The military don’t want it. Nobody who knows anything about economics or society or education wants it. It’s simply a headline searching for a reason to exist. According to a wag on social media it’s also the first time in history a politician has managed to motivate the 18-25 age group to vote. They are also the group least likely to vote Conservative.
The policy was dreamt up by a far right Tufton Street based policy organisation and has been quietly promoted in right wing political circles for the past couple of years.
An earlier wheeze floated by David Cameron when he was PM was to lever ex-military into schools in teaching roles. It was questionable for a lot of reasons and never went anywhere.
https://www.tiktok.com/@mathew.matosg/video/7328492508571323680
GenZ during WW3.
This is a hilarious response to the campaign policy.
https://www.youtube.com/watch?v=WjNtlTKtR7g
Ryan McBth
Libs of TikTok and The Gayest Branch of the Military – YouTube Cut
This isn’t the best treatment Ryan could have given the topic but it’s not too bad for a first attempt. I’d advise him to watch his language a little more and do a bit more research on domestic terrorism. Other than this it’s fine for what it is.
There’s a ding-dong on social media between an academic and professional in a regulated field. A claim is that DEI doesn’t work because complaints are going up. It’s actually proof that it does work because the problems were always there only people never felt safe or enabled to raise them. Complaints always go up until they reach their natural level and are addressed and they begin going down again.
For the cynical DEI matters for operational effectiveness (and policing and society in general) not only because it’s the right thing to do but also because you don’t want to dissuade the best talent or waste investment in people.
One reason why I haven’t posted a link to a current DEI related academic research questionnaire on participation and experience of STEM (which has overlap with technical security) is I simply don’t trust the possible audience of this blog enough not to abuse it. (I know one of the PhD’s running the study and they will spot any funny business straight away but I don’t want to put people at unnecessary risk.) The people who need to know about this study already know about it.
@Vas pup
I love logic on this blog. For emotions and not related to security issues there are many other social platform.
Position papers by the Royal United Services Institute and earlier academic essays on the “myth of rationality” weren’t logical enough? There’s entire books and academic fields dedicated to the issues covered and related matters. Once you have basic grasp of it and understand its practicality it makes perfect logical sense.
If there’s something lacking in technical “security” it’s a complete lack of ethics and social studies and related training. Geo-political security analysts almost get it. Sort of.
Social engineers and counter-terrorism kind of get it. Sort of.
Supra-national bodies like the EU tend to get the multi-domain model of security encompassing technical, human rights, economic, and social.
People barely grasp bi-modal systems or multi-variate systems, or the hierarchy of science, or the similarities between pure mathematics and the humanities and the development and application of tools, I guess, which goes to explain some footdragging in this place.
cls • May 26, 2024 7:34 PM
The first thing I thought was Schmidt must have seen The Forbin Project.
I’ll check out This Perfect Day, thanks for the tip.
Re: Does Eric Schmidt’s vision of the AI computer guarded heavily by military remind anyone else of the computer “UniComp” in Ira Levin’s This Perfect Day (1969), a computer buried deep in the mountains which is used to run the world?
echo • May 27, 2024 6:22 AM
Oh flip. I put my unique identifier in a public field so just changed it.
I love logic on this blog. For emotions and not related to security issues there are many other social platform.
Ditto the sentiments.
Cocaine Charlie • May 27, 2024 9:25 AM
archive.org has been down since yesterday posted this on twitter:
Sorry, http://archive.org is having trouble (front end load balancers are overloaded).
We are working on it. Back as soon as we can.
Ardie • May 27, 2024 9:44 AM
@All
Can anyone please confirm that “many actors including public agencies” are hosting co-ordinated blacklists to shut down all TOR traffic, or to shadowban specific “hated” tor users?
Can anyone please confirm also, that “special versions of various web pages” can be and are being transparently served to deny and radicalize specific citizens who are “hated-by-the-brotherhoods-of-highly-funded-state-equipped-and-trained / judiciatiarily-sanctioned brownie point seeking, beer-drinking, voyeuristic-vultching mafias of bored co-ordinated waves of thugs”?
Can anyone please confirm what marks I would see on my ankle if mk-ultra-typical studies were done on my in my sleep? What is an “eagle”? What do they implant up an eagle’s nose?
Is there a backchannel I can use to stay in touch with my wife, since I am being kicked out of a second country since this started more than 20 years ago?
Thanks again Bruce. But its almost odd, your website is one of the few I can still get to unaccosted.
echo • May 27, 2024 10:09 AM
https://www.bbc.co.uk/news/articles/c4nn7gew9zxo
The woman who sold time – and the man who tried to stop herhttps://www.rmg.co.uk/stories/blog/ruth-belville-greenwich-time-lady
Who was the Greenwich Time Lady?
Accurate time is an essential component of many security systems and systems invented by men to be made by other men to kill more men, and safety orientated systems and much more besides. Here’s a toddle down the lane of history and how one enterprising woman cornered the market for time.
I find modernity remarkable. We have so many things today which in our own childhoods were the stuff of dreams or accessible only by the very rich. I mean something as simple as a full English breakfast you can buy in any cafe today for £10 at the time of this story about Ruth Belville would set you back entire weeks wages for the average working person and that’s assuming the tomatoes were in season. But, oof, the fashion was fun. It’s actually a myth that corsets were tight and yes you can run up a flight of stairs in one of those skirts. That said there’s a lot to be said about modern fabrics and washing machines. My mum had a mangle and washing board she wouldn’t part with in case of emergencies. Then there’s vacuum cleaners and central heating all of which would have been tasks carried out by staff in middle class homes of the day by beating or sweeping carpets, and making sure the coal was brought in and the fire was lit. How easy we have it now!
echo • May 27, 2024 11:31 AM
@moderator
The entity is performing again.
Also:
https://www.schneier.com/blog/archives/2024/05/friday-squid-blogging-emotional-support-squid-2.html/#comment-437426
https://www.schneier.com/blog/archives/2024/05/friday-squid-blogging-emotional-support-squid-2.html/#comment-437429
lurker • May 27, 2024 2:45 PM
@echo
Ah, what a quntessentially English piece of history, the Time Lady. But what do the the BBC think they’re doing with those quaint historic photos PLUS titillating captions?
MDK • May 27, 2024 9:26 PM
@vas_pup
NASA has put a lot of research into Spirulina. I use it in conjunction with raw masticated juicing, nutraceuticals, low salt high potassium, super food based diet to stimulate optimal cellular function.
The product I list below comes to your door step alive. Enjoy!
hxxps://ntrs.nasa.gov/citations/19890016190
hxxps://www.rawlivingspirulina.com/
ResearcherZero • May 27, 2024 11:12 PM
@Ardie
You are running into bot detection/blocking solutions.
A large part of internet traffic is bot activity and sites block much of this traffic.
Many sites also will block full access or activate captures if users use ad blocking.
–
Crime Boss Coggins EncroChat.
‘https://www.bbc.com/news/uk-68857143
Mobile devices and OS’s are still incapable of guaranteeing security of data in transit.
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
Cocaine Charlie • May 27, 2024 11:17 PM
archive.org is back up
https://mastodon.archive.org/@internetarchive/112513905401989149/embed
ResearcherZero • May 27, 2024 11:20 PM
The Indian government can use data collected from it’s apps, and other sources, to target voters. The BJP and the Congress party both used Cambridge Analytica in previous campaigns.
“The government built large databases of citizens, shared it with the private sector.”
Now the BJP has a much more detailed understanding of voters and their behaviour.
‘https://www.bbc.com/news/articles/c3ggqx4lwp6o
Fast Lane obtained data at discount, then sold it to domestic and foreign buyers.
https://thewire.in/government/modi-govt-vehicle-registration-data-price-discovery-privacy-fast-lane-automotive
The Modi government is selling in bulk that vehicle registration and driving license data.
‘https://www.nationalheraldindia.com/india/modi-government-sold-driver-licence-data-to-87-private-companies-for-indian-rupee65-crore
–
India is rated as only “partly free” by Freedom House. It’s citizens agree.
‘https://www.theatlantic.com/international/archive/2024/05/india-election-democracy-modi/678336/
The Indian Supreme Court’s probe has never been made public.
https://internetfreedom.in/pegasus-investigation-report-to-remain-in-sealed-cover-even-though-it-contains-evidence-that-5-phones-had-malware/
ResearcherZero • May 27, 2024 11:57 PM
@echo
The geo-security policy experts sort of get what a nuclear bomb, a bullet or a lump of wood does to the human body. They sort of get what happens when people turn on themselves then begin burning down the local pharmacy, supermarket and beat each other in the street.
These so called “experts” also sort of understand basic concepts like home security and random acts of violence. Sometimes inflamed by combating ideologies. Sometimes not.
Possibly next time they could stop and ask a member of the public about how to proceed.
Maybe ask them to lend a hand do you think? Not bomb disposal. Carry people’s coats maybe?
A little extra help, the London Bombings or Cuban Missile Crisis might have been avoided.
There were a few times when the public could have lent a hand, but didn’t. Actually now that I think about it, many times people have just walked past people dying in the street.
–
Models from untrusted sources and cross-tenant data access attacks.
‘https://www.wiz.io/blog/wiz-research-discovers-critical-vulnerability-in-replicate
–
Lack of proper security checks for Jinja2 within the llama_cpp_python package.
‘https://checkmarx.com/blog/llama-drama-critical-vulnerability-cve-2024-34359-threatening-your-software-supply-chain/
Escaped the Moderator • May 28, 2024 6:36 AM
I miss @Clive Robinson’s idiosyncratic and informative posts.
I hope he has not succumbed to his self-reported medical issues.
No matter. It will be a pleasant surprise if he posts again, and if not, I enjoyed (mostly) what he did post.
Winter • May 28, 2024 4:54 PM
@vas pup
I marked by * what I and many other reasonable people want to see on our (US) South Border for obvious security reason.
In the end, walls are to keep people in, from the Chinese Great Wall to the Iron Curtain.
As the great American philosopher said, if you build a higher wall, people will bring a longer ladder, and a rope.
vas pup • May 28, 2024 4:55 PM
The satellites using radar to peer at earth in minute detail
https://www.bbc.com/future/article/20240524-the-satellites-using-radar-to-peer-at-earth-in-minute-detail
“Synthetic aperture radar (SAR) allows satellites to bounce radar signals off the ground and interpret the echo – and it can even peer through clouds.
Clouds cover around two-thirds of the world at any one time, preventing conventional satellites from seeing much of the planet.
But now a declassified technology known as synthetic aperture radar (SAR) can be installed on satellites to “see” the Earth’s surface in the dark, through the clouds (or the smoke of wildfires), to provide a constant unobscured view of our planet, and show changes on the Earth’s surface in great detail.
Previously used to equip only a relatively small number of large commercial satellites, this technology is now being combined with constellations of inexpensive nanosatellites in low-Earth orbit by start-ups such as Iceye and Capella Space. The goal is to provide round-the-clock observation of nearly anywhere on the planet for everyone from non-governmental organisations, to military customers.
“SAR satellites are capable of a wider coverage and higher-resolution images than their optical rivals, day or night. You don’t have to wait for the clouds to clear, you don’t have to wait for the rain to stop,” says Holly George-Samuels, an associate scientist at security and defence contractors QinetiQ. “If you need the information, you can go and get it now, and it will be superior to an optical image.
“With centimetres resolution you can even see sheep tracks through grass.”
In 2022, SAR satellites like these were used to reveal the scale of the Russian invasion of Ukraine as it was happening; the following year, to track the spread of the Hawaii wildfires and assess the damage they were causing almost in real-time.
Nasa Earth scientist and SAR specialist Cathleen Jones uses the satellites “to look at all kinds of hazards”.
“We look at all the satellite images and try to detect where there’s an oil spill,” says Jones, “and this is particularly important after a hurricane in the Gulf of Mexico, where some of the rigs will be destroyed or damaged.”
Jones does this by measuring light reflectivity. Oil will cause a surface to look flatter and darker on the image.
“We can use this technology to detect where the oil is and where it’s going – and do this very quickly,” Jones says. “It’s much more dangerous when a slick moves onshore into a wetlands ecosystem or where people live.”
While optical satellites rely on light from the Sun to illuminate an area of interest on the Earth’s surface, SAR in effect creates its own “sunlight” by transmitting powerful microwave signals from the satellite down to the ground – and which, aren’t affected by weather conditions.
By precisely analysing the signals bounced back, a highly detailed radar image of the area is produced. Frequent passes over the same area means that SAR is particularly good at identifying change on the ground down to the size of a fingernail. But these images look very different from those we see on Google Earth.
Much of the interest around SAR dates back to a patent awarded in 1954. The now declassified Project Quill satellite launched by the United States 10 years later in 1964 is believed to be the first equipped with the revolutionary technology.
Yet, it is only now – nearly 60 years later – that synthetic aperture radar is making the headlines the technology deserves.
“One of the superpowers of SAR is that it not affected by things that affect optical imagery, like different sun angles and shadows, which make it a very consistent data source, which also makes it very good for artificial intelligence machine-learning applications.”
“In the US, the technology was seen as something that the government needed to keep control of, because in the wrong hands enemy nations could look at every allied military installation day or night in high resolution,” he says. “The technology was then largely left for European nations and Canada to develop commercially… with satellites costing $400m–$500m (?320m-?400m) apiece, taking four years to build, and two years to tune when they were in orbit.
But the use of artificial intelligence is fundamental to its future. “AI will excel at extracting the useful information as a data product and presenting that to a person,” says George-Samuels.
“It will mean transparency on a planetary scale,” says Backes. “So, in a conflict situation, having information readily available to the general public about what’s going on will eliminate the fog of war, and we have already seen that in the Russian–Ukrainian conflict.”
But not everyone is on board. Some are worried about the dangers of the technology. Its potential to intrude on individual privacy, its use for corporate espionage, and even if it could be used to plan terrorist attacks.
“We will be able to see anything that happens, and will get a warning of anything that is about to happen. But we are never going to have full transparency and full information because the images aren’t the equivalent of live video, and they don’t tell you everything that you may need to know.”
In January 2022, everybody could see that the Russians were massing on the Ukraine border, but nobody could see inside Russian leader Vladimir Putin’s head to know if there was going to be a war or not. “We also never got any imagery or information about anything that was going on the Ukrainian side. There was complete shutter control by the United States.”
vas pup • May 28, 2024 5:00 PM
@winter – both ways – but legally through assigned points of entry/exit – I have no problem. I guess you lock your front door when you in or leaving for the same reason as I suggested for border control. You not strangers in charge who and why could enter your dwelling when you in or out of it.
Winter • May 28, 2024 5:29 PM
@vas pup
I guess you lock your front door when you in or leaving
A house or garden or city is not a thousand miles border between countries.
Border walls work well to keep people inside, as you can have security everywhere on the inside to prevent break outs. That is what the Iron Curtain was for, and the Chinese Great Wall. But the very nature of a border is the inability to secure it at the outside.
In the end no one has been able to build a wall to keep people out of a country they want to enter. But they did succeed to build them to keep people inside.
echo • May 28, 2024 6:33 PM
@vas pup
I marked by * what I and many other reasonable people want to see on our (US) South Border for obvious security reason.
One day the penny might drop why I keep going on about the multi-domain security model. (Just to see who is paying attention what are the four quadrants?) At the risk of sounding like I’m lecturing people…
Human rights and society are the best defence both as a domestic and foreign policy. Why? Most people don’t want to move unless they have too. Most people really don’t want to go to war. Until a culture or nation state or institutions or people get this any implementation is going to be poor.
Why does the US have so many unlawful immigrants? Rich people and business owners wanting something for nothing. What causes the biggest displacement of people? War.
I’m not going to claim I have unique insight but I will toot my horn that since first mentioning it on this blog the Biden administration has said that creating better conditions abroad means fewer problems at home, and US media have started using the term “far right” to describe various entities because that is what they are.
Russia is a bit of a problem hence Poland et al getting a bit twitchy. The thing is apart from a very brief chaotic period of five years after the collapse of the Soviet Union they’ve never known anything other than authoritarian rule at one end and brutal poverty at the other. It’s not just that the combover in the Kremlin is turning into a crotchety old man it’s his ideas are wrong and he’s exploiting Russians wallowing in self-pity. If the FSB had been dismantled and the Soviet stockpiles got rid of that might have removed temptation. Alas, we are where we are. I don’t have much sympathy for Russia or Russians but there are certainly better futures they can choose than trying to rekindle an old failed empire.
The post WWII deal between the US and Europe was the US provided the “arsenal of democracy” and Europe opened its markets. The US has in spite of posturing done rather well out of Europe. The US navy is dominant for one reason and one reason only – to protect the international shipping lanes. Again, the US does rather well out of this.
Here’s a calculation for you. If there is going to be a readjustment of the international order (which is very likely the only question being what shape will that take) and Europe is going to pick up some of the military slack I don’t think it’s asking too much for the US to perhaps to stop beating down on its much poorer neighbour which isn’t remotely a military threat? Just a thought.
Multi-Domain Ask Jeeves • May 29, 2024 5:33 AM
@echo
You should of piped up when Russian tanks lined up on the Ukrainian border. If you had of explained the intricacies of the “multi-domain security model” to Vladimir Putin and his military commanders, they might have paused, then stated, “You know what? You might just be right! Why didn’t we think if that?” Then turned the tanks around and headed home.
lastoftheV8s • May 29, 2024 5:53 AM
I came across an ex linux system engineer who worked
on a fleet of 2500 Linux virtual
machines doing daily maintenance tasks spinning up new instances for our Dev
infrastructure helping deploy new application, cyber security etc,etc, he was talking about ‘microsoft AI-Recall Copilot+ PCs and Surface lap tops etc, really interesting fella any ways he mentions this gem quote” tiktok runs a JAVA virtual machine on you’re pc so by definition is actively hiding what its doing which has ‘ tamper protection’ if you try and decrypt/ (de-opt) the JVM kills itself and stops running so that you cant see what the code is doing…….he added even if it ends up being innocent and
it’s just business defense or whatever
that’s fine I’m making the conscious
choice to go well I don’t want that on
my computer like pure and simple.
more here>>DesignDocs | Technology with James
>https://www.youtube.com/@DesignDocsWithJames/search?query=tiktok
fib • May 29, 2024 8:07 AM
Re: “Multi Domain Security”
Education, discussion of the actions of various actors and social layers, proposals for improvement for the government and private sector. The mere existence of this blog is part of a “multi domain” security vision. This is Bruce Schneier – and the group of professionals and practitioners who gather here – putting their knowledge at the service of user education. SoC fully fits into such “multi domain” vision.
Soc is a blog about cryptography, mainly. Encryption is the foundation of digital security and the focus of any “multi domain” approach to security. It can be frustrating for a social science major.
Ps. “Multi domain security” is an undefined buzz phrase. On the Internet it relates to US military doctrines.
fib • May 29, 2024 8:16 AM
I wrote Soc instead of SoS. Apologies.
echo • May 29, 2024 8:30 AM
Over 20 Technology and Critical Infrastructure Executives, Civil Rights Leaders, Academics, and Policymakers Join New DHS Artificial Intelligence Safety and Security Board to Advance AI’s Responsible Development and Deployment
Timothy Snyder was moaning that Homeland Security have been captured. I glanced at the announcement and did wonder if they were trying to be too hip and trendy then noticed the list of board members… Capture doesn’t begin to describe it. It’s a long list of everyone who should never be in the business of regulation!
I thought the UK under the Tories had a bad dose of regulatory capture until I read this. That’s not regulation. That’s a cartel.
@fib
I know when people are playing dumb, cloth ears!
In space you want it to end • May 29, 2024 11:05 AM
@lastoftheV8s
“he mentions this gem quote” tiktok runs a JAVA virtual machine on you’re pc so by definition is actively hiding what its doing”
Many if not all user applications have interpreters in them these days. Most graphical interface programs have interpreters tucked away in the system and often stack based.
The oldest still around is probably the PostScript engine used in early high end printers running on 68K CPU boards that had more computing power than the computers the users sat at.
It was a “stack based interpreter” very much like Forth and it could not just easily do threaded code but fully multitask and be multiuser without needing a “Memory Management Unit”(MMU). Oh and a striped down version of Forth could be put in a C stack frame… Another advantage as it was a “threaded language” that is incredibly memory efficient as it in effect compressed run code by default to address pointers and was fully reentrant.
Any way the PostScript engine ended up embedded in Windows graphical software and from there into many many user applications. It was migrated over to the PDF engine so is on just about every user computer, smart device or mobile phone and comes in effect “built in” in browsers. Oh and even simple non graphical programs like calculator programmes use a Stack Based Interpreter.
It’s almost a “rite of passage” for journeyman programmers to put an interpreter into an application.
I think every modern office or browser program has more than one interpreter built in.
lurker • May 29, 2024 2:18 PM
@Winter
No, the Chinese Great Wall was not designed to keep people in. It was intended to keep the barbarians out. After a millenia and a half it became obvious that no amount of patching and filling the gaps could achieve this. In fact it was a quisling general who opened the gate to let the Manchus in at the end of the Ming Dynasty.
The portal gates at strategic passes were used as control points to filter who was permitted to leave, but that was a minor administrative measure, and those who wanted to leave did so somewhere else along the wall.
echo • May 29, 2024 2:52 PM
@Lurker, @Winter
No, the Chinese Great Wall was not designed to keep people in. It was intended to keep the barbarians out.
One fly in the ointment. Brexit… A wall can be built for purpose X and serve purpose X and Y, or sometimes just Y; or built for purpose Y while selling it as purpose X. So as you see walls are complicated.
Powertripping greedy xenophobes and racist nutters wanted to “keep the dirty foreigners out”. It’s also keeping the rest of us in. It’s prison island here and getting worse.
There’s walls everywhere. Intellectual walls, dogma walls, emotional walls, social walls, perception walls, and physical walls. One can lead to the other and they can all be related or interrelated. Like I said. Walls are complicated. Walls are simple and walls are complicated. Sometimes just simple. It can depend how you look at them.
I don’t think of this very often but hold up a pencil or any object on your desk and ask yourself “What is this?” It’s a similar exercise.
Winter • May 29, 2024 3:10 PM
@lurker
No, the Chinese Great Wall was not designed to keep people in. It was intended to keep the barbarians out.
There is some uncertainty about the history of the Great Wall (PDF).
‘https://edspace.american.edu/silkroadjournal/wp-content/uploads/sites/984/2017/09/The-Origins-of-the-Great-Wall.pdf
It was build not so much at the borders of then “China”, but at the edges of conquered land.
Other sources that I cannot find anymore suggested that it also was used to prevent Chinese farmers to escape taxes and join the people north of the wall, who were not all nomadic. But as I read about it decades ago and have no references, it might very well be some fluke hypothesis some author inserted in a book. There is, however, quite a large body of literature about the effects of the legal and tax structures south and north of the Wall.
In short, bad example. I am sorry for the confusion.
Btw, the wall defended mainly against horses. Raiders can climb walls, horses cannot (works both ways). Without horses, these raiders would not be doing much “inside” the wall.
vas pup • May 29, 2024 4:05 PM
@winter and other interested bloggers.
Let me clarify: I pro legal immigration when country/authority (where person want to move in) have a final and decisive word on acceptance and make decision.
There is NO right to any foreigner be accepted as immigrant into any country regardless of person’s desire,demographic, religion/political affiliation and other unrelated qualities.
To be accepted as immigrant is privilege which accepting country granted by its OWN criteria – when merits is primary. There is now all size fit all countries on that question. Plus quantity: how many immigrants break down by category country could accept based on condition of own economy and other criteria.
The problem is when some marginal groups try impose on all other – majority – ideas which are against Law and due process and, as result, generate chaos. That is my opinion.
Last but not least: under no circumstance illegal immigrants could be granted more benefits than legal immigrants, and both categories should NEVER get more benefits than citizens.
Winter • May 29, 2024 4:40 PM
@lurker
I pro legal immigration
Most likely your country signed the UHNCR 1951 Refugee Convention and its 1967 Protocol
‘https://www.unhcr.org/about-unhcr/who-we-are/1951-refugee-convention
So, refugees are “legal”.
The hypocritical side is that many countries let illegal immigrants in as cheap labor without rights.
All those immigrants come to the USA or Australia because they know they will be employed. Employed by companies and agribusinesses that sponsor the same politicians that are now fighting illegal immigrants. Brexit showed how dependent our economies are on immigrants.
echo • May 29, 2024 5:06 PM
@vas pup
Back in the day before the UN or even the League of Nations existed the modern state was only a relatively recent invention. The Treaty of Westphalia in 1648 established the concept of state sovereignty. Before then it was just competing warlords and anyone could live pretty much anywhere.
Could you review international law and break immigrants down by asylum seeker, refugee, and immigrant and their respective rights. Yes international law does have different categories and they all have different rights. Do you have a general idea of the actual statistics for which category settles where and what the major causes for these population geographical shifts? And do you realise that the international law works both ways i.e. protects you too? Or that it may be a safety valve since the global order which ended the age of empires and wars of opportunity?
Can you define what you mean by merit? “Merit” can mean anyone one of a number of things. Can we have an idea what specifically and any ranges? Title? Money? Specific shade of skin colour and social standing? Arbitrary pieces of paper? Moral rectitude? Kindness? Fertility?
Can you also explain your concept of a minority imposing on a majority without law and due process? Are you discussing human rights and equality law in general, or “swarthy military age fit criminals” peddled by the tabloid media? Or mothers and babies, or PhD graduates who just had their home bombed out, or civil rights activists at risk of torture and death. What about natural disasters? Catastrophic climate change? It’s not as if people choose this to happen. Like, just checking here.
I’m asking these questions because it makes more sense to discover what definitions we’re dealing with and what ideas you have and whether they are in line or not with existing international and domestic laws and facts on the ground. By this means I suspect 90% of the arguments will evaporate.
ResearcherZero • May 29, 2024 6:44 PM
@echo
The best source of a definition is a dictionary, or the source material which will often describe definition exactly.
If you can avoid conflating issues, that often helps to make a point more clear.
Einstein was not making a joke when he mentioned sticks and stones. There is not much room left for order in each of the major nuclear Super Power’s plans for a confrontation. Each and every one of them ultimately seeks to prevent no adversary remaining following total military defeat.
The good news is that sometimes the native fauna and flora recover once pests are totally removed from the environment.
echo • May 29, 2024 7:28 PM
@ResearcherZero
I was asking @Vas Pup their point of view for a reason as very clearly indicated. Please don’t poke your beak in.
Cocaine Charlie • May 29, 2024 9:21 PM
look out for fake recruiting scams
https://www.businessinsider.com/job-recruiter-offer-scam-identity-college-students-report-2024-4
College students desperate for jobs are getting scammed online by criminals posing as tech recruiters
-Scammers use fake listings and pose as recruiters to steal money and identities.
https://www.businessinsider.com/fake-check-job-scam-linkedin-recruiter-verification-tools-2024-5
LinkedIn says it intercepts the ‘majority’ of scams on its site — but job hunters say it’s not enough
-LinkedIn rolled out verification tools last year to curb spam and fake job ads on the platform.
-Despite the new process, job hunters say fake ads from scammers are still rampant on the site.
-The scams often target recent graduates and young professionals, per the Federal Trade Commission.
scammers are also using alternate ways to avoid the new LinkedIn restrictions
ResearcherZero • May 29, 2024 11:18 PM
StackOverflow user “EstAYA G” passing off ‘Pytoileur’ info-stealer in answers to questions.
“The retrieved binary, ‘Runtime.exe,’ is then run by leveraging Windows PowerShell and VBScript commands on the system.”
‘https://www.sonatype.com/blog/pypi-crypto-stealer-targets-windows-users-revives-malware-campaign
–
Actors extract ‘ntds.dit’ to gain access to local accounts and AD.
‘https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/
VSCode is also being used in some cases to then tunnel traffic.
https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d
The actors are targeting old accounts without MFA and seeking to gain persistence on key enterprise assets.
‘https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
–
‘https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
AI and human expertise working together to determine what needs mitigating or patching before the adversary has time to exploit vulnerabilities in complex environments.
https://www.securityweek.com/horizon3-ai-introduces-ai-assisted-service-to-prioritize-and-patch-vulnerabilities-faster/
ResearcherZero • May 30, 2024 2:41 AM
@Winter
It’s mostly to fit in with the last lot of migrants who have become Anglophied.
@ALL
In the end, such an appeal to people’s most base and thoughtless instincts may have a cost.
Quite an extraordinary cost, as crops begin to rot, and economies slip into long recession.
Immigrants represent 21% of all workers in the U.S. food industry and 31% of crop production…
‘https://www.migrationpolicy.org/content/essential-role-immigrants-us-food-supply-chain
“If you were to deport half a million people from Florida and remove them from the Floridian economy that would undoubtedly create a recession in the state.”
“Nearly eight years after the end of the Great Recession, the unemployment rate has fallen to 4.8 percent, near what economists consider full employment.”
If he United States were to deport or otherwise lose all the estimated 6.8 million immigrants working in the country illegally. At full employment, there wouldn’t be enough legal workers to fill all those jobs. At least 4 million jobs would go unfilled. Wiping nearly $5 trillion of GDP from the economy over 10 years.
As older Americans retire, younger ones are increasingly choosing to enroll in college rather than start work right out of high school. One result is that it’s become harder for employers to fill the entry-level jobs that are often taken by immigrants living in the United State illegally. Roughly 18% of employment in agriculture, 13% in construction and 10% at restaurants, hotels and casinos.
California would be the hardest-hit state, since removing unauthorized workers would lead to a 4 percent drop in private-sector output in the short term, or about $83 billion.
Texas and New York would experience the second- and third-largest economic drops, witnessing 10-year declines of $51 billion and $33 billion in output, respectively, the authors calculate.
If 20 million were deported, double the cost to 1 trillion lost in GDP per year.
‘https://www.cbsnews.com/news/the-5-trillion-hit-from-deporting-undocumented-workers/
It would take 20 years to accomplish a mass deportation program, and a full cost between $420 billion and $620 billion. (to deport 11.2 million)
https://www.americanactionforum.org/research/the-budgetary-and-economic-costs-of-addressing-unauthorized-immigration-alt/
The Bipartisan Policy Center calculates that deporting all unauthorized immigrants would shrink the labor force by 6.4 percent.
‘http://bipartisanpolicy.org/wp-content/uploads/sites/default/files/BPC_Immigration_Economic_Impact.pdf
Working for the federal minimum wage with no benefits.
https://www.theguardian.com/environment/2021/may/13/meet-the-workers-who-put-food-on-americas-tables-but-cant-afford-groceries
ResearcherZero • May 30, 2024 2:43 AM
So does anyone want to buy a farm per chance?
Winter • May 30, 2024 4:56 AM
@ResearcherZero
If you were to deport half a million people from Florida and remove them from the Floridian economy that would undoubtedly create a recession in the state.
We do not have to speculate. The UK showed what happens:
‘https://www.euronews.com/2021/12/30/a-year-since-brexit-how-bad-are-the-uk-s-labour-shortages-now
The year 2021, the first since the UK operated independently outside the European Union, saw a torrent of complaints about labour shortages from across the economic spectrum.
And then too many areas in deep trouble to recount here.
ResearcherZero • May 30, 2024 5:02 AM
Australia may even get a Human Rights Act, so I can toss that in as well. There is water in the dam, a shed, trees and s–t, and even a sealed road to the property.
There is even electricity. Far out! 😀
The temperature is also a good 10C cooler than average in summer, nippy in winter. And absolutely quiet as all duck, apart from the chirping of the birds and frogs.
There is real forest next door and a short drive to an undeveloped coastline with pristine beaches and excellent fishing.
No neighbours. No one for miles and miles.
The perfect location to lose all sanity!
‘https://humanrights.gov.au/about/news/media-releases/government-must-seize-moment-national-human-rights-act
echo • May 30, 2024 6:36 AM
A new parliamentary report recommending a National Human Rights Act as part of a revitalised Human Rights Framework brings Australia closer than ever before to establishing the basic legal protections that Australians need.
This is good news for Australians if they embrace this. It’s funny how we were only discussing this a few weeks ago. The UK sadly was ahead on paper at least but only grasped half of it and is behind Australia in some ways and getting worse. Much worse. If you want to see what happens if you only do half a job look at the UK. It’s a basket case.
The year 2021, the first since the UK operated independently outside the European Union, saw a torrent of complaints about labour shortages from across the economic spectrum.
And then too many areas in deep trouble to recount here.
The UK on the surface was doing okay but had a list of problems which needed fixing before Brexit. The global financial crisis, austerity, and Brexit simply drained the money away and left the rotting husk on the beach visible for all to see.
The UK is good at hiding problems behind a veneer of civility. It is a nation of fundamentally decent people ruled by polite sociopaths. Some elements of this are very likely the inspiration behind Hazel O’Connor’s album “Breaking Glass” which provides the soundtrack for the movie of the same name. One’s attention is drawn to “Monster’s in disguise” (as well as the delightful “Will You”). Libertarian sociopaths and AI seem to be quite the thing lately which the very prescient “Eighth Day” speaks to.
“Too many areas in deep trouble to recount” is accurate. Problems began around 2010 began to accelerate around 2012 and went absolutely stupid around 2016 and at the time of writing passed crisis point a few years ago. The country was already running on nothing but fumes and inertia, governance has been at best only “plausibly legal”, and the last year or so abuses of power and client media and captured regulators have shown law up as existing on paper only. Human rights law in many areas can currently only be regarded as a marketing exercise for international consumption.
The joke is half the current government cabinet including the Prime Minister wouldn’t have got anywhere in life without a decent society and the human rights and equality laws they are now ripping to pieces. That’s Tories for you.
@Vas pup
I was hoping for a somewhat different answer. I do note your answer has gone walkies and this is probably for the best. For what it’s worth thanks for making the effort to reply to the question.
In Space you want it to end • May 30, 2024 8:38 AM
@Winter
Be careful of your sources and their intent.
For instance
“The year 2021, the first since the UK operated independently outside the European Union, saw a torrent of complaints about labour shortages from across the economic spectrum.”
It is effectively fake news.
Not the highly subjective “torrent of complaints” used for emotive purposes. Completely devoid of fact and not even objective.
Yes there are labour shortages but they can be shown to be due to two major causes
If you have ever worked in the Employment Agency domain in the UK as I have you will be horrified at what actually goes on.
It is like a Slave Market Auction and is perhaps less honest.
Many alleged job adverts these days are placed on employers web sites and many are not in the slightest bit genuine. They are used to grab PPI and create false impressions for shareholders and investors and Venture Capitalists.
Yes there are some labour shortages but they are mostly created by
In Space you want it to end • May 30, 2024 9:02 AM
@ResearcherZero
With regards the quote @Winter uses I’d advise looking at the source with care.
It is an ‘ anti’political outfit based in France pretending to be Pro Europe whilst spreading fake or highly biased opinions.
It’s funding is difficult to establish but appears to be ‘political money’ that has a certain political leaning that stirs up ‘anti sentiment’.
But if you actually read the piece it’s all about bottom of the socio-economic ladder jobs that are effectively highly insecure employment that abuses staff and hides under the Gig-Econmy abuse system.
Have a read of an article from about the same time as the EuroNews gumph from an MSM source with international reputation known for it’s flushing out such employer abuse (there are quite a number of others before and after that time)
Winter • May 30, 2024 9:12 AM
@ResearcherZero
Re: deceptive reporting
As Trolls are trying to divert attention away from the real topic, here are other reports:
‘https://www.independent.co.uk/news/uk/politics/brexit-uk-workers-labour-shortages-b2263657.html
Post-Brexit immigration rules have led to a shortfall of around 330,000 workers in the UK, according to top economists.
‘https://www.reuters.com/world/uk/uk-sees-fastest-wage-rises-sectors-most-reliant-eu-workers-indeed-2022-02-25/
Sectors such as construction, cleaning, driving, hospitality and leisure – where EU workers accounted for more than 10% of staff – had seen advertised wages grow 11% between 2019 and 2021, Indeed said based on an analysis of its data.
echo • May 30, 2024 9:29 AM
I agree with @winter. While the UK had various structural and other issues Brexit alone caused huge employment problems, logistical problems, and economic growth problems. Those aren’t the only problems caused by Brexit but that’s another topic.
Given the fun and games happening here don’t trust anyone unless they are a known good stable handle. It’s the same find an anchor of trust and build from there subject which people discussed a couple of weeks ago. Report anything dodgy to moderator and don’t engage.
ResearcherZero • May 31, 2024 12:15 AM
@In Space you want it to end
Why should I run a business and sell anyone anything? Will you help me get people I know out of bed to work? Few of the local people want to work. They like meth and booze. They don’t always show up. They constantly complain and ask to borrow money. They chuck a sad if you tell them to stop standing around gas-bagging all day instead of working. Then they take off for a week on a bender after knocking off cash, then try to blame someone else.
There still exist all the usual problems of running a business. It’s easier though when I’m not playing mother for a bunch of dysfunctional adults who might not turn up on any given day. If I hire migrants or backpackers I do not have any of those problems. Simple.
There are some good workers locally, but there are very few of them to go around.
@Winter
It takes many people, many long negotiations, and a very long time to build trade agreements, and then it takes a couple of weeks and a handful of political identities to blow them up simply so they can have a crack at being an MP.
But farming is really hard. Should anyone bother doing all that work just so people can eat? It’s a seven day a week slog which just goes on and on. Then you forget what year it is. You may not even make any money. Sometimes it just goes up in a puff of smoke.
Other times you hit the jackpot! Buy a new tractor. Crash it in the dam, then pull it out.
Next time you leave the brake on and decide not to park facing downhill towards the dam.
Normally you would not do something so stupid, but you had twenty problems on your mind.
Finding people who will work mostly, because you have been placing ads for 12 months and no one answered. Advertising for people in newspapers on the other side of the country may sound crazy, but you have to do it. That may only get you the odd worker. Perhaps one.
Many of the locals don’t want to work though we always paid well above the award.
There is a solution though. People from other countries will work. Amazing and great workers! People who turn up every day, are really friendly and don’t constantly complain.
Decent and kind people who really do deserve a fair shot and not to be unfairly targeted.
–
LightSpy Framework
Implants possible for Windows, macOS, Linux and routers from Netgear, Linksys, and Asus.
The same developers who developed DragonEgg likely developed LightSpy.
‘https://www.threatfabric.com/blogs/lightspy-implant-for-macos
Unique signing certificates and a Chengdu 404 C2.
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
“operators can precisely control the spyware using the updatable configuration”
13 unique phone numbers belonging to Chinese cell phone operators.
‘https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack
–
A botnet bricked over half a million routers from an ISP in 2023.
This Chalubo version seemed to lacked persistence and deleted all traces from disk.
‘https://blog.lumen.com/the-pumpkin-eclipse/
The 2018 version used “brute force attempts to cycle through common, publicly known default passwords.”
Chalubo incorporates code from the Xor.DDoS and Mirai malware families.
https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/
ResearcherZero • May 31, 2024 12:34 AM
@In Space you want it to end
I could buy robots. Drastically cut back on employees and write the investment off as it’s 200K plus a year for the accountant anyway. If I was to act in a very selfish manner, I might as well claim it back through taxation. Insurance is probably lower. Less paperwork!
Yeah robots are kind of boring. They are not much for conversation and quite inflexible.
The production costs would come right down. I bet those shiny large machines would pay for themselves in not too many years and would reliably pick produce with much less downtime.
Winter • May 31, 2024 1:29 AM
@ResearcherZero
But farming is really hard. Should anyone bother doing all that work just so people can eat?
People have done it for 10,000 years, but quite a number of times decided it was indeed not worth it.
The problem for farming is, people like other people, they like status&luxury, and they want to live long. All things you can get better in towns and cities than in farmland. So, if there is choice, people move to the city.
People from other countries will work. Amazing and great workers! People who turn up every day, are really friendly and don’t constantly complain.
Indeed, because you offer them work that is better than what they can get at home. They too rather be an electrician, doctor, or office worker, but that didn’t work out.
I applaud them for it. But they should get better protection against abuse and exploitation.
echo • May 31, 2024 5:55 AM
https://www.thenational.scot/news/24356740.greens-call-clarity-future-human-rights-bill-holyrood/
The Scottish Greens are calling on the Scottish Government to provide clarity on the future of the Human Rights Bill.
The bill was a key commitment of the Bute House Agreement and proposed incorporating international human rights treaties into Scot’s law.
For example, it would enshrine the UN’s Convention on the Elimination of All Forms of Discrimination against Women and the Convention on the Elimination of All Forms of Racial Discrimination into law.
Incorporating the right to a healthy environment, a right for older people to live a life of dignity and independence, and improved protections for LGBT+ people had also been proposed.
Someone has to say it.
GregW • May 31, 2024 6:00 AM
From a security perspective, US weapons’ reliance on GPS have faced an acid test on the battlefield, rendering a lot of expensive systems worthless:
Winter • May 31, 2024 6:08 AM
Tiny number of ‘supersharers’ spread the vast majority of fake news
Less than 1% of Twitter users posted 80% of misinformation about the 2020 U.S. presidential election
‘https://www.science.org/content/article/tiny-number-supersharers-spread-vast-majority-fake-news
A mere 2000 or so “supersharers” spread 80% of content from fake news sites in a sample of more than 600,000 U.S. voters on X (formerly Twitter), according to an analysis published today in Science [1]. The posters were more likely to be women and older—challenging the stereotype of social media manipulators as young, alt-right men—and they had a huge reach: More than one in 20 users in the data set followed at least one of these supersharers.
Who are these supersharers?
According to the article:
The average supersharer was 58 years old, 17 years older than the average user in the study, and almost 60% were women. They were also far more likely to be registered Republicans (64%) than Democrats (16%). Given their frenetic social media activity, the scientists assumed supersharers were automating their posts. But they found no patterns in the timing of the tweets or the intervals between them that would indicate this. “That was a big surprise,” says study co-author Briony Swire-Thompson, a psychologist at Northeastern University. “They are literally sitting at their computer pressing retweet.”
This study is cited as “Older women spreading more misinformation”. When it is 60% women, that is an exageration.
It is more relevant that only 2107 users out of 664,391 named accounts (0.3%) were spreading 80% of all the disinformation. This just confirms the claim that technology gives people a bigger bullhorn.
The Editor’s summary gives revealing context [1]:
Most fake news on Twitter (now X) is spread by an extremely small population called supersharers. They flood the platform and unequally distort political debates, but a clear demographic portrait of these users was not available. Baribi-Bartov et al. identified a meaningful sample of supersharers during the 2020 US presidential election and asked who they were, where they lived, and what strategies they used (see the Perspective by van der Linden and Kyrychenko). The authors found that supersharers were disproportionately Republican, middle-aged White women residing in three conservative states, Arizona, Florida, and Texas, which are focus points of contentious abortion and immigration battles. Their neighborhoods were poorly educated but relatively high in income. Supersharers persistently retweeted misinformation manually. These insights are relevant for policymakers developing effective mitigation strategies to curtail misinformation.
[1] Original Science article:
‘https://www.science.org/doi/10.1126/science.adl4435
echo • May 31, 2024 6:59 AM
This study is cited as “Older women spreading more misinformation”. When it is 60% women, that is an exageration.
It is more relevant that only 2107 users out of 664,391 named accounts (0.3%) were spreading 80% of all the disinformation. This just confirms the claim that technology gives people a bigger bullhorn.
My first thought is caution about this was appropriate because it’s easy to take the bait and take your mind off where the real problem is.
The Editor’s summary gives revealing context [1]:
The authors found that supersharers were disproportionately Republican, middle-aged White women residing in three conservative states, Arizona, Florida, and Texas, which are focus points of contentious abortion and immigration battles. Their neighborhoods were poorly educated but relatively high in income. Supersharers persistently retweeted misinformation manually. These insights are relevant for policymakers developing effective mitigation strategies to curtail misinformation.
And there we have it. Male dominated political and policy hierarchies and social media platforms and media. I say men. It’s more a cohort of usual suspects. Women and men are victims of legacy systems and that’s important to note.
https://www.telegraph.co.uk/politics/2024/05/30/whitby-woman-the-voter-who-could-save-the-tories-from-elect/
Whitby Woman: The voter who could save the Tories from electoral wipeout
(Warning: The Telegraph is an equivalent of the US Breitbart.)
In the UK the Tory party have been trundling down the same path and are worried about so called “Whitby women”. (I hate these focus group marketing terms.) It’s the same profile of none degree educated and relatively wealthy older women. Their fear isn’t so much whether they will vote for other political parties. Their fear is that if they feel safe with another party forming a government on voting day they will stay at home.
The overlap between anti-abortion (and anti-surrogacy), anti-immigrant, and transphobia and other LGBT rights is a perfect circle. The number of people with brainwashed ideas about things is higher in the older 50+ group and gets worse as you go up past 75+. As people most of them aren’t the problem. The problem is the politicians who are exploiting this for election purposes. The majority of men and women (women more than men) support progressive politics and the numbers are generally the same in the US too in spite of all the shouty headlines from various quarters.
Winter • May 31, 2024 7:46 AM
@echo
My first thought is caution about this was appropriate because it’s easy to take the bait and take your mind off where the real problem is.
No, I think this focusing on middle aged women is based on using two stereotypes that attract readers/clicks.
First, it strengthens the “gossiping crone” stereotype, the woman that destroys families and communities with gossip and then it refutes the “young alt-right male conspiracy Xitter user” stereotype as the source of all disinformation.
The articles and study themselves focus on the reach of a few middle aged Xitter users without a life who disrupt the public discourse. Their research makes a case that these are not retweeting “bots”, but humans who spend most, if not all, of their time retweeting misinformation.
Note that these studies point out that these people “spread”, or retweet, the misinformation. They did not originate it.
lastoftheV8s • May 31, 2024 8:50 AM
@echo @ResearcherZero
Australia and this 👇 Ha!
“recommending a National Human Rights Act”
nvr gonna happen trust me its b#@!s#&*%t and we’re pretty much tired of being gaslighted too!
PFFFT!walking away slow clapping.
peace everyone ☮
echo • May 31, 2024 9:05 AM
@Winter
The importance of this study is the universal nature of this phenomenon. Wherever you look, it is a few people (0.3%) who spread most of the misinformation and hate, and do most of the trolling. Social Media are the ultimate bullhorns.
This will be the same in the UK, Brazil, Australia, and EU.
That should be useful to know for disinformation analysts. It’s not much of a surprise really but hard numbers like this are always useful.
https://www.youtube.com/watch?v=Aerq2UDhZJQ
DW Documentary
The rise of illiberal Europe – The enemy inside the gates
I have a bit of a thick head with other stuff and haven’t got around to watching this beyond the first five minutes.
On BoMD DNR • May 31, 2024 6:16 PM
@JonKnowsNothing
@SpaceLifeForm
If you guys are lurking you might find this of interest
https://m.youtube.com/watch?v=aO4uOyt-hNE
Effectifely the ultimate form of insecurity you can get given.
lastoftheV8s • June 3, 2024 10:03 PM
Apple air tags are evil IMO…if u use them for nefarious means and im (hypothetically speaking now)so if an air-tag is used to prevent theft track/trace stolen goods! for arguments sake if the air-tag is attached to said stolen goods and obviously you are not within range of said air-tag does it not after a short while send out an audible “alarm”??
alerting to the thief’s iPhone yes? (that’s a bummer for you right not the thief?? no? OK what if i modify my air-tag??? and thats really not good and if you do “modify” you’re air-tag for scumbag reasons ‘imo it should be a criminal offense.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
cybershow • May 24, 2024 5:29 PM
We had a few Cybershow pieces this week, with varing degrees of
relevence to security. I shall post them here in the proper squiddy
place. I hope you find something good to enjoy in each.
AI in Music
An arts related discussion about how AI is changing music. (warning:
long audio 90 mins)
https://cybershow.uk/episodes.php?id=28
Microsoft sync replicates malware
Finding Windows automatically unpacked attachments from emails and
then copied malware to other machines in the family network.
https://cybershow.uk/blog/posts/ms-sync
Google RIP
Search is dead (again). My screed on the arrogance of Google thinking
it can just announce thw WWW is over. With some links given by Winter
when I posted this earlier.
https://cybershow.uk/blog/posts/google-rip
Not the only one
About gaslighting users. It’s become almost de rigueur to
insult users’ intelligence by gaslighting and isolating them with
claims that they’re “The only one”. Just wait until trecherous
“personalised AI” gets into this.
https://cybershow.uk/blog/posts/not-the-only-one
And a piece here on how a somewhere I love feels like it’s been
destroyed by a hostile, giant tech corporation.
<a href="https://techrights.org/n/2024/05/22/A_farewell_to_Finland_an_occupied_territory.shtml" Finland. An occupied territory